Kaspersky Industrial Cybersecurity

per la protezione delle

infrastrutture e dei processi

industriali

Diego Magni

Presales Manager – Kaspersky Lab Italia

ICS Risks and Reasons

65%

11%

8%

16%

43%

37%

13%

6%

Trojan PUPs* Worms Virus

IT ICS

Generic malware in different environments (KSN data)

DOWNTIME

ESPIONAGE

SABOTAGE

FRAUD

➢ Malware

➢ System malfunction / Operator mistakes

ICS Risks and Reasons

DOWNTIME

ESPIONAGE

SABOTAGE

FRAUD

➢ Targeted Attacks and Advanced Persistent Threats

(APTs)

Stuxnet, Duqu, Flame, Gauss, Crouching Yeti (Energetic Bear), Epic

Turla, Equation, Black Energy

➢ Unauthorized access / Violation

DEC 2015 JAN 2016 FEB 2016 MAR 2016 MAY 2016APRIL 2016

H1 2016 (public) ICS threats

Industrial cybersecurity threat landscapeKaspersky Lab ICS CERT, H1 2017

Attack Vectors

Industrial cybersecurity threat landscapeKaspersky Lab ICS CERT, H1 2017

Attacks Distribution

Industry 4.0: The technologies behind

Kaspersky Industrial Cybersecurity vs. ISA95 Model

• Business planning

• and logistics

LEVEL 4

• Manufacturing

Operations management

LEVEL 3

• Batch Control.• Continuous Control.• Discrete Control.

LEVEL 2, 1

• Physical

LEVEL 0

• Managing end-to-end supply chain. Establishing the basic plant

schedule – production, material use, delivery, and shipping.

• Work flow/recipe control to produce the desired end products.

Maintaining records and optimizing the production process.

• Monitoring, supervisory control and automated control of the

production process

• Sensing the production process, manipulating the production

process

• Physical devices

Kaspers

ky

Industr

ial

CyberS

ecurity

Kaspers

ky S

ecurity

for

Busin

ess +

Pro

fessio

nal

Serv

ices

Physic

al

se

cu

rity

Services

Cybersecurity Awareness

KIPS. INDUSTRIAL CYBERSAFETY GAMESBASIC CYBERSECURITY

TRAINING

WILL BE AVAILABLE ON-LINE

KICS projects framework

SUPPORT & AFTER

SALES SERVICES

24x7, regular

maintenance, urgent

(on-site) problem

resolution

IMPLEMENTATION

Deployment, setup

and customization

of solution

PILOT

PROJECT

Implementation on

the selected pilot

objects

ARCHITECTURE

DEVELOPMENT

Selecting appropriate

cyber security tools

and measures;

develop a security

system architecture

and ICS and

implementation plan

proposal

AUDIT &

ASSESSMENT

Detailed customer

infrastructure analysis,

threat modeling and

risk assessment.

Developing cyber

security improvement

recommendations

REQUIREMENTS’

GATHERING

Understanding

customer

infrastructure,

tech process

(in brief) and defining

main threat vectors

KICS for Networks

►Software, Virtual or Hardware appliance

►Only passive / monitoring mode

• Mirroring port connection (SPAN)

• In-line connection (TAP)

Fieldbus

Control Network

SCADA/DCS Network

SPAN

KICS for Networks

PLC PLC

Kaspersky Security Center

SCADA

TAP

KICS for Nodes

► Application Startup Control

► Device Control

► Antimalware Engine

► Anti-Cryptor

► PLC Integrity Check

► Wi-Fi network control

► Firewall

SPAN

KICS for Networks

Fieldbus

Control Network

SCADA/DCS Network

PLC PLC

SCADA

KICS for Nodes

KICS for Nodes

Infected USB keys

UnalowedWireless

MalwareFun

Insecure Remote Access

Kaspersky Security Center

Ransomware

KICS for Nodes

Infected PLC logic

KICS Integration

PLC

Fieldbus

Control Network

SCADA/DCS Network

PLC

KICS for Nodes

SCADA

KICS for Nodes

KICS for Nodes

SPAN

Kaspersky Security Center

KICS for Networks

SIEM/LM

Kaspersky Security Center

Upstream KSCERP/MES

IEC 60870-5-104OPC DA 2.0

CEF 2.0, LEEFSyslog, Email

Syslog, Email

THANK YOUhttps://ics-cert.kaspersky.com/

https://www.kaspersky.it/enterprise-security/industrial