security issues and solutions for next generation factories · tippingpoint™ threat protection...
TRANSCRIPT
![Page 1: Security issues and solutions for next generation Factories · TippingPoint™ Threat Protection System Next generation Intrusion Prevention System Deep Discovery™ Inspector Network](https://reader030.vdocuments.site/reader030/viewer/2022011819/5e99036c8496907a812cd5a2/html5/thumbnails/1.jpg)
Security issues and solutions for next generation Factories 25th Apr 2017 Yuki Ueda Product Marketing Manager Trend Micro Incorporated.
![Page 2: Security issues and solutions for next generation Factories · TippingPoint™ Threat Protection System Next generation Intrusion Prevention System Deep Discovery™ Inspector Network](https://reader030.vdocuments.site/reader030/viewer/2022011819/5e99036c8496907a812cd5a2/html5/thumbnails/2.jpg)
Copyright 2017 Trend Micro Inc. 2
About Trend Micro § 28 years focused on security software § Headquartered in Japan, Tokyo Exchange Nikkei Index (4704) § Annual sales over $1B US § Customers include 45 of top 50 global corporations § 5500+ employees in over 50 countries
500k commercial customers & 155M endpoints protected
Small Business
Midsize Business
Enterprise
Consumer
Consumers
![Page 3: Security issues and solutions for next generation Factories · TippingPoint™ Threat Protection System Next generation Intrusion Prevention System Deep Discovery™ Inspector Network](https://reader030.vdocuments.site/reader030/viewer/2022011819/5e99036c8496907a812cd5a2/html5/thumbnails/3.jpg)
3 Copyright © 2017 Trend Micro Incorporated. All rights reserved.
Agenda • Threats
– Security incidents in Japan – Ransomware in ICS / SCADA – Issues and Challenges
• Solutions – Security solution for ICS/SCADA – Customer cases – Demonstration
![Page 4: Security issues and solutions for next generation Factories · TippingPoint™ Threat Protection System Next generation Intrusion Prevention System Deep Discovery™ Inspector Network](https://reader030.vdocuments.site/reader030/viewer/2022011819/5e99036c8496907a812cd5a2/html5/thumbnails/4.jpg)
Copyright © 2017 Trend Micro Incorporated. All rights reserved. 4
Threats
![Page 5: Security issues and solutions for next generation Factories · TippingPoint™ Threat Protection System Next generation Intrusion Prevention System Deep Discovery™ Inspector Network](https://reader030.vdocuments.site/reader030/viewer/2022011819/5e99036c8496907a812cd5a2/html5/thumbnails/5.jpg)
5 Copyright © 2017 Trend Micro Incorporated. All rights reserved.
Security incidents in Japan
Source: Trend Micro Incorporated., Sep, ‘14 Internet survey to 218 persons involved in managing industrial control system of FA and PA system. *1 Have you ever encountered malware infection on an industrial control systems which you mange? (N=218) *2 As result, have you ever encountered production-stop? If you have, let us know its period (N=92)
55.4% infected factory stopped
More than 6 days in some case
Malware infection ratio of ICS*1
Infected, 42.2%
No infection, 47.2%
Unknown, 10.6%
*2
![Page 6: Security issues and solutions for next generation Factories · TippingPoint™ Threat Protection System Next generation Intrusion Prevention System Deep Discovery™ Inspector Network](https://reader030.vdocuments.site/reader030/viewer/2022011819/5e99036c8496907a812cd5a2/html5/thumbnails/6.jpg)
Energy Sector Malware infection on a monitoring terminal of energy control system via USB Storage No social impact, but took 1 day for recovery.
Security incidents in Japan
Source: Internet survey, Trend Micro Incorporated.
![Page 7: Security issues and solutions for next generation Factories · TippingPoint™ Threat Protection System Next generation Intrusion Prevention System Deep Discovery™ Inspector Network](https://reader030.vdocuments.site/reader030/viewer/2022011819/5e99036c8496907a812cd5a2/html5/thumbnails/7.jpg)
Manufacturing Sector Security incidents in Japan
Malware infection on a control terminal in the FA system Production stopped 5 days, Delay of delivery
Source: Internet survey, Trend Micro Incorporated.
![Page 8: Security issues and solutions for next generation Factories · TippingPoint™ Threat Protection System Next generation Intrusion Prevention System Deep Discovery™ Inspector Network](https://reader030.vdocuments.site/reader030/viewer/2022011819/5e99036c8496907a812cd5a2/html5/thumbnails/8.jpg)
8 Copyright © 2017 Trend Micro Incorporated. All rights reserved.
Ransomware in ICS / SCADA
•Factory infected via USB Storage/OA NW in Japan*1
•Loss 100KUSD, production stop half month, in Brazil*2
•Temporary blackout by infection via USB Storage, in Brazil*3
Ransomware is now a real threat for ICS / SCADA
Source *1 : Trend Micro Incorporated. *2, 3: http://www.darkreading.com/endpoint/ransomware-rising-on-the-plant-floor/d/d-id/1327870
![Page 9: Security issues and solutions for next generation Factories · TippingPoint™ Threat Protection System Next generation Intrusion Prevention System Deep Discovery™ Inspector Network](https://reader030.vdocuments.site/reader030/viewer/2022011819/5e99036c8496907a812cd5a2/html5/thumbnails/9.jpg)
9 Copyright © 2017 Trend Micro Incorporated. All rights reserved.
Issues and Challenges Insufficient countermeasure
– Mindset • Vendor’s responsibility? • Closed system is safe?
– Vulnerability • Legacy OS • Difficulty of applying security patch
– Limitation • Software installation is prohibited • Signature file is not updated • IT dept has no responsibility for facilities, but field dept.
![Page 10: Security issues and solutions for next generation Factories · TippingPoint™ Threat Protection System Next generation Intrusion Prevention System Deep Discovery™ Inspector Network](https://reader030.vdocuments.site/reader030/viewer/2022011819/5e99036c8496907a812cd5a2/html5/thumbnails/10.jpg)
Copyright © 2017 Trend Micro Incorporated. All rights reserved. 10
Solutions
![Page 11: Security issues and solutions for next generation Factories · TippingPoint™ Threat Protection System Next generation Intrusion Prevention System Deep Discovery™ Inspector Network](https://reader030.vdocuments.site/reader030/viewer/2022011819/5e99036c8496907a812cd5a2/html5/thumbnails/11.jpg)
11 Copyright © 2017 Trend Micro Incorporated. All rights reserved.
Approach concept • Existing facilities
Anomaly detection and quick recovery without changing structures
• New facilities
Protect facilities without impacting system performance
![Page 12: Security issues and solutions for next generation Factories · TippingPoint™ Threat Protection System Next generation Intrusion Prevention System Deep Discovery™ Inspector Network](https://reader030.vdocuments.site/reader030/viewer/2022011819/5e99036c8496907a812cd5a2/html5/thumbnails/12.jpg)
12 Copyright © 2017 Trend Micro Incorporated. All rights reserved.
Steps of Layered protection 1. Intrusion prevention
Network, USB Storage, Maintenance Work PC 2. Anomaly detection
Machine tools, control terminals, etc… 3. Quick recovery
backup, malware cleanup tool
![Page 13: Security issues and solutions for next generation Factories · TippingPoint™ Threat Protection System Next generation Intrusion Prevention System Deep Discovery™ Inspector Network](https://reader030.vdocuments.site/reader030/viewer/2022011819/5e99036c8496907a812cd5a2/html5/thumbnails/13.jpg)
13 Copyright © 2017 Trend Micro Incorporated. All rights reserved.
Ref: Security solution for ICS / SCADA Gateway/ Network
Server / Client PC External Device Plant DMZ /
Control Information Network Control Network
Prevention
Deep Edge
TMUSB
Detection
Deep Discovery
Cleanup
Network VirusWall
Trend Micro Safe Lock™ “Lockdown security software for fixed-function
devices”
Trend Micro Portable Security 2™
“Malware scan / cleanup tool without software installation”
Trend Micro Deep Security™ “Comprehensive, modular
protection for servers, desktops and laptops”
Trend Micro USB Security™ “Protect USB Storage”
N/A
Deep Discovery™ Inspector
“Network Visibility, early anomaly detection”
TippingPoint Threat Protection
System™ “Next generation
Intrusion Prevention System”
Mission Critical Specific purpose
Non Mission-Critical General Purpose
![Page 14: Security issues and solutions for next generation Factories · TippingPoint™ Threat Protection System Next generation Intrusion Prevention System Deep Discovery™ Inspector Network](https://reader030.vdocuments.site/reader030/viewer/2022011819/5e99036c8496907a812cd5a2/html5/thumbnails/14.jpg)
14 Copyright © 2017 Trend Micro Incorporated. All rights reserved.
Deployment example –Existing facilities-
OPC Server
MES OPC Client
PLC/DCS
Maintenance Service
Supplier Integrator
Office
Factory
Office PC Office Server
Factories
Information System Network
Control Information Network
Control Network
Field Bus Field Bus
EWS HMI Remote maintenance
TippingPoint™ Threat Protection System Next generation Intrusion Prevention System
Deep Discovery™ Inspector Network visualization, early anomaly detection
Trend Micro Portable Security 2™ Malware scan / cleanup tool without software installation
Trend Micro Safe Lock™ System lockdown software for fixed-function devices
Trend Micro Deep Security™ Comprehensive, modular protection for servers, desktops and laptops
Trend Micro USB Security™
Protect USB Storage
DMZ File Server
![Page 15: Security issues and solutions for next generation Factories · TippingPoint™ Threat Protection System Next generation Intrusion Prevention System Deep Discovery™ Inspector Network](https://reader030.vdocuments.site/reader030/viewer/2022011819/5e99036c8496907a812cd5a2/html5/thumbnails/15.jpg)
15 Copyright © 2017 Trend Micro Incorporated. All rights reserved.
Deployment example –New facilities-
Database OPC Server
MES OPC Client
PLC/DCS
Maintenance Service
Supplier Integrator
Office
Factory
Office PC Office Server
Factories
Information System Network
Control Information Network
Control Network
Field Bus Field Bus
EWS HMI Remote maintenance
TippingPoint™ Threat Protection System Next generation Intrusion Prevention System
Deep Discovery™ Inspector Network visualization, early anomaly detection
Trend Micro Portable Security 2™ Malware scan / cleanup tool without software installation
Trend Micro Safe Lock™ System lockdown software for fixed-function devices
Trend Micro Deep Security™ Comprehensive, modular protection for servers, desktops and laptops
Trend Micro USB Security™
Protect USB Storage
DMZ File Server
![Page 16: Security issues and solutions for next generation Factories · TippingPoint™ Threat Protection System Next generation Intrusion Prevention System Deep Discovery™ Inspector Network](https://reader030.vdocuments.site/reader030/viewer/2022011819/5e99036c8496907a812cd5a2/html5/thumbnails/16.jpg)
16 Copyright © 2017 Trend Micro Incorporated. All rights reserved.
Customer Cases inc. critical infrastructures
Industry Target System Manufacturing Production System of FA/PA Energy Power Plant System Water Water System Gas LPG Filling System Transportation Railway Control System, Air traffic Control System
Retail POS system Finance Core Banking System, ATM, Trading System Medical PACS, eHR
Case details: Suzuki : http://www.trendmicro.co.jp/jp/business/case-study/articles/20150210013658.html ALPS : http://www.trendmicro.co.jp/jp/business/case-study/articles/20161227085203.html
Yokogawa: http://www.trendmicro.co.jp/jp/business/case-study/articles/20150213084224.html Nissin Electric: http://www.trendmicro.co.jp/jp/business/case-study/articles/20160609010854.html
![Page 17: Security issues and solutions for next generation Factories · TippingPoint™ Threat Protection System Next generation Intrusion Prevention System Deep Discovery™ Inspector Network](https://reader030.vdocuments.site/reader030/viewer/2022011819/5e99036c8496907a812cd5a2/html5/thumbnails/17.jpg)
17 Copyright © 2017 Trend Micro Incorporated. All rights reserved.
Demonstration : Attack & Defense on FA System
• USB malware infection causes operation-stop
• Attacker compromises HMI and displays ransomware-like dialog
![Page 18: Security issues and solutions for next generation Factories · TippingPoint™ Threat Protection System Next generation Intrusion Prevention System Deep Discovery™ Inspector Network](https://reader030.vdocuments.site/reader030/viewer/2022011819/5e99036c8496907a812cd5a2/html5/thumbnails/18.jpg)
18 Copyright © 2017 Trend Micro Incorporated. All rights reserved.
Wrap-up • Many incidents occurred in Japan.
• ICS specific challenges
• Different approach for each
facilities with layered protection
![Page 19: Security issues and solutions for next generation Factories · TippingPoint™ Threat Protection System Next generation Intrusion Prevention System Deep Discovery™ Inspector Network](https://reader030.vdocuments.site/reader030/viewer/2022011819/5e99036c8496907a812cd5a2/html5/thumbnails/19.jpg)
Thank you.