ics cybersecurity: how to protect the proprietary cyber assets that hackers covet and wmi cannot see
TRANSCRIPT
![Page 1: ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers Covet and WMI Cannot See](https://reader036.vdocument.in/reader036/viewer/2022062412/587e6e621a28ab38068b4d87/html5/thumbnails/1.jpg)
How to Protect the Proprietary Cyber Assets That Hackers Covet and WMI Cannot See
David ZahnCMO, GM of Cybersecurity Business Unit
![Page 2: ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers Covet and WMI Cannot See](https://reader036.vdocument.in/reader036/viewer/2022062412/587e6e621a28ab38068b4d87/html5/thumbnails/2.jpg)
Agenda• A Simple Test• Challenges With Taking Stock• Inventory Done Right
© PAS - Confidential and Proprietary 2015 | 2
![Page 3: ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers Covet and WMI Cannot See](https://reader036.vdocument.in/reader036/viewer/2022062412/587e6e621a28ab38068b4d87/html5/thumbnails/3.jpg)
3
A Simple Test
![Page 4: ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers Covet and WMI Cannot See](https://reader036.vdocument.in/reader036/viewer/2022062412/587e6e621a28ab38068b4d87/html5/thumbnails/4.jpg)
Impact Of This ICS-CERT Vulnerability to the Enterprise?
• HART DTM Vulnerability• Honeywell Temperature
Sending Unit• Impact– Cease operations until
restarted
© PAS - Confidential and Proprietary 2015 | 4
![Page 5: ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers Covet and WMI Cannot See](https://reader036.vdocument.in/reader036/viewer/2022062412/587e6e621a28ab38068b4d87/html5/thumbnails/5.jpg)
Detect An Inadvertent Engineering Change?
•Safety instrumented system (Triconex) configuration change•Bypass condition
masked from operator
© PAS - Confidential and Proprietary 2015 | 5
![Page 6: ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers Covet and WMI Cannot See](https://reader036.vdocument.in/reader036/viewer/2022062412/587e6e621a28ab38068b4d87/html5/thumbnails/6.jpg)
Identify the Next Successful Malicious Attack?
© PAS - Confidential and Proprietary 2015 | 6
Anatomy of Stuxnet AttackSiemens S7:• Memory Block DB890• AWL File
![Page 7: ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers Covet and WMI Cannot See](https://reader036.vdocument.in/reader036/viewer/2022062412/587e6e621a28ab38068b4d87/html5/thumbnails/7.jpg)
© PAS - Confidential and Proprietary 2015 | 7
You Cannot Secure What You Cannot See
![Page 8: ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers Covet and WMI Cannot See](https://reader036.vdocument.in/reader036/viewer/2022062412/587e6e621a28ab38068b4d87/html5/thumbnails/8.jpg)
8
Challenges with Taking Stock
![Page 9: ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers Covet and WMI Cannot See](https://reader036.vdocument.in/reader036/viewer/2022062412/587e6e621a28ab38068b4d87/html5/thumbnails/9.jpg)
Hidden Cyber Assets Create Risk: A Case Study
© PAS - Confidential and Proprietary 2015 | 9
20%
80%
Network
Proprietary• Heterogeneous,
proprietary systems• Complex architecture• No agents• “Hidden” inventory• I/O cards, firmware,
installed software, configuration & more
• Heterogeneous, but common protocols
• IP addressable• Agent friendly• Inventory in plain sight
Case StudyPAS inventory
engagement to feed vulnerability assessment
ChallengeInventorying, monitoring,
and gaining full compliance on cyber assets
![Page 10: ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers Covet and WMI Cannot See](https://reader036.vdocument.in/reader036/viewer/2022062412/587e6e621a28ab38068b4d87/html5/thumbnails/10.jpg)
10
Inventory Done Right
![Page 11: ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers Covet and WMI Cannot See](https://reader036.vdocument.in/reader036/viewer/2022062412/587e6e621a28ab38068b4d87/html5/thumbnails/11.jpg)
Information Technology
Inventory In Depth (a sample data set)
© PAS - Confidential and Proprietary 2015 | 11
Windows• Ports & services• User accounts• Anti-virus• Events• OS information• HW information (HD,
memory, etc.)
Network• Global switch settings• Interface definitions• VLANS• Routing tables• Firewall objects
Operational TechnologyDCS
• IO Cards• Controllers• Com Modules• Operator Stations• Application Stations • Wireless IO Modules • Control Level Firewall• Applications
PLC / Vibration Monitoring• IO Cards• Controllers• Com Modules• 3rd Party Module• Applications
SCADA / Historian / APC • Operator Stations• Application Stations • Applications
Instrumentation• Wireless Devices• Hart Devices• Foundation Fieldbus
Devices• Profibus Devices
Malicious attack (Stuxnet) ICS-CERT Vulnerability Inadvertent Engineering Change
SIS / Turbine Control • IO Cards• Controllers
• Com Modules• Applications
![Page 12: ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers Covet and WMI Cannot See](https://reader036.vdocument.in/reader036/viewer/2022062412/587e6e621a28ab38068b4d87/html5/thumbnails/12.jpg)
Not All Inventory Is Created Equal
© PAS - Confidential and Proprietary 2015 | 12
Networked IT Networked Proprietary Islanded
![Page 13: ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers Covet and WMI Cannot See](https://reader036.vdocument.in/reader036/viewer/2022062412/587e6e621a28ab38068b4d87/html5/thumbnails/13.jpg)
Inventory Options
Manual
• Pros• Flexible
• Cons• Training time• Labor cost• Error prone• Stale data
ICS Vendor Supplied Tool
• Pros• Vendor specific• Purpose-built
• Cons• Multiple formats• Varying capabilities• Different
terminology• Data silos
Centralized and Automated
• Pros• Accuracy• Evergreen inventory• Common data
format• Efficiency• New device
detection
• Cons• Business process
changes
© PAS - Confidential and Proprietary 2015 | 13
![Page 14: ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers Covet and WMI Cannot See](https://reader036.vdocument.in/reader036/viewer/2022062412/587e6e621a28ab38068b4d87/html5/thumbnails/14.jpg)
Good ICS Inventory = Good Compliance
OT + IT Inventory
CIP-002Inventory &
review…
CIP-007Ports,
services, patching…
CIP-008Incident
response, testing, review…
CIP-009Disaster recovery, testing, review…
CIP-010Change &
configuration management…
And more....
© PAS - Confidential and Proprietary 2015 | 14
![Page 15: ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers Covet and WMI Cannot See](https://reader036.vdocument.in/reader036/viewer/2022062412/587e6e621a28ab38068b4d87/html5/thumbnails/15.jpg)
ICS Cybersecurity Best Practices
© PAS - Confidential and Proprietary 2015 | 15
Requirements• Automated OT & IT inventory• Configuration change monitoring & alerts• Patch management• Closed-loop workflows• Backup & recovery
Benefits• Increases internal & regulatory
compliance• Reduces compliance effort • Supports for all major control systems• Hardens control system security• Speeds recovery from downtime
Automation Systems
Single Repository
![Page 16: ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers Covet and WMI Cannot See](https://reader036.vdocument.in/reader036/viewer/2022062412/587e6e621a28ab38068b4d87/html5/thumbnails/16.jpg)
Background• Founded in 1993 with headquarters in
Houston, Texas• Offices in North America, Europe,
Middle East, Africa, Asia, and Australia• Serving Power, Oil & Gas, and
Processing industries globally
Industry Leadership• First-to-market solutions in ICS
Cybersecurity, Alarm Management, and HP HMI
• Honeywell, INTECH, Intergraph, Invensys, and NovaTech ecosystem
• AICHE, EMMUA 191, EPRI, ISA, NERC CIP, NIST, NPRA, and OSHA standards
• 20% annual R&D reinvestment
Who We Are
By The Numbers• 400+ customers
• 1,046 plant sites
• 8,749 licenses
• 20,560 automation assets managed • 40,000+ users
© PAS - Confidential and Proprietary 2015 | 16
![Page 17: ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers Covet and WMI Cannot See](https://reader036.vdocument.in/reader036/viewer/2022062412/587e6e621a28ab38068b4d87/html5/thumbnails/17.jpg)
Thank You
David ZahnCMO, GM of Cybersecurity Business Unit