1 / 13

Critical infrastructure protection: standardization to protect critical infrastructure objects

ITU Workshop on “ICT Security Standardization for Developing Countries” (Geneva, Switzerland, 15-16 September 2014). Critical infrastructure protection: standardization to protect critical infrastructure objects. Viacheslav Zolotnikov, Sr.Technology Research Manager, Kasperksy Lab,

unity-bonner
Download Presentation

Critical infrastructure protection: standardization to protect critical infrastructure objects

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITU Workshop on “ICT Security Standardizationfor Developing Countries” (Geneva, Switzerland, 15-16 September 2014) Critical infrastructure protection: standardization to protect critical infrastructure objects Viacheslav Zolotnikov, Sr.Technology Research Manager, Kasperksy Lab, Viacheslav.Zolotnikov@kaspersky.com

  2. Threats History • Slammer, Blaster and the Great Blackout • January 2003, the Slammer worm knocked out 911 emergency telephone service in Bellevue, Wash. • The Blaster worm affected more than a million computers running Windows during the days after Aug. 11 2003. • “critical to the blackout were a series of alarm failures at FirstEnergy, a power company in Ohio” • computer hosting the control room's "alarm and logging software" failed • status computer at the Midwest Independent Transmission System Operator, a regional agency that oversees power distribution, failed Source : https://www.schneier.com/essays/archives/2003/12/blaster_and_the_grea.html

  3. Threats History • Stuxnet quickly propagated throughout Natanz • A double agent used a typical USB drive carrying a deadly payload to infect Iran's Natanz nuclear facility with the highly destructive Stuxnet computer worm, according to a story by ISSSource • “August 2010, Stuxnet, as a worm intended to hit critical infrastructure companies left a back door that was meant to be accessed remotely to allow outsiders to stealthily control the plant” • “Malware includes a rootkit, which is software designed to hide the fact that a computer has been compromised, and other software that sneaks onto computers by using a digital certificates signed two Asian chip manufacturers that are based in the same industrial complex - RealTek and Jmicron” Source : http://www.cnet.com/news/stuxnet-delivered-to-iranian-nuclear-plant-on-thumb-drive/

  4. Threats History • Jan.07 2014: Monju nuke power plant facility PC infected with virus • “A computer being used at the Monju prototype fast-breeder reactor facility in Tsuruga, Fukui Prefecture, was recently discovered to have contracted a virus, and officials believe that some data from the computer may have been leaked as a result” • “According to the Japan Atomic Energy Agency, which operates the facility, the computer in question was being used by on-duty facility employees to file company paperwork when the virus was first detected on Jan 2” • “…the computer was infected with the virus when a video playback program was attempting to perform a regular software update” Source : http://www.japantoday.com/category/national/view/monju-power-plant-facility-pc-infected-with-virus

  5. Threats History • Backdoor In Equipment Used For Traffic Control, Railways Called “Huge Risk” • Security hole (back door account “factory”) in industrial control software by the firm RuggedCom • Potentially affected wide range of critical infrastructure, including rail lines, traffic control systems and electrical substations • April 2011 to July 2011 – no actions from RuggedCom • February 2012 : US-CERT notified and “warning” issued Source: http://threatpost.com/backdoor-equipment-used-traffic-control-railways-called-huge-risk-042512/76485

  6. Issues • Main issue – Do not “touch” the working system.How about computer system connected to the internet ? • Hacking • Passwords complexity check bypass, hardcoded passwords for systems • System’s regular maintenance, applying patches • HMIs using mobile phone interfaces

  7. Kaspersky SCADA Honeypot • Run in September’13 • SCADA computer with public IP “acting as industrial system PC” • 1294 unauthorized access attempts • 422 succeded access cases • 34 cases of access by the development environment systems • 7 cases of downloading the PLC configuration • 1 case of PLC reprogramming (!!!)

  8. Researchers Delivers • During talks on SCADA security problems at the Kaspersky-Threatpost Security Analyst Summit [in Feb’12], several other researchers talked about the serious issues inherent in these ICS installations, and the picture they painted is one of systemic problems and a culture of naivete about security in general. Terry McCorkle, an industry researcher, discussed a research project he did with Billy Rios in which they went looking for bugs in ICS systems, hoping to find 100 bugs in 100 days. That turned out to be a serious underestimation of the problem. • “It turns out they’re stuck in the Nineties. The SDL doesn’t exist in ICS,” McCorkle said. “There are a lot of ActiveX and file format bugs and we didn’t even bother looking at problems with services. Ultimately what we found is the state of ICS security is kind of laughable.” Source: http://threatpost.com/state-scada-security-laughable-researchers-say-020312

  9. Researchers Conclusion • “Those ICS and SCADA systems under research were developed in last century by people from last century using standards from last century”

  10. Remarkable Standards in 2013-14 • Under development • IEC 62443 (former ISA99, adopted ISA 2700x) • NIST DRAFT Guide to Industrial Control Systems (ICS) Security SP 800-82 Rev.2 • Released : • NIST Framework for Improving Critical Infrastructure Cybersecurity

  11. Key principles of secured system development to be standardized • Complete mediation • Components isolation (processes, resources) • All sensitive operations control • Tamperproof • Have trusted execution base minimal and structured • Resistance to external actions, incorrect queries, etc. • Security configuration protection • Verifiability • Structured, compact and tested • Formal/semi-formal methods • Platform • Flexibility in security policy definitions • Secured systems development methodology

  12. Recommendations • Create a collaborative working group of experts within ITU-T to address nowadays Critical Infrastructure Systems threats • Focus on secure systems development standardization for critical infrastructures and ICS • Initiate the work for standards for ICS and Critical Infrastructure Systems • Involve world-wide practitioners and make ICS standards available for all countries to share best practices enforced by standards

  13. Thank you

More Related