adaptive and proactive security assessment on energy
play

Adaptive and Proactive Security Assessment on Energy Delivery - PowerPoint PPT Presentation

Oct 06, 2023 •950 likes •1.38k views

Adaptive and Proactive Security Assessment on Energy Delivery Systems Carlos Rubio-Medrano, Vu Coughlin , Josephine Lamp, Ziming Zhao, Gail-Joon Ahn and Anna Scaglione Outline Activity Current/ OntoEDS ExSol EDSGuard Refresher Future Work

  1. Adaptive and Proactive Security Assessment on Energy Delivery Systems Carlos Rubio-Medrano, Vu Coughlin , Josephine Lamp, Ziming Zhao, Gail-Joon Ahn and Anna Scaglione

  2. Outline Activity Current/ OntoEDS ExSol EDSGuard Refresher Future Work Motivation A Risk Analysis Status of Prototypes Goals Framework for Papers Published Approach EDS Papers in the Making An Ontology- An SDN-based based Repository Firewall App for and Engine Tool EDS Networks for Security Requirements 2

  3. Activity Refresher Activity Refresher Current/ OntoEDS ExSol EDSGuard Future Work 3

  4. Motivation • Security assessment in EDS gets complicated due to: • The distributed, highly-interconnected and heterogeneous nature of EDS, e.g., monitoring software, meters, etc. • Continuous reconfigurations due to on-demand changes, • The existence of multiple, large, dense (and sometimes conflicting) documents on security requirements, • E.g., subjective interpretations, non-standard implementations, and breakdowns among stakeholders 4

  5. Goals • Assess if particular EDS implementations meet security requirements, • Filling in the gap between high-level requirements and field implementations, • A framework for security assessment and monitoring: • Well-defined (theoretically-justifiable), • Systematic and automated (repeatable to validate), • Practical and configurable (deployable to organizations), • Non-intrusive (minor overhead/reconfiguration as possible) 5

  6. Our Approach (Big Picture) 1. We gather the most relevant documents on best practices for EDS 2. Next, we obtain a description of such best practices by leveraging ontologies 3. We then introduce software-based modules for security monitoring and risk analysis 4. Data from EDS infrastructure (5) is collected and forwarded for further processing 6

  7. The EDS-SAT Security Assessment Framework EDS-SAT 1 Encourages the • 3 7 rigorous analysis of Security ... Requirements Ontology P 1 P 2 P 3 P n security Creation of + Requirements EDS-Related requirements, Repository / Engine Domain Documentation Knowledge Data Processing Modules Continuously • monitors the security of EDS infrastructure, Data Collection Modules Analysis of 2 Reports from Promotes the ... • Data Collection development of 4 6 objective, traceable, justifiable and repeatable security P i Data Processing Module EDS metrics Infrastructure Data Collection Module 5 7

  8. OntoEDS : Modeling Security Requirements for EDS Using Ontologies OntoEDS Activity Current/ ExSol EDSGuard Refresher Future Work 8

  9. The OntoEDS Security Requirements Engine EDS-SAT • Unambiguously represents common vulnerabilities and exposures (CVEs) *, ... Ontology P 1 P 2 P 3 P n Requirements Repository / Engine • Identifies interdependencies, Data Processing Modules missing and conflicting information among diverse Data Collection Modules knowledge sources, ... • Supports multiple dimensions and viewpoints , e. g., relevant EDS information for operators vs Infrastructure vendors 9

  10. OntoEDS : Modeling Security Requirements 1 Security Attack System Agent Develop supporting foundation structure of ontology Req Threat Doc 2 Cyber Identify and collect key documents NIST NERC IEC NISTIR IEC IEEE Proc CIP 61850 800-82 7628 62351 C37 Lang 3 “A technique to prevent integrity violations of data is the use of firewalls , For each document, extract key such as application-level firewalls that employ application filtering ” entities from sentences or paragraphs Entities: Firewall, Integrity, Application Filtering 4 Categorize each entity within the Security Net Sec Security Firewall Technique Technique hierarchy structure of the ontology Repeat for each paragraph within 5 each document “A technique to prevent integrity violations of data is the use of firewalls, Identify relationships for the defined such as application-level firewalls that employ application filtering” entity Relationships: prevent, employ 6 Protects Implements Model the relationships based on Integrity Firewall App Filtering predefined characteristics/definitions 10

  11. OntoEDS : Current State of Ontology • Comprises more than 300 pages of source documents and includes 600 entities with over 1,700 relationships, • Currently models the following: • Cybersecurity Procurement Domain Goal Language for Energy Delivery Systems developed by the Energy Sector Control Systems Working Group (ESCSWG), Viewpoint • NIST 800-82 Special Publication, Scenario • North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards, • NISTIR 7628 document, • IEEE C37 standards, • IEC 61850 and 62351 standards 11

  12. OntoEDS : Analyzing Requirements with Projections • Goal Projection: Contains objectives the system must Firewall achieve to enter into a state of Restricted Base Rule Set Deny All Permit Traffic from security: Control to None Implements Business Net Protocol No Internet Translation for Control and Access for Firewall Control Devices Business Nets • Protect system components, Rules Requirements Outbound • Implement security Traffic Packet Termination in Allowance techniques/features, DMZ Specification Traffic • Defend against an attack type, Permissions Restriction to IP Address and Specific IP Granted On TCP/UDP Port • Identify purposes or properties Address Case by Case Specific Permit Rules of system components, • Protect security principles 12

  13. OntoEDS : Analyzing Requirements with Projections (II) Remote • Scenario Projection: Facts Access Firewall describing a system that Basic Backup Config Access include agent behavior and Contains Includes environmental context: Application Firewall Filtering Rules Implements Implements Firewall • Identifies dependencies Includes Implements Periodic Firewall between the system and its Testing of Management Firewall Specification Policies environment, Uses Contains • Storyline of events describing Network Logically Filtering Separated system operation, Monitoring Includes Control Rules Network • Enables the understanding of Minimal Access Points between a broad picture of ontology ICS and Corporate Network elements and their relationships 13

  14. OntoEDS : Analyzing Requirements with Projections (III) • Domain Projection: Describes a domain taxonomy relative to a Network Security Techniques specific topic, • May support knowledge Firewall exploration, • Combined with Goal Projection Application - Host - Rule Network Deep-packet Layer Based Configs Filtering Inspection helps identifying inter- dependencies and missing requirements, • Viewpoint Projection: Retrieves specific responsibilities of an Firewall Procured By Provided By agent, Exceptions Specified By Supplier Acquirer • May support knowledge acquisition, 14

  15. OntoEDS : Analyzing Requirements with Projections (IV) Security Filtering Network Rules Access • Risk Analysis Projection: Application DMZ Filtering Contains Use a series of goal Network Traffic Confidentiality Monitoring Mediates Implemented Connected projections to elucidate On To Contains Protects threats, attack types, Lack of security countermeasures Unauthorized Compliance Access with Protocols Targets Counteracts and requirements Attacks Threats Privilege Man-in-the- Firewall Middle Escalation surrounding an asset , Improper Unauthorized Firewall Modification Configuration • Retrieves specific Implements Includes concepts in risk analysis Periodic Firewall Contains Uses Testing of methodologies (to be Management Firewall Specification Includes Network Logically Policies shown later), Filtering Separated Monitoring Control Minimal Access Rules Network Points between ICS and Corporate Network Requirements 15

  16. ExSol : A Risk Analysis Framework based on Security Requirements for EDS ExSol Activity Current/ OntoEDS EDSGuard Refresher Future Work 16

  17. The Exploitation-Solution ( ExSol ) Framework EDS-SAT • Leverages OntoEDS and EDS-SAT for risk analysis and mitigation, ... Ontology P 1 P 2 P 3 P n Requirements Repository / Engine Data Processing Modules • Elucidates metrics that are cohesively combined in a mathematical model, Data Collection Modules ... • Risk = the probability that a particular threat will exploit a particular vulnerability of a EDS system* Infrastructure *Vaughn, Rayford B., Ronda Henning, and Ambareen Siraj. "Information assurance measures and metrics-state of practice and proposed taxonomy." In System Sciences, 2003. Proceedings of the 36th Annual Hawaii International Conference on , pp. 10-pp. IEEE, 2003. 17

  18. The ExSol Risk Score ExSol • Combines different metrics into a single score to understand the risk of a system, Exploit Solution • Exploitation metrics and Solution metrics Score Score are matched up against one another, Threat/Attack Req/Solution • Each metric’s sub-score is calculated on a Metrics: Metrics: scale from 1 (least) to 5 (greatest), Impendence Effectiveness • • • Severity • Relevance • Relevance* • Implementation* • Scores determined collaboratively by global and/or local experts, * Sub-scores calculated using EDS-SAT processing modules • Calculated for an asset, but can be done for threats and attacks as well, 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Investor Presentation Proactive Investors CEO Session COB : ASX Cobalt the new energy

Investor Presentation Proactive Investors CEO Session COB : ASX Cobalt the new energy

October 2017 Investor Presentation Proactive Investors CEO Session COB : ASX Cobalt the new energy revolution Share of raw materials end -us use in batterie ies, 2015 The New Energy gy sector r is disr srupti uptive, , rapi pidl

283 views • 14 slides
Proactive Security in Linux Lukas Vrabec About me Lukas Vrabec Software Engineer

Proactive Security in Linux Lukas Vrabec About me Lukas Vrabec Software Engineer

Proactive Security in Linux Lukas Vrabec About me Lukas Vrabec Software Engineer Member of Security Technologies team at Red Hat Fedora Contributor (selinux-policy, xguest, udica, netlabel_tools) lvrabec@redhat.com

1.55k views • 122 slides
The apriori algorithm as an engine for computerized adaptive assessment N IELS S MITS Research

The apriori algorithm as an engine for computerized adaptive assessment N IELS S MITS Research

apriori for computerized adaptive assessment The apriori algorithm as an engine for computerized adaptive assessment N IELS S MITS Research Institute of Child Development and Education University of Amsterdam, The Netherlands P SYCHOCO , Dortmund

926 views • 58 slides
It Takes A Village: Using Early Alert Assessment for Proactive Advising M. Shannon Williamson,

It Takes A Village: Using Early Alert Assessment for Proactive Advising M. Shannon Williamson,

It Takes A Village: Using Early Alert Assessment for Proactive Advising M. Shannon Williamson, M.S. You can view todays Nia Woods Haydel, Ph.D. Amelie Wax, M.S. presentation at: Dillard University http://bit.ly/1uzQjL8 Tuesday February

533 views • 27 slides
Scaling Energy Adaptive Applications for Sustainable Profitability Fabien Hermenier , Giovanni

Scaling Energy Adaptive Applications for Sustainable Profitability Fabien Hermenier , Giovanni

Scaling Energy Adaptive Applications for Sustainable Profitability Fabien Hermenier , Giovanni Giuliani, Andre Milani, Sophie Demassey Let existing and new data centres become energy adaptive Adapting the power consumption to the availability

406 views • 26 slides
How to become a True stories to become a proactive developer! proactive developer? PRESENTED

How to become a True stories to become a proactive developer! proactive developer? PRESENTED

How to become a True stories to become a proactive developer! proactive developer? PRESENTED BY Eduardo Telaya Software arquitect Whats Inside What does it mean to be proactive 7 developer? How to find opportunities to be 14

587 views • 21 slides
A view into the energy company of tomorrow proactive adaptation to the evolving landscape

A view into the energy company of tomorrow proactive adaptation to the evolving landscape

A view into the energy company of tomorrow proactive adaptation to the evolving landscape Sicelo Xulu Managing Director City Power, Johannesburg South Africa Contents 1 Key Global and African trends 2 Drivers of change 3 Whats in the

547 views • 26 slides
LCCMR ID: 120-E Project Title: Risk Assessment for Proactive Response to Forest Pests Category:

LCCMR ID: 120-E Project Title: Risk Assessment for Proactive Response to Forest Pests Category:

Environment and Natural Resources Trust Fund 2011-2012 Request for Proposals (RFP) LCCMR ID: 120-E Project Title: Risk Assessment for Proactive Response to Forest Pests Category: E. Aquatic and Terrestrial Invasive Species Total Project

354 views • 6 slides
Better 2-round adaptive MPC Ran Canetti, Oxana Poburinnaya TAU and BU BU Adaptive Security of

Better 2-round adaptive MPC Ran Canetti, Oxana Poburinnaya TAU and BU BU Adaptive Security of

Better 2-round adaptive MPC Ran Canetti, Oxana Poburinnaya TAU and BU BU Adaptive Security of MPC Adaptive corruptions: Adaptive corruptions: adversary can decide who to corrupt adaptively during the adversary can decide who to corrupt

974 views • 83 slides
1. Introduction limit reductions: energy, environmental and safety Motivation assessment

1. Introduction limit reductions: energy, environmental and safety Motivation assessment

Using naturalistic driving data to evaluate speed 1. Introduction limit reductions: energy, environmental and safety Motivation assessment Significant impacts of transport sector: o Energy consumption ( security of supply) o GHG

341 views • 8 slides
Next Generation Security Adaptive | Intelligent | Resilient Scott Montgomery VP, Chief Technical

Next Generation Security Adaptive | Intelligent | Resilient Scott Montgomery VP, Chief Technical

NIST Cyber Security Framework & Healthcare IT Security Clarksville, MD | 22 April 2016 | Annual Spring Conference Next Generation Security Adaptive | Intelligent | Resilient Scott Montgomery VP, Chief Technical Strategist

523 views • 24 slides
What you gonna do when they come for you? Being Proactive rather than Reactive for CyberSecurity

What you gonna do when they come for you? Being Proactive rather than Reactive for CyberSecurity

Tennessee Pollution Prevention Webinar What you gonna do when they come for you? Being Proactive rather than Reactive for CyberSecurity in the Manufacturing Industry October 23 rd , 2019 Ben Bolton Energy Programs Administrator for TDECs

767 views • 41 slides
Energy Storage Systems Presentation THE ECOMARK ADVANTAGE Founded in Colorado in 2010 Proactive

Energy Storage Systems Presentation THE ECOMARK ADVANTAGE Founded in Colorado in 2010 Proactive

Energy Storage Systems Presentation THE ECOMARK ADVANTAGE Founded in Colorado in 2010 Proactive in our Industry #1 Colorado Residential Installer by Volume Committed to our Communities WHY ENERGY STORAGE? Stay powered when the unexpected

111 views • 9 slides
Security Assessment Technique for SDN greenkim@konkuk.ac.kr Contents 1.

Security Assessment Technique for SDN greenkim@konkuk.ac.kr Contents 1.

Security Assessment Technique for SDN greenkim@konkuk.ac.kr Contents 1. Introduction 2. Security Analyses of SDN 3. Security Assessment Technique for SDN 3.1 Taxonomy of issues 3.2 Assessment technique 4. Case study of IMECA

223 views • 19 slides
GLOBAL ENERGY SECURITY THROUGH DIALOGUE GLOBAL ENERGY SECURITY THROUGH DIALOGUE Role of IEF

GLOBAL ENERGY SECURITY THROUGH DIALOGUE GLOBAL ENERGY SECURITY THROUGH DIALOGUE Role of IEF

GLOBAL ENERGY SECURITY THROUGH DIALOGUE GLOBAL ENERGY SECURITY THROUGH DIALOGUE Role of IEF Neutrality IEF adds value Promoting Inclusive Global Energy Cooperation by standing for Energy Data Transparency Ministerial Meeting Outcomes

112 views • 8 slides
NCONDEZI E ENERGY Company U Update Proactive I Investor E Evening 20 20 Fe February, 2020

NCONDEZI E ENERGY Company U Update Proactive I Investor E Evening 20 20 Fe February, 2020

NCONDEZI E ENERGY Company U Update Proactive I Investor E Evening 20 20 Fe February, 2020 2020 1 DI DISCLA LAIMER This document, which is personal to the recipient, has been issued by Ncondezi Energy Limited (the Company). This

571 views • 17 slides
A seman(c firewall for Content Centric Networking IFIP/IEEE

A seman(c firewall for Content Centric Networking IFIP/IEEE

A seman(c firewall for Content Centric Networking IFIP/IEEE Integrated Network Management Symposium (IM 2013) - MC2: Security Management and Recovery May 27 - 31, 2013 David Goergen Thibault Cholez Jrme

665 views • 39 slides
Fast and Scalable Method for Resolving Anomalies in Firewall Policies Hassan Gobjua

Fast and Scalable Method for Resolving Anomalies in Firewall Policies Hassan Gobjua

Fast and Scalable Method for Resolving Anomalies in Firewall Policies Hassan Gobjua Kamal Ahmat Verizon City University of New York Introduction Firewalls Types of Anomalies Related

380 views • 21 slides
Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls?

Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls?

Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls? Network Address Translation Types of Firewalls Linux/Windows Firewalls pfSense Blue Team Activity Brief History Firewall

348 views • 30 slides
Advanced network scanning with Nmap 6 Henri Doreau henri.doreau@gmail.com 13 th LSM - Geneva 2012

Advanced network scanning with Nmap 6 Henri Doreau henri.doreau@gmail.com 13 th LSM - Geneva 2012

Advanced network scanning with Nmap 6 Henri Doreau henri.doreau@gmail.com 13 th LSM - Geneva 2012 Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Outline Project presentation 1 Introduction

844 views • 35 slides
Using a firewall to control traffic in networks 1 Example Network .35 .12 .36 .11 3.3.3.0/24

Using a firewall to control traffic in networks 1 Example Network .35 .12 .36 .11 3.3.3.0/24

Using a firewall to control traffic in networks 1 Example Network .35 .12 .36 .11 3.3.3.0/24 1.1.1.0/24 Rd .1 Ra .4.1 .4.4 1.1.0.0/16 Rc 2.2.2.0/24 .1 .4.2 .1 .23 Rb .47 Re .15.6 .99 1.1.2.0/24 4.4.4.0/24 .24 2 Firewall

708 views • 13 slides
GASPP: A GPU-Accelerated Stateful Packet Processing Framework

GASPP: A GPU-Accelerated Stateful Packet Processing Framework

GASPP: A GPU-Accelerated Stateful Packet Processing Framework Giorgos Vasiliadis, FORTH-ICS, Greece Lazaros Koromilas, FORTH-ICS, Greece Michalis Polychronakis,

949 views • 56 slides
Firewalls Chester Rebeiro IIT Madras Some of the slides borrowed from the book Computer

Firewalls Chester Rebeiro IIT Madras Some of the slides borrowed from the book Computer

Firewalls Chester Rebeiro IIT Madras Some of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du Firewall Block unauthorized traffic flowing from one network to another Separate trusted and

898 views • 58 slides
Composition of SDN applications: Options/challenges for real implementations Arne Schwabe Pedro

Composition of SDN applications: Options/challenges for real implementations Arne Schwabe Pedro

Composition of SDN applications: Options/challenges for real implementations Arne Schwabe Pedro A. Aranda Gutirrez Holger Karl Computer Networks Group Universitt Paderborn Modernizing the setup Simple standard network setup

409 views • 21 slides

More recommend