ciberseguridad en redes industriales - uruman.org · aceleración de ataques a ot 2015 ukraine:...
TRANSCRIPT
Ciberseguridad en Redes Industriales
Ing. Gerardo Viar
Aceleración de Ataques a OT
2015Ukraine:Grid taken down for up to 6 hours
2017Attack triggers 150+ warning sirens across Dallas
2014Germany:Attackers damage smelter
2016Ukraine:Second Electric Grid Attack
2017Hospitals, FactoriesImpacted by Wannacry Ransomware
2014US:Paper Mill damaged remotely by former worker
2017Malware used in 2016 Ukraine attack found to have ICS unique modules
Evolución de los Ataques• Ataques IT en puntos de entrada• Brechas de IDMZ • Tools de ataque específicas para OT m
Search Engine for IoT Devices
Title
Panorama en Latinoamerica
2016
2016
• Real-Time Control
• Fast Convergence
• Traffic Segmentation and Management
• Ease of Use
• Site Operations and Control
• Multi-Service Networks
• Network and Security Management
• Routing
• Application and Data share
• Access Control
• Malware Protection
• Enterprise/IT Integration
• Collaboration
• Wireless
• Application Optimization
Cell/Area ZoneLevels 0–2
Layer 2 Access
Manufacturing ZoneLevel 3
Distribution and Core
Industrial DemilitarizedZone
(IDMZ) Firewalls
Enterprise NetworkLevels 4–5
Arquitectura Industrial – Modelo ISA99/ISA95
Factory Talk
Application and
Service Platform
Servers
Web Apps DNS FTP
Internet
Patch Management
Terminal Services
Application Mirror
AV ServerGbps Linkfor Failover Detection
Firewall
(Active)
Firewall
(Standby)
Switches L3 Flow Sensor
Network
Services
Robotics
Material
Handling
Machines
Basic Control
Process
I/O SensorController /
PLC
HMI
Switches
Qué hacer? NERC-CIP v5
Los Riesgos por Sector
Title
Title
LERC – Low Impact External Routable Connectivity
Vulnerabilidades
• Equipos sin funciones de Seguridad
• Diseño de red sin Seguridad
• Servicios innecesarios levantados
• Falta de integración Seguridad Física y Seguridad Lógica
• Insuficiente Auditoria y Monitoreo
• Falta de Autenticación/Autorización para las HMI
• Conocimiento de Normas y Ciberseguridad
• Real-Time Control
• Fast Convergence
• Traffic Segmentation and Management
• Ease of Use
• Site Operations and Control
• Multi-Service Networks
• Network and Security Management
• Routing
• Application and Data share
• Access Control
• Malware Protection
• Enterprise/IT Integration
• Collaboration
• Wireless
• Application Optimization
Cell/Area ZoneLevels 0–2
Layer 2 Access
Manufacturing ZoneLevel 3
Distribution and Core
Industrial DemilitarizedZone
(IDMZ) Firewalls
Enterprise NetworkLevels 4–5
Arquitectura Industrial – Modelo ISA99/ISA95
Factory Talk
Application and
Service Platform
Servers
Web Apps DNS FTP
Internet
Patch Management
Terminal Services
Application Mirror
AV ServerGbps Linkfor Failover Detection
Firewall
(Active)
Firewall
(Standby)
Switches L3 Flow Sensor
Network
Services
Robotics
Material
Handling
Machines
Basic Control
Process
I/O SensorController /
PLC
HMI
Switches
Passive/Active HybridPLC/RTU Config Management
Passive/Active HybridIDS, Zone enforcement, app control, Malware protection, etc.
ActiveIPS, Firewall, malware protection, etc.
ActiveIPS, Firewall, app. control, web content, malware protection, etc.
• Real-Time Control
• Fast Convergence
• Traffic Segmentation and Management
• Ease of Use
• Site Operations and Control
• Multi-Service Networks
• Network and Security Management
• Routing
• Application and Data share
• Access Control
• Malware Protection
• Enterprise/IT Integration
• Collaboration
• Wireless
• Application Optimization
Cell/Area ZoneLevels 0–2
Layer 2 Access
Manufacturing ZoneLevel 3
Distribution and Core
Industrial DemilitarizedZone
(IDMZ) Firewalls
Enterprise NetworkLevels 4–5
Factory Talk
Application and
Service Platform
Servers
Web Apps DNS FTP
Internet
Patch Management
Terminal Services
Application Mirror
AV ServerGbps Linkfor Failover Detection
Firewall
(Active)
Firewall
(Standby)
Switches L3 Flow Sensor
Network
Services
Robotics
Material
Handling
Machines
Basic Control
Process
I/O SensorController /
PLC
HMI
Switches
SIEM
NGFWNGFW
NGFW
IAM
IAM
NBAD
Recomendaciones Generales
• Establecer políticas para el control de la Seguridad
• Crear una DMZ para comunicar IT/OT
• Proteger el interior y las fronteras de la red
• Crear Políticas de Acceso Remoto
• Integrar la Seguridad física y electrónica
• Activar funciones de seguridad en HW disponible
Visibilidad y
Analisis
Acceso RemotoSegmentación Servicios
Gracias !