Detection and Analysis of Threats to the Energy Sector (DATES)

Slides:

Advertisements

Similar presentations

Marc Grégoire, DRDC Ottawa Luc Beaudoin, Bologik Inc.

Advertisements

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

GAMMA Overview. Key Data Grant Agreement n° Starting date: 1 st September 2013 Duration: 48 months (end date 31 st August 2017) Total Budget:

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

Copyright © 2012, SAS Institute Inc. All rights reserved. Cyber Security threats to Open Government Data Vishal Marria April 2014.

DHS, National Cyber Security Division Overview

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

ISecurity Complete Product Series For System i. About Raz-Lee Internationally renowned System i solutions provider Founded in 1983; 100% focused on System.

National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.

1 Telstra in Confidence Managing Security for our Mobile Technology.

Security Controls – What Works

(Geneva, Switzerland, September 2014)

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Securing Legacy Software SoBeNet User group meeting 25/06/2004.

The LOGIIC Consortium Zachary Tudor, CISSP, CISM, CCP Program Director SRI International.

SEPRI University of Massachusetts Amherst Security, Emergency Preparedness, and Response Institute SEPRI “Integrating Solutions Providing Real Time Connectivity”

1 Autonomic Computing An Introduction Guenter Kickinger.

Thursday, January 23, :00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

Federal Cyber Policy and Assurance Issues Dwayne Ramsey Computer Protection Program Manager Berkeley Lab Cyber Security Summit September 27, 2004.

IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.

CSIAC is a DoD Information Analysis Center (IAC) sponsored by the Defense Technical Information Center (DTIC) Presentation to: Insider Threat SOAR Workshop.

STRATEGIC INTELLIGENCE MANAGEMENT Chapter by Paul de Souza Chapter 18 - National Cyber Defense Strategy, Pg. 224.

Health Security and Emergencies Ebola Response 13 October 2014.

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.

Survival by Defense- Enabling Partha Pal, Franklin Webber, Richard Schantz BBN Technologies LLC Proceedings of the Foundations of Intrusion Tolerant Systems(2003)

Piemonte Workshop 1 11 September 2006 Paolo Salieri European Commission DG ENTR-H4 Security research in FP7.

MTBC Cloud Computing Initiative  Applications of cloud computing  Overview of the NSF Net-Centric Software and Systems (NCSS) I/UCRC  MTBC and NCSS.

Network security Product Group 2 McAfee Network Security Platform.

Frankfurt (Germany), 6-9 June 2011 Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210 COMMUNICATION & DATA SECURITY.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

A Lone Wolf No More: Supporting Network Intrusion Detection with Real-Time Intelligence Shane Singh | COMPSCI 726.

Security Information and Event Management

Governor’s Office of Homeland Security and Emergency Response State Directors Meeting February 24, 2014 Bruce A. Davis, Ph.D. Senior Program Manager Resilient.

International Cyber Warfare & Security and B2B Conference Participation of Brazilian Cyber Defense Centre ( )

AUSTRALIA. A National Strategy for Enhancing the Safety and Security of our Food Supply ที่มา : We pride ourselves on our high safety and security standards.

NATIONAL CYBER SECURITY GOVERNANCE & EMERGING CYBER SECURITY THREATS

1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.

Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.

IS3220 Information Technology Infrastructure Security

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

GRC: Aligning Policy, Risk and Compliance

2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.

Security and Resilience Pat Looney Brookhaven National Laboratory April 2016.

OFFICE OF VA ENTERPRISE ARCHITECTURE VA EA Cybersecurity Content Line of Sight Report April 29, 2016.

Advanced Planning Brief to Industry Jerry L. Davis DAS, Office of Information Security June 9, 2011.

AUTONOMIC COMPUTING B.Akhila Priya 06211A0504. Present-day IT environments are complex, heterogeneous in terms of software and hardware from multiple.

1 Office of ASG/CITO Crisis Information Management Strategy UNGIWG-11, Geneva 15 March 2011 A written consent by the UN is required to use the information.

SIEM Rotem Mesika System security engineering

OIT Security Operations

Team 1 – Incident Response

Hybrid Management and Security

Instantiation of the Concept in GAMMA Prototypes

Protective Security Advisor Program Brief

On the Efficacy of Anomaly Detection in Process Control Networks

Multi-Step Attack Defense Operating Point Estimation via Bayesian Modeling under Parameter Uncertainty Peng Liu, Jun Dai, Xiaoyan Sun, Robert Cole Penn.

Security Management Platform

Wenyu Ren, Timothy Yardley, Klara Nahrstedt

Cyber Security of SCADA Systems Remote Terminal Units (RTU)

Cyber Security in a Risk Management Framework

Biosurveillance and the National Health IT Agenda

Applying Policy-Based Intrusion Detection to SCADA Networks

The OSI Security Architecture

IT Management Services Infrastructure Services

Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham

Presentation transcript:

Detection and Analysis of Threats to the Energy Sector (DATES) LOGIIC successfully adapted available monitoring technology for a control environment. DATES builds a monitoring and SA capability specific to infrastructure systems, with purpose-built monitoring at the device, network, and host level. Alfonso Valdes Senior Computer Scientist SRI International Sponsored by the Department of Energy National SCADA Test Bed Program Managed by the National Energy Technology Laboratory The views herein are the responsibility of the authors and do not necessarily reflect those of the funding agency.

DATES Vision Future control systems with PCS aware defense perimeter with globally-linked cyber defense coordination... IDS systems fully tuned for control system protocols and highest threat TCP/IP attacks Realtime event correlation system to support local operator identification and response Specification-based policies enabling intrusion prevention without impacting availability An anonymous and secure peer sharing framework that allows Sector wide threat intelligence acquisition Enables rapid collaborative response to emerging threats

Detection and Event Monitoring Control System aware IDS at the Device, Control LAN, and Host Event Correlation integrates new detection data sources into ArcSight Result: Breakthrough Detection and Security Information Event Monitoring (SIEM) in infrastructure systems. High fidelity situational awareness DATES will develop correlation models for scenarios of interest. ArcSight SIEM has the additional capability to discover novel patterns in heterogeneous event streams.

Sector Level Threat Detection and Analysis Develop a sector-wide, distributed, global, privacy-preserving repository of security events Enable participants to automatically Contribute event data without attribution Query databases for emerging threats Conduct analyses to assess their security posture relative to that of other participants. Privacy preservng is achieved through anonymiztion and maskin of critical fields in event records, as well as responding to queries via aggregate totals.

Test and Evaluation Implement a development environment in cooperation with a control systems vendor Sandia will provide a red team assessment of this defense-enabled control system architecture. As solutions mature, Sandia will conduct an extensive red team test and evaluation on the actual system.

The Team SRI (Overall Lead): Intrusion Detection, Protocol Analysis, Event Aggregation, Privacy Preserving Sector-wide Repository Sandia National Laboratories: Architectural Vulnerability Analysis, Red Team ArcSight: Security Information Event Monitoring