• Document: Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure
  • Size: 996.73 KB
  • Uploaded: 2018-12-08 20:13:05
  • Status: Successfully converted

Some snippets from your converted document:

SESSION ID: SBX1-R07 Top 10 ICS Cybersecurity Bryan Hatton Problems Observed in Cyber Security Researcher Idaho National Laboratory Critical Infrastructure In support of DHS ICS-CERT @phaktor #RSAC #RSAC 16 Critical Infrastructure Sectors Presidential Policy Directive 21 (PPD-21) categorized U.S. critical infrastructure into the following 16 CI sectors. • Chemical • Food & Agriculture • Commercial Facilities • Government Facilities • Communications • Healthcare & Public Health • Critical Manufacturing • Information Technology • Dams • Nuclear Reactors, Materials, • Defense Industrial Base and Waste • Emergency Services • Transportation Systems • Energy • Water and Wastewater • Financial Services Systems Many of the processes controlled by computerized control systems have advanced to the point that they can no longer be operated without the control system #RSAC Data Set - 20 Sources Critical Manufacturing 1 Dams 1 Energy 6 Government Facilities 2 Water Plants 10 #RSAC CSET® #RSAC Design Architecture Reviews #RSAC Network Architecture Verification & Validation NAVV Benefits: • TCP Header Data Network Capture • Point-to-Point Communication Verifications • Data Flow Validation • Network Perimeter Protection #RSAC 10. AC-6 Least Privilege Mitigations Establish user accounts for Administrators Appropriate use of the escalate privilege function Review work requirements for necessary access requirements #RSAC 9. CM-3 Configuration Change Control Mitigations Establish a solid configuration change control process Keep records / Use an automated software Have staff that “know” your ICS Keep patches for devices and applications current 8 #RSAC 8. PE-3 Physical Access Control Mitigations Access Alarms Video Surveillance Electronic Keys / RFID #RSAC 7. AU-12 Audit Generation Mitigations Establish a process to collect logs Develop of system of processing logs to find “events of interest” Collect logs in a centralized location outside of data source 10 #RSAC 6. AT-2 Security Awareness Training Mitigations Establish annual training program to bring workers up to speed. #RSAC 5. IA-5 Authenticator Management Mitigations Good Password Policies and Processes Use Account Management Software to enforce policy #RSAC 4. SA-2 Allocation of Resources Mitigations Asset owners need more dedicated staff Staff on location #RSAC 3. CM-7 Least Functionality Mitigations Determine needed services and deny all others Apply hardening as applicable Use whitelisting #RSAC 2. IA-2 Identification and Authentication Mitigations Use good encryption for storage and transmission of credentials Uniquely identify personnel were possible Use multi-factor authentication for remote access and critical administrative access #RSAC 1. SC-7 Boundary Protection Mitigations Logically segment networks Establish strong firewall rules to route traffic Isolate security and support functions Deny traffic by default Remote Access Use access points/jump servers for remote access Prevent split tunneling #RSAC Remote Access / Monitoring Business E-mail DNS Server Workstations External Routers Web Servers Servers VPN Server Remote monitoring Two-factor

Recently converted files (publicly available):