hazmat signs for industrial software
play

Hazmat Signs for Industrial Software if they existed, what would - PowerPoint PPT Presentation

Jan 17, 2024 •360 likes •570 views

Hazmat Signs for Industrial Software if they existed, what would they look like? Bryan Owen PE, OSIsoft LLC cred-c.org | 1 Most Industrial Software is Toxic cred-c.org | 2 Toxicity The degree to which a chemical substance can damage

  1. Hazmat Signs for Industrial Software … if they existed, what would they look like? Bryan Owen PE, OSIsoft LLC cred-c.org | 1

  2. Most Industrial Software is ‘Toxic’ cred-c.org | 2

  3. Toxicity The degree to which a chemical substance can damage an organism • Whole organism • Organs, • Tissue, • Or even cellular damage. cred-c.org | 3

  4. Toxin Categories Biological Corrosive Physical Non-Ionizing Hazard Hazard Hazard Radiation Hazard cred-c.org | 4

  5. “Cyber” – Bio Hazard Abuse of legitimate ICS functionality • Stuxnet • Crashoverride / Industroyer • Eg Protocols: IEC101, IEC104, and Biological IEC61850 Hazard cred-c.org | 5

  6. “Cyber” – Corrosive Hazard Non-ICS specific Ransomware & Wipers • Brickerbot • Not Petya / WannaCry • Shamoon Corrosive • Eg Protocols: SMB, Telnet Hazard cred-c.org | 6

  7. “Cyber” – Physical Hazard Enlistment in bots • Carna • Mirai • Reaper • And many other similar threats Physical Hazard cred-c.org | 7

  8. “Cyber” – Radio Hazards Recent malware targeting radios • BadBIOS • BlueBorne • WPA2 Krack Non-Ionizing Radiation Hazard cred-c.org | 8

  9. Chemical Hazard Labels – NFPA Diamond 0 4 FLAMABILITY Least Most Serious Serious HEALTH REACTIVITY 0 Will Not Burn SPECIAL HAZARDS Shock and Heat 3 May Detonate cred-c.org | 9

  10. Cyber Hazard Labels: “C-I-A Triad Model” Remote, Anonymous, Default 4 Configuration, Root Access INTEGRITY Remote, Anonymous, Default 3 Configuration, User Access Remote, Authenticated, Default 2 CONFIDENTIALITY AVAILABILITY Configuration, Root Access Remote, Authenticated, Custom 1 Configuration, Write Access SPECIAL Remote, Authenticated, Read 0 HAZARDS Access cred-c.org | 10

  11. Cyber Hazard Labels: “V-A-T Model (OSSTMM)” 1/2 VISIBILITY 4 ACCESS Remote management endpoints 3 Remote write access endpoints VISIBILITY TRUST 2 Remote read access endpoints 1 SPECIAL Device broadcasts HAZARDS 0 No targets visible remotely cred-c.org | 11

  12. Cyber Hazard Labels: “V-A-T Model (OSSTMM)” 2/2 TRUST Unmanaged 3P components, 3P 4 ACCESS managed trust infrastructure 3 Unmanaged 3P components VISIBILITY TRUST 2 3P managed trust infrastructure Self-managed 3P components, 1 SPECIAL trust infrastructure HAZARDS Trusted foundry with 0 transparency cred-c.org | 12

  13. Cyber Hazard Labels: Cornell “SoS” Blueprint Blueprint for a science of cybersecurity Safety The Next Wave Vol. 19 No. 2 | 2012 Fred B. Schneider • No ‘bad thing’ happens ISOLATION Liveness • Some ‘good thing’ happens OBFUSCATION MONITORING SPECIAL HAZARDS cred-c.org | 13

  14. Special Cyber Hazards: “Observables” • Digital signature or unique hash • Documentation of third party components • Important dates (creation, last modified) • Memory safe frameworks and languages • User mode vs kernel or root A badness-omemter can’t tell you that you’re secure. • Execution flags (ASLR, CFG, DEP, NX, etc…) It can only tell you that • Network protocol safety you’re not. • Software update mechanism Badness-ometers are good. Do you own one? by Gary McGraw https://www.synopsys.com/blogs/software-security/badness-ometers-are-good-do-you-own-one cred-c.org | 14

  15. Idea: Safety Data Sheets cred-c.org | 15

  16. Cyber Security Data Sheets Cyber Security Technical Assessment Methodology: Vulnerability Identification and Mitigation 3002008023 Final Report, October 2016 Michael Thow – EPRI Steve Hagan – Fisher Valves Dan Griffin – JW Secure John Connelly – Exelon Inman – Lanier – Fisher Valves Justin Kosar – Assoc. Electric Cooperative Manu Sharma – Exelon Mike Hagen – Fisher Valves Andrew Dettmer – Assoc. Electric Cooperative Kenneth Levandoski – Exelon Andrew Clark – Sandia National Laboratory Steve Ricker – East Kentucky Power Cooperative Brad Yeates – Southern Company Matthew Coulter – Duke Energy Phillip Turner – Sandia National Laboratory Scott Junkin – Southern Company Susan Ritter – Duke Energy Tim Wheeler – Sandia National Laboratory Richard Atkinson – Arizona Public Service Mark Denton – Duke Energy Alice Muna – Sandia National Laboratory Sandra Bittner – Arizona Public Service Norman Geddes – Southern Eng. Services Christine Lai – Sandia National Laboratory cred-c.org | 16

  17. EPRI TAM Overview cred-c.org | 17

  18. EPRI TAM – Attack Surface Characterization cred-c.org | 18

  19. Reference Cyber Security Data Sheets A key part of the Supply Chain • Step 1 & 2 by EPRI, Vendors, and Big Idea: other Stakeholders You can create a • Starting point for tailored CSDS CSDS too! Cyber Security Technical Assessment Methodology: Vulnerability Identification and Mitigation 3002008023 cred-c.org | 19

  20. http://cred-c.org @credcresearch facebook.com/credcresearch/ Funded by the U.S. Department of Energy and the U.S. Department of Homeland Security

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Assessing Risks from Hazmat Transportation on Rail by Phani K. Raj HazMat Division, FRA

Assessing Risks from Hazmat Transportation on Rail by Phani K. Raj HazMat Division, FRA

Assessing Risks from Hazmat Transportation on Rail by Phani K. Raj HazMat Division, FRA presented at Hazardous Materials Training Seminar Houston, TX Aug 21 to 23, 2018 DISCLAIMER All references to companies, their names, addresses and

499 views • 24 slides
HazMat Transportation Compliance September 2017 My HazMat Journey Biology Freshwater Sciences

HazMat Transportation Compliance September 2017 My HazMat Journey Biology Freshwater Sciences

HazMat Transportation Compliance September 2017 My HazMat Journey Biology Freshwater Sciences Environmental Studies Labelmaster One Stop DG Shop 30,000+ products with Twenty years Team of regulatory and core capabilities in

359 views • 32 slides
INDUSTRIAL SIGNS WHO ARE WE ? Family company Founded in 1996 Production area: 2222 m

INDUSTRIAL SIGNS WHO ARE WE ? Family company Founded in 1996 Production area: 2222 m

more than INDUSTRIAL SIGNS WHO ARE WE ? Family company Founded in 1996 Production area: 2222 m 2 Employees: 30 Managing director: Karol Brix WHAT IS IMPORTANT FOR US? PROCUSTOMER ORIENTATION COMMUNICATION SEARCH FOR

815 views • 34 slides
Whats different in Industrial Software Engineering Dirk Taubner sd&m AG software design

Whats different in Industrial Software Engineering Dirk Taubner sd&m AG software design

Whats different in Industrial Software Engineering Dirk Taubner sd&m AG software design & management Thomas-Dehler-Strae 27 81737 Mnchen Telefon (0 89) 6 38 12-0 Telefax (0 89) 6 38 12-155 http://www.sdm.de Focus: Individual

674 views • 45 slides
Se lf Dir e c tion in the Ne w Wor ld Or de r of Soc ial Pr ogr ams: An Innovative Oppor

Se lf Dir e c tion in the Ne w Wor ld Or de r of Soc ial Pr ogr ams: An Innovative Oppor

Se lf Dir e c tion in the Ne w Wor ld Or de r of Soc ial Pr ogr ams: An Innovative Oppor tunity for Community L iving Connie Gar ne r May 8, 2017 Signs Signs, signs, everywhere theyre signs Blockin out the scenery,

463 views • 13 slides
D.O.T. HAZMAT / DANGEROUS GOODS TRAINING FOR HEALTHCARE WORKERS including the Nuclear

D.O.T. HAZMAT / DANGEROUS GOODS TRAINING FOR HEALTHCARE WORKERS including the Nuclear

D.O.T. HAZMAT / DANGEROUS GOODS TRAINING FOR HEALTHCARE WORKERS including the Nuclear Medicine Technologist (NMT) Jason S. Tavel, PhD, DABR Astarita Associates, Inc. Why The NMT? The NMT routinely ships Excepted Packages The NMT

854 views • 49 slides
Signs of Stress and Trauma That Parents Need to Know About Warning Signs to Look For

Signs of Stress and Trauma That Parents Need to Know About Warning Signs to Look For

Signs of Stress and Trauma That Parents Need to Know About Warning Signs to Look For Preschoolers Thumb sucking Bedwetting Clinging to parents Sleep Difficulties (Trouble falling asleep, nightmares) Separation

386 views • 10 slides
Software Defined Radio using the Linux Industrial IO framework - A Hardware Abstraction Layer -

Software Defined Radio using the Linux Industrial IO framework - A Hardware Abstraction Layer -

Software Defined Radio using the Linux Industrial IO framework - A Hardware Abstraction Layer - Lars-Peter Clausen, Analog Devices What is IIO? Industrial Input/Output framework Not really just for Industrial IO All non-HID IO

1.33k views • 41 slides
Procera Plus Design, Drawing and calculation software for industrial low voltage installations

Procera Plus Design, Drawing and calculation software for industrial low voltage installations

GE Consumer & Industrial Power Protection Procera Plus Design, Drawing and calculation software for industrial low voltage installations including distribution circuits ProceraPlus The new HD384 and R064-03 standards require that the

987 views • 61 slides
The Next Industrial Revolution: Manufacturing and the Industrial Internet Joseph J. Salvo, Ph.D.

The Next Industrial Revolution: Manufacturing and the Industrial Internet Joseph J. Salvo, Ph.D.

The Next Industrial Revolution: Manufacturing and the Industrial Internet Joseph J. Salvo, Ph.D. Founder and Director of the Industrial Internet Consortium The Physical World is Evolving at the Speed of Software "If you went to bed last

399 views • 27 slides
Developing a Hazardous Materials Training Program What You Should Know Russell Kelly FRA Hazmat

Developing a Hazardous Materials Training Program What You Should Know Russell Kelly FRA Hazmat

Developing a Hazardous Materials Training Program What You Should Know Russell Kelly FRA Hazmat Inspector Salt Lake City, UT Effective Training Program Develop Safety Culture Provides Employees with Understanding of Regulatory

916 views • 33 slides
New advance and alternative location danger warning and prohibitory signs? Group of Experts on

New advance and alternative location danger warning and prohibitory signs? Group of Experts on

New advance and alternative location danger warning and prohibitory signs? Group of Experts on Road Signs and Signals Geneva, 29 May 2017 UNECE Secretariat . Chapter II: Road signs, Article 6 1. Signs shall be so placed that the drivers for

382 views • 15 slides
Progress in the Industrial Deployment of Materials Modelling Software Experiences from

Progress in the Industrial Deployment of Materials Modelling Software Experiences from

Progress in the Industrial Deployment of Materials Modelling Software Experiences from Thermo-Calc Software Anders Engstrm EMMC Int. Workshop 2019, February 25-27, 2019 Vienna, Austria 1 st material designed using Materials Modelling

397 views • 12 slides
Introduction to Signs of Safety Working in partnership with Children and Families This e-learning

Introduction to Signs of Safety Working in partnership with Children and Families This e-learning

Introduction to Signs of Safety Working in partnership with Children and Families This e-learning course is to give you an overview of Signs of Safety and how it is implemented within this authority Background to Signs of Safety Signs of

845 views • 37 slides
EXPERT GROUP ROAD SIGNS & SIGNALS Final Report Convention signs ECE/TRANS/WP.1/2019/4

EXPERT GROUP ROAD SIGNS & SIGNALS Final Report Convention signs ECE/TRANS/WP.1/2019/4

EXPERT GROUP ROAD SIGNS & SIGNALS Final Report Convention signs ECE/TRANS/WP.1/2019/4 MANDATE Three main objectives: 1. assess the internal (in)consistencies of the 1968 Convention on Road Signs and Signals and the 1971 European Agreement

519 views • 14 slides
North Essex Signs Ltd Who Are we? North Essex Signs is a family owned Company, based in

North Essex Signs Ltd Who Are we? North Essex Signs is a family owned Company, based in

North Essex Signs Ltd Who Are we? North Essex Signs is a family owned Company, based in Colchester. The manufacturing facility is 90,000 sq. ft. spread over two sites with a staff of over 50. What do we do? We specialise in high quality

572 views • 23 slides
2Q 2019 Earnings Conference Call August 1, 2019 Insert Risk Classification Safe Harbor

2Q 2019 Earnings Conference Call August 1, 2019 Insert Risk Classification Safe Harbor

2Q 2019 Earnings Conference Call August 1, 2019 Insert Risk Classification Safe Harbor Regarding Forward-Looking Statements Forward-Looking Statements This presentation contains forward-looking statements within the meaning of Section 21E of

400 views • 22 slides
Tom Angelo For all our assessment efforts . . . Are we making any meaningful progress on

Tom Angelo For all our assessment efforts . . . Are we making any meaningful progress on

Assessment and Feedback for Authentic Learning How Less Can Often Be More An Interactive Keynote Session in the 2017 DePaul University Teaching and Learning Conference 9:15-10:45 AM on Friday 5 May 2017 Tom Angelo For all our assessment

695 views • 48 slides
An overview of the coupled atmosphere-wildland fire model WRF-Fire Jan Mandel Jonathan D.

An overview of the coupled atmosphere-wildland fire model WRF-Fire Jan Mandel Jonathan D.

An overview of the coupled atmosphere-wildland fire model WRF-Fire Jan Mandel Jonathan D. Beezley Adam K. Kochanski University of Colorado Denver, Denver, CO University of Utah, Salt Lake City, UT Contents 1 Introduction 2 1.1 Origins

468 views • 14 slides
Ab-initio methods for light nuclei from low to high resolution James P. Vary Iowa State

Ab-initio methods for light nuclei from low to high resolution James P. Vary Iowa State

Ab-initio methods for light nuclei from low to high resolution James P. Vary Iowa State University, Ames, Iowa, USA Polarized light ion physics with EIC Ghent, Belgium Feb. 5 9, 2018 Meeting Topics include: * Neutron spin structure from

318 views • 29 slides
Panel 6: Household Resources in Old Age Labor Supply and Social Networks Gary V. Engelhardt

Panel 6: Household Resources in Old Age Labor Supply and Social Networks Gary V. Engelhardt

Panel 6: Household Resources in Old Age Labor Supply and Social Networks Gary V. Engelhardt Syracuse University SSA-RRC Presentation August 5, 2016 1 Work, Retirement, and Social Networks Large, long-standing literature in public health

1.04k views • 75 slides
The Role of Dublin Core Metadata in the Expanding Digital and Analytical Skill Set Required by

The Role of Dublin Core Metadata in the Expanding Digital and Analytical Skill Set Required by

The Role of Dublin Core Metadata in the Expanding Digital and Analytical Skill Set Required by Data-Driven Organizations Steve Brewer Dublin Core Metadata Initiative 12 July 2018 Infoculture Ltd Outline of talk Introduction

1.17k views • 50 slides
C O U N C I L O F M I C H I G A N F O U N D A T I O N S 4 4 T H A N N U A L C O N F E R E N C

C O U N C I L O F M I C H I G A N F O U N D A T I O N S 4 4 T H A N N U A L C O N F E R E N C

C O U N C I L O F M I C H I G A N F O U N D A T I O N S 4 4 T H A N N U A L C O N F E R E N C E PERSUASIVE STORYTELLING SOURCING, WRITING, PITCHING Council of Michigan Foundations Everyone has a story to tell Everyone has a story to tell

688 views • 55 slides
Fire Mitigation, Fire Mitigation, Prescription Burning Prescription Burning and and Post-

Fire Mitigation, Fire Mitigation, Prescription Burning Prescription Burning and and Post-

Fire Mitigation, Fire Mitigation, Prescription Burning Prescription Burning and and Post- -fire Treatments: the fire Treatments: the Post BAER process BAER process ESPM 134 Spring 2008 ESPM 134 Spring 2008 Forest in desperate need of

547 views • 50 slides

More recommend