Presentation is loading. Please wait.

Presentation is loading. Please wait.

SCADA NETWORK SECURITY BY LICET 4-AUG-12.

Published byKelley Hamilton Modified over 7 years ago

Similar presentations

Presentation on theme: "SCADA NETWORK SECURITY BY LICET 4-AUG-12."— Presentation transcript:

1 SCADA NETWORK SECURITY BY SEENU@RIO LICET 4-AUG-12

2 My Interest In Network Security; This Talk  SCADA: The technical level of this talk has been tailored to insure that it doesn’t provided a detailed “cookbook” that can be used by the bad guys to attack SCADA Network systems.  Given the venue, we’re not going to talk about policy stuff today (but security policies are important). 2

3 WHAT IS SCADA ?  SCADA stands for “supervisory control and data acquisition ”.  It generally refers to a control system: a computer system monitoring and controlling a process  Supervisory control means monitoring & controlling the parameters of equipment

4 TYPES OF PROCESSES  SCADA controlling process can be Industrial process Infrastructure process Facility process industrial process infrastructure Process facility process

5 SCADA VULNERABILITIES  There were 129 public SCADA vulnerabilities, a massive increase over the 15 vulnerabilities in 2010.  Policy and Procedure Vulnerabilities  Platform Vulnerabilities  Network Vulnerabilities

6 Actually, SCADA Can Be Frighteningly “Exciting”…  SCADA insecurity may have contributed to the end of the Cold War *  SCADA may be of substantial interest to major terrorists  SCADA systems may suffer sabotage by disgruntled insiders, acting individually  SCADA may have “big” technical failures  … but we’d really prefer it to be VERY dull! 6

7 THE SECURITY OF SCADA SYSTEMS?????  Simple Protocols  Windows-Based Control Stations  Shared Passwords  Common Passwords Across Multiple Devices  Plain Text (Unencrypted) FR PASSWORD  Few Firewall Options

8 HOW TO OVERCOME OF EXCITING PROBLEM  Change the windows OS to Linux  Running proprietary software and communication protocol on TCP/IP based systems  Update intrusion detection systems  Familiar with embedded RTOS’S  Add SCADA security to your network security syllabus 8

9 CONCLUSION  SCADA is a control system  We have secure encrypted password  Lake of trained person  Initial capital investment  Add SCADA security to network syllabus  Make sure vendors know what SCADA security products.

10 Thanks for the Chance to Talk Today!  Are there any questions? 10

11 Any queries contact me dsrinivasan14@gmail.com

Download ppt "SCADA NETWORK SECURITY BY LICET 4-AUG-12."

Similar presentations

Driving Factors Security Risk Mgt Controls Compliance.

Driving Factors Security Risk Mgt Controls Compliance.
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Prepare your NOC 111. SP’s/ISP’s NOC Team Every SP and ISP needs a NOC Anyone who has worked or run a NOC has their own list of what should be in a NOC.

Prepare your NOC 111. SP’s/ISP’s NOC Team Every SP and ISP needs a NOC Anyone who has worked or run a NOC has their own list of what should be in a NOC.
Separate Domains of IT Infrastructure

Separate Domains of IT Infrastructure
Unit 6- Operating Systems.  Identify the purpose of an OS  Identify different operating systems  Describe computer user interaction with multiple operating.

Unit 6- Operating Systems.  Identify the purpose of an OS  Identify different operating systems  Describe computer user interaction with multiple operating.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:

SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:
Stuart Cunningham - Computer Platforms - 2003 COMPUTER PLATFORMS Computer & Network Security & User Support & Training Week 11.

Stuart Cunningham - Computer Platforms COMPUTER PLATFORMS Computer & Network Security & User Support & Training Week 11.
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.

Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.
Thoughts on Firewalls: Topologies, Application Impact, Network Management, Tech Support and more Deke Kassabian, April 2007.

Thoughts on Firewalls: Topologies, Application Impact, Network Management, Tech Support and more Deke Kassabian, April 2007.
Cyber Terrorism Shawn Carpenter Computer Security Analyst

Cyber Terrorism Shawn Carpenter Computer Security Analyst
IS Network and Telecommunications Risks Chapter Six.

IS Network and Telecommunications Risks Chapter Six.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Scott Charney Cybercrime and Risk Management PwC.

Scott Charney Cybercrime and Risk Management PwC.
Intrusion Detection on a Shoestring Budget Shane Williams UT Austin Graduate School of Library and Information Science Oct. 18, 2000 SANS Network Security.

Intrusion Detection on a Shoestring Budget Shane Williams UT Austin Graduate School of Library and Information Science Oct. 18, 2000 SANS Network Security.
TS workshop 2004U. Epting, M.C. Morodo Testa - TS department1 Improving Industrial Process Control Systems Security Uwe Epting (TS/CSE) Maria Carmen Morodo.

TS workshop 2004U. Epting, M.C. Morodo Testa - TS department1 Improving Industrial Process Control Systems Security Uwe Epting (TS/CSE) Maria Carmen Morodo.
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.

ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
Unit 2 Personal Cyber Security and Social Engineering Part 2.

Unit 2 Personal Cyber Security and Social Engineering Part 2.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.

Similar presentations

Ads by Google