Presentation is loading. Please wait.

Presentation is loading. Please wait.

SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2.

Published byMelanie Stafford Modified over 8 years ago

Similar presentations

Presentation on theme: "SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2."— Presentation transcript:

1

2 SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2

3 SCADA – Are we self-sufficient? What is SCADA? Where is SCADA implemented? Is SCADA secure? How can SCADA be attacked? Has SCADA already been attacked? What can be done to prevent attacks? Is the UK self-sufficient in preventing attacks? 15/05/2015Jack McIntyre3

4 What does it stand for? Supervisory Control And Data Acquisition What does that mean? 15/05/2015Jack McIntyre4

5 Where is SCADA? Waking up Getting ready Going to work Being at work 15/05/2015Jack McIntyre5

6 Where is SCADA? Residential / Commercial Properties National Grid Water & Gas Networks Manufacturing 15/05/2015Jack McIntyre6

7 What is SCADA? Monitors and connects logical processes Physical Devices PLC RTU HMI 15/05/2015Jack McIntyre7

8 SCADA system requirements Windows 2000 Windows XP Windows Vista 300 Mhz processor 128mb RAM 1.5gb storage 800x600 resolution display CD-ROM/DVD drive USB port Ethernet port Not very “State-of-the-art” 15/05/2015Jack McIntyre8 “State-of-the-art”

9 SCADA communications Satellite Telephone Wire Radio Wave Microwave Power-line 15/05/2015Jack McIntyre9

10 SCADA connectivity 15/05/2015Jack McIntyre10

11 Is SCADA protected? Insecure devices Design based around speed, reliability, connectivity Little or no security concerns 15/05/2015Jack McIntyre11

12 How is SCADA protected? Strong perimeter defence IDS IPS Firewalls 15/05/2015Jack McIntyre12

13 How can SCADA be attacked? Denial of Service Man-in-the-middle (MITM) Web Application Weaknesses Vulnerability exploitation Poor configuration 15/05/2015Jack McIntyre13

14 Denial of Service Extremely effective Time critical systems Target enumeration is difficult 15/05/2015Jack McIntyre14

15 Man-in-the-Middle Radio wave interception Power-line modulation detection Satellite interception Expensive and often dangerous 15/05/2015Jack McIntyre15

16 Web application weaknesses SQL Injection XSS Authentication bypass Brute force attacks Rare, relatively easy to protect against 15/05/2015Jack McIntyre16

17 Poor configuration Default passwords Open ports No authentication 15/05/2015Jack McIntyre17

18 Vulnerability exploitation Zero-day threats Specialist equipment needed Requires in-depth engineering knowledge Targeted attacks requiring key intelligence Stuxnet 15/05/2015Jack McIntyre18

19 Stuxnet Targeted Iranian nuclear centrifuges Introduced physically Designed to spread Only targets specific controllers 15/05/2015Jack McIntyre19

20 Stuxnet Manipulated system operation over time Sophisticated Stealthy Wasn’t detected until it was too late 15/05/2015Jack McIntyre20

21 What can be done? New systems New standards Secure by design OR Continue to add perimeter defence 15/05/2015Jack McIntyre21

22 Issues with upgrading equipment Cost Downtime Backwards-compatibility 15/05/2015Jack McIntyre22

23 When will it happen? When a major incident occurs 15/05/2015Jack McIntyre23

24 Are we self-sufficient? The UK Shares One power connection Two gas connections So far we have survived But for how long? 15/05/2015Jack McIntyre24

25 15/05/2015Jack McIntyre25 Questions ? Contact: email@jmcdf.co.uk

Download ppt "SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2."

Similar presentations

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.
SCADA Security, DNS Phishing

SCADA Security, DNS Phishing
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
Xanthus Consulting International Smart Grid Cyber Security: Support from Power System SCADA and EMS Frances Cleveland

Xanthus Consulting International Smart Grid Cyber Security: Support from Power System SCADA and EMS Frances Cleveland
CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.
Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010.

Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Cyber Threats/Security and System Security of Power Sector Workshop on Crisis & Disaster Management of Power Sector P.K.Agarwal, AGM Power System Operation.

Cyber Threats/Security and System Security of Power Sector Workshop on Crisis & Disaster Management of Power Sector P.K.Agarwal, AGM Power System Operation.
Autonomic Security Management of Industrial Systems Sherif Abdelwahed Electrical and Computer Engineering Mississippi State University.

Autonomic Security Management of Industrial Systems Sherif Abdelwahed Electrical and Computer Engineering Mississippi State University.
STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.

STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.
 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.

 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.
Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.

Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.
SCADA and Telemetry Presented By:.

SCADA and Telemetry Presented By:.
SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:

SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:
Fundamentals of Networking Discovery 1, Chapter 2 Operating Systems.

Fundamentals of Networking Discovery 1, Chapter 2 Operating Systems.
NW Security and Firewalls Network Security

NW Security and Firewalls Network Security
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Similar presentations

Ads by Google