omar sherin - ts4 - kiacs · microsoft powerpoint - omar sherin - ts4 author: presentations created...
TRANSCRIPT
![Page 1: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/1.jpg)
S-HAZOP - merging OT Cyber & Safety
![Page 2: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/2.jpg)
About me
![Page 3: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/3.jpg)
Disclaimer
►S-HAZOP is an EY Methodology
►Images in this presentation are derived from► EY
► Tennessee Eastman Chemicals
► Honeywell
► International Congress of Catalysis
► DHS.gov.us
All rights preserved to original owners
![Page 4: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/4.jpg)
A prelude …a status update on our 3 years ongoing OT Honeynet research
![Page 5: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/5.jpg)
Still seeing lots of malicious attacks – with safety in scope !
![Page 6: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/6.jpg)
The MENA PLC is still the worst for 3rd year running
Most traffic coming from China, Russia, USA, Iran (Not Research)
![Page 7: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/7.jpg)
What are the current scenarios
Purity Price Euro/KG
98% 78
99% 392
100% 649,000
Paracetamol 2017 Prices
![Page 8: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/8.jpg)
Quiz
Assume NOWYou have full access to a REAL plant
Find the Soft SpotFor a quick disaster
![Page 9: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/9.jpg)
Tennessee Eastman
15.1Time Constant of 60 Min
11.2
114.5
96.0
![Page 10: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/10.jpg)
OT hackers
►OT Hackers need to deal with a lot of variables
►Obtaining access is NOT Obtaining control
►Breaking INTO the system Is just the beginning
![Page 11: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/11.jpg)
Break attacks
![Page 12: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/12.jpg)
Production damage attacks
![Page 13: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/13.jpg)
Toxic emissions attack
![Page 14: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/14.jpg)
Lots of knowledge
►Not Yet
►Not Yet
►NOW
►Too Late
Impact of 8 Hours of DDoS on a Reactor Pressure Sensor at Random Times
The changes done at 200c are NOT the same as on 230c
![Page 15: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/15.jpg)
New OT Cyber kill chain (post Trisis)
![Page 16: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/16.jpg)
So we need to “reconsider” how we calculate plant operations risks
![Page 17: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/17.jpg)
Security HAZOP study
![Page 18: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/18.jpg)
S-HAZOP (Independent layers of protection)
![Page 19: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/19.jpg)
S-HAZOP (Process safety & cyber threats)
![Page 20: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/20.jpg)
S-HAZOP (Components break down)
![Page 21: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/21.jpg)
Example
![Page 22: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/22.jpg)
S-HAZOP …the tool
![Page 23: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/23.jpg)
S-HAZOP …the tool in action
![Page 24: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/24.jpg)
QUESTIONS?
![Page 25: Omar Sherin - TS4 - KIACS · Microsoft PowerPoint - Omar Sherin - TS4 Author: Presentations Created Date: 12/13/2019 6:46:51 PM](https://reader033.vdocument.in/reader033/viewer/2022042612/5f5d9dfb43805b12e9201dc6/html5/thumbnails/25.jpg)
Thank you
References
• Dragos Activity Groups. https://dragos.com/adversaries/
• Diamond Model. http://www.activeresponse.org/the-diamond-model/
• Starlink Telsarati article. https://www.teslarati.com/spacex-starlink-satellite-internet-us-air-force-testing/
• Collection Management Frameworks. https://dragos.com/resource/collection-management-frameworks-beyond-asset-inventories-for-preparing-for-and-responding-to-cyber-threats/
• Consequence Analysis. https://dragos.com/resource/dependency-modeling-for-identifying-cybersecurity-crown-jewels-in-an-ics-environment/