Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 ● Plant Automation Security Review of Cyber Security Attack at Maroochy Water Services ● Bradley Yager ● National Business Development Manager – Telemetry.

Published byIris Carroll Modified over 8 years ago

Similar presentations

Presentation on theme: "1 ● Plant Automation Security Review of Cyber Security Attack at Maroochy Water Services ● Bradley Yager ● National Business Development Manager – Telemetry."— Presentation transcript:

1 1 ● Plant Automation Security Review of Cyber Security Attack at Maroochy Water Services ● Bradley Yager ● National Business Development Manager – Telemetry Solutions ● Schneider Electric

2 2 What is a SCADA / Telemetry System IT and Business Systems ERP Asset Management Application Control Room SCADA Software Wide Area Network Wireless Communication Long Reach Radio Networks Remote Assets Field Devices Controllers Instrumentation Collect measurement and operational data from devices spread across geographically-dispersed assets, deliver the data over a wide area communication infrastructure to a central control room for supervision, monitoring, analysis and business decision-making. Analog or Digital Temperature Pressure Flow Level Humidity Moisture... RTU Remote RadioBase Radio SCADA Software Sensors network Enterprise IT

3 3 The Maroochy Incident

4 4 The Facts ●There were sustained attacks on the system over several months ●Severity of the attacks escalated over time ●Mainly Spurious alarms, intermittent faults, increased network congestion (denial of service), changing setpoints ●Issues often coincided with bad weather ●Were able to prove third party intrusion mid March, over a month and a half after attacks most likely started ●Attacker was not caught until 23 rd April, another month on

5 5 Cyber Battle ●Initially assumed breaking into pump stations, didn’t consider stolen equipment ●On 16 th March, were able to disable attackers device temporarily by using the same tactics ●Attempting to disable attackers device escalated the situation ●Was it the right thing to do?

6 6 Discussion Topics ●Security through obscurity – does the Maroochy incident suggest it does or doesn’t work? ●Nothing could be proved until everything was logged, but this alone was still not enough ●Malicious human interference was the last thing considered – at what point should it have been? ●Know your system, and know what is normal. This is the only way to detect the abnormal. ●Most people working on SCADA/Control Systems would be aware of ways to disrupt normal operation – how do you combat this? ●Utilities may conduct background checks, but do they force their contractors to do the same?

7 7 Court Proceedings ●Heard over 9 days ●Sacked his lawyer after first day ●Convicted on 26 charges including: ●Using a restricted computer without the consent of its controller thereby intending to cause detriment or damage ●Wilfully and unlawfully causing serious environmental harm ●Stealing

8 8 What is the correct Reaction? ●Even after we’d proven intrusion was occurring – how do you stop it? ●Modified protocol in use at each site Effectively rolled out new encrypted ‘key’ to each site, only known to a few people. ●This is a time consuming process, each site had to be physically visited. ●Only once this was complete did the hacking stop, weeks after it had been identified and initial action had been taken ●Have your strategy ready before, and act quickly in a considered way ●Have a close relationship with your product vendor ●Hacking isn’t always obvious, many intrusions go unnoticed – understand your system, and look for the abnormal

9 9 DNP3 Secure MasterOutstation Non-critical message Standard protocol response Critical Message Authentication response Authentication challenge Authenticate & perform operation Perform operation ●Non-critical messages operate as usual ●Critical messages are “challenged” ●Operation is only carried out if the challenge “passes” Secure method for assuring that only authorised devices are able to successfully request execution of critical commands such as setting outputs, transfer of files, or configuration changes

10 10 Conclusion ●Understand what is normal, so you can detect the abnormal ●Have detailed logging ●Have a prepared considered action plan, don’t be caught unawares ●Some helpful places: ●SCADA community of Interest – A working party of the IT Security Expert Advisory Group. Has more than 180 Industry and government representatives ●Forum of Australian SCADA Vendors – Involved in SCADA CoI Practitioner/Vendor Forums

11 11

Download ppt "1 ● Plant Automation Security Review of Cyber Security Attack at Maroochy Water Services ● Bradley Yager ● National Business Development Manager – Telemetry."

Similar presentations

GCSE ICT Networks & Security..

GCSE ICT Networks & Security..
Technology: Unethical Behavior and Its Consequences Prepared by Tami Genry March 2004.

Technology: Unethical Behavior and Its Consequences Prepared by Tami Genry March 2004.
Mark Heggli Consultant to the World Bank Expert Real-time Hydrology Information Systems Workshop Module 4: Data Management Solutions for a Modernized HIS.

Mark Heggli Consultant to the World Bank Expert Real-time Hydrology Information Systems Workshop Module 4: Data Management Solutions for a Modernized HIS.
Joint Program Office for Special Technology Countermeasures Joint Program Office for Special Technology Countermeasures JPOSTCJPOSTC JPOSTCJPOSTC Briefing.

Joint Program Office for Special Technology Countermeasures Joint Program Office for Special Technology Countermeasures JPOSTCJPOSTC JPOSTCJPOSTC Briefing.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
SCADA SYSTEM CLASSIFICATION

SCADA SYSTEM CLASSIFICATION
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Secure Systems Research Group - FAU 1 SCADA Software Architecture Meha Garg Dept. of Computer Science and Engineering Florida Atlantic University Boca.

Secure Systems Research Group - FAU 1 SCADA Software Architecture Meha Garg Dept. of Computer Science and Engineering Florida Atlantic University Boca.
Cyber Threats/Security and System Security of Power Sector Workshop on Crisis & Disaster Management of Power Sector P.K.Agarwal, AGM Power System Operation.

Cyber Threats/Security and System Security of Power Sector Workshop on Crisis & Disaster Management of Power Sector P.K.Agarwal, AGM Power System Operation.
K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.

K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
SCADA and Telemetry Presented By:.

SCADA and Telemetry Presented By:.
EC4019PA Intrusion & Access Control Technology (IACT) Chapter 4- CAMS Prepared by Sandy Tay.

EC4019PA Intrusion & Access Control Technology (IACT) Chapter 4- CAMS Prepared by Sandy Tay.
1 Kyung Hee University Prof. Choong Seon HONG Network Control.

1 Kyung Hee University Prof. Choong Seon HONG Network Control.
Stuart Cunningham - Computer Platforms - 2003 COMPUTER PLATFORMS Computer & Network Security & User Support & Training Week 11.

Stuart Cunningham - Computer Platforms COMPUTER PLATFORMS Computer & Network Security & User Support & Training Week 11.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

Similar presentations

Ads by Google