Download - Rune Gustavsson ICS
![Page 1: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/1.jpg)
1
EH2750 Computer application in Power Systems, Advanced Course
Guest Lecture I – Cybersecurity & Architectures
Rune GustavssonICS
2011-11-16 Rune Gustavsson
![Page 2: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/2.jpg)
Rune Gustavsson 2
Overview
• Setting the scene• Important time dependencies• Targeted Persistent Threats (TPT)• Report on Shadow Remote Access Tools (RATs)• Role Based Access Control• Case Study - Stuxnet• Defense in Depth• State-of-The Art Technologies• The role of Cyber Security at KTH• Discussion
2011-11-16
![Page 3: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/3.jpg)
Rune Gustavsson 3
Setting the Scene.
2011-11-16
SystemSmart Grid
External attack• Motive • Opportunity• Method
Internal dysfunctions• Breakdowns• Faulty behaviour
RisksExploits of vulnerabilities• Technical• Organizational• Societal
No well defined system boundaries in a connected world!
![Page 4: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/4.jpg)
4
Basic Time Frames
Basic equation:
P = Protection, D = Detection, R= Response
2011-11-16 Rune Gustavsson
€
ΔP ≥ ΔD+ ΔR
€
E = Re sponseevent − Attackevent
The Exposure time E should be as small as possible! May be very long in cases of TPAs!
![Page 5: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/5.jpg)
Advanced Persistent Threats (APT)• Recent advanced and targeted cyber attacks on infra
stuctures (sabotage, business intelligence, thefts)– Stuxnet – industrial sabotage of Siemens DCS in Iran– Ghostnet – theft of diplomatic information– Aurora – theft of source code and IPR at Google– Night Dragon – industrial and commercial
intelligence of large oil companies– PS3/PSN attack – business sabotage on Sony Play
Station Networks• Also under attack
– RSA– Intellicorp
• Complements short term goals of Cyber crime – Money Laundry
BRUSSELS 15/09/2011 5SEESGEN-ICT - FINAL REVIEW MEETING
![Page 6: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/6.jpg)
Rune Gustavsson 6
Revealed: Operation Shady RAT (I)
• White paper from McAfee August 2011– http://www.mcaffe.com/
• Logs from a C&C server used by intruders since 2006• Conclusions:
– Vast amounts of data (petabytes) has been lost to (unknown) users– Represent a massive economic threat to individual companies
and industries and even countries that face the prospect of decreased economic growth un a suddenly more competitive landscape ad the loss of jobs in industries that lose out to unscrupulous competitors in other part of the world
2011-11-16
![Page 7: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/7.jpg)
Rune Gustavsson 7
Revealed: Operation Shady RAT (II).
2011-11-16
![Page 8: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/8.jpg)
Rune Gustavsson 8
Revealed: Operation Shady RAT (III).
2011-11-16
Note the logged duration times since2006!
![Page 9: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/9.jpg)
Rune Gustavsson 9
Role Based Access Control (RBAC)The strategy of role-based access control includes restriction to
minimally required rights and functions for users, operators, devices, network and software components. Close consultation on the following aspects is required to achieve effective protection with this strategy without restricting normal activities:
• Access control for the respective plant and its area protection• Intended use of individual devices and software components• Organization of the production and its areas of responsibility and thereby
for the plant manager• Administration of the plant • Responsibilities of the operator
2011-11-16
![Page 10: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/10.jpg)
Rune Gustavsson 10
US Strategy for Trusted Identities in Cyber Space
• Background to NSTIC Proposal for Trusted Identities in Cyberspace (April 2011)– Identity theft is costly, inconvenient and all-too
common• In 2010, 8.1 million U.S. adults were the victims of identity
theft or fraud, with total costs of $37 billion.• The average out-of-pocket loss of identity theft in 2008 was
$631 per incident• Consumers reported spending an average of 59 hours
recovering from a “new account” instance of ID theft.
2011-11-16
![Page 11: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/11.jpg)
Rune Gustavsson 11
The Identity Ecosystem (NSTIC)Supports revocations of Identities and Credentials!
2011-11-16
![Page 12: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/12.jpg)
Rune Gustavsson 12
Case Study Stuxnet (I)
.
2011-11-16
![Page 13: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/13.jpg)
Rune Gustavsson 13
Case Study Stuxnet (II).
2011-11-16
![Page 14: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/14.jpg)
Rune Gustavsson 14
Case Study Stuxnet (III)
.
2011-11-16
![Page 15: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/15.jpg)
Rune Gustavsson 15
Case Study Stuxnet (IV).
2011-11-16
![Page 16: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/16.jpg)
Rune Gustavsson 16
Case Study Stuxnet (V).
2011-11-16
![Page 17: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/17.jpg)
Rune Gustavsson 17
Case Study Stuxnet (VI).
2011-11-16
![Page 18: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/18.jpg)
Rune Gustavsson 18
Case Study Stuxnet (VII)
.
2011-11-16
![Page 19: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/19.jpg)
Rune Gustavsson 19
Case Study Stuxnet (VIII)
.
2011-11-16
![Page 20: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/20.jpg)
Rune Gustavsson 20
Case Study Stuxnet (IX)
.
2011-11-16
![Page 21: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/21.jpg)
Rune Gustavsson 21
Case Study Stuxnet (XI).
2011-11-16
![Page 22: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/22.jpg)
Rune Gustavsson 22
Defense in Depth
.
2011-11-16
![Page 23: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/23.jpg)
Rune Gustavsson 23
State-of-The-Art Technologies (I)
Detection• With thousands of workstations and servers under management, most
enterprises have little to no way to effectively make sure they are free of malware and Advanced Persistent Threats (APTs).
• APTs are broadly defined as sophisticated, targeted attacks (as opposed to botnets, banking Trojans and other broad-based threats) that rely heavily on unknown (zero-day) vulnerabilities and delivery via social engineering.
• Multiple recent hacking events made public have highlighted the vulnerabilities of even the most renowned security companies, government contractors and Fortune 500 enterprises.
• This problem can affect any enterprise and a new approach to combat these threats must be implemented in order to deal with it effectively.
2011-11-16
![Page 24: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/24.jpg)
Rune Gustavsson 24
State-of-The-Art Technologies (II)• Using Signatures to detect attacks (malware) is hard
(impossible)!
2011-11-16
![Page 25: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/25.jpg)
Rune Gustavsson 25
State-of-The-Art Technologies (III)
• Using the ECAT tool on-line monitoring of system memories to address APT threats (http://www.siliciumsecurity.com/)
2011-11-16
![Page 26: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/26.jpg)
Rune Gustavsson 26
State-of-The-Art Technologies (IV)
.
2011-11-16
![Page 27: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/27.jpg)
Rune Gustavsson 27
State-of-The-Art Technologies (IV)
.
2011-11-16
Defining zones and conduits by virtualizations
![Page 28: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/28.jpg)
Rune Gustavsson 28
State-of-The-Art Technologies (V)
.
2011-11-16
![Page 29: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/29.jpg)
Rune Gustavsson 29
State-of-The-Art Technologies (VI)
.
2011-11-16
![Page 30: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/30.jpg)
Rune Gustavsson 30
State-of-The-Art Technologies (VII)
.
2011-11-16
![Page 31: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/31.jpg)
Rune Gustavsson 31
State-of-The-Art Technologies (VIII).
2011-11-16
![Page 32: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/32.jpg)
Rune Gustavsson 32
State-of-The-Art Technologies (IX)
.
2011-11-16
![Page 33: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/33.jpg)
Rune Gustavsson 33
State-of-The-Art Technologies (X)
.
2011-11-16
![Page 34: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/34.jpg)
Rune Gustavsson 34
State-of-The-Art Technologies (XI)
.
2011-11-16
![Page 35: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/35.jpg)
Rune Gustavsson 35
State-of-The-Art Technologies (XII)
.
2011-11-16
![Page 36: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/36.jpg)
Rune Gustavsson 36
State-of-The-Art Technologies (XIII)
.
2011-11-16
![Page 37: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/37.jpg)
Rune Gustavsson 37
The Role of Cyber Security at KTH
• Ongoing EU sponsored Projects on Smart Grids– Grid4EU• Total budget about 55 MEURO• Kick-OFF November 21st – 22nd November 2011• Swedish partners: KTH, Vattenfall, and ABB
– KIC InnoEnergy• INSTINCT
2011-11-16
![Page 38: Rune Gustavsson ICS](https://reader036.vdocument.in/reader036/viewer/2022062314/56813d54550346895da70e7a/html5/thumbnails/38.jpg)
Rune Gustavsson 38
Discussion
• Thanks!
2011-11-16