industrial cybersecurity & scada hacks presentation

11
SCADA Cyber Security Attacks & & Mitigation Presentation Friday 8 th 2016 Gavin Davey B.S.c (Hons 1st), CRISC, CEH, CISA, ISO RM, CLSSP, CCNP

Upload: gavin-davey

Post on 18-Jan-2017

196 views

Category:

Documents


3 download

TRANSCRIPT

SCADA Cyber Security Attacks & & Mitigation

Presentation Friday 8th 2016

Gavin Davey B.S.c (Hons 1st),

CRISC, CEH, CISA, ISO RM, CLSSP, CCNP

What is different?

• SbD

• Air gaps

• Network segmentation

• Security Programme and policies

• Risk Management

• Regular audits

• On-going pen testing & gap analysis

High Level Design

Real world examples • 2000 – Gazprom, Russia

– Gas control lost for 1 week

• 2001 – Australian treatment plant – 246, 000 gallons sewerage released

• 2003 – US Power – 50 million people affected

• 2003 – Ohio Nuclear Plant – Slammer worm

• 2008 – Lodz city – 4 trams derailed

• 2012 – Aramco – 10% of worlds oil

• 2013 – Dragonfly with malware – Havex/Energetic bear

• 2 weeks ago -Ukrainian power grid – 70, 000 homes affected

2008 Turkey – 1$bn

Incidents reported in 2014 to ICS –CERT (245 in total)

High Level Plan

• Security-by-design (SbD)

• Recruiting:

• Commercial/Funded research

• Resource

Questions?