plant cyber security - forensic it cyber security.pdf§ encryption. confidential data ... minimum...
TRANSCRIPT
![Page 1: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/1.jpg)
Confidential DataDrivenSolutions
PlantCyberSecurityTheRiseofSecurityAnalytics
![Page 2: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/2.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101Purposeofpresentation
§ Inanutshell,wearegoingtochallengeyoutorethinkyourplantcybersecuritystrategyandmakeadjustmentstoprotectyourplantagainstfutureattacks.
§ Wewillgiveyouideastosecureyourplant—andfeelthatitissecure.
§ Wewillstresstoyouthevalueofdetectingandactingonintrusionsinsteadofpreventingthem.
§ Andyes,wewillchallengeyoutoremovevirusprotectionsoftwareandmalwareprotectionsoftwarefromyourplantcomputers.
![Page 3: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/3.jpg)
Confidential DataDrivenSolutions
US
ISO 27001ISO 27002
SOX PCI
FIREWALL ACL
All employees, vendors, contractors, supplementary staff, past and present workers.
IT Manager, Director, CIO
THEM
ESPIONAGESABOTAGE
HACK DDOS
Anonymous persons, foreign government sponsored employees and…
Hacker, Cyber Terrorist
Usvs.ThemFRAUD THEFT
…all employees, vendors, contractors, supplementary staff, past and present workers.
![Page 4: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/4.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101PresentationFlow
§ Firstwearegoingtogetourbearingswithsomedefinitionsanddiscusstheprosandconsoftypicalplantcybersecuritypractices.
§ Nextwewilldiscusswhythesemethodsarealwaysbehindthecurveandinfactprovideafalsesenseofsecurity.§ Don’tyouthinkthateverytimeyouhearaboutabreachinthenewsthatthecompanyaffectedmostlikelyhadsecuritymeasuresinplace?
§ Don’tyouthinkthattheirsecuritymeasuresareprobablysimilartoyours?§ Don’tyouthinktheyfelttheywereprepared?
§ Compliant?
![Page 5: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/5.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101Whatisplantcybersecurity?
Ingeneral,regardlessofindustry,thebasicdefinitionofplantcybersecurityis:
“Toprotectcriticaldigitalassetsandtheinformationtheycontainfromsabotageormalicioususe.”
Wearegoingtobreakthisdownintoitsbasicparts.
![Page 6: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/6.jpg)
Confidential DataDrivenSolutions
SABOTAGEDIGITAL ASSETS MALICIOUS USE
• Steal Industrial secrets
• Disrupt competitor
• Computers
• Network Devices
• Media
• Identify theft
• Fraud
• Extortion
PartsofPlantCyberSecurity
![Page 7: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/7.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101Whataredigitalassets?
§ Digitalassetsincludeandnotlimitedto:§ Computers
§ Anycomputer,controlroomconsole,laptop,server,hand-heldorportabledevice,personalcomputer,vendorcomputer,engineeringstation,oranyothercomputingdevicethatcanaccessyourcontrolsystemnetwork.
§ NetworkDevices§ Anyrouter,switch,hub,ornetworkanalysisdevicethatcanaccessyourcontrolsystemnetwork.
§ StorageDevices§ Anydisk,floppy,DVD,CD,USB,internalorexternalharddrive,flashdrive,opticaldrive,orotherstoragedevicethatcanaccessyourcontrolsystemnetwork.
![Page 8: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/8.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101WhatisSabotage?
§ Sabotagehasafewdifferentforms:§ Deliberateactionaimedatweakeningacorporationthroughsubversion,disruption,ordestruction.
§ Stealingofcommercialsecretsthathaverealcommercialvalue.§ Consciouswithdrawalofefficiencytocausesomechangeintheworkplace.
![Page 9: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/9.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101WhatisMaliciousUse?
§ Themostcommontypesofmalicioususeofcyberdataareidentifytheftandfraud.§ Theseprimarilyareassociatedwithpersonalaccounts,retailwebsites,andbackofficesystems.
§ Withamanufacturer,whataretypesofmalicioususe?§ Makingpubliccorporatesecrets,recipes,formulas,manufacturingmethodologies.
§ Exposingcorporatefraudorwrongdoing;flawsinhiringandfiringpractices,forexample.
§ Poormediaexposure.
![Page 10: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/10.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101TypicalMethodsofProtection
§ Separationofbusinesssystemsandmanufacturingsystems.§ Firewallstokeepintrudersout§ Networkisolation§ AccessControlLists(ACLs)§ Anti-Virus,spyware,andmalwaresoftwareprotection§ CompliancetosecuritystandardsforITandManufacturing§ Passwordmanagement§ Encryption
![Page 11: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/11.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101SeparationofBusinessandManufacturing
§ Althoughthereisalmostalwaysalinkbetweenabusinessnetworkandamanufacturingnetwork,keepingthisataminimumandtightlycontrolledisanecessity.§ Unauthorizedaccesstoaproductionnetworkdoesnotmeanthatbusinesssystemsareabletobereached.
§ Conversely,unauthorizedaccesstoabusinesssystemdoesnotmeanthattheproductionsystem,engineeringstations,etc.,areabletobereached.
![Page 12: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/12.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101Firewalls
§ Afirewallisahardwareorsoftwareappliancethatusesrulestoallow/denynetworktrafficbasedonaddress,protocol,port,orapplication.§ AllowTCPport135,443,etc.§ DenyHTTPport80§ DenyFacebook,YouTube,etc.(requiresupdatedNext-Genfirewalls)§ Allow*.Oracle.com,*.Microsft.com§ Deny*.somebadsite.com
![Page 13: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/13.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101NetworkIsolation
§ Limittrafficthroughrouterandswitchconfigurationstoensureunwantedtrafficcannotaccessspecificnetworks.
§ Ensurethatawirelessconnectioncannotaccesscertainsystemsthatawiredconnectioncan.
§ Disableinterfacesthatlinknetworkstogetherthatarenotusedonaroutinebasis.
![Page 14: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/14.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101AccessControlLists
§ Usinggroups,roles,andindividualpermissions,filesanddatacanbeprotected.
§ MostACLsuseandAllow/Denypolicythatcanacceptanobjecttype(group,role,account)tomanagepermissions.
![Page 15: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/15.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101Anti-Virus,Spyware,andMalwareSoftware
§ Thesepackagesrunonindividualsystemsanduseaknowndatabasetoexamineexecutablesandexecutionsignaturesagainstknownthreats,viruses,spyware,ormalware.
§ Manyofferreal-timeprotectioninwhichtheyareconstantlyanalyzingsignatures,anddoingwhatisreferredtoasaheuristiccheckingtolookforknownbadbehavior(i.e.,portscanning,emailblasts,passwordcracking,etc.
![Page 16: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/16.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101CompliancetoSecurityStandards
![Page 17: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/17.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101PasswordManagement
§ Passwordmanagementincludes:§ Whohasaccessandtowhat?§ Passwordexpiration§ Passwordcomplexityrules§ Keywordrules§ Cleartextorsecuretransmission.§ Storage
![Page 18: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/18.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101Encryption
§ Encryptioncanbeatnumerouslevels:§ Securitycommunicationprotocolswhenaccessingentitiesoutsideyourplant(httpsvshttp,forexample)
§ Passwords§ Applicationspassingsecuretokensvs.cleartextpasswords§ Filesystems,directories,files§ Code
![Page 19: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/19.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101AtypicalMethodsofCyberProtection
§ EnhancedPasswordManagement§ Theabilitytolistalluserswithaccesstospecificdigitalassets.
§ Whohastheenablepasswordtotherouter?§ Whichusershavebeengivenrootlevelaccess?
§ Passwordcomplexity§ Aggressivepasswordaging§ Completeaccessmaps(VPNàFirewallàNetworkDevicesàServersàApplications)
§ Medialockdown(USB,etc.)
![Page 20: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/20.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101DoTheseMethodsWork?
§ AskGoogle– hackedseveraltimesincluding5milliongmail accounts§ AskYahoo– 2013over1billionaccounts,2014over500millionaccounts§ AskE-bay– 2014over148millionaccounts§ AskSpotify– 2016,Spotifydeniesbutusersconfirmcredentialsonline§ AskTarget– 2013over40millioncreditcardscompromised§ AskSchnucks– 2013over2.4millioncreditcardscompromised§ AskIran- 2007Stuxnet attackedtheirnuclearfuelprogram§ AskDebbieWassermanSchultzandtheDNC!§ AccordingtoIBM’s2016CyberSecurityIntelligencereport,therewasariseof66%inthe
numberofmanufacturingcybersecurityincidentswitha30%chunkofthosebeingdirectedattheautomotiveindustry.
So,dothesemethodswork? YesandNo.
![Page 21: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/21.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101ExcerptsfromMcAfeeArticleJune2014
§ …IntheUS,forexample,thegovernmentnotified3,000companiesin2013thattheyhadbeenhacked…
§ …TwobanksinthePersianGulflost$45millioninafewhours…§ …ABritishcompanyreportedthatitlost$1.3billionfromasingleattack…
§ …Brazilianbankssaytheircustomerslosemillionsannuallytocyberfraud…
§ …India’sCERTreportedthat308,371websiteswerehackedbetween2011andJune2013…
https://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdf
![Page 22: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/22.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101ArticleContinued
Mostcybercrimeincidentsgounreported.
Fewcompaniescomeforwardwithinformationonlosses.
WhenGooglewashackedin2010,another34Fortune500companies insectorsasdiverseasinformationtechnologyandchemicalsalsolostintellectualproperty.SomeoftheinformationontheincidentonlycametolightfromdocumentsmadepublicbyWikiLeaks.OnlyoneothercompanyreportedthatithadbeenhackedalongwithGoogle,anditsuppliednodetailsontheeffect.
https://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdf
![Page 23: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/23.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101ArticleContinued
Similarly,whenamajorUSbanklostseveralmilliondollarsinacyberincidentitpubliclydeniedanyloss,evenwhenlawenforcementandintelligenceofficialsconfirmeditinprivate.Fewofthebiggestcybercriminalshavebeencaughtor,inmanycases,evenidentified.
https://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdf
![Page 24: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/24.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101ForbesArticleJanuary2016
§ 'Crimewave'isanunderstatementwhenyouconsiderthecoststhatbusinessesaresufferingasaresultofcybercrime.'Epidemic'ismorelikeit.IBMCorp.'sChairman,CEOandPresident,Ginni Rometty,recentlysaidthatcybercrimemaybethegreatestthreattoeverycompany intheworld.
§ Threeyearsago,theThe WallStreetJournalestimatedthatthecostofcybercrimeintheU.S.wasapproximately$100billion.Theestimatedisputedotherreportswhichpeggedthenumbersbyasmuchastentimeshigher.
§ In2015,theBritishinsurancecompanyLloyd’sestimatedthatcyberattackscostbusinessesasmuchas$400billionayear,whichincludesdirectdamagepluspost-attackdisruptiontothenormalcourseofbusiness.Somevendorandmediaforecastsoverthepastyearputthecybercrimefigureashighas$500billionandmore.
https://www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-projected-to-reach-2-trillion-by-2019/#1a127b6b3a91
![Page 25: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/25.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101ForbesArticleJanuary2016(cont.)
§ From2013to2015thecybercrimecostsquadrupled,anditlooksliketherewillbeanotherquadruplingfrom2015to2019. Juniperresearchrecentlypredictedthattherapiddigitizationofconsumers’livesandenterpriserecordswillincreasethecostofdatabreachesto$2.1trilliongloballyby2019,increasingtoalmostfourtimestheestimatedcostofbreachesin2015.
§ TheWorldEconomicForum(WEF)saysasignificantportionofcybercrimegoesundetected,particularlyindustrialespionagewhereaccesstoconfidentialdocumentsanddataisdifficulttospot.Thosecrimeswouldarguablymovetheneedleonthecybercrimenumbersmuchhigher.
§ Largebanks,retailers,andfederalagenciesmaketheheadlineswhentheyarehacked - butallbusinessesareatrisk.AccordingtoMicrosoft,20%ofsmalltomidsizedbusinesseshavebeencybercrimetargets
https://www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-projected-to-reach-2-trillion-by-2019/#1a127b6b3a91
![Page 26: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/26.jpg)
Confidential DataDrivenSolutions
2015 – 400 BILLION2013 – 100 BILLION 2019 – 2.1 TRILLION ESTIMATED
Thisisstaggering
LookAtTheNumbersFromPreviousSlide:• TheWorldEconomicForum(WEF)saysasignificantportion
ofcybercrimegoesundetected,particularlyindustrialespionagewhereaccesstoconfidentialdocumentsanddataisdifficult tospot.Thosecrimeswouldarguablymovetheneedleonthecybercrimenumbersmuchhigher.
• Largebanks,retailers,andfederalagenciesmaketheheadlineswhentheyarehacked - butallbusinessesareatrisk.According toMicrosoft, 20%ofsmalltomidsizedbusinesseshavebeencybercrimetargets
![Page 27: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/27.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101Re-asktheQuestion:Dotheywork?
§ Earlierwesaidyesandno.§ Yes theystopsomeattacks,but,No,thereisnoguaranteewithanysystemtoavoidallcybercrime.
§ Fromthenumbersitisclearthateventhoughwehavefirewalls,compliance,anti-virussoftware,andhaveadequatelyanalyzedourrisks—theattacksstillsucceed.§ Thisispartlyduetothenatureofthepreventionsoftware.
![Page 28: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/28.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101Whyisitsuchastaggeringrise?
§ Thereareseveralreasons:§ Moreandmorebusinesseshaveonlinepresences.§ Withinbusinesses,thedesiretoconnectthebusinesstothemanufacturingforschedulingsystems,analytics,costsofproduction,meanthatmoreandmoredevicesandsystemsareinterconnected.
§ Socialinteractionandphishing§ Uninformedemployees§ Poormanagementofresourcesanddigitalassets§ Blacklistingvs.Whitelisting
![Page 29: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/29.jpg)
Confidential DataDrivenSolutions
CasablancaNew York
Sydney
HQ Tokyo
Stockholm
InterconnectionandDataSharing
![Page 30: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/30.jpg)
Confidential DataDrivenSolutions
Cross-PlatformThe idea of data everywhere and data on any device is great conceptually, however, it is a nightmare for the security analyst.
WindowsOS AppleOSAndroid OS
Apple
Android
MultiplePlatforms,MultipleCodeStreams
![Page 31: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/31.jpg)
Confidential DataDrivenSolutions
We are so interconnected today that just a whiff of news is instantaneously spread around the globe.
Imagine unfounded rumors and brand damage. “I heard there was a massive data breach at Acme, Inc.” Whether true or not is irrelevant. If you were going to purchase from Acme, Inc. you are now thinking twice.
SocialInteraction
![Page 32: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/32.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101Phishing
§ ABingsearchofphishingshowsthefollowingdefinition:Phishingistheattempttoacquiresensitiveinformationsuchasusernames,passwords,andcreditcarddetails(andsometimes,indirectly,money),oftenformaliciousreasons,bymasqueradingasatrustworthyentityinanelectroniccommunication.Thewordisaneologismcreatedasahomophoneoffishingduetothesimilarityofusingabaitinanattempttocatchavictim.
§ Sometimesitissubtle:§ “Iamdoingasurveyforapaper,whichaccountingsystemdoyouuse?A,B,orC?
§ “DoyouuseSiemensorRockwelltocontrolyour…?”
![Page 33: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/33.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101UninformedEmployees
§ HowmanyofyouremployeeswouldpickupaUSBdrivenexttotheircarandplugitintotheirworkcomputer?§ Usingbooby-trappedUSBflashdrivesisaclassichackertechnique.Buthoweffectiveisitreally?§ AgroupofresearchersattheUniversityofIllinoisdecidedtofindout,dropping297USBsticksontheschool'sUrbana-Champaigncampuslastyear.
§ Asitturnsout,itreallyworks.§ Inanewstudy,theresearchersestimatethatatleast48percentofpeoplewillpickuparandomUSBstick,plugitintotheircomputers,andopenfilescontainedinthem.Moreover,practicallyallofthedrives(98percent)werepickedupormovedfromtheiroriginaldroplocation.
![Page 34: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/34.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101PoorManagementofDigitalAssets
§ Whenwasthelasttimeyouhavehadapenetrationtestdonetoyourplant?§ Doyoureallyfeelyouhaveagraspofwhichusershaveaccesstowhat?Notjust
employees,butcontractorresources.§ Useraccountpasswordsarechangedregularlybutwhataboutsystem
passwords,router-enablepasswords,networkswitchpasswords,databasepasswords,ftppasswords?Thesearerarelychangedonaregularbasis.
§ Doyouchangeallpasswordswhensomeoneleaves?§ Doyounotifyallemployeesthatauserisnolongeremployed?§ Howoftendoyoupatchyoursystemsandupdatevirusdefinitions?Bestcaseis
usuallyevery30days.§ Doyoudocompliancetestingandquicklyfollow-upondeficientitems?
![Page 35: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/35.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101Blacklistingvs.Whitelisting
§ Blacklistingsoftwareisthetypicalwaymostanti-virus,spyware,andmalwaresoftwarework—theyscanfor“known”offenders.Somelookforbadbehavior,however,thebestcaseislookingforalreadyknownsignatures.
§ Whitelistingsoftwareistotalcontroloverwhatsoftwareandexecutablesareallowedtorunonasystem.Ahackercan’tjustexecutesoftwaresinceitishaltedbeforeitisexecuted.
BlacklistingisOK,butWhitelistingistheonlywaytogoforproductionmanufacturingsystems.
![Page 36: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/36.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101WouldYouBlacklistAccesstoYourHome?
§ Inotherwords,aspeopleentered,youwouldrunabackgroundchecklookingforcriminalactivityorotherbadactivity.Youmightalsoimplementsomeheuristicmethodsandkicksomeoneoutwhowasrummagingthroughyourdeskdrawer.§ No,youwouldnotdothis.
§ Youwhitelist accesstoyourhome.Youhaveabsoluteauthoritytocontrolwhocomesinandwhoisallowedtostay.Thereisnounauthorizedaccess.
§ Intheeventofanintrusion,youdon’tsitbyandwaitforananti-virusupdate(i.e.,thepolice).No,youpickupabatorotherweaponanddefendyourhome.
![Page 37: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/37.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101
Anti-Virus,Spyware,andMalwareUnderAttackWegettheseemailsallthetimefromnotableanti-viruscompanies:
Symantechasrecentlybecomeawareofamediumvulnerability inolderversionsoftheserveragent.Thelatestversionaddressesthisvulnerability innewinstallationsandwasreleasedFebruary15th,2017.Serveragentsthatarenotalreadyupgradedwillbeidentified intheSEPSBEcloudmanagementconsolestartingonMarch8th.Amanualupgradewillberequiredtoensureyouhavethelatestprotection.
YoucantakeimmediateactiontomanuallyupdatetothelatestversionoftheserveragentfortheSymantecEndpointProtectionSmallBusinessEdition.Formoreinformation pleasesee:https://support.symantec.com/en_US/article.HOWTO124395.html
Ifyoudonottakeaction,wewillbereleasingaLiveUpdate forserveragentsbeginning inApril.AnothernoticewillbesentclosertotheLUdate.
Moreinformation aboutthisvulnerabilitycanbefoundhere:https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170306_00
Note:ExistingredistributablepackageswillbedeprecatedonMarch8thandyouwillneedtogeneratenewones.
TheSymantecCustomerCommunications Team
![Page 38: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/38.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101ArticlefromMicrosoft
§ AnarticlefromtheMicrosoftSecurityTeamsaysthat“…industryreportsshowadvancedcyber-attackscangoundetectedforapproximately…
200days…”.
§ Itishardtofathom,for6.5months,acybercriminalmightbelurkingwithinyoursystems,extractingdata,stealingsecrets,etc.,allwhileyoufeelyoursystemsareprotectedbecauseyouhavedoneeverythingright.
https://info.microsoft.com/rs/157-GQE-382/images/EN-MSFT-SCRTY-CNTNT-Intelligent%20Security%20e-book%20-%20Lockheed%20Martin.pdfht.
![Page 39: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/39.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101Whatdoes200dayslooklike?
InfectedToday
60daymark…virushasbeenrunning,gatheringdata,capturingpasswords,andtransmittingdata…for60days!
According toMicrosoftSecurityExperts,thisistypicallythefirsttimeyouranti-virussoftwarewilldetect,notify,andprotectagainstthevirus.Thisistheendofthe200daywindow.
![Page 40: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/40.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101SoundsLikeYouHaveNoControl
Quitethecontrary.Youalwayshavecontrolifyoujusttakeit.
Wewillpresentyouwithtwodifferentoptions.§ Option1 - Staythecourseandbepartofthe2.1Trillionincybercrimestatisticsthatarepredictedby2019.
§ Option2 – Takecontrolofyourproductionsystemsandlockthemdowntotally,startusingsecurityanalyticstobeproactiveinsteadofreactive…andyes,removeyouranti-virus,spyware,andmalwaresoftwareafteryouimplementwhitelistsoftwareandChangeManagement.
![Page 41: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/41.jpg)
Confidential DataDrivenSolutions
BeRealistic– Thissituationisnotyours
![Page 42: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/42.jpg)
Confidential DataDrivenSolutions
Hollywood’sHacker– ProbablyNotYourHackerEither
![Page 43: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/43.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101ADoseofReality
§ Partofanycybersecuritystrategyhastoinvolveacomprehensiveriskassessment.§ Althoughweareallproudofourproductsandbusinesses,let’sexaminetherisk.§ Ifyoumaketwisty-tiesforbread,youareprobablyatamuchlowerlevelofriskthanafinancialinstitutionorlargeretailer,butifyoumakemilitarygradechemicalsyouareatahigherrisk.
§ HPorIBMbothprovidenetworkmanagementservicestootherorganizations;theyareatahigherriskthanyouraveragelocalITorganizationthatdoesthesamething.
![Page 44: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/44.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101…ButEveryoneisAtRisk
AtForensicIT,onourfirstdayinanewoffice,auserpluggedinaservertotheinternetconnectiontofinishconfiguringitremotely(note:thefirewallwasdelayedbutuserwantedtoconfiguresoftware).Within12hourstheAdministratorpasswordwashacked.WedetermineditwasanautomatedhackfromChina.Asimplefixistoinstallthefirewallandconfiguresecurityappropriately,butstill…alittlescary.Therewerenogoodstoobtain,itwasjustaBOT/scriptrunningandtryingtoplantseedsforlater.Luckilywehadtheskillstofixandremovealltraces.
![Page 45: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/45.jpg)
Confidential DataDrivenSolutions
Change Management and total system access control.
Implement Whitelist software (parallel or replace). Implement mechanisms to gather and use Security Analytics.
Consult security professionals, hire a person, or firm. Take it seriously. Get PEN Tested. Keep deadlines.
Document all systems, security mechanisms, backup schemes, disaster recover plans, etc.
Assess your risk. Identify all vulnerabilities.Start
Step3
Step1
Step2
Step4
RoadmaptoCyberSecurityFinish
![Page 46: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/46.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101RoadmapStep1- AssessYourRisk
§ Noteveryorganizationisatriskfromdirectattack.§ Understandingriskiskeytohowtobuildyourroadmaptocybersecuritysuccess.
§ Mostareatriskforindirectattacks,BOTS,script-kiddies,etc.§ Example:CryptoLocker isanastyvirusthatmanycompaniesgotcaughtbyduringthat200-daywindowfromMicrosoftandwereforcedtopaytohavetheirfilesunlocked.
§ Haveseriousdiscussionswithyourkeystakeholdersandtryandidentifyrisks.Putyourselfinahacker’sshoes.Whatdotheythink?
![Page 47: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/47.jpg)
Confidential DataDrivenSolutions
Compromise individuals, look at contractors systems
Penetration attempts, port scanning, password cracking
Social engineering, phishing
Embed scripts and other programs to do reconnaissance
Look at new flaws in firewalls, systems, and anti-virus/spyware software.
Whatdoesahackerthink?
![Page 48: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/48.jpg)
Confidential DataDrivenSolutions
86%
60%
90%
55%
80%
70%
65%
96%
Leave no stone unturned in your systems analysis. Hackers, BOTs, and script kiddies won’t.
Backups
DisasterPlans
PasswordsIdentified
ContractorAccess
RoadmapStep2- EvaluateYourSystems
Anti-virusUpdates
SystemPatches
FirmwareVersions
Hardware/SoftwareInventory
![Page 49: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/49.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101SecureYourPasswords§ Therearemanyprogramstohelpyoucreateverysecurepasswords.
§ WeuseKeePasswhichallowsyoutorevealthepasswordorcut/paste.ItgetsridofsimplepasswordslikePassword!
![Page 50: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/50.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101RoadmapStep3– PENTesting
§ Step3– PENTesting§ Oneofthebestinitialstepsistohaveaqualifiedorganizationdoproactivewhitehathackinginwhichthegoodguysanalyzeyoursystemsandtrytofindholesinyoursecurityplan.
§ Therearethreestepstothis:§ 3.1Testprep.Inthisstep,doyourbesttofindandfixwhatyoucan.§ 3.2ContractaPENTestingcompanyandexecuteadetailedSOW.§ 3.3Worktofixanyvulnerabilitiesuncovered.
![Page 51: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/51.jpg)
Confidential DataDrivenSolutions
NOVEMBER
30In a few weeks you should be able to understand how at risk you are and what gapping holes exist.
3.1 PEN Testing PrepSet realistic but aggressive goals for this. Just think, a script-kiddie might be on your system “right now” doing this.
3.2 PEN Testing
DECEMBER
15With your consultants, create an aggressive strategy to fix what is broken.
3.3 Remediation
JANUARY
21
PlanYourWorkandWorkYourPlan
![Page 52: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/52.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101
RoadmapStep4– WhitelistSoftwareandChangeManagement
§ Step4iscrucialtoyoursuccess.§ 4.1InstallWhitelistsoftwareapplication
§ Rememberourdiscussiononwhitelistsoftware?Onyourproductionsystemthatiscommissioned,unchanging,justrunningandmakingyourwidgets,yoursecurityteamcanmapout:§ Everyexecutablethatruns(DLLs,OCXs,COMComponents)§ Everynetworkprotocol,address,andportinuse§ Everynetwork-awareapplicationandwhoittalksto(system,address,protocol,port,targetapplication)
§ Everyuseraccount
![Page 53: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/53.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101
RoadmapStep4– WhitelistSoftwareandChangeManagement(cont.)
§ InblacklistsoftwarelikeNortonorMcAfee,applicationsareabletorunandyour200-daywindowtocatchmostattacksisineffect.Willyouranti-virusreallycatchit?
§ Ifyouinstallwhitelistsoftware,firstofall,allaccessaccountswillbedisabled.Thehacker/BOT/script-kiddiewillnotevenfindanythingforAdmintotryandhack.§ Thisisalsoimpossiblebecausetheremoteaccessportsaredisabled!§ Fornovelty,assumetheygetpastthisandtheytrytokickoffascript/program;theywouldhavetodecryptthewhitelistdatabasepasswordwhichwouldinevitableinvolvetryingtoloadmoresoftware.
Everythingisshutdown.
![Page 54: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/54.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101
RoadmapStep4– WhitelistSoftwareandChangeManagement(cont.)
§ 4.2ImplementChangeManagementSoftware.§ WithChange-Managementawarewhitelistsoftware,nothingcanbedone,altered,adjusted,unlessanApprovedCMR(ChangeManagementRequest)iscompleted.
§ Thisistotalaccesscontrol.§ Thisistotalprotection.§ Itdoesnotmatterwhenorifyouranti-virussoftwaregetsupdated,andinfact,afteraparallelinstallationforseveralmonths,wewouldencourageyoutofirstdisable,andeventuallydeleteyourblacklistsoftware.§ Whytaxyourproductionwithsoftwarethatconsumesresourcesbutdoesn’treallydoitsjob?
§ Thisistruecyber“security”.
![Page 55: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/55.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101SoundsTooGoodToBeTrue
§ Whatarethedrawbacks,thissoundstoogoodtobetrue?§ Remember,wesaidyouarenever100%.PartofyourSecurityAnalyticsdataistobearminarmwithyourwhitelistsoftwarevendor.Theirsoftwarewillbeunderconstantattack.Evenso,thelayersofaccess(ports,accounts,whitelistapplications,etc.)makeitverydifficulttocompromise.
§ InternaldisgruntledemployeescansabotageyoursystemiftheyareontheACLandcangetyourqualifiedmanagerstoapproveCMRs.
§ Educationiskeyhere.BlindCMRapprovalsareano-noandhavingbackupsanddisasterrecoveryplansinplacearecrucialtothisinternalattack.
![Page 56: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/56.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101StillSoundsTooGoodToBeTrue
§ Oneotherdrawbackisthespeedofaccess.IttakestimetoapproveCMRs,ittakestimetodealwiththewhitelistsoftware.§ IfIhaveanemergencyandhavetodealwithoverridingCMRsitwillhurtmyproduction!§ Wewillconcedethatthismaybetrue,butwiththeuseofmobiledevicesandeasyCMRapprovalsthisisanacceptabledelay—wearetalkingminutes,nothours.
![Page 57: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/57.jpg)
Confidential DataDrivenSolutions
HowdoIstart?
![Page 58: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/58.jpg)
Confidential DataDrivenSolutions
Analyzes Risk
Researches Threats
Keeps you compliant
MonitorsSystems ManagementNot Distracted
• A security expert is a specialized person in the field of cyber security.
• How many of you have your system engineer or similar try doing their normal job…and…doing tasks for cyber security?
• They are up to date on breaches, constantly analyzing your systems, and are building a database of your business’ security analytics (users, systems, ACLS, protocols, ports, software, outside connections, etc.).
HireAnExpertPerson/Firm
![Page 59: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/59.jpg)
Confidential DataDrivenSolutions
RUSSIA
CHINA
AUSTRALIA
EGYPT
FRANCEUSA
BRAZIL
A breach hits the news and it affects WonderWare software. Your security professional can immediately put monitoring into place to assess risk in offices or plants that have the effected software.
ProactiveResponse
![Page 60: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/60.jpg)
Confidential DataDrivenSolutions
Onefocusedsecurityexpertiseasilyworththeirweightingold.
InvestInSecurityExpertorFirm
![Page 61: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/61.jpg)
Confidential DataDrivenSolutions
Whataretheballparkcosts?
![Page 62: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/62.jpg)
Confidential DataDrivenSolutions
50people$60k
Estimate 60k for a 50 person factory and roughly 90% of that for every 50 persons. This is of course dependent on the number of systems, types of platforms, etc.
150people$162k
300people$324k
500people$540k
ExpectCyberSecurityCoststoRisewithFactorySize
![Page 63: Plant Cyber Security - Forensic IT Cyber Security.pdf§ Encryption. Confidential Data ... minimum and tightly controlled is a necessity. § Unauthorized access to a production network](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa8fa3f535d443cf335fd7f/html5/thumbnails/63.jpg)
Confidential DataDrivenSolutions
01110010011011110110111101110100001000000110001101100001011101010111001101100101Summary
§ Thereisalwaysrisk.§ Balancingriskwithproductionneedscanbedifficulttomapout,however,youreffortswillnotbewasted.Itisnotdifficult,justdetailed.
§ Hackersareaheadofblacklistsoftwarevendorsandyoujustcannotaffordtobeunprotected.§ Thestatisticsandresearchareundeniable.JustaskGoogle…Yahoo…
§ ImplementingChangeManagementandawhitelistsoftwaremethodologycanprovideacybersecuritymodelthatdoesnotwaittoreact—itisaproactiveprotectionmethodologythatwillkeepyourproductionsecure.