Protecting Your ICS from Zero-Day Attacks - Part 2: Implementing the Solution

Cyber security for industrial control systems is now receiving a lot of attention due in part to the devastating power of the Stuxnet worm and its impact on the Iranian nuclear program in 2010, but also with the disclosure of 34 vulnerabilities on various control systems in March 2011. If this was not enough, the successful "Night Dragon" attack showed how vulnerable industrial control systems (SCADA, DCS, etc.) are when someone with "inside" credentials attempts to gain access.

This video takes a look at one of the SCADA systems targeted by the disclosures of Italian security research Luigi Auriemma, and analyzes how new technologies are available that can not only prevent attacks that exploit unknown vulnerabilities, but also provide valuable information that can be used to alert users of an potential "future" attack. This video looks at the use of the Tofino Industrial Security Solution and how it can be used on legacy systems that may not support other security controls like anti-virus, application whitelisting, or even simple patch management. It also introduces the power of specialized rules that can be implemented within traditional intrusion detection systems.

This Part 2 looks at implementing an industrial security solution based on the Tofino Argon appliance and Central Management Platform (CMP). The reason this appliance was chosen was the ease of analyzing and building rulesets based on actual communications between valid hosts. I also take a look at the use of intrusion detection (IDS) using pre-build (QuickDraw) and custom rules.

Category:

Science & Technology

Tags:

• cyber security
• ics
• scada
• control system
• vulnerabilities
• zero-day
• luigi auriemma
• tofino
• firewall
• defense-in-depth
• scadahacker
• byres
• siemens
• factorylink
• ids
• snort
• suricata
• security onion
• quickdraw
• digital bond
• stuxnet

License:

Standard YouTube License