SCADA Security Eric Chan Fortinet SouthEast Asia & HK SCADA - - PowerPoint PPT Presentation

scada security
SMART_READER_LITE
LIVE PREVIEW

SCADA Security Eric Chan Fortinet SouthEast Asia & HK SCADA - - PowerPoint PPT Presentation

Jul 23, 2023 348 likes •486 views

SCADA Security Eric Chan Fortinet SouthEast Asia & HK SCADA Network Architecture CONFIDENTIAL INTERNAL ONLY 2 Where are the Threats Coming From? External Sources SCADA systems are often interconnected to other SCADA systems and

slide-1
SLIDE 1

SCADA Security

Eric Chan Fortinet SouthEast Asia & HK

slide-2
SLIDE 2

SCADA Network Architecture

2 CONFIDENTIAL – INTERNAL ONLY

slide-3
SLIDE 3

Where are the Threats Coming From?

  • External Sources
  • SCADA systems are often interconnected to other SCADA systems and their own

RTU’s/MGMT stations via public networks RTU s/MGMT stations via public networks

  • Targetted attack of corporate systems with malware which propagate to SCADA

systems

  • Internal sources
  • Internal sources
  • Virus’ brought into SCADA network via portable devices
  • Corporate espionage
  • Third party applications
  • File sharing, P2P and social networks
  • HMI terminals do not have or are not allowed to install an AV solution
  • Engineers laptop brought on site
  • Wireless sources
  • SCADA networks often employ WiFi or 3G based wireless connectivity to RTU’s.
  • Rogue AP set up as original equipment SSID
  • Host of encryption exploits

3 CONFIDENTIAL – INTERNAL ONLY

yp p

  • No host based security features on RTU’s
slide-4
SLIDE 4

How to Protect your SCADA Environment

  • Control application/ communication into/out of the network

Control application/ communication into/out of the network

  • Control application/ communication inside the network

»Includes ICCP and DNPV3

  • Control what/who can interface with SCADA systems
  • Control what/who can interface with SCADA systems
  • Monitor the network for virus/ attacks and be able to react to those events

quickly

4 CONFIDENTIAL – INTERNAL ONLY

slide-5
SLIDE 5

Summary: Defense-in-Depth Security

  • A Defense-in-depth strategy deploys application security at both the host

RTU and the network level

  • Deploy security systems that offer tightly integrated multiple detection

Deploy security systems that offer tightly integrated multiple detection mechanisms:

» IPS » Antivirus » Antispam

Corporate LAN

» Antispam » Application control » Identity based policies » Web filtering

Remote Terminal Human Machine Interface (HMI)

» DB » Stateful firewall » VPN » Wireless

Pump/fan speed Pressure Flow Rate Oil levels and Maintenance alarms Remote Terminal Unit Unit

» Wireless » Strong Authentication

  • Automated processes to update AV and

IPS signature databases

  • Known SCADA Exploits already in AV/IPS databases

Pump/fan speed Pressure Flow Rate Oil levels and Maintenance alarms

5 CONFIDENTIAL – INTERNAL ONLY

  • Known SCADA Exploits already in AV/IPS databases
slide-6
SLIDE 6

FortiGate Rugged

  • Reliability in harsh environments

IEC 61850 3

  • IEC-61850-3
  • IEEE-1613

EMI EMI Thermal Thermal

  • Complete FortiOS Protection
  • Firewall

I t i P ti

Vibration Vibration

  • Intrusion Prevention
  • IPSec Encryption
  • Dynamic Routing

y g

6 CONFIDENTIAL – INTERNAL ONLY

slide-7
SLIDE 7

Application Awareness for SCADA Protocols

Supported Protocols Protocols ICCP Modbus DNP3 Ethernet.IP EtherCAT

7 CONFIDENTIAL – INTERNAL ONLY

slide-8
SLIDE 8

About Fortinet

  • Leading UTM & NG Firewall vendor

»by industry analyst: Gartner IDC Frost&Sullivan »by industry analyst: Gartner, IDC, Frost&Sullivan

  • Certified Protection

»5 ICSA Labs security certifications »NSS UTM certification »ISO 9001:2008 certification »12 Virus Bulletin (VB) 100% awards »12 Virus Bulletin (VB) 100% awards »IPV6 certification for FortiOS 4.0 »Common Criteria Evaluation Assurance Level 4 Augmented (EAL 4+) for FortiOS 4.0 »FIPS PUB 140-2 »NEBS Level 3

8 CONFIDENTIAL – INTERNAL ONLY

slide-9
SLIDE 9

9 CONFIDENTIAL – INTERNAL ONLY

slide-10
SLIDE 10

More Security

Fighting Advanced Fighting Advanced Fighting Advanced Fighting Advanced Threats Threats Threats Threats

Client Reputation Advanced Anti-malware Protection Advanced Anti malware Protection

10 CONFIDENTIAL – INTERNAL ONLY

slide-11
SLIDE 11

Zero Day Attack Detection

Client Reputation

Identify potential … zero-day attacks

Client Reputation

Th t St t Multiple Scoring Vectors Reputation by Activity Threat Status

Real Time, Relative, Drill-down, Correlated

Ranking Identification Policy Enforcement Score Computatio n

11 CONFIDENTIAL – INTERNAL ONLY

n

slide-12
SLIDE 12

Advanced Anti-Malware Protection

Multi-pass Filters Multi-pass Filters

Hardware Accelerated Local Lightweight FortiGuard Botnet IP Hardware Accelerated & Code optimized Real time updated, 3rd party validated Local Lightweight Sandboxing Behavior / Attribute Based Heuristic Detection FortiGuard Botnet IP Reputation DB Cloud Based Sandboxing p y Signature DB Application Control – Botnet Category g

In box Enhanced AV Engine Cloud Based AV Service

Improves threat …. … detection

12 CONFIDENTIAL – INTERNAL ONLY

In-box Enhanced AV Engine Cloud Based AV Service