censec homeland security conference 2018€¦ · censec homeland security conference 2018 the...
TRANSCRIPT
![Page 1: CenSec Homeland Security Conference 2018€¦ · CenSec Homeland Security Conference 2018 The Energy Sector Michael Lisanti . Where Industrial Control System (ICS) Attacks are coming](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0cee687e708231d437d6ee/html5/thumbnails/1.jpg)
CenSec Homeland Security Conference 2018 The Energy Sector
Michael Lisanti
![Page 2: CenSec Homeland Security Conference 2018€¦ · CenSec Homeland Security Conference 2018 The Energy Sector Michael Lisanti . Where Industrial Control System (ICS) Attacks are coming](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0cee687e708231d437d6ee/html5/thumbnails/2.jpg)
Where Industrial Control System (ICS)
Attacks are coming from
Breakdown of origin countries for non-critical and critical attacks from Trend Micro SCADA honeypot research
![Page 3: CenSec Homeland Security Conference 2018€¦ · CenSec Homeland Security Conference 2018 The Energy Sector Michael Lisanti . Where Industrial Control System (ICS) Attacks are coming](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0cee687e708231d437d6ee/html5/thumbnails/3.jpg)
“Hacker” Management Interface (HMI)
and ICS Vulnerabilities
Alert (TA18-074A) Russian Government
Cyber Activity Targeting Energy and Other
Critical Infrastructure Sectors Original release date: March 15, 2018 | Last revised: March 16, 2018
![Page 4: CenSec Homeland Security Conference 2018€¦ · CenSec Homeland Security Conference 2018 The Energy Sector Michael Lisanti . Where Industrial Control System (ICS) Attacks are coming](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0cee687e708231d437d6ee/html5/thumbnails/4.jpg)
Cybersecurity Capability Maturity Model (C2M2) US Department of Energy (DoE)
• Public-private partnership
• Improve Energy Sector capabilities,
bench marking, knowledge sharing
• IT and OT best practices
• Informed by CMU SEI CERT Resilience Maturity Model
(CERT-RMM)
Cybersecurity Capability Maturity Model (C2M2)
Electricity Subsector Cybersecurity Capability
Maturity Model (ES-C2M2
Oil and Natural Gas Subsector Cybersecurity
Capability Maturity Model (ONG-C2M2)
![Page 5: CenSec Homeland Security Conference 2018€¦ · CenSec Homeland Security Conference 2018 The Energy Sector Michael Lisanti . Where Industrial Control System (ICS) Attacks are coming](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0cee687e708231d437d6ee/html5/thumbnails/5.jpg)
100+ Faculty | University-Wide | 200+ Students | 1 CMU
Creating a world where people can trust technology
100+ Faculty | University-Wide | 200+ Students | 1 CMU
Creating a world where people can trust technology
![Page 6: CenSec Homeland Security Conference 2018€¦ · CenSec Homeland Security Conference 2018 The Energy Sector Michael Lisanti . Where Industrial Control System (ICS) Attacks are coming](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0cee687e708231d437d6ee/html5/thumbnails/6.jpg)
Addressing the Cybersecurity Workforce Crisis CMU picoCTF: Inspiring Students in STEM
• World’s largest online hacking competition
• 75,000+ students from 1000+ USA
middle/high schools and 154 countries
have competed
• Supported by global sponsors
Norway classroom
![Page 7: CenSec Homeland Security Conference 2018€¦ · CenSec Homeland Security Conference 2018 The Energy Sector Michael Lisanti . Where Industrial Control System (ICS) Attacks are coming](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0cee687e708231d437d6ee/html5/thumbnails/7.jpg)
CyLab Brings Together CMU’s Research Foundations in Security and Privacy
Network security
Computing
Policy People
Software security
Cyber physical systems and IoT
Hardware security
Language-based security and verification
Cryptography & Blockchain App
Trustworthy computing
Usable privacy and security
Behavioral science
Security Economics
Risk analysis & management
Adversary and threat modeling
Privacy engineering
Data Security & privacy regulation
Biometrics and authentication
Mobile security and privacy
Web and application
security
Systems security
Decision science
AI & Machine Learning
![Page 8: CenSec Homeland Security Conference 2018€¦ · CenSec Homeland Security Conference 2018 The Energy Sector Michael Lisanti . Where Industrial Control System (ICS) Attacks are coming](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0cee687e708231d437d6ee/html5/thumbnails/8.jpg)
Privacy & Compliance
Uptime & Reliability
Scalability Safety & Security
Why is Securing IoT Challenging?
Speed & Cost
&
![Page 9: CenSec Homeland Security Conference 2018€¦ · CenSec Homeland Security Conference 2018 The Energy Sector Michael Lisanti . Where Industrial Control System (ICS) Attacks are coming](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0cee687e708231d437d6ee/html5/thumbnails/9.jpg)
Secure and Private IoT Vision
OPERATE
DEPLOY
BUILD
Detect & Remediate (Months to Years)
TRUST
AUTONOMOUS HEALING
ACCOUNTABILITY
Detect & Remediate
(Milliseconds to Seconds)
![Page 10: CenSec Homeland Security Conference 2018€¦ · CenSec Homeland Security Conference 2018 The Energy Sector Michael Lisanti . Where Industrial Control System (ICS) Attacks are coming](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0cee687e708231d437d6ee/html5/thumbnails/10.jpg)
Autonomous Software Defined
Networks (SDN)
Secure and Private IoT
Privacy-Respecting AI Reporting
Autonomous Healing
1
Trust 2
Accountability 3
Secure Primitives
![Page 11: CenSec Homeland Security Conference 2018€¦ · CenSec Homeland Security Conference 2018 The Energy Sector Michael Lisanti . Where Industrial Control System (ICS) Attacks are coming](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0cee687e708231d437d6ee/html5/thumbnails/11.jpg)
City-Scale IoT
![Page 12: CenSec Homeland Security Conference 2018€¦ · CenSec Homeland Security Conference 2018 The Energy Sector Michael Lisanti . Where Industrial Control System (ICS) Attacks are coming](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0cee687e708231d437d6ee/html5/thumbnails/12.jpg)
Progressive Strategy
![Page 13: CenSec Homeland Security Conference 2018€¦ · CenSec Homeland Security Conference 2018 The Energy Sector Michael Lisanti . Where Industrial Control System (ICS) Attacks are coming](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0cee687e708231d437d6ee/html5/thumbnails/13.jpg)
Principles: Advancing IoT Security Research
Security is a Team Sport. Solve hard problems.
Sponsors participate, influence, integrate personnel throughout research lifecycle
Supports 8-10 graduate students, 1-2 professional developers
Build relationships with students, faculty, other sponsors
Make it Tangible. Build actual systems & software.
Annual Call for Proposal seeds innovation projects
Integrated IoT reference stack, incrementally refine
Living lab testbed extended to smart cities, other verticals
Open source, permissive license. Take research in-house
Amplify Investment. Make bigger impact.
$30MM+ in government funding
Sponsor funds pooled: $1M+/yr research funded (>5x amp.)
![Page 14: CenSec Homeland Security Conference 2018€¦ · CenSec Homeland Security Conference 2018 The Energy Sector Michael Lisanti . Where Industrial Control System (ICS) Attacks are coming](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0cee687e708231d437d6ee/html5/thumbnails/14.jpg)
Goal: Develop IoT Reference Research Stack
Secure and Privacy-Respecting IoT
Open source end-to-end architecture, artifacts, platform for creating autonomous healing, trusted, accountable Internet of Things
Multiyear project and living lab testbed, deploying into smart cities, building on Carnegie Mellon CyLab security and privacy heritage
Partnering with a limited number of technology leader companies
![Page 15: CenSec Homeland Security Conference 2018€¦ · CenSec Homeland Security Conference 2018 The Energy Sector Michael Lisanti . Where Industrial Control System (ICS) Attacks are coming](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0cee687e708231d437d6ee/html5/thumbnails/15.jpg)
#1 Competitive Computer Hacking Team (DefCon CTF competition)
#1 DARPA Cyber Grand Challenge Winner (Mayhem)
#1 World’s First Computer Emergency Response Team (CERT®)
#1 Cyber Security Graduate Programs (Universities.com)
#1 School of Computer Science (U.S. News & World Report)
#1 Artificial Intelligence (U.S. News & World Report)
100+ Faculty 200+ Graduate students
100+ security/privacy courses 25,000 ft2 of collaborative research space
1442 Faculty 14,528 Students
111 countries represented 7 colleges, global presence
Why Partner With Us?
#1 Startups Per Research Dollar (Association of University Technology Managers)
#1 Information & Technology Management (U.S. News & World Report)
#4 Computer Engineering (U.S. News & World Report)
#10 Best for New Hires (Wall Street Journal)
27,000 participants in world’s largest hacking contest (picoCTF)
215,000+ professionals trained in cybersecurity
Accolades
![Page 16: CenSec Homeland Security Conference 2018€¦ · CenSec Homeland Security Conference 2018 The Energy Sector Michael Lisanti . Where Industrial Control System (ICS) Attacks are coming](https://reader035.vdocuments.us/reader035/viewer/2022081405/5f0cee687e708231d437d6ee/html5/thumbnails/16.jpg)
How would you like to collaborate on cybersecurity research and education?
Michael Lisanti Director of Partnerships
+1 412-268-1870 [email protected] www.cylab.cmu.edu