achema 2018: cyber security – why and ho · mobile app guard/patrol refinery security system...

The cyber security for the protection of integrated ICT and SCADA systems

© General Dynamics Mission Systems. All rights reserved. 1

June 14th , 2018

Filippo SilvestriBD & Sales Manager GDGeneral Dynamics Page Europa

ACHEMA 2018: Cyber Security – why and how

Introducing GD and PAGE Europa


3

GD Mission SystemsEMPLOYEES: 12,500FACILITIES: 113COUNTRIES: 27CUSTOMER SERVICE 24/7

GD CorporationEMPLOYEES: 90,800About US$ 32 Billion Revenues

Turn Key Systems Integration

ServicesTelecoms, Security & IT SystemsDesign, Engineering, Procurement, Integration, Validation, Test & IFAT, On‐Site Installation ‐Activities & Services, Maintenance, Training & Technical Support

CustomerBenefits

SINGLE INTERFACE & SINGLE SOURCE of RESPONSIBILITY for Engineering, Procurement & Delivery of several multi‐disciplinary fully integrated systems

REDUCED RISKS

PRICE EFFECTIVE Projects

DELIVERING “Right First Time”, ON‐TIME & ON‐BUDGET

PAGE Europa Offer

© General Dynamics Mission Systems. All rights reserved.

Port & Airport AuthoritiesDubai & Abu Dhabi (UAE), Oman,Italy, Kingdom of Saudi Arabia

Oil & Gas CompaniesQP (Qatar), Ras Gas (Qatar), BP, SHELL, ExxonMobil, ENI, NESTE OIL, ADCO (UAE), AGIP KCO (Kazakhstan), KPO (Kazakhstan), SONATRACH (Algeria), Anadarko (Algeria), SABIC‐YANBU (KSA),

PDO (Oman), SCOP (Iraq)

Ministries of Interior/Defence& Government AgenciesTurkey, Poland, Portugal, Germany, The Netherlands, Greece, UK,

Norway, Belgium, UAE, Italy, Albania

EPC & PMC ContractorsPETROFAC, KBR / KELLOGG, AMEC, WorleyParsons,

FLUOR, CB&I, JGC, HYUNDAI HI,AKER KVAERNER / SOLUTIONS, BECHTEL, TECHNIP, SAIPEM /

SNAMPROGETTI

NATO AgenciesNCIA, NC3A, NAMSA, NACMA,

SHAPE, AF South, AF Cent, AF North

Page Europa Main customers



On‐Shore Security Control Room

Harbor Master Control Room

Khalifa Port (UAE)


• 450 km of FO Cable• 105 wireless LAN access points• 70 network switches• 230 Access control points• 34 Security Gates • 350 CCTV Cameras• 200 UPS Systems• 400 km PIDS

Page Europa prime contractor for Security & Telecom Systems

BP Khazzan Gas (Oman)

9

Next Generation Security Systems

Panic Button

RADARPIDSFire\SmokeWaterHRAccess Control

Environmental Monitoring

ParkingVMS System

Sensor & Sub Systems

Platform InfrastructureSite

ManagerSite

ManagerDB

ManagerDB

ManagerUser

ManagerUser

ManagerWork ForceManager

Work ForceManager

ReportGeneratorReport

Generator ……

IT/OTIntegration

IT/OTIntegration CorrelationCorrelation AnalyticsAnalytics Smart

PredictionSmart

PredictionRulesEngineRulesEngine

ProcedureManagerProcedureManager

SimulationManagerSimulationManager

System of Systems

Sensor & Sub‐Systems Agnostic

MobileTeam App

User AppManagerDashboard

DepartmentSituationManagement

Command & Control

Situation Management


10

Refinery: one holistic system

Physical Identity & Access

Management

Security Systems

Screening Device

1

2

Visitors management

3

External systems

Health Monitoring3

RIL GIS4

Local Management

Users

Security/Safety Personal

1

Executive Management3

2

Mobile App

Guard/Patrol

REFINERYSECURITYSYSTEM

SCADA1 Master HR

Attendance Systems

2

Access Events & Alarms

Emergency alarm – using attached manual alarm button

Alerts & Warnings

Alerts from Production sensors

Employee Information

Site layouts Geo Locatedinformation

Location, task, status, panic button, photo/video

Web Client

Electronic Fence4

VMS and Analytics5

Fire alarm6

Social media7

Web Client

Web Client

Intrusion Indication

Emergency alert

Video, alerts

Fire Alerts

Social MediaAlerts

Disaster mngmt-Fire alarm, Flooding

alarm

5

Alarms Status of connected systems


About subject…


14

Vulnerabilities by ICS Component Types

In the last years, the most vulnerable Industrial Control Systems components were HMI –Human Machine Interface, Electric Devices and SCADA systems. The “Electric Device” category consists of distance protection devices, gas detectors, pumps, power analyzers, reclosercontrol and relay platform units.

The graph demonstrates the vulnerability severity distribution for different types of ICS components.

(Karspersky Lab, ICS Vulnerabilities Statistics)

Rapid Digital growth

15

500BIn 2030

50BIn 202015B

Devices Today

Incidents – Chronological Perspective

16


17


18

Industry 4.0

19

Industial IoT TRUSTWORTHINESS

20

Traditional security vendors are dependent on signature-based technology. Their research teams explore cyberspace, catalog threats, attack vectors, vulnerabilities, signatures, and other techniques to learn how attackers think and design their attacks. Then, vendors push regular updates our to their customers that are designed to alert when they recognize a familiar threat pattern. This concept of "blacklisting & shipping" is, in fact, a losing war, as it cannot deal with what is unknown.

Next came the next-generation technologies - decoy honeypots, containment, behavioral detection, machine learning and artificial intelligence.Additional technologies focused on detecting threats via their attack vector. Yet the threats continue to get through - bypassing security technologies layer by layer, until reaching their final destination - endpoints and servers. Once the malware reaches their destination, the damage stage of the attack begins: deleting files, altering data, data exfiltration or data encryption.


Cyber Security evolution – It’s an hard challenge


Cyber Security evolution – It’s an hard challenge

A new security paradigm seems to be the solution, in order to prevent any future threats, without actually having to know anything about the threat in order to prevent it.A solution designed on following assumptions:1. The attacker will eventually find a way to bypass all security means;2. The threats are already inside, undetected.

Relying on the operating systems behavioral patterns map, it distinguishes between “good” and “bad" actions, detecting and preventing any malicious activity – regardless the threat type, attack vector and origin.

The solution


The biggest challenge in today’s digital era is to effectively deal with both current and

future threats

- while knowing nothing about them.

ABOUT NYOTRON

NSRC Established First Patents First Product Ships US HQ Established Global War RoomFounded in Israel

FoundedFounded 20122012 20132013 20142014 20152015 20162016

Employees Worldwide

50In USA and Israel

2 Offices

THE EVOLUTION OF SECURITY

THE KNOWN

Traditional AV

THE KNOWN UNKNOWN

Next Gen Technologies

THE UNKNOWN

UNKNOWN

??

Threat-agnostic Defense

THE COST OF ATTACKS

$8.6M

Cost of attack

per company

$500B

Cost of global

cyber activity

1

New threat

per second

E-MAIL BAD USB BROWSING UNKNOWN

90%

Of enterprises contain malware in

their network

F IRE WALLS

NAC

Perimeter Endpoint

Proxy

Web Filtering

Sandbox AntiBot

Applicationcontrol

DDoS

SMTP AV

File sanitation

IPS

WAF

Anti spam SSLInspection

Decoy AV

HDLP

HIPS

DLP

THE inv e s tmen t p a r adox

IDS

80% 20%

Your data

Paranoid: Threat-agnostic Defense ™

Protects Your Data Regardless of Type of Threat or Attack Vector

Effectiveness Doesn’t Rely on Prior Knowledge About the Threat

Assumes Threats are Already Inside or Will Bypass Security Layers

Acts as Last Line of Defense

Holistic Approach - Detect. Prevent. Respond. Analyze.

THE NYOTRON DIFFERENCE

Threat-agnostic Defense ™ Approach

.

Attack Method

Payload

Infection

Damage

Drive By Download

Buffer Overflow

Cross-Zone Attack

Heap Spray

Privilege Escalation

Cross-Site Scripting

Symbolic Link Race

Metamorphic Code

DLL Hijacking

Format Strings

Macros

Polymorphic Code

Click jacking

Buffer Overrun

File System

Network

Registry

Process Management

Drive By DownloadBuffer OverflowCross-Zone AttackHeap SprayPrivilege EscalationCross-Site ScriptingSymbolic Link RaceMetamorphic CodeDLL HijackingFormat StringsMacrosPolymorphic CodeClick JackingBuffer OverrunLIM

ITED

INFINITE

11

22

33

44

Behav i o r mapp ing t e chno l ogy (BPM)

GOOD

GOOD

File Deletion

GOOD GOOD

BADBAD

GOOD

INDEPENDANT PERFORMANCE REPORT JULY 2016

“Nyotron Paranoid solution is focused on zero-day attacks prevention

when all other protection measures were exhausted".

100% of the tested ransomware were not able to cause damage to data

100% of the tested malwares were not able to cause any damage.

Paranoid system could handle 1000 simultaneous threats.

No performance or user experience issues were detected.

Operational & BUSINESS MODELS

CHOOSE YOUR MODEL

WE MANAGE22

PARTNER (MSSP)33

YOU MANAGE11

OPERATIONS VIEW

FORENSICS VIEW INCIDENT VIEW

ACTIVITY MANAGEMENT MONITORING & ALERTING

CRISIS RESPONSEINTELLIGENCE

GLOBAL

WAR ROOM

We have a great success with Paranoid as a service. Nyotron’s Global War Room center helping us through detection and remediation handling. Acknowledging the fact that our traditional security means, such as Anti-Virus and Firewall

systems, cannot protect against Zero-day attacks and APTs, it is a fact that our security posture went up by having Paranoid on board…

CISO, Major US Law Enforcement Agency

PARANOID SERVER

Appliance / Virtual / Cloud

NYOTRON VISIBILITY

Alert, Monitor, Report, & Activity Management

NYOTRON endpoint protection PLATFORM

PARANOID AGENT

Three ways to get Threat-agnostic Defense ™ - You Manage, Nyotron Managed or Partner Managed

PARANOID WAR ROOMPARANOID WAR ROOMPARA

NO

ID P

ROD

UC

TSPA

RAN

OID

PRO

DU

CTS

MAN

AGED

DEF

ENSE

SER

VIC

ES

MAN

AGED

DEF

ENSE

SER

VIC

ES

NYOTRON INTELLIGENCE

Above Plus Intelligence

NYOTRON IR

Above Plus Incident Response

11

22

33

Thank you for your attention!


[email protected]

achema 2018: cyber security – why and ho · mobile app guard/patrol refinery security system...

Documents