Kaspersky Industrial Cybersecurity per la protezione delle ... · proposal AUDIT & ASSESSMENT...
Transcript of Kaspersky Industrial Cybersecurity per la protezione delle ... · proposal AUDIT & ASSESSMENT...
Kaspersky Industrial Cybersecurity
per la protezione delle
infrastrutture e dei processi
industriali
Diego Magni
Presales Manager – Kaspersky Lab Italia
ICS Risks and Reasons
65%
11%
8%
16%
43%
37%
13%
6%
Trojan PUPs* Worms Virus
IT ICS
Generic malware in different environments (KSN data)
DOWNTIME
ESPIONAGE
SABOTAGE
FRAUD
➢ Malware
➢ System malfunction / Operator mistakes
ICS Risks and Reasons
DOWNTIME
ESPIONAGE
SABOTAGE
FRAUD
➢ Targeted Attacks and Advanced Persistent Threats
(APTs)
Stuxnet, Duqu, Flame, Gauss, Crouching Yeti (Energetic Bear), Epic
Turla, Equation, Black Energy
➢ Unauthorized access / Violation
DEC 2015 JAN 2016 FEB 2016 MAR 2016 MAY 2016APRIL 2016
H1 2016 (public) ICS threats
Industrial cybersecurity threat landscapeKaspersky Lab ICS CERT, H1 2017
Attack Vectors
Industrial cybersecurity threat landscapeKaspersky Lab ICS CERT, H1 2017
Attacks Distribution
Industry 4.0: The technologies behind
Kaspersky Industrial Cybersecurity vs. ISA95 Model
• Business planning
• and logistics
LEVEL 4
• Manufacturing
Operations management
LEVEL 3
• Batch Control.• Continuous Control.• Discrete Control.
LEVEL 2, 1
• Physical
LEVEL 0
• Managing end-to-end supply chain. Establishing the basic plant
schedule – production, material use, delivery, and shipping.
• Work flow/recipe control to produce the desired end products.
Maintaining records and optimizing the production process.
• Monitoring, supervisory control and automated control of the
production process
• Sensing the production process, manipulating the production
process
• Physical devices
Kaspers
ky
Industr
ial
CyberS
ecurity
Kaspers
ky S
ecurity
for
Busin
ess +
Pro
fessio
nal
Serv
ices
Physic
al
se
cu
rity
Services
Cybersecurity Awareness
KIPS. INDUSTRIAL CYBERSAFETY GAMESBASIC CYBERSECURITY
TRAINING
WILL BE AVAILABLE ON-LINE
KICS projects framework
SUPPORT & AFTER
SALES SERVICES
24x7, regular
maintenance, urgent
(on-site) problem
resolution
IMPLEMENTATION
Deployment, setup
and customization
of solution
PILOT
PROJECT
Implementation on
the selected pilot
objects
ARCHITECTURE
DEVELOPMENT
Selecting appropriate
cyber security tools
and measures;
develop a security
system architecture
and ICS and
implementation plan
proposal
AUDIT &
ASSESSMENT
Detailed customer
infrastructure analysis,
threat modeling and
risk assessment.
Developing cyber
security improvement
recommendations
REQUIREMENTS’
GATHERING
Understanding
customer
infrastructure,
tech process
(in brief) and defining
main threat vectors
KICS for Networks
►Software, Virtual or Hardware appliance
►Only passive / monitoring mode
• Mirroring port connection (SPAN)
• In-line connection (TAP)
Fieldbus
Control Network
SCADA/DCS Network
SPAN
KICS for Networks
PLC PLC
Kaspersky Security Center
SCADA
TAP
KICS for Nodes
► Application Startup Control
► Device Control
► Antimalware Engine
► Anti-Cryptor
► PLC Integrity Check
► Wi-Fi network control
► Firewall
SPAN
KICS for Networks
Fieldbus
Control Network
SCADA/DCS Network
PLC PLC
SCADA
KICS for Nodes
KICS for Nodes
Infected USB keys
UnalowedWireless
MalwareFun
Insecure Remote Access
Kaspersky Security Center
Ransomware
KICS for Nodes
Infected PLC logic
KICS Integration
PLC
Fieldbus
Control Network
SCADA/DCS Network
PLC
KICS for Nodes
SCADA
KICS for Nodes
KICS for Nodes
SPAN
Kaspersky Security Center
KICS for Networks
SIEM/LM
Kaspersky Security Center
Upstream KSCERP/MES
IEC 60870-5-104OPC DA 2.0
CEF 2.0, LEEFSyslog, Email
Syslog, Email
THANK YOUhttps://ics-cert.kaspersky.com/
https://www.kaspersky.it/enterprise-security/industrial