Critical Infrastructure Security

Mihai Ru

RRC Group Romania

Check Point Technical Manager

2014 RRC & Check Point Software Technologies Ltd .

1
RRC Group highlights

650 employees, 21 offices in 18 countries (EE and CSI)

Over 20 years of stable growth

Near $650 million revenue planned in 2014

Leading Vendors in product portfolio

Whole Value Added Distribution package

Audited by KPMG (over 12 years)

2
RRC Romania

3
Since 1993 Check Point is The Network Security Leader - 100%
focused in Security

Check Point secure more than 100,000 businesses and millions of

users worldwide, including:

100% of Fortune 100 companies

100% of Fortune 500 companies
100% of Global 100 companies
98% of Global 500 companies

Top Ranked NGFW, IPS and Firewall by NSS Labs, Gartner, SC

Magazine. Leader in Gartner Enterprise Firewall for 16th year

2014 RRC & Check Point Software Technologies Ltd .

4
 Palo Alto Networks
McAfee Fortinet
Cisco (Sourcefire) McAfee (StoneSoft)
HP (TippingPoint) Dell (SonicWALL)
Juniper HP (TippingPoint)
Fortinet Juniper (MAG)
Juniper Citrix
Cisco SonicWALL (Aventail)
F5 Cisco
Huawei F5 Networks (Firepass)

Secure Web
Blue Coat
Protection
Symantec
Endpoint

Platform
(EPP) Websense
Trend Micro

GW
Zscaler
McAfee
McAfee
Sophos
Cisco (IronPort)

Arbor
Palo Alto Networks
Prolexic
Fortinet
Juniper
Cisco
Fortinet
Vmware (Vshield)
Corero
FireEye
Websense (DSS)
Mcafee
Symantec (DLP)
PAN
McAfee (DLP)
Fortinet
2014 RRC & Check Point Software Technologies Ltd .
5
Critical Infrastructure at Risks

2014 RRC & Check Point Software Technologies Ltd .

6
Infrastructure is Targeted - Attacks in 2012
Targeted attacks against Industrial Control Systems (ICS) used in industrial production, including Supervisory Control and Data
Acquisition (SCADA) systems

198 incidents reported and investigated by US ICS-CERT in 2012

2014 RRC & Check Point Software Technologies Ltd .

7
Targeted Attacks in 2013

Stuxnet
DuQu

Flame

Gauss

In 2013, ICS-CERT responded to 256 incidents reported either directly from asset
owners or through other trusted partners.
ICS-CERT assesses that many incidents are not detected due to a lack of sufficient
detection or logging capabilities.

2014 RRC & Check Point Software Technologies Ltd .

8
ICS-CERT Reported Vulnerabilities in 2013

Authentication flaws, includes vulnerabilities like factory hard-coded credentials, weak

authentication keys, etc. These tend to be of highest concern because an attacker with
minimal skill level could potentially gain administrator level access to devices that are
accessible remotely over the Internet.

2014 RRC & Check Point Software Technologies Ltd .

9
Important Attacks

Computers and manuals sized in Al Quaeda cams full of SCADA info related to
dams and related dam infrastructure
2014 RRC & Check Point Software Technologies Ltd .
10
Why attacks can happen ?

2014 RRC & Check Point Software Technologies Ltd .

11
Controllers are vulnerable

2014 RRC & Check Point Software Technologies Ltd .

12
PLCs are Insecure By Design

If you have logical access to a PLC you can Read, Write and otherwise Access the
tags/points. Write commands change the process, i.e. open or close valves, raise
temperatures, turn things on or off. It is how operators control the process. These are
ICS protocols that are insecure by design.

The SCADA and ICS are insecure by design and in most cases dont
require an exploit to affect the process in disastrous ways.

2014 RRC & Check Point Software Technologies Ltd .

13
IT and SCADA networks are interconnected

2014 RRC & Check Point Software Technologies Ltd .

14
Attack, How-To?

2014 RRC & Check Point Software Technologies Ltd .

15
Protect, How-To?

1. Specialization Required for Core

and Process Networks

2. Defense in Depth for LAN and

DMZ Networks

2014 RRC & Check Point Software Technologies Ltd .

16
Specialization Required

2014 RRC & Check Point Software Technologies Ltd .

17
 Defense-in-Depth

URL Threat
Antivirus Application Identity
FW & VPN IPS Anti-Malware Filtering DLP Emulation
Control Awareness

Security system

Security Awarenes

2014 RRC & Check Point Software Technologies Ltd .

18
Check Point SCADA approach

2014 RRC & Check Point Software Technologies Ltd .

19
Check Point SCADA approach

2014 RRC & Check Point Software Technologies Ltd .

20
Product Deployment Architecture

2014 RRC & Check Point Software Technologies Ltd .

21
The attackers may start from the Perimeter

2014 RRC & Check Point Software Technologies Ltd .

22
Perimeter Protection, Defense-in-Depth

2014 RRC & Check Point Software Technologies Ltd .

24
SCADA Application Control
Modbus Example

2014 RRC & Check Point Software Technologies Ltd .

25
SCADA Application Control
IEC-104 Example

2014 RRC & Check Point Software Technologies Ltd .

26
SCADA Protocols Support

2014 RRC & Check Point Software Technologies Ltd .

27
SCADA SmartEvent
Forensics are key for any investigation

2014 RRC & Check Point Software Technologies Ltd .

28
Configuration Options

2014 RRC & Check Point Software Technologies Ltd .

29
Security Appliance
Environmentally controlled Locations

2014 RRC & Check Point Software Technologies Ltd .

30
Security Appliance
Ruggedized

2014 RRC & Check Point Software Technologies Ltd .

31
2014 RRC & Check Point Software Technologies Ltd .
32