Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Cyber SECurity Consultingwww.cybersecconsulting.com 2318 Monkton Rd. Monkton MD 21111 USA 410.472.1588 Proprietary & Confidential Automation and Security.

Published byEmery Wade Modified over 8 years ago

Similar presentations

Presentation on theme: "© Cyber SECurity Consultingwww.cybersecconsulting.com 2318 Monkton Rd. Monkton MD 21111 USA 410.472.1588 Proprietary & Confidential Automation and Security."— Presentation transcript:

1 © Cyber SECurity Consultingwww.cybersecconsulting.com 2318 Monkton Rd. Monkton MD 21111 USA 410.472.1588 Proprietary & Confidential Automation and Security Consulting Services for Industrial Process Automation www.industryconsulting.org

2 © Cyber SECurity Consultingwww.cybersecconsulting.com 2318 Monkton Rd. Monkton MD 21111 USA 410.472.1588 Proprietary & Confidential Mission Statement provides our customers with information, support, training, engineering and consulting services to enable them to create and maintain a safe and secure business operating environment Cyber SECurity Consulting provides our customers with information, support, training, engineering and consulting services to enable them to create and maintain a safe and secure business operating environment www.industryconsulting.org

3 © Cyber SECurity Consultingwww.cybersecconsulting.com 2318 Monkton Rd. Monkton MD 21111 USA 410.472.1588 Proprietary & Confidential Industries Served Refining and Petro-Chemical Refining and Petro-Chemical Electric Power T&D Electric Power T&D Electric Power Generation Electric Power Generation Water/Waste-Water Water/Waste-Water Chemical Production Chemical Production Discrete Manufacturing Discrete Manufacturing www.industryconsulting.org

4 © Cyber SECurity Consultingwww.cybersecconsulting.com 2318 Monkton Rd. Monkton MD 21111 USA 410.472.1588 Proprietary & Confidential Cyber SECcurity Consulting has on-staff senior consultants with expertise in the following industries: Electrical power generation, transmission and distribution Electrical substation automation Water and Waste-Water processing Oil and gas pipelines, distribution terminals and storage facilities Refining and petrochemical plants Specialty and intermediate chemical plants Regulated industries such as pharmaceutical, food/beverage General high-volume manufacturing Our Consultant Experience www.industryconsulting.org

5 © Cyber SECurity Consultingwww.cybersecconsulting.com 2318 Monkton Rd. Monkton MD 21111 USA 410.472.1588 Proprietary & Confidential Our Consultant Experience Our consulting staff includes personnel with: Advanced technical and Engineering degrees including PhD CISSP – Certified Information System Security Professional Business process analysis and re-engineering Over 25 years of experience deploying an designing Supervisory Control (SCADA) Systems Distributed Control (DCS) Systems PLC-based Automation Systems Substation Integration/Automation Systems Plant automation experience in a wide range of industries Extensive Customer Training/Educational Experience Knowledge of the current Cyber Security technologies Familiarity with Government/Industry efforts in the area of automation system/plant security (NERC, ISA, DHS, etc…) www.industryconsulting.org

6 © Cyber SECurity Consultingwww.cybersecconsulting.com 2318 Monkton Rd. Monkton MD 21111 USA 410.472.1588 Proprietary & Confidential Service Offerings Training Services: Technology Training Classes Technology Training Classes - Introduction to DCS and PLC Technology - Introduction to SCADA Technology - Basic Process Measurement & Control - Communications & Networking Security Training Classes Security Training Classes - Introduction to Security Concepts - NERC CIP-002 to 009 - Understanding ISA SP99 Recommendations - Cyber Security & Cyber Threats - Industrial Automation Security - Vulnerability and Risk Assessment Consulting Services: Vulnerability Assessments/Gap Analysis Vulnerability Assessments/Gap Analysis Risk Assessments/Countermeasures Risk Assessments/Countermeasures Policy and Procedure Development Policy and Procedure Development Security Program Management Security Program Management Disaster Recovery Planning Disaster Recovery Planning Compliance with NERC Requirements Compliance with NERC Requirements www.industryconsulting.org

7 © Cyber SECurity Consultingwww.cybersecconsulting.com 2318 Monkton Rd. Monkton MD 21111 USA 410.472.1588 Proprietary & Confidential Service Offerings NERC-Specific Services: Management Briefing on CIP-001/009 Management Briefing on CIP-001/009 Identification of Critical Cyber Assets Identification of Critical Cyber Assets Physical and Electronic Perimeter Definitions Physical and Electronic Perimeter Definitions Vulnerability Assessments Vulnerability Assessments Risk and Gap Analysis Risk and Gap Analysis Development of Implementation Plans Development of Implementation Plans Employee Training Employee Training Policy and Procedure Development Policy and Procedure Development Disaster Recovery Planning Disaster Recovery Planning Program Auditing and Incident Reporting Program Auditing and Incident Reporting www.industryconsulting.org

8 © Cyber SECurity Consultingwww.cybersecconsulting.com 2318 Monkton Rd. Monkton MD 21111 USA 410.472.1588 Proprietary & Confidential NERC Compliance Process NERC CIP Vulnerability Assessment Process Identify and document Critical Cyber Assets Identify and document Critical Cyber Information Identify and document Physical Security Perimeter Identify and document communication and network connections Identify and document all personnel who have access rights Identify and review all existing cyber security policies and procedures Information gathering phase PhysicalAudit PhysicalAudit PhysicalInspection PhysicalInspection Backgroundchecks NERCchecklist Review findings versus NERC requirements Develop action plan for addressing all short-comings Non- compliance levels Action plan formulation phase Key methodology/standard NERC1200 www.industryconsulting.org

9 © Cyber SECurity Consultingwww.cybersecconsulting.com 2318 Monkton Rd. Monkton MD 21111 USA 410.472.1588 Proprietary & Confidential NERC Compliance Process NERC CIP Compliance Attainment Process Develop and document necessary policies and procedures Select methods for creating electronic security perimeter Implement and test the electronic perimeter Select methods for creating the physical security perimeter Implement and test the physical security perimeter Provide security training to all employees as needed Plan implementation phase Iterative reviews Technology survey PEN testing Technology survey Social engineering testing Awareness campaign Test and validate Systems Management and recovery procedures Test and validate system/component test/commissioning procedures Disaster Simulation & audits Key methodology/standard Structured audit www.industryconsulting.org

10 © Cyber SECurity Consultingwww.cybersecconsulting.com 2318 Monkton Rd. Monkton MD 21111 USA 410.472.1588 Proprietary & Confidential NERC Compliance Process NERC CIP Compliance - Ongoing You must maintain audit logs for a wide range of items, actions & changes You must maintain audit logs for a wide range of items, actions & changes You must review your policies/procedures on a regular (annual) basis You must review your policies/procedures on a regular (annual) basis You must test your procedures, especially disaster recovery, regularly You must test your procedures, especially disaster recovery, regularly You must maintain training and awareness programs You must maintain training and awareness programs You must regularly re-certify/test your physical & electronic perimeters You must regularly re-certify/test your physical & electronic perimeters You MUST INSURE that policies and procedures are being followed !!! You MUST INSURE that policies and procedures are being followed !!! (If not, then find out why and change them if you need to do so…) (If not, then find out why and change them if you need to do so…) www.industryconsulting.org

11 © Cyber SECurity Consultingwww.cybersecconsulting.com 2318 Monkton Rd. Monkton MD 21111 USA 410.472.1588 Proprietary & Confidential Security Program Management Cyber SEC suggests following the recommended 19-step program delineated in the ISA’s TR-99.002 Technical report as the basis for moving forward with the initial creation of, and long-term support for, an industrial automation security program. This program approach addresses physical, operational [personnel] and cyber [electronic] security and provides the basis for an on-going cycle of review and improvement. www.industryconsulting.org

12 © Cyber SECurity Consultingwww.cybersecconsulting.com 2318 Monkton Rd. Monkton MD 21111 USA 410.472.1588 Proprietary & Confidential Vulnerability Assessment Cyber SEC uses a modified version of the DuPont DNSAM vulnerability assessment methodology. The major difference being the consideration of a range of technical, physical and administrative countermeasures when addressing probable threats. Assessment takes the entire range of interconnected LAN and WAN ‘segments’ and identifies critical systems and assets located on each and then identifies the available connectivity onto, and accessibility of, each segment. The critical systems could be controllers, HMIs, supervisory computers, historians, servers, ESD systems, batch managers, etc. Assets can be information, files, software, database, etc. Segments are formed by the presence of an ‘isolation’ appliance (a firewall) that controls traffic between the two adjacent segments Segment connectivity could be via gateways, WAN connections, telephone dial in/out, wireless access points, and even through portable media or computer equipment www.industryconsulting.org

13 © Cyber SECurity Consultingwww.cybersecconsulting.com 2318 Monkton Rd. Monkton MD 21111 USA 410.472.1588 Proprietary & Confidential Risk Assessment Cyber SEC uses a qualitative risk assessment methodology that assigns every threat a probability and consequence rating. A three or four level scale is used for each of the two categories. Consequences are ranked based on a range of impacts including health, safety, environmental, business, facilities and regulatory impacts. The end result of the assessment will be a Pareto chart of vulnerabilities ranked on an A through D classification, where the priority order of the countermeasure implementation will be in that same order. Countermeasures will be recommended based on their comparative cost-performance ratio A consequence table will be developed that reflects your business risk-tolerance and safety requirements level and used to rank threats www.industryconsulting.org

14 © Cyber SECurity Consultingwww.cybersecconsulting.com 2318 Monkton Rd. Monkton MD 21111 USA 410.472.1588 Proprietary & Confidential Assessment Tools Provides: 1.A centralized document for enumerating the identified critical cyber assets 2.Documentation of the physical security perimeter 3.Documentation of the electronic security perimeter 4.Segment-by-segment delineation of the critical cyber assets on each LAN and WAN (sub) network that forms the critical cyber infrastructure 5.Risk/Consequence analysis for each segment 6.Documentation of the information cyber assets 7.Documentation of the existing/missing policies NERC CIP 001/009 Vulnerability Assessment Workbook www.industryconsulting.org

15 © Cyber SECurity Consultingwww.cybersecconsulting.com 2318 Monkton Rd. Monkton MD 21111 USA 410.472.1588 Proprietary & Confidential Assessment Tools Provides: 1.A way to document and record the vulnerabilities and threats deemed worth of consideration and for which countermeasures need to be put into place 2. A financial assessment of consequences with a corresponding financial budget estimate for countermeasures, based on company risk-aversion levels 3. An budget estimate for the investment level justified by the exposure reduction generated by countermeasures Countermeasure Business Case Justification Development Workbook www.industryconsulting.org

16 © Cyber SECurity Consultingwww.cybersecconsulting.com 2318 Monkton Rd. Monkton MD 21111 USA 410.472.1588 Proprietary & Confidential Gap Analysis Cyber SEC teams with Neurametrics to perform gap analysis and to gather information that is used to assess current policies and procedures and training programs. Their web based tools enable convenient, automated data collection across the entire organization, regardless of facility locations Consolidated ‘layers’ view gives a quick assessment of each area of consideration Views can be generated by location, department, group and topic This version is configured to perform a NERC gap analysis based on CIPs 001 to 009 www.industryconsulting.org

17 © Cyber SECurity Consultingwww.cybersecconsulting.com 2318 Monkton Rd. Monkton MD 21111 USA 410.472.1588 Proprietary & Confidential Gap Analysis This version is configured to assess process/manufacturing plant security per TR-99.001 & 002 www.industryconsulting.org

18 © Cyber SECurity Consultingwww.cybersecconsulting.com 2318 Monkton Rd. Monkton MD 21111 USA 410.472.1588 Proprietary & Confidential Educational Materials Chapter Outline: 1. The Technological Evolution of SCADA Systems 2. Remote Terminal Units 3. Telecommunications Technologies 4. Supervisory Control Applications 5. Operator Interface 6. Conventional Information Technology (IT) Security 7. Identifying Cyber security Vulnerabilities 8. Classifying Cyber Attacks and Cyber Threats 9. Physical Security 10. Operational Security 11. Electronic/Systems Security 12. Electric Utility Industry - Specific Cyber security Issues 13. Water/Wastewater Industry - Specific Cyber Security Issues 14. Pipeline Industry - Specific Cyber Security Issues 15. The Emerging Cyber Threat to SCADA Systems 16. Commercial Hardware and Software Vulnerabilities 17. Traditional Security Features of SCADA Systems 18. Eliminating the Vulnerabilities of SCADA Systems Technical Book on SCADA System Cyber Security Issues and Approaches Available from PennWell Publishing www.industryconsulting.org

19 © Cyber SECurity Consultingwww.cybersecconsulting.com 2318 Monkton Rd. Monkton MD 21111 USA 410.472.1588 Proprietary & Confidential Educational Materials Available Topics: 1. Introduction to DCS Technology 2. Introduction to PLC Technology 3. Introduction to SCADA Technology 4. Communications & Networking 5. Introduction to Security Concepts 6. Cyber Security & Cyber Threats 7. Industrial Automation Security and SP99 8. Vulnerability and Risk Assessment Self-Paced Courses on DVD In addition to on-site customer training classes, Cyber SECurity Consulting offers several courses on DVD www.industryconsulting.org

20 © Cyber SECurity Consultingwww.cybersecconsulting.com 2318 Monkton Rd. Monkton MD 21111 USA 410.472.1588 Proprietary & Confidential Thank You For Your Time ! Questions ? www.industryconsulting.org Automation and Security Consulting Services for Industrial Process Automation

Download ppt "© Cyber SECurity Consultingwww.cybersecconsulting.com 2318 Monkton Rd. Monkton MD 21111 USA 410.472.1588 Proprietary & Confidential Automation and Security."

Similar presentations

IT Service Continuity Management

IT Service Continuity Management
Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
Course Material Overview of Process Safety Compliance with Standards

Course Material Overview of Process Safety Compliance with Standards
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
Chapter 15: Packaged Software and Enterprise Resource Planning

Chapter 15: Packaged Software and Enterprise Resource Planning
Chapter 5: Asset Classification

Chapter 5: Asset Classification
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
BS Information Systems – University of Redlands BS Information Systems – University of Redlands AS Electronic Technology AS Electronic Technology Project.

BS Information Systems – University of Redlands BS Information Systems – University of Redlands AS Electronic Technology AS Electronic Technology Project.
Security Controls – What Works

Security Controls – What Works
Information Systems Security Officer

Information Systems Security Officer
1 IS112 – Chapter 1 Notes Computer Organization and Programming Professor Catherine Dwyer Fall 2005.

1 IS112 – Chapter 1 Notes Computer Organization and Programming Professor Catherine Dwyer Fall 2005.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.

K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.
Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.

Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.

Similar presentations

Ads by Google