Cyber Security. Milano, 30 novembre 2017

Save this PDF as:
 WORD  PNG  TXT  JPG

Dimensione: px
Iniziare la visualizzazioe della pagina:

Download "Cyber Security. Milano, 30 novembre 2017"

Transcript

1 Petrolchimico Alimentare Cyber Security Milano, 30 novembre 2017 Gli atti dei convegni e più di contenuti su

2 Mario Testino

3 Le Ragioni dell Hacking Hacking for fun (Personal Gratification) Hacking to steal (Information or Money) Hacking to disrupt (Terrorism or Warfare) 2500 Risorse-Tempo DIVERTIMENTO FURTO DISTRUZIONE Tempo Investimenti Copyright CSA Italy

4 I SISTEMI OT controllano fisicamente linee, impianti, macchine (anche) all interno di INFRASTRUTTURE CRITICHE SECURITY, SAFETY E BUSINESS CONTINUITY SONO I PARAMETRI FONDAMENTALI.

5 Level 4 Level 3 Business Planning & Logistics Plant Production Scheduling, Operational Management, etc Manufacturing Operations Management Dispatching Production, Detailed Production Scheduling, Reliability Assurance, Establishing the basic plant schedule - production, material use, delivery, and shipping. Determining inventory levels. Time Frame Months, weeks, days 3 - Work flow / recipe control to produce the IT/OT 3 - Work flow / recipe control to produce the desired end products. Maintaining records and optimizing the production process. Time Frame Days, Shifts, hours, minutes, seconds Level 2 Level 1 Batch Control Continuous Control Discrete Control OT 1 - Sensing the production process, 2 - Monitoring, supervisory control and automated control of the production process 1 - Sensing the production process, manipulating the production process Level The actual production process 4

6 Cyber Security in the Industrial Internet Era Security Solutions The Perimeter Connectivity Vendors Vulnerabilities Standard IT Network Security Solutions Don t Work Protocol Barrier The Perimeter Is Breached: Software Updates, Technicians, Physical Presence OT Networks Are More Connected Than Ever Vendors Vulnerabilities' Leave Your Network Exposed 5

7 Strategie Specifiche per Ogni Impianto Power Generation Plant Integrated Generation Grid Petrochemical Plant Manufacturing Plant Copyright CSA Italy Multi site Utility

8 Risk Assessment & Budget Obiettivi: Identificare le aree a maggior rischio dove convogliare prioritariamente le risorse. Identificare I Cyber Assets (Sistemi Critici, Repository dei Dati, Network, Industrial Network, PLC, wifi, ecc.) Identificare e quantificare le possibili vulnerabilità Identificare e quantificare le possibili minacce Identificare e quantificare le possibili conseguenze Determinare il possibile rischio Realizzare un piano di mitigazione (possibilmente ad obiettivi) Copyright CSA Italy

9 Modello della norma ISO2700X Analisi di: Rischi e Business impact Risorse e sistemi Vulnerabilità Piani di miglioramento Assessme nt Implemen tazione Norme e procedure di sicurezza Ruoli e responsabilità Progetti di sicurezza Politiche e Standard di Sicurezza Controllo Gestione Esiti del monitoraggio Analisi dei cambiamenti Conformità Identity management Systems security Information Security monitoring & management

10 Non ho ancora ricevuto attacchi cyber quindi sono al sicuro vero? 9

11 IT e OT: perimetro e superficie d attacco ATTACK SURFACE IT Proteggere i dati OT Proteggere critical assets Enterprise Network DMZ Primary control center SCADA Network Remote stations Internet DCS Local production Copyright CSA Italy

12 Asset Discovery Dynamic Firewall Rules Automated Vulnerability Assessment Disaster Recovery Grow with the Customer Situational Awareness for Anomaly Detection Industrial Threat Intelligence Distributed Deployments OT SOC 11

13

14 Enterprise Zone Laptop computer Workstation Mainframe Enterprise Conduit Plant A Zone Plant B Zone Plant C Zone Router Router Router Laptop computer Workstation Laptop computer Workstation Laptop computer Workstation File/Print App. Data File/Print App. Data File/Print App. Data Plant A Control Zone Firewall Plant B Control Zone Firewall Plant C Control Zone Firewall App. Data Maint. Firewall App. Data Maint. Firewall App. Data Maint. Firewall Plant Control Conduit Plant Control Conduit Plant Control Conduit Controller Controller Controller Controller Controller Controller I/O I/O I/O I/O I/O I/O

15 Enterprise Control Network Manufacturing Operations Network Process Control Network Perimeter Control Network Control System Network

16 Corporate Firewall Industrial Firewall Source: Byres - Tofino

17 16

18 IED IED IED

19 STABILIMENTO PERIFERICO 1 FORNITORI ESTERNI STABILIMENTO PERIFERICO 2 Internet Cloud STABILIMENTO PRINCIPALE

20 5 RTU su APN Privata/Pubblica KPI/ ALM 1 2 Datacenter/Historian SCADA 3 Mobile BI- KPI/ Allarmi Client Scada-Historian-KPI Copyright CSA Italy

21 Sede principale e relative RTU Impianti secondari completi RTU su APN Privata/Pubblica Datacenter/Historian LAN KPI/ ALM Client Scada-Historian- KPI SCADA Datacenter/Historian KPI/ ALM LAN SCADA Client Scada-Historian-KPI Copyright CSA Italy

22 Automated Asset Discovery 21

23 Analyst Tools: Investigation & Data Mining 22

24 Automated Vulnerability Assessment 23

25 Le principali vulnerabilità scoperte 10. Clear text / weak passwords 9. Illegal remote connections to OT 8. Unexpected / unknown devices in the network 7. Misconfigured PLCs 6. Operational malfunctions 5. Generic and targeted malware 4. Manufacturer vulnerabilites 3. Multiple wireless access points 2. Direct internet connections 1. Exploitable attack vectors! 24

26 Dubbi? Domande?