S4xJapan Closing Keynote
1 like1,124 views
The document outlines the history and evolution of various computer viruses and cyber attacks, detailing significant incidents from self-replicating programs to modern phishing attacks. It discusses the development of malicious software, such as worms and trojan horses, and highlights notable cases like the 'I Love You' virus and Melissa virus. Additionally, it addresses the growing complexity of cyber threats and the challenges in securing industrial control systems and networks.
S4xJapan Closing Keynote
- 1. S4 Japan 2014 Closing Remarks Yokogawa Electric Corporation IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> - 1 - Tatsuaki Takebe All brand or product names in this document are trademarks or registered trademarks of their respective companies.
- 2. • First Self-destruct program (Richard Skrenta) • First Self-replicate program (Skrenta’s Elk Cloner) • ©Brain Virus developed by two Pakistanis’ • Yale, Cascade, Jerusalem, Lehigh, etc. • Ken Thompson demo first Trojan Horse • Fred Cohen’s VAX Viruses Protocol Weaknesses/Buffer overflow IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> - 2 - • Apple II Computer • Commodore • Atari • TI-99 • TRS-80 • First Worm developed in Xerox Palo Alto • FBI arrest “414s” Hacker Group • First “Concept” Macro Virus • Stealth virus (Whale) • Variable Encryption (1260) • Morris’ Worm • Robert T Morris fined $10K, 3 years probation • Code Red • Nimda • Philippines’ “I LOVE YOU” virus • Melissa virus ($80m) • Excel Macro Virus (cross platform) • “Solar Sunrise” - Two California Teens attack on 500 Military, Govt, & Private Computer Systems (Vul) • Slammer • Blaster • WeiChia • MyDoom • Sasser • Melissa’s author sentenced 20 months jail • DDoS on 13 “root” servers Standalone Systems – Disk/Diskette Sharing Information Warfare Computer Crimes Trusted Operating Systems (Orange Book) Trusted Network (Red Book) – ITSEC • Phishing attacks proliferated UK Green Book to BS 7799 to ISO 17799 to ISO 27001 Common Criteria (ISO 15408) Insecure Default/Weak Security Techniques/Feature Misuse/Social Engineering • Spyware • Bots • Phishing begins in AOL • “Cuckoo’s Egg” in LBL Cyber Crimes • SPAM Mails Discovery 発見 Experimentation 実験 Criminal Exploitation 非合法利用 197 7 197 8 197 9 198 0 198 1 198 2 198 3 198 4 198 5 198 6 198 7 198 8 198 9 199 0 199 1 199 2 199 3 199 4 199 5 199 6 199 7 199 8 199 9 200 0 200 1 200 2 200 3 200 4 200 5 200 6 • Pharming attacks (DNS poisoning) • Kevin Mitnick arrested, five years imprisonment • ZoTob • WMF Internet World Client-server/PC-LAN Networks Wide Web Web 2.0 By Meng Chow Kang
- 3. " Attack Sophistication & Intruder Knowledge " Everybody can be an attacker. " Attack tools can be used for the control systems. “Stealth”/Advanced Scanning Techniques Network Management Diagnostics Sweepers Disabling Audits Malicious Code Morphing WWW Attacks Automated Probes/Scans Hijacking Sessions Exploiting Known Vulnerabilities Password Cracking Self-Replicating Code IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> - 3 - Password Guessing Sniffers BOTS Distributed Attack Tools Denial of Service GUI Packet Spoofing High 1980 1985 1990 1995 2000 2005 2010 Intruder Knowledge Low Attackers Back Doors Zombies Attack Sophistication Lipson, H. F., Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy Issues, Special Report CMS/SEI-2002-SR-009, November 2002, page 10.
- 4. Security Incidents • From The Repository of Industrial Security Incidents IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> - 4 - 35 30 25 20 15 10 5 0 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011
- 5. " Industrial Control Systems Security Coverage TCIP IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> I S C I ISCI I3P SCADA L O G IIC Achilles Wurld- Tech - 5 - PCSRF A G A Power Oil & Gas Chem Water Transport Comm Req R&D Dev Test Eval Demo Deploy Operation SCADA SBIRs CSSP CSSP NSTB ISA | 9 9 API 1164 FERC、NERC S P | 9 9 ISA CIDX ChemITC Mu Dynamics ICSJWG
- 6. Critical Infrastructure & Stds IEC ISO/IEC/JTC1 ISO/IEC 15408, 18045, 19790, 24759, 27001, 27002(17799) 62351-‐‑‒1〜~7 62443-‐‑‒1〜~3 NSTB CSSP CPNI(NISCC Tech Note Series) FERC EPRI NERC 国際 International 政府系 Govmtl 業界 Industry 成果 Outcome NIST SP800-‐‑‒82, 53, 30, 18, 37 FIPS 199, 200, 140-‐‑‒2 CMVP, CAVP ISCI I3P LOGIIC API Chemical CIDX 化学 薬品 R isk M a p A ccess P o licy T o o l E m era ld D E A D B O L T S ecS S H S M T U Water Sewerage 運輸 IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> - 6 - AGA a cc CIP-‐‑‒002-‐‑‒X〜~ -‐‑‒009-‐‑‒X API 1164 AGA12 Guidance for Addressing Cyber Security in the Chemical Industry In tellig en t ID S INL Cyber Security Procurement Language for Control Systems IEEE IE E E -1 4 0 2 , 1 6 8 6 DOE 21 Steps to Improve Cyber Security Unite PCSF Organizations & People ISA99 WG1-‐‑‒6 ISA99.01.01,02.01, 03.01, CCEVS,NVLAP(TestLab) Test Specs Test Labs PCSRF SPP-‐‑‒ICS PP Power 電⼒力力 Oil Gas ⽯石油 ガス 上下 ⽔水道 鉄道 Transport Railroad Telecommunication 通信 Any
- 7. " Industrial Control Systems Security Coverage IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> I S C I ISCI - 7 - Power Oil & Gas Chem Water Transport Comm Req R&D Dev Test Eval Demo Deploy Operation ISA99 ISA99
- 8. IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> - 8 - 8 " IEC/ISA 62443 Series structure
- 9. " ISA 99 organizational structure 㼃㻳㻝 㼃㻳㻟 㼃㻳㻠 㼃㻳㻡 㼃㻳㻢 㼃㻳㻣 㼃㻳㻤 㼃㻳㻝㻜 IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> - 9 - 㼃㼕㼞㼑㼘㼑㼟㼟㻌㻯㼛㼙㼜㼘㼕㼍㼚㼏㼑㻌㻵㼚㼟㼠㼕㼠㼡㼠㼑 9 㼃㻯㻵 㻵㻿㻭 㻥㻥 㻭㻿㻯㻵 㻵㻿㻯㻵 㻝㻜㻜 㻭㼡㼠㼛㼙㼍㼠㼕㼛㼚㻌 㻿㼠㼍㼚㼐㼍㼞㼐㼟㻌 㻯㼛㼙㼜㼘㼕㼍㼚㼏㼑㻌 㻵㼚㼟㼠㼕㼠㼡㼠㼑 㼃㻳㻞 㼃㻳㻥 㼃㻳㻝㻝 㻵㻱㻯㻌㻸㼕㼍㼕㼟㼛㼚 㼀㼑㼏㼔㼚㼛㼘㼛㼓㼕㼑㼟 㻿㼑㼏㼡㼞㼕㼠㼥㻌㻼㼞㼛㼓㼞㼍㼙 㼀㼑㼞㼙㼕㼚㼛㼘㼛㼓㼥㻘㻌㻯㼛㼚㼏㼑㼜㼠㼟㻌㼍㼚㼐㻌㻹㼛㼐㼑㼘㼟 㼀㼑㼏㼔㼚㼕㼏㼍㼘㻌㻾㼑㼝㼡㼕㼞㼑㼙㼑㼚㼠㼟 㻯㼛㼙㼙㼕㼠㼠㼑㼑㻌㻼㼘㼍㼚㼚㼕㼚㼓㻌㼍㼚㼐㻌㻰㼕㼞㼑㼏㼠㼕㼛㼚 㻼㼍㼠㼏㼔㻌㻹㼍㼚㼍㼓㼑㼙㼑㼚㼠 㻿㼍㼒㼑㼠㼥㻌㻒㻌㻿㼑㼏㼡㼞㼕㼠㼥 㻯㼛㼙㼙㼡㼚㼕㼏㼍㼠㼕㼛㼚㻌㼍㼚㼐㻌㻻㼡㼠㼞㼑㼍㼏㼔 㼃㼕㼞㼑㼘㼑㼟㼟㻌㼍㼚㼐㻌㻿㼑㼏㼡㼞㼕㼠㼥㻌㻶㼃㻳 㼀㻳㻝 㼀㻳㻟 㼀㻳㻠 㼀㻳㻡 㻵㻿㻭㻥㻥㻌㻵㻿㻭㻢㻣㻌㻶㼃㻳㻌㼛㼚㻌㼏㼥㼎㼑㼞㻌㼟㼑㼏㼡㼞㼕㼠㼥㻌㼒㼛㼞㻌㼚㼡㼏㼘㼑㼍㼞㻌㼜㼘㼍㼚㼠㼟 㻲㼛㼡㼚㼐㼍㼠㼕㼛㼚㼍㼘㻌㻾㼑㼝㼡㼕㼞㼑㼙㼑㼚㼠㼟 㼆㼛㼚㼑㼟㻌㼍㼚㼐㻌㻯㼛㼚㼐㼡㼕㼠㼟 㻰㼑㼞㼕㼢㼑㼐㻌㻾㼑㼝㼡㼕㼞㼑㼙㼑㼚㼠㼟 㻹㼑㼠㼞㼕㼏㼟 㻼㼞㼛㼐㼡㼏㼠㻌㻰㼑㼢㼑㼘㼛㼜㼙㼑㼚㼠㻌㻾㼑㼝㼡㼕㼞㼑㼙㼑㼚㼠㼟 㻿㼑㼏㼡㼞㼕㼠㼥 㼃㼕㼞㼑㼘㼑㼟㼟 㻵㻿㻭㻌㻿㼑㼏㼡㼞㼕㼠㼥㻌㻯㼛㼙㼜㼘㼕㼍㼚㼏㼑㻌㻵㼚㼟㼠㼕㼠㼡㼠㼑 㻵㻱㻯㻛㻶㼀㻯㻝㻌㻸㼕㼍㼕㼟㼛㼚㻌㻭㼏㼠㼕㼢㼕㼠㼕㼑㼟 㻸㼑㼍㼐㼑㼞㼟㼔㼕㼜 㼀㻳㻞 㼀㻳㻢
- 10. IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> - 10 - " IEC TC 65
- 11. Cards & PI BioMetrics IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> - 11 - " ISO IEC Security Financial Services Vocabulary
- 12. IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> - 12 - " ISO/IEC JTC 1/SC 27 SC 27 WG 1 WG 2 WG 3 WG 4 WG 5 ISMS Crypto Security Evaluation Security Control & Services IDMgmnt & Privacy 2700X 15408 19790 24760 29100 29101 ISA 99 IEC TC 65/WG10 SC 22/WG 23 ISA 99 IEC TC 65/WG10
- 13. IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> - 13 - " ISO/IEC JTC 1 SC 22 SC 22 WG4 COBOL WG5 Fortran WG9 ADA WG14 C WG17 Prolog WG19 Formal programming languages WG21 C++ WG23 Prog Lang Vul TR24772 SC 27/WG 3
- 14. Secure IACS and maintain operational security 㻵㼙㼜㼘㻌㼆㼛㼚㼑㼟㻌㻒 㻯㼛㼚㼐㼡㼕㼠㼟㻘㻌㻯㼛㼙㼜 㻵 㼀 IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> - 14 - 㻿㼠㼍㼞㼠 㻻㻷㻫 㻱㼚㼐 㻼㼍㼠㼏㼔㻌㻹㼍㼚㼍㼓㼑㼙㼑㼚㼠 㻿㻭㻸䚷䠚㻩㻿㻭㻸 㻱㼢㼍㼘㻌㻿㼥㼟㼠㼑㼙㻌 㻾㼕㼟㼗 㻿㼡㼎㼟㼥㼟㼠㼑㼙㼟 㼆㼛㼚㼑㼟㻌㻒㻌㻯㼛㼚㼐㼡㼕㼠㼟 㻱㼢㼍㼘㻌㻿㼥㼟㼠㼑㼙㻌 㻻㼜㼑㼞㻚㻌㻿㻭㻸 㻾㼑㼠㼕㼞㼑㻌㻿㼥㼟㼠㼑㼙 㻹㼍㼗㼑㻌㻻㼜㼑㼞㼍㼠㼕㼛㼚㼍㼘㻌 㻿㼑㼏㼡㼞㼕㼠㼥㻌㻼㼛㼘㼕㼏㼥 㻯㼔㼛㼛㼟㼑㻌㻿㻭㻸 㼆㼛㼚㼑㼟㻌㻒㻌㻯㼛㼚㼐㼡㼕㼠㼟 㻻㼜㼑㼞㼍㼠㼑㻌㻿㼥㼟㼠㼑㼙 System Security Compliance Metrics Establishing an Industrial Automation and Control Systems Security Program Operating an industrial automation and control system security program IEC 62443-‐‑‒2-‐‑‒4 practices IACS supplier security policies and Target Security Assurance Levels for ISA 99.01.03 ISA 99.02.01 ISA 99.02.02 ISA 99.02.03 ISA 99.03.02 Zones and Conduits System security requirements and security assurance levels ISA 99.03.03 ISA 99.02.01 ISA 99.03.02 ISA 99.03.02 ISA 99.01.03 ISA 99.03.03 ISA 99.01.03 ISA 99.02.02 ISA 99.02.03 ISA 99.02.01 㻿㼠㼍㼞㼠 㻱㼢㼍㼘㻌㻾㼕㼟㼗㻌㼒㼛㼞 㻯㼛㼙㼜㻌㻯㼛㼚㼐㼡㼕㼠㼟 㻿㼑㼏㻌㻾㼝㼙㼚㼠㼟㻌㼒㼛㼞 㻯㼛㼙㼜㻘㻌㻯㼛㼚㼐㼡㼕㼠㼟 㻰㼑㼟㼕㼓㼚㻌㻒㻌㻵㼙㼜㼘 㻱㼢㼍㼘㻌㻿㻭㻸㻌㼒㼛㼞 㻯㼛㼙㼜㻘㻌㻯㼛㼚㼐㼡㼕㼠㼟 㻻㻷 㻫 ISA 99.04.01 ISA 99.04.02 㻱㼚㼐 IEC 62443-‐‑‒2-‐‑‒4 IEC 62443-‐‑‒2-‐‑‒4 How to fit the entire pieces together?
- 15. " Compliance " IEC 62443-2-1 ISMS compliance for Asset Owners (62443-2-1 is IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> - 15 - aligned with ISO/IEC 27001) " IEC 62443-2-4 Vendor/System Integrator Security Maturity
- 16. Product security • IEC 62443-4-1 Assurance Sec Rea • IEC 62443-4-2 Functional Sec Req IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> - 16 -
- 17. ISASecure Levels Communication Robustness Testing IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> - 17 - Software Development Security Assessment ソフトウェア開発セキュリティ評価 Functional Security Assessment セキュリティ機能評価 Software Development Security Assessment ソフトウェア開発 セキュリティ評価 Functional Security Assessment セキュリティ機能評価 Software Development Security Assessment ソフトウェア開発 セキュリティ評価 Functional Security Assessment セキュリティ機能評価 LEVEL 1 LEVEL 2 LEVEL 3 Requirements Necessary to Achieve Certification Levels Level 1 Level 2 Level 3 Total Count in Specification SDSA 130 149 170 170 FSA 20 49 82 82 CRT All All All CRT Common Specification plus all 6 Protocol CRT Specifications
- 18. ISASecure EDSA Certification Program IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> Detects and Avoids systematic design faults • The vendor’s software development and maintenance processes are audited for artifacts for DUT • Ensures the organization follows a robust, secure software development process - 18 - Embedded Device Security Assurance Software Development Security Assurance (SDSA) ソフトウェア開発 セキュリティ評価 Functional Security Assessment (FSA) セキュリティ機能評価 Communications Robustness Testing (CRT) 通信堅牢性テスト Detects Implementation Errors/Omissions • A component’s security functionality is audited against its derived requirements for its specified security level • Ensures the product has properly implemented the security functional requirements Identifies vulnerabilities in device networking capabilities • A component’s communication robustness is tested against communication robustness requirements • Tests for vulnerabilities in the 4 layers of OSI Reference Model
- 19. ISA Security Compliance Institute • Document Structure for Product Evaluation " Similar structure for system evaluation is being discussed now. IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> - 19 - 19 Tatsuaki Takebe Yokogawa Electric Corp.
- 20. • In order to decrease the chances to be hacked, • You need investments • Attackers need skill, resources to crack the secure system • Let’s make an agreement and grade the level Lvl 4 IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> - 20 - Attackers’ Skill, Resources, Tools, Time How much security? Investment, Efforts, Tech Level, Assurance Level Chances to get compromised. Lvl 3 Lvl 2 Lvl 1
- 21. " 62443-3-3 System security requirements and security assurance levels From Draft 3 ISA 62443-3-3(99.03.03) Sep 2011 4. FR 1 Identification and authentication control To prevent unauthorized access to device and/or inquiry of its info To prevent unauthorized operation of device To prevent tampering data To prevent data leakage To prevent unauthorized information leakage To notify security violation to authority and to report forensic evidence To protect the entire NW resources from DoS attacks IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> - 21 - 5. FR 2 – Use control 6. FR 3 – Data integrity 7. FR 4 – Data confidentiality 8. FR 5 – Restricted data flow 9. FR 6 – Timely response to events 10. FR 7 – Resource availability 21 Tatsuaki Takebe Yokogawa Electric Corp.
- 22. " 62443-3-3 System security requirements and security assurance levels From Draft 3 ISA 62443-3-3(99.03.03) Sep 2011 4. Identify and authenticate all users (humans, processes and devices), and allow them access to the system or assets. • SL 1 – Identify and authenticate all users (humans, processes and devices) by mechanisms which protect against casual or coincidental access by unauthorized entities. • SL 2 – Identify and authenticate all users (humans, processes and devices) by mechanisms which protect against intentional unauthorized access by entities using simple means. • SL 3 – Identify and authenticate all users (humans, processes and devices) by mechanisms which protect against intentional unauthorized access by entities using sophisticated means. • SL 4 – Identify and authenticate all users (humans, processes and devices) by mechanisms which protect against intentional unauthorized access by entities using sophisticated means with extended resources. IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> - 22 - 22 Tatsuaki Takebe Yokogawa Electric Corp.
- 23. " 62443-4-1 Product Development Requirements From Draft 1 Edit 1 ISA-99.04.01 Jun 2011 5. Phase 1 – Security Management Plan (SMP) – SDSA-SMP-1 - Security Management Plan – SDSA-SMP-2 - Action Item Resolution – SDSA-SMP-3 - Documentation of software releases – SDSA-SMP-4 - Development Environment Security Documentation – SDSA-SMP-5 - CM System – SDSA-SMP-6 - Configuration Management Plan – SDSA-SMP-7 - Configuration List IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> - 23 - 23 Tatsuaki Takebe Yokogawa Electric Corp.
- 24. " 62443-4-1 Product Development Requirements From Draft 1 Edit 1 ISA-99.04.01 Jun 2011 6. Phase 2 - Security Requirements Specification (SRS) 7. Phase 3 – Software Architecture Design (SAD) 8. Phase 4 - Security Risk Assessment and Threat Modeling IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> - 24 - (SRA) 9. Phase 5 - Detailed Software Design (DSD) 10. Phase 6 - Document Security Guidelines (DSG) 11. Phase 7 - Module Implementation & Verification (MIV) 12. Phase 8 - Security Integration Testing (SIT) 13. Phase 9 - Security Process Verification (SPV) 14. Phase 10 - Security Response Planning (SPR) 15. Phase 11 - Security Validation Testing (SVT) 16. Phase 12 - Security Response Execution (SRE) 24 Tatsuaki Takebe Yokogawa Electric Corp.
- 25. Conclusions IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> - 25 - • Why standards? • No security is perfect. • Standards are the golden mean agreed upon by the stakeholders. • Compliance/Certification gives assurance if something happens.
- 26. Thank you very much for your attention IAMK014-0411 Copyright © Yokogawa Electric Corporation <20141010> - 26 -