bridging the air gap

ISA Ireland Section

Cyber Security Conference

8th May 2014

Who Am I?

What is an Air Gap?

In networks, an air gap is a type of

security where the network is secured

by keeping it separate from other local

networks and the Internet. While this

provides security, it also limits access

to the network by clients.

Attack Breakdown

CountryType

TotalCritical Noncritical

Netherlands 0 2 2

China 5 2 7

Germany 1 4 5

Kazahkstan 0 1 1

Canada 0 1 1

USA 0 3 3

Australia 0 1 1

Moldova 0 1 1

Ukraine 0 2 2

UK 1 0 1

France 1 0 1

Palestine 2 1 3

Poland 0 1 1

Slovenia 0 1 1

Japan 0 1 1

Russia 0 43 43

Total 10 64 74

April 2000 – Insider & Hackers

Controlled Central Switchboard

April 2000 – Remote Access

Maroochy Water Services

June 2001 – External Hackers

California Independent System

Operator

January 2003 – Bypassed Firewall

Davis-Besse Plant via Contractor

October 2006 – Infected Laptop

Harrisburg PA Water Treatment

Aug 2007 – Unauthorised Software

Tehama Colusa Canal Authority

March 2009 – Disgruntled Employee

Pacific Energy Resources

October 2010 – Stuxnet

Since 2010 - Specialised Malware

Goodbye Air Gap

BadBIOS – From 2012

2012 Annual Incidents Report

13

76

8

5

6

0 10 20 30 40 50 60 70 80

Third Party Failure

System Failures

Malicious Actions

Human Errors

Natural Phenomena

% Incidents

13

9

4

26

36

0 5 10 15 20 25 30 35 40

3rd Party Failure

System Failures

Malicious Actions

Human Errors

Natural Phenomena

Outage in Hours

“Cyber-attacks are

the 6th most

important cause of

outages in

telecommunication

infrastructures,

with an impact on

considerable

numbers of users

in this sector”

How To Defend

Invest in Right Tools

Awareness

Monitor & Respond

Incident Response & Forensics

@BrianHonan