Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine: Grid taken down for up to 6 hours 2017 Attack triggers 150+ warning sirens across Dallas

Ciberseguridad en Redes Industriales

Ing. Gerardo Viar

Aceleración de Ataques a OT

2015Ukraine:Grid taken down for up to 6 hours

2017Attack triggers 150+ warning sirens across Dallas

2014Germany:Attackers damage smelter

2016Ukraine:Second Electric Grid Attack

2017Hospitals, FactoriesImpacted by Wannacry Ransomware

2014US:Paper Mill damaged remotely by former worker

2017Malware used in 2016 Ukraine attack found to have ICS unique modules

Evolución de los Ataques• Ataques IT en puntos de entrada• Brechas de IDMZ • Tools de ataque específicas para OT m

Search Engine for IoT Devices

Title

Panorama en Latinoamerica

2016

2016

• Real-Time Control

• Fast Convergence

• Traffic Segmentation and Management

• Ease of Use

• Site Operations and Control

• Multi-Service Networks

• Network and Security Management

• Routing

• Application and Data share

• Access Control

• Malware Protection

• Enterprise/IT Integration

• Collaboration

• Wireless

• Application Optimization

Cell/Area ZoneLevels 0–2

Layer 2 Access

Manufacturing ZoneLevel 3

Distribution and Core

Industrial DemilitarizedZone

(IDMZ) Firewalls

Enterprise NetworkLevels 4–5

Arquitectura Industrial – Modelo ISA99/ISA95

Factory Talk

Application and

Service Platform

Servers

Web Apps DNS FTP

Internet

Patch Management

Terminal Services

Application Mirror

AV ServerGbps Linkfor Failover Detection

Firewall

(Active)

Firewall

(Standby)

Switches L3 Flow Sensor

Network

Services

Robotics

Material

Handling

Machines

Basic Control

Process

I/O SensorController /

PLC

HMI

Switches

Qué hacer? NERC-CIP v5

Los Riesgos por Sector

Title

Title

LERC – Low Impact External Routable Connectivity

Vulnerabilidades

• Equipos sin funciones de Seguridad

• Diseño de red sin Seguridad

• Servicios innecesarios levantados

• Falta de integración Seguridad Física y Seguridad Lógica

• Insuficiente Auditoria y Monitoreo

• Falta de Autenticación/Autorización para las HMI

• Conocimiento de Normas y Ciberseguridad




• Ease of Use




• Routing


• Access Control



• Collaboration

• Wireless



Layer 2 Access




(IDMZ) Firewalls


Arquitectura Industrial – Modelo ISA99/ISA95

Factory Talk

Application and

Service Platform

Servers

Web Apps DNS FTP

Internet

Patch Management

Terminal Services

Application Mirror


Firewall

(Active)

Firewall

(Standby)


Network

Services

Robotics

Material

Handling

Machines

Basic Control

Process


PLC

HMI

Switches

Passive/Active HybridPLC/RTU Config Management

Passive/Active HybridIDS, Zone enforcement, app control, Malware protection, etc.

ActiveIPS, Firewall, malware protection, etc.

ActiveIPS, Firewall, app. control, web content, malware protection, etc.




• Ease of Use




• Routing


• Access Control



• Collaboration

• Wireless



Layer 2 Access




(IDMZ) Firewalls


Factory Talk

Application and

Service Platform

Servers

Web Apps DNS FTP

Internet

Patch Management

Terminal Services

Application Mirror


Firewall

(Active)

Firewall

(Standby)


Network

Services

Robotics

Material

Handling

Machines

Basic Control

Process


PLC

HMI

Switches

SIEM

NGFWNGFW

NGFW

IAM

IAM

NBAD

Recomendaciones Generales

• Establecer políticas para el control de la Seguridad

• Crear una DMZ para comunicar IT/OT

• Proteger el interior y las fronteras de la red

• Crear Políticas de Acceso Remoto

• Integrar la Seguridad física y electrónica

• Activar funciones de seguridad en HW disponible

Visibilidad y

Analisis

Acceso RemotoSegmentación Servicios

Gracias !

Documents

Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine: Grid taken down for up to 6 hours 2017 Attack triggers 150+ warning sirens across Dallas