Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability
-
Upload
energysec -
Category
Technology
-
view
400 -
download
0
Transcript of Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability
![Page 1: Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability](https://reader036.fdocuments.in/reader036/viewer/2022070509/589a390c1a28ab8c588b4dbd/html5/thumbnails/1.jpg)
The Internet of Things Everything: Cyber-defense In an Age of
Ubiquitous Vulnerability
EnergySec Hawaii Educational SessionsFebruary 24, 2016
Steven ParkerPresident
![Page 2: Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability](https://reader036.fdocuments.in/reader036/viewer/2022070509/589a390c1a28ab8c588b4dbd/html5/thumbnails/2.jpg)
2
I’m Getting Old
![Page 3: Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability](https://reader036.fdocuments.in/reader036/viewer/2022070509/589a390c1a28ab8c588b4dbd/html5/thumbnails/3.jpg)
3
It’s getting weird out there!
![Page 4: Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability](https://reader036.fdocuments.in/reader036/viewer/2022070509/589a390c1a28ab8c588b4dbd/html5/thumbnails/4.jpg)
4
Introduction The Internet of Things Everything– Planes, trains, and automobiles– Home electronics, smart meters, light bulbs– Kids toys, smart phones, home security– Refrigerators, washing machines– Transformers, Traffic Lights, Drones–What’s left?
Attack pathways surround us. What’s next?
Let’s provoke thought, not fear!
![Page 5: Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability](https://reader036.fdocuments.in/reader036/viewer/2022070509/589a390c1a28ab8c588b4dbd/html5/thumbnails/5.jpg)
5
Approach and Goals Discuss technology that falls outside
the normal scope of protection for mission critical systems, yet could be used tactically to impact critical operations
Explore possible attack methods utilizing these technologies
Discuss possible actions to mitigate the impact of the scenarios
![Page 6: Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability](https://reader036.fdocuments.in/reader036/viewer/2022070509/589a390c1a28ab8c588b4dbd/html5/thumbnails/6.jpg)
6
ThesisIn the near future, “cyber attacks” will be used to support nearly every traditional attack tactic from the non-cyber world.
To paraphrase Jack Whitsitt, Cybersecurity isn’t about cyber, or security, or technology. It is about your mission.
![Page 7: Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability](https://reader036.fdocuments.in/reader036/viewer/2022070509/589a390c1a28ab8c588b4dbd/html5/thumbnails/7.jpg)
7
We Can’t Protect Everything
Protection Paradigms– Air Gaps– Layered Defense– ”Borderless” networks– Resiliency– Impact Levels
![Page 8: Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability](https://reader036.fdocuments.in/reader036/viewer/2022070509/589a390c1a28ab8c588b4dbd/html5/thumbnails/8.jpg)
8
Scoping – NERC CIP StyleA Cyber Asset that if rendered unavailable, degraded, or misused would, within 15 minutes of its required operation, misoperation, or non-operation, adversely impact one or more Facilities, systems, or equipment, which, if destroyed, degraded, or otherwise rendered unavailable when needed, would affect the reliable operation of the Bulk Electric System. Redundancy of affected Facilities, systems, and equipment shall not be considered when determining adverse impact. Each BES Cyber Asset is included in one or more BES Cyber Systems. A Transient Cyber System is not a BES Cyber Asset.
![Page 9: Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability](https://reader036.fdocuments.in/reader036/viewer/2022070509/589a390c1a28ab8c588b4dbd/html5/thumbnails/9.jpg)
9
But We Must Protect the Mission
Survival Paradigms– Redundancy – Backup Systems– Recovery–Manual Operation– Alternative Procedures– People?
![Page 10: Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability](https://reader036.fdocuments.in/reader036/viewer/2022070509/589a390c1a28ab8c588b4dbd/html5/thumbnails/10.jpg)
10
Resiliency – NERC CIP StyleEach Responsible Entity shall have one or more documented recovery plans that collectively include each of the applicable requirement parts in CIP‐009‐5 Table R1 – Recovery Plan Specifications. [Violation Risk Factor: Medium] [Time Horizon: Long Term Planning].
![Page 11: Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability](https://reader036.fdocuments.in/reader036/viewer/2022070509/589a390c1a28ab8c588b4dbd/html5/thumbnails/11.jpg)
11
Roadmap to Achieve Energy Delivery Systems Cybersecurity
By 2020, resilient energy delivery systems are designed, installed, operated, and maintained to survive a cyber incident while sustaining critical functions.
![Page 12: Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability](https://reader036.fdocuments.in/reader036/viewer/2022070509/589a390c1a28ab8c588b4dbd/html5/thumbnails/12.jpg)
12
Dependencies Things we choose not to protect, or protect less
– Corporate/Business Networks– HVAC– Email– Support Systems– Others?
Things outside of our control– Power– Water– Internet– GPS– Telecommunications– Certificate Authorities– Supply Chain– Others?
![Page 13: Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability](https://reader036.fdocuments.in/reader036/viewer/2022070509/589a390c1a28ab8c588b4dbd/html5/thumbnails/13.jpg)
13
PowerWithout Power, nearly everything breaks.
Do you own manual can opener?
Gas pipeline/power generation interdependency (ERCOT issue)
How long will your generator run?
Are you on a well?
Is your iPhone charged?
![Page 14: Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability](https://reader036.fdocuments.in/reader036/viewer/2022070509/589a390c1a28ab8c588b4dbd/html5/thumbnails/14.jpg)
14
Water
![Page 15: Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability](https://reader036.fdocuments.in/reader036/viewer/2022070509/589a390c1a28ab8c588b4dbd/html5/thumbnails/15.jpg)
15
Internet/Communications Do you depend on cloud services?– Is your recovery plan on a hosted instance of
Sharepoint? Internet based VPN tunnels? Cellular backhaul?– Metering, Operations, ???
Facebook/Twitter/National Weather Service Operational coordination, SCADA, Customer
interactions What else?
![Page 16: Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability](https://reader036.fdocuments.in/reader036/viewer/2022070509/589a390c1a28ab8c588b4dbd/html5/thumbnails/16.jpg)
16
GPS
![Page 17: Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability](https://reader036.fdocuments.in/reader036/viewer/2022070509/589a390c1a28ab8c588b4dbd/html5/thumbnails/17.jpg)
17
Certificate Authorities
![Page 18: Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability](https://reader036.fdocuments.in/reader036/viewer/2022070509/589a390c1a28ab8c588b4dbd/html5/thumbnails/18.jpg)
18
Supply Chain
![Page 19: Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability](https://reader036.fdocuments.in/reader036/viewer/2022070509/589a390c1a28ab8c588b4dbd/html5/thumbnails/19.jpg)
19
Tactical Cyber Attacks
![Page 20: Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability](https://reader036.fdocuments.in/reader036/viewer/2022070509/589a390c1a28ab8c588b4dbd/html5/thumbnails/20.jpg)
20
Tactical Cyber Attacks
![Page 21: Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability](https://reader036.fdocuments.in/reader036/viewer/2022070509/589a390c1a28ab8c588b4dbd/html5/thumbnails/21.jpg)
21
Tactical Cyber Attacks
Deli.Meat.Scale.
![Page 22: Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability](https://reader036.fdocuments.in/reader036/viewer/2022070509/589a390c1a28ab8c588b4dbd/html5/thumbnails/22.jpg)
22
Tactical Cyber Attacks
For western intelligence agencies, the blowout was a watershed event. Hackers had shut down alarms, cut off communications and super-pressurized the crude oil in the line, according to four people familiar with the incident who asked not to be identified because details of the investigation are confidential. The main weapon at valve station 30 on Aug. 5, 2008, was a keyboard.
![Page 23: Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquitous Vulnerability](https://reader036.fdocuments.in/reader036/viewer/2022070509/589a390c1a28ab8c588b4dbd/html5/thumbnails/23.jpg)
23
ScenariosWould you like to play a game?
Brainstorm plausible-ish scenarios in which cyber attacks can impact mission critical operations
Electric Power Airlines Manufacturing Roll your own