A Holistic Approach to Industrial Cybersecurity
Detecting Cyber Attacks in Substation Networks

Free Webinar - Watch Replay Now!

Previously held on Thursday, December 10, 2020 - 10AM to 11AM EST

PROBLEM:

Energy companies typically operate across vast, geographically dispersed sites and rely on a high volume of complex devices and systems from multiple vendors. Such conditions can make accurately identifying and managing all assets in these OT environments exceedingly challenging. This coupled with the challenge of testing all the system components prior to deployment can further delay that the appropriate security requirements are in place in the final system.

SOLUTION:

Understanding the security in existing SCADA protocols like IEC 60870-5-104 and IEC 61850 along with utilizing the right tools can help overcome security challenges posed by IT/OT convergence and the expansion of remote workforces. Many challenges can be overcome by verifying secure communications are configured correctly at the system level.  By simulating system components, configuration issues can be identified earlier to ensure security requirements will be satisfied in the final system.

•  Understand the history of malware, specifically Industroyer, the technical details on how it operates and its objectives in the OT network.
• Using Claroty Continuous Threat Detection (CTD) Platform:
  • Learn how to extend the same controls IT security teams utilize for minimizing risk in IT environments to OT environments.
  • Utilize Passive, Active, and AppDB scanning capabilities to provide comprehensive OT visibility and asset management controls.
  • Learn how to automatically profile all assets, communications, and processes in OT networks, generate a behavioral baseline that characterizes legitimate traffic and weeds out false positives, and alerts users in real-time to anomalies and both known and zero-day threats.
  • Automatically map and virtually segment OT networks into Virtual Zones, which are logical groups of assets that communicate with one another under normal circumstances.
  • Learn how to compare each asset in an OT environment to an extensive database of vulnerabilities and exposures (CVE) data from the National Vulnerability Database allowing you to identify, prioritize, and remediate vulnerabilities in OT environments more effectively.
• How to simulate messages from IEC 60870-5-104 and IEC 61850 including MMS & GOOSE, using Distributed Test Manager (DTM) to show how substation network monitoring software can be used to learn valid packets and then detect bad packets and invalid IEC 62351 authentication messages.
• How to simulate a cyber attack on a substation including full network IP discovery followed by malicious controls.

Instructors:

Sharon Brizinov
Vulnerability Research Team Lead
Claroty

Sharon is an experienced security researcher, who specializes in vulnerability research, malware analysis, network forensics, and ICS security. Sharon's work is highly appreciated in the cyber community, and in the last few years he was invited to speak at leading cybersecurity conferences such as DEFCON and ICS-Village.

Claroty bridges the industrial cybersecurity gap between information technology (IT) and operational technology (OT) environments. Organizations with highly automated production sites and factories that face significant security and financial risk especially need to bridge this gap. Armed with Claroty’s converged IT/OT solutions, these enterprises and critical infrastructure operators can leverage their existing IT security processes and technologies to improve the availability, safety, and reliability of their OT assets and networks seamlessly and without requiring downtime or dedicated teams. The result is more uptime and greater efficiency across business and production operations.

Matthew Green
Senior Applications Engineer
Triangle MicroWorks, Inc.

Matt is a senior applications engineer here at Traingle MicroWorks. He’s been with Triangle for about 6 years and specializes QA testing with all our simulation tools and gateway.