Cyber Security

Presented by :- Ms. Manishi Tiwari

Confidential Property of Schneider Electric

 Cyber Security Services 1 Introduction

2 Why Cyber Security

3 How it works

4 What is new

5 Customer Benefits

Confidential Property of Schneider Electric | Page 2

 Cyber Security is..
Protection against Unauthorised
access to Critical information
infrastructures

To avoid:
Deliberate attacks (Disgruntled
employees, Espionage, Terrorism, Warfare....)
and

Inadvertent compromises (User errors,

Equipment failures, Natural disasters )

Source: NIST Smart Grid Interoperability Panel Cyber Security Working Group
Common Industrial Cyber Security Myths
The Reality: Cyber threats in industrial control systems are growing
exponentially, impacting equipment availability and safety

Stuxnet Duqu Shamoon Unknown malware Sandworm, BlackEnergy

Iran nuclear plant Iran, Sudan Saudi Aramco attack German steel mill Ukraine
45,000 machines infected Espionage malware targeted 30,000 Windows-based Uncontrolled shutdown of a 200,000 people left without electricity
PLC modified and destroyed at Energy sector machines infected blast furnace due to control due to grid blackout
component breakdowns

675k
growth in number of
x4 attacks on SCADA
163k
92k Source: Dell Security annual threat report

2010 2011 2012 2013 2014 2015

Page 6
Confidential Property of Schneider Electric |
Cyber threats concern all critical infrastructure, with the energy
sector (O&G, Power) on top of the list
Number of cyber incidents by industry, 2014

Others
19%
Energy
32%
Government facilities 5%

Transportation 5%
6%
Communications
6%
Water 27% Critical manufacturing

Source: ICS CERT

 Proactive Risks Identification and mitigation is the only solution

Typical Threats
Physical Connection Change or
Disconnect
Network Storm
Unauthorized change of settings
Data Interception or Manipulation
Unexpected or Malformed
Communications
Unauthorized Configuration Changes
Virus/Malware Infection
Users account shared/compromised.
Factory passwords
Unauthorized Software installation or
modification
Stuxnet Propagation Architecture by TofinoSecurity
Exploits on non-needed services
OS exploits
Unauthorized Data Transfers

Confidential Property of Schneider Electric | Page 7

Where We Play in Energy!

1 2
Substation Automation Electro-intensive
Distribution Automation consumers
Hydro & Wind Power Plants
Network Stability

3 4
Control Centers
Distributed Energy
Resources Energy Cyber Security Services Expertise
Photovoltaic
Storage
Confidential Property of Schneider Electric | Page 8
Consulting and Engineering Services to protect Grid and Design
Industrial Control Systems against Cyber Attacks
Assess Implement

Training

Manage

Training
Security Security Security Advanced
Awareness Engineer Administrator Expert
(CSAL1) (CSSL2) (CSEL3) (ACSNEL4)
 Cyber Security in Our DNA IEC 62443-2-4 Certified solution,
organization and execution capabilities
NDA,
Security
Contact Disclaime Anti-Malware
rs Management
Hardening

3rd Party
SDLC Audit Secure
Disaster
Remote
Recovery
Access

Incidence
Training Risk
Response
Assessment

Organizational capabilities Technical capabilities

Security Sustained
Features
Procedures

Safe
Configuration Sustained
Process
Security
Compliant Sustained
Process & System
Procedures Availability

Engineering and commissioning

capabilities
Maintenance capabilities
Confidential Property of Schneider Electric | Page 10
 Compliance Assessments

Confidential Property of Schneider Electric | Page 11

Partners in Security
Customer Benefits

Ensure Business Avoid Regulator

Protect Image and
Continuity Penalties
Reputation

Protect Critical Improve System Inventory and Asset

Digital Assets Robustness to optmization
withstand Cyber
Attacks
Presentation Title
Expert Cyber Security Services
Optional Subtitle

Thank You