Upload
others
View
13
Download
0
Embed Size (px)
Citation preview
ПАРТНЕРСКИЙ ФОРУМ WONDERWARE 2017
Видение ЛК индустриальной безопасности, а также портрет и актуальные проблемы заказчиков в области защиты индустриального
интернета вещейДмитрий Фешин
Руководитель глобальных проектов
АО «Лаборатория Касперского»Page 1
ВОПРОСЫКибер-риски - видение ЛК
О чем говорят руководители стран и корпораций, говоря об этой теме
АСУ ТП – мифы и реальность в эру 4-ой промышленной революции
Концепции 4.0RU (Практический пример «Цифровой безопасной экономики
Портрет пользователей и актуальные проблемы
ЛИДЕРЫ СТРАН И ОСНОВАТЕЛИ КОРПОРАЦИЙ
Source: Marsh Global Risk Report
ИХ ОБЩЕЕ МНЕНИЕ
Source: Marsh Global Risk Report
НОВАЯ ТЕМА ДЛЯ ОБСУЖДЕНИЯ
ТОП 10 РИСКОВ ДЛЯ БИЗНЕСА - 2017
Источник: Allianz Risk Barometer 2017
2016 – 3 2015 – 5 2014 - 82013 - 13
Непрерывность бизнеса
Кибер угрозы
Source: Allianz Risk Barometer 2016
CxOИТ, ИБ ИНЖЕНЕР
CIA - ДАННЫЕ AIC - НЕПРЕРЫВНОСТЬ
ИТ, ИБ
ФОКУС
ПРИНЯТИЕ РЕШЕНИЙ
ОБЪЕКТЫ ДЛЯ ЗАЩИТЫ
PC, SERVER, MOBILE PLC, HMI, IND. PROTOCOLS, ETC
CxO
IT и ОТ домены: найдите 3 отличия
0,5-48 часов 2-4 часа 2-6 часов 8-24 часа 0.5-2 часа ИНЦИДЕНТ
Нарушитель предпринимает последовательность действий в попытке завладеть управлением элементами АСУ ТП .
Получение доступа к сети
Сбор информации об
АСУ ТП
Подбор пароля ПЛК
Выгрузка и анализ деталей проекта из ПЛК
модификация логики
управления
Физический ущерб
С «МЫШКОЙ» НА НПЗ...
НЕФТЕГАЗОВАЯ ОТРАСЛЬ. ИСТОРИЯ ВОПРОСА.
ФИНАНСОВЫЕ ПОТЕРИ: $5M/ДЕНЬ , ~$1B – ОБЩИЕ ПОТЕРИ STATE OIL EXPORT COMPANY
Baku-Tbilisi-Ceyhan (BTC) pipeline near the eastern Turkish city of Erzincanon Aug. 7, 2008
ФИНАНСОВЫЕ ПОТЕРИ: 17 ДНЕЙ ВНЕПЛАНОВАЯ ОСТАНОВКА ОТГРУЗКИ,
Saudi Aramco suffered the worst hack in world history in 2012.
SHAMOON 2.0 вернулся в декабре 2016 !!!
ИСТОЧНИК : https://www.bloomberg.com/news/articles/2014-12-10/mysterious-08-turkey-pipeline-blast-opened-new-cyberwar
ИСТОЧНИК : http://www.reuters.com/article/us-saudi-cyber/saudi-arabia-warns-on-cyber-defense-as-shamoon-resurfaces-idUSKBN1571ZR
НОВЫЕ ТРЕНДЫ И ВЛИЯНИЕ НА БИЗНЕС
RANSOMEWARE
Блокировка работы оператора
АСУ ТП
РИСК ОСТАНОВКИ
УДАЛЕННЫЙ ДОСТУП
Изменение штатного режима работы РСУ и ПАЗ
ПОТЕРЯ ИНВЕСТИЦИЙ
КОМПРОМЕНТАЦИЯ ЦЕПОЧКИ ПОСТАВОК
Незапланированный останов контура первичной очистки
УХОД КЛЮЧЕВЫХ КЛИЕНТОВ
ПЕРЕДАЧА РИСКА
Оговорка CL380 - исключает покрытие вреда, нанесенного использованием ИТ-систем. То есть исключаются любые кибератаки, оставляя компанию без покрытия.
Исключение 9 по Терроризму T3 LMA3030 исключает кибератаки, имеющие террористическую мотивацию (по аналогии с CL 380).
Исключение Electronic Data Exclusion NMA2914 is как правило применяется в большинстве видов страхования имущества и перерыва в производстве
ПОЛИС КИБЕРСТРАХОВАНИЯ НЕ ВКЛЮЧАЕТ ДАННЫЕ РИСКИ
Люди – главный фактор
ЛЮДИ
ЛК . Инициатива ICS CERT.
Источник : ics-cert.kaspersky.ru
ПРОЦЕССЫ
ЗАЩИТА МОЖЕТ ИМЕТЬ РАЗЛИЧНЫЙ УРОВЕНЬ ЗРЕЛОСТИ
ТРЕНИНГИ
РАССЛЕДОВАНИЕ ИНЦИДЕНТА
РЕШЕНИЕ ЕСТЬ(KICS)
АНАЛИЗ ЗАЩИЩЕННОСТИ
МОДЕЛИРОВАНИЕ
“НУЖНО БОЛЬШЕ ИНФОРМАЦИИ О РИСКЕ”
“ХОЧУ ПОНИМАТЬ МОДЕЛЬ УГРОЗДЛЯ МОЕЙ АСУ ТП”
“Я ЗНАЮ, ЧТО НАДО ЗАЩИЩАТЬ”
“Oops!! I МЕНЯ КАЖЕТСЯ…”
Кибер риски – важная часть Цифровой Экономики
Защита финансовых систем
Экспертные сервсы
Защита центров обработки данных
Защита изолированных сетей
Кибербезопасность компаний любого размера и любой
отрасли
# ЦИФРОВОЙ # IIoT \ 4.0 - ПОЛНЫЙ ВПЕРЕД !!!
Мировое исследование –покупатель безопасности – кто он и
что ему нужно?
Methodology
11 in depth interviews with:
- 8 ICS cybersecurity Practitioners - 3 ICS cybersecurity Consultants (such as system
integrators or IT security consultancy firms)
359 interviews with ICS cybersecurity
practitioners
Phase 1: Qualitative Phase 2: Quantitative
In-depth qualitative interviews conducted by telephone with ICS cybersecurity practitioners and consultants across:
• UK• Germany• Spain• Australia• India
Online survey with ICS cybersecurity practitioners across the following regions:North America - USA
• Europe • North America• Latin America• Middle East• APAC
Fieldwork was conducted in February – April 2017
Note: in the quant phase, both ICS and OT terminology was used in all questions –in reporting we have used only ICS for ease of reading
22
Quantitative Phase – Sample Profile
21Interviews across countries 359
Wide Geographical Coverage
North AmericaEurope APAC
USAFrance
Germany
Italy
Russia
Spain
UK
Argentina
Brazil
Mexico
China
India
Indonesia
Japan
Malaysia
Philippines
South Korea
Singapore
Middle East
Oman
Saudi Arabia
UAELatin America
Mixture of Industry Sectors
1%
2%
4%
4%
6%
8%
3%
4%
6%
19%
3%
5%
6%
6%
8%
8%
8%
20%
Defence
Hospitality/leisure/restaurants
Real estate / property / building…
Government/public sector
Utilities & energy
Transportation and logistics
Oil & Gas: Refining & Processing
Oil & Gas: Transportation,…
Oil & Gas: Extraction
Construction and engineering
Manufacturing: food & beverage
Manufacturing: Primary products
Manufacturing: Pharmaceuticals
Manufacturing: High-tech…
Manufacturing: Chemicals
Manufacturing: Automotive
Manufacturing: Consumer…
Manufacturing: Industrial products
S1. In which country are you based?S2. Which industry sector does your organization operate in?Base: Total sample=359
North America -
USA7%
Europe (UK, France,
Germany, Spain, Italy)
30%
Russia6%Middle East
10%Japan
8%
APAC (excluding
Japan)30%
LATAM (Mexico, …
Ma
nu
factu
rin
g -
56
%O
il&G
as –
11
%
of the sample are Manufacturing companies56%
*Total greater than 100% as multiple answers possible
23
Range of business priorities seen across companies: risk management considered a priority by half
• Product and service quality and risk management were the two key priorities for the next 12 months for half of the organizations interviewed
33%
36%
37%
38%
39%
39%
41%
47%
50%
51%
Complying with our customer requirements
Better complying with regulations and requirements
Accelerating digital business
Acquiring new customers
Improving our customer experience
Reducing costs
Improving our products / services differentiation
Improving our ability to innovate
Managing risks
Improving our products / services quality
24
• A quarter of the respondents report such an attack is very likely to happen to their organizations: this likelihood increases with the size of the organization to almost half in companies of 5000+ employees
Three quarters of companies believe an ICS cybersecurity attack to be likely to happen: particularly true in larger companies
Very likely25%
Quite likely49%
Not very likely22%
Not at all likely4%
Q4. How likely is it that your organization could become the target for a cybersecurity attack on OT/ICS or industrial control network?Base: Total sample=359
Rises to 38% in Middle East, lower in Europe (18%) –overall likelihood similar
across regions
25
• No one challenge stands out as a key priority: finding skilled employees and partners to meet ICS cybersecurity needs are most important overall
• Budget is of particular concern in the Middle East, whilst lack of available resources is the biggest key priority in South America
Challenges of managing ICS cybersecurity focus on skilled personnel
Q3. What are the top 3 challenges related to managing organization’s OT/ICS cybersecurity?Base: Total sample=359*Total greater than 100% as multiple answers possible
15%
14%
14%
14%
13%
11%
9%
9%
50%
43%
39%
35%
48%
32%
31%
22%
Hiring ICS cybersecurityemployees with the right skills
Increasing interconnectednesswith corporate/enterprise IT
Lack of security awarenessamong asset owners and…
Complexity of ICSenvironment/industrial network
Finding reliable partners whocould implement ICS…
Unavailability ofproducts/services that fit our…
Priority of ICS Cybersecurity islow for senior management
Lack of budget
Main priorityEmerging knowledge / understanding of this field, and a need for a business strategy to guide company process, emerge qualitatively as key issues, reflecting the need for skilled personnel:
“I think we are at the strategic discussion stage, what we are doing is we are looking at the bigger picture and see how we can apply this kind of technology to our business and how it can help. I think the main challenge at the moment is to come up with the strategy for the company. I am sure, once we got through that
stage, we will start to look at the implementation stage.”(Machine Tool Manufacturer – UK)
“Training of the manpower and getting right people are the biggest challenges and also updating their knowledge as this is a very dynamic field so a lot of training is
required.”(Oil & Gas: Extraction & Processing – India)
• Slightly higher levels of incidence are seen in larger companies
• Just under half have not experienced any such issues
Half of companies have experienced between 1 and 5 cybersecurity incidents with their ICS and/or control system network in the past 12
months
Q18.How many times did your organisation experience any cybersecurity incidents with OT/ICS and/or control system network in the past 12 months?Base: Total sample=359
1%
3%
12%
21%
17%
46%
11 to 25 times
6 to 10 times
3 to 5 times
Twice
Once
We have not experienced anyincidents/breaches in the past 12
months
50%
27
• 8 in 10 organizations are not required to report industrial security breaches to any regulatory bodies – this is significantly lower in North America, where more reporting is required
• Two thirds, however, feel that this reporting should be mandated
Generally, the majority of companies are not required to report ICS security incidents to regulatory bodies
38%
3%
3%
7%
9%
10%
13%
16%
Other
Don't Know
Ministry of Industry and…
ISAC
CERT
ISO – Various
Government Agency
Federal/State AgencyRequired19%
Not required
81%
Q15. Is your organization required to report industrial security breaches and incidents to any regulatory bodies (government or industry such as CERT/ISAC) Base: Total sample=359. If so, What regulatory body? Base: Those required to report=68Q16. Do you agree that the governments should mandate the reporting of OT/ICS breaches or security incidents? Base: Total sample=359
reported to…
• When asked for the costs of dealing with incidents, both overall and specifically broken down by cost type, costs are generally lower in the Middle East, and higher in North America and Europe
Average financial loss caused by consequences of ICS cybersecurity incidents is over $92,000
Q22. Could you please estimate the overall financial cost of those consequences caused by all the OT/ICS cybersecurity incident to your organization in the past 12 months?Q23. In response to a breach experienced, businesses will often invest in additional staff, training or technology in order to avoid further incidents. Did your organization make any such efforts in response to the breaches you experienced in the last 12 months? If so, could you estimate how much has been spent to date on the measures? Base: Those who experienced incidents=195
$65 114
$82 269
$107 966
$92 254
Average additional training cost
Average additional staffing cost
Average additionalsoftware/infrastructure cost
Average cost of consequences
$255,349 Total average additional costs
(Excluding Consequences)
“The cost of an attack can be enormous.Loss of human life, loss of natural
resources are just some aspects, the actual cost can be very, very high.
There will be fines and penalties as well imposed on the company as per the
guidelines of the government. ”(Oil & Gas: Extraction + Processing
– India)
All Companies experiencing an incident in the last 12 months
• The majority of these larger companies (71%) have experienced between 2 and 5 cybersecurity incidents in the last 12 months
Average financial loss caused by consequences of ICS cybersecurity incidents in companies with 500+ employees is $147,053
Q22. Could you please estimate the overall financial cost of those consequences caused by all the OT/ICS cybersecurity incident to your organization in the past 12 months? Base: Companies with 500+ employees = 94Q23. In response to a breach experienced, businesses will often invest in additional staff, training or technology in order to avoid further incidents. Did your organization make any such efforts in response to the breaches you experienced in the last 12 months? If so, could you estimate how much has been spent to date on the measures? Base: Companies with 500+ employees who experienced incidents=94
$89 444
$104 212
$156 388
$147 053
Average additional training cost
Average additional staffing cost
Average additionalsoftware/infrastructure cost
Average cost of consequences
$350,044 Total average additional costs
(Excluding Consequences)
Companies with 500+ employees experiencing an incident in the last 12 months
• Traditional antivirus vendors such as Symantec and McAfee are also associated with ICS cybersecurity solutions, although to a lesser extent
• There is some association with consulting companies such as NextNine
7%
2%
2%
2%
3%
3%
3%
3%
4%
4%
10%
11%
12%
19%
24%
None
Avast
NextNine
SANS
Dell
FireEye
Oracle
SAP
HP
McAfee
Norton/Symantec
Kaspersky Lab
Microsoft
Cisco
IBM
Accenture
BMC
Bull
Dr Web
Eset
Factory Systems
Fujitsu
Honeywell
Huawei
ICL-KPO VS (Russia)
Intel
Range of single mentions:
Kaspersky Lab is among the most frequently mentioned providers associated with ICS cybersecurity solutions, behind IBM, Cisco and Microsoft
Leet Security
OCN
OTICS
Palo Alto
RSA
Samsung
SCADA
Tata Communications
Trend Micro
Waterfall
Q10. What OT/ICS cybersecurity solution providers, if any, are you aware of?Base: Total sample=359*Total greater than 100% as multiple answers possible
Significantly higher awareness of Kaspersky Lab in the Middle East
Благодарим за внимание!
www.wonderware.ru