verticale

Come dormire sogni (quasi) tranquilli avendo un impianto industriale con i giusti presidi di Cyber Security

Le ragioni dell'hacking.
La differenza tra IT e OT.
Strategie specifiche per ogni impianto.
I passi del ciclo di sicurezza OT.
Segmentazione e segregazione delle reti.
Esempio di Security Architecture.
APN Pubblici.
Automated Vulnerability Assessment.

Scarica il PDF Scarica il PDF
Aggiungi ai preferiti Aggiungi ai preferiti


Atti di convegni o presentazioni contenenti case history
mcT Cyber Security novembre 2017 Cyber Security per i sistemi ICS - Industrial Control System

Pubblicato
da Benedetta Rampini
mcT Cyber Security 2017Segui aziendaSegui




Settori: 

Parole chiave: 


Estratto del testo
Milano, 30 novembre 2017 Gli atti dei convegni e più di 8.000 contenuti su www.verticale.net Cyber Security Alimentare Petrolchimico Petr Mario Testino mtestino@servitecno.it Copyright © 2011-2016 CSA Italy www.cloudsecurityalliance.it Le Ragioni dell'Hacking Hacking for fun (Personal Gratification) Hacking to steal (Information or Money) Hacking to disrupt (Terrorism or
Warfare)
0 500 1000 1500 2000 2500 DIVERTIMENTO FURTO DISTRUZIONE Risorse-Tempo Tempo Investimenti SECURITY, SAFETY E BUSINESS CONTINUITY SONO I PARAMETRI FONDAMENTALI. I SISTEMI OT control ano fisicamente linee, impianti, macchine (anche) al 'interno di INFRASTRUTTURE
CRITICHE
IT/OT OT 4 Level 4 Level 1 Level 2 Level 3 Business Planning & Logistics Plant Production Scheduling, Operational Management, etc Manufacturing Operations Management Dispatching Production, Detailed Production Scheduling, Reliability Assurance, ... Batch Control Discrete Control Continuous Control 1 - Sensing the production process, manipulating the production process 2 - Monitoring, supervisory control and automated control of the production process 3 - Work flow / recipe control to produce the desired end products. Maintaining records
and optimizing the production process. Time Frame Days, Shifts, hours, minutes, seconds 4 - Establishing the basic plant schedule - production, material use, delivery, and
shipping. Determining inventory levels. Time Frame Months, weeks, days Level 0 0 - The actual production process Level 4 Level 1 Level 2 Level 3 Business Planning & Logistics Plant Production Scheduling, Operational Management, etc Manufacturing Operations Management Dispatching Production, Detailed Production Scheduling, Reliability Assurance, ... Batch Control Discrete Control Continuous Control 1 - Sensing the production process, manipulating the production process 2 - Monitoring, supervisory control and automated control of the production proces 3 - Work flow / recipe control to produce the desired end products. Maintaining records
and optimizing the production process. Time Frame Days, Shifts, hours, minutes, seconds 4 - Establishing the basic plant schedule - production, material use, delivery, and
shipping. Determining inventory levels. Time Frame Months, weeks, days Level 0 0 - The actual production process 5 Security Solutions The Perimeter Vendors' Vulnerabilities Standard IT Network Security Solutions Don't Work ' Protocol Barrier The Perimeter Is Breached: Software Updates, Technicians, Physical Presence Connectivity OT Networks Are More Connected Than Ever Vendors' Vulnerabilities' Leave Your Network Exposed Cyber Security in the Industrial Internet Era Copyright © 2011-2016 CSA Italy www.cloudsecurityalliance.it Strategie Specifiche per Ogni Impianto Power Generation Plant Manufacturing Plant Integrated Generation Grid Multi site Utility Petrochemical Plant Copyright © 2011-2016 CSA Italy www.cloudsecurityalliance.it Risk Assessment & Budget Obiettivi: Identificare le aree a maggior rischio dove
convogliare prioritariamente le risorse.
' Identificare I 'Cyber Assets' (Sistemi Critici, Repository dei Dati,
Network, Industrial Network, PLC, wifi, ecc.) ' Identificare e quantificare le possibili vulnerabilità ' Identificare e quantificare le possibili minacce ' Identificare e quantificare le possibili conseguenze ' Determinare il possibile rischio ' Realizzare un piano di mitigazione (possibilmente ad obiettivi) Model o del a norma ISO2700X Politiche e Standard di Sicurezza ' Identity management 'Systems security
' Information Security ' monitoring & management ' Esiti del monitoraggio 'Analisi dei cambiamenti
'Conformità 'Norme e procedure di sicurezza 'Ruoli e responsabilità
'Progetti di sicurezza ' Analisi di:
' Rischi e Business impact
' Risorse e sistemi
' Vulnerabilità
' Piani di miglioramento Assessme nt Implemen tazione Gestione Controllo 9 Non ho ancora ricevuto
attacchi cyber quindi sono al
sicuro'vero' Copyright © 2011-2016 CSA Italy www.cloudsecurityalliance.it ATTACK SURFACE Enterprise Network Internet IT Proteggere i dati OT Proteggere critical assets Primary control center SCADA Network Remote stations DCS Local production DMZ IT e OT: perimetro e superficie d'attacco 11 Grow with the Customer Asset Discovery Automated Vulnerability Assessment Situational Awareness for Anomaly Detection Distributed Deployments OT SOC Industrial Threat Intelligence Disaster Recovery Dynamic Firewall Rules Data Server File/Print Server App. Server Workstation Laptop computer Router Plant A Zone Controller Controller I/O I/O App. Server Data Server Maint. Server Plant A Control Zone Firewall Data Server File/Print Server App. Server Workstation Laptop computer Router Plant B Zone Data Server File/Print Server App. Server Workstation Laptop computer Router Plant C Zone Mainframe Workstation Laptop computer Server Server Enterprise Zone Firewall Enterprise Conduit Plant Control Conduit Controller Controller I/O I/O App. Server Data Server Maint. Server Plant B Control Zone Firewall Firewall Plant Control Conduit Controller Controller I/O I/O App. Server Data Server Maint. Server Plant C Control Zone Firewall Firewall Plant Control Conduit Enterprise Control Network Manufacturing Operations Network Perimeter Control Network Control System Network Process Control Network Corporate Firewal Industrial Firewal Source: Byres - Tofino 16 IED IED IED Cloud STABILIMENTO PERIFERICO 1 STABILIMENTO PERIFERICO 2 STABILIMENTO PRINCIPALE Internet FORNITORI ESTERNI Copyright © 2011-2016 CSA Italy www.cloudsecurityalliance.it 1 3 6 7 Mobile BI- KPI/ Allarmi 4 5 2 Client Scada-Historian-KPI SCADA Server Datacenter/Historian Server KPI/ ALM Server RTU su APN Privata/Pubblica Copyright © 2011-2016 CSA Italy www.cloudsecurityalliance.it RTU su APN Privata/Pubblica Datacenter/Historian Server LAN KPI/ ALM Server Client Scada-Historian-KPI SCADA Server Datacenter/Historian Server LAN KPI/ ALM Server Client Scada-Historian-
KPI
SCADA Server Sede principale e relative RTU Impianti secondari completi 21 Automated Asset Discovery 22 Analyst Tools: Investigation & Data Mining 23 Automated Vulnerability Assessment 24 10. Clear text / weak passwords 9. Illegal remote connections to OT 8. Unexpected / unknown devices in the network 7. Misconfigured PLCs
6. Operational malfunctions
5. Generic and targeted malware
4. Manufacturer vulnerabilites
3. Multiple wireless access points
2. Direct internet connections
1. Exploitable attack vectors! Le principali vulnerabilità scoperte Dubbi' Domande' www.servitecno.it/cyber-security


© Eiom - All rights Reserved     P.IVA 00850640186