SCADA Security: Why is it so hard?

Manage webcast
Amol Sarwate
SCADA security and advance persistent threats have now taken center stage. While the industry has some success in dealing with IT security, when it comes to industrial control systems or SCADA systems, we still have enormous challenges. This session will discuss why implementing SCADA security is so difficult, and discuss strategies to meet these challenges. I will discuss my experience working with large organizations with control system installations, and present how SCADA security can be deciphered.

The session will include:
- A very brief technical introduction to SCADA and industrial control systems
- SCADA systems under the hood, including SCADA protocols like MODBUS and DNP3 at the packet level
- Attacks on RTU, PLC, HMI, FEP, SCADA slaves and master stations
- Real world examples of successful and not-so-successful implementations of securing control systems and SCADA systems.
- How to use security tools, technical solutions and a change in mindset to address SCADA security
- Pointers on using the free open-source SCADA scanning tool

This presentation will help organizations trying to implement security measures for their controls systems and SCADA systems. It identifies hurdles that organizations face and will help avoid them, from mistakes made by others. It will help attended try out some tools and techniques when they get back from the conference. It will also help security vendors as well as vendors of SCADA systems to align their solutions to achieve a common goal. For attendees who are not familiar with in-depth SCADA security, the presentation will be an excellent introduction and fast forward to effective SCADA security implementation.
Feb 27 2012
60 mins
SCADA Security: Why is it so hard?
More from this community:

IT Security

  • Live and recorded (5997)
  • Upcoming (120)
  • Date
  • Rating
  • Views
  • This webinar is for business leaders who wish to understand vulnerabilities in commercial software and how they can impact organizations:
    Software vulnerabilities remain one of the most common attack vectors for security incidents and data breaches, either as the entry point for hackers or as the enabler of privileges escalation inside networks.
    This webinar demystifies software vulnerabilities, shows how they relate to the wider ecosystem and demonstrates how this knowledge can be used to define strategies and improve security.
    Key takeaways:
    -What is a software vulnerability
    -How a software vulnerability becomes a threat
    -A glimpse of how threats multiply
    -How closing vulnerabilities impacts risk reduction
  • In today’s global market place your organization needs network connectivity with external entities – suppliers, credit card processing companies, business partners, data feeds etc. But are you really sure these connections are secure and compliant? Are you really sure they are not inadvertently creating holes in your network and exposing your organization to cyber criminals? The Target breach – and many others like it – should at least make you double check your practices.

    Presented by the renowned industry expert Professor Avishai Wool, this technical webinar will cover best practices for managing external connectivity lifecycle to and from your network, including:

    • Defining the right infrastructure, network segmentation, security controls and additional security protections
    • Managing changes to connectivity for third party applications or data feeds
    • Routing partner traffic through your network
    • Auditing and compliance challenges for both you and your partner
    • Technical considerations for managing the business and ownership aspects of third party connectivity
  • In this webinar, Chris Inglis, former Deputy Director of the NSA will share research and actionable insights on:

    -What it takes to build a winning cyber security strategy

    -Why cyber campaigns are much more effective than reactive cyber tactics

    -How to enhance your organization's cyber security profile and maintain a sustainable security posture

    About Chris Inglis:

    Mr. Inglis retired from the Department of Defense in January 2014 following over 41 years of federal service, including 28 years at NSA and seven and a half years as its senior civilian and Deputy Director. Mr. Inglis began his career at NSA as a computer scientist within the National Computer Security Center followed by tours in information assurance, policy, time-sensitive operations, and signals intelligence organizations. Promoted to NSA's Senior Executive Service in 1997, he held a variety of senior leadership assignments and twice served away from NSA Headquarters, first as a visiting professor of computer science at the U.S. Military Academy (1991-1992) and later as the U.S. Special Liaison to the United Kingdom (2003-2006).
  • In this webinar, Chris Inglis, former Deputy Director of the NSA will share research and actionable insights on:

    -What it takes to build a winning cyber security strategy

    -Why cyber campaigns are much more effective than reactive cyber tactics

    -How to enhance your organization's cyber security profile and maintain a sustainable security posture

    About Chris Inglis:

    Mr. Inglis retired from the Department of Defense in January 2014 following over 41 years of federal service, including 28 years at NSA and seven and a half years as its senior civilian and Deputy Director. Mr. Inglis began his career at NSA as a computer scientist within the National Computer Security Center followed by tours in information assurance, policy, time-sensitive operations, and signals intelligence organizations. Promoted to NSA's Senior Executive Service in 1997, he held a variety of senior leadership assignments and twice served away from NSA Headquarters, first as a visiting professor of computer science at the U.S. Military Academy (1991-1992) and later as the U.S. Special Liaison to the United Kingdom (2003-2006).
  • In this webinar, Chris Inglis, former Deputy Director of the NSA will share research and actionable insights on:

    -What it takes to build a winning cyber security strategy

    -Why cyber campaigns are much more effective than reactive cyber tactics

    -How to enhance your organization's cyber security profile and maintain a sustainable security posture

    About Chris Inglis:

    Mr. Inglis retired from the Department of Defense in January 2014 following over 41 years of federal service, including 28 years at NSA and seven and a half years as its senior civilian and Deputy Director. Mr. Inglis began his career at NSA as a computer scientist within the National Computer Security Center followed by tours in information assurance, policy, time-sensitive operations, and signals intelligence organizations. Promoted to NSA's Senior Executive Service in 1997, he held a variety of senior leadership assignments and twice served away from NSA Headquarters, first as a visiting professor of computer science at the U.S. Military Academy (1991-1992) and later as the U.S. Special Liaison to the United Kingdom (2003-2006).
  • In this webinar, Chris Inglis, former Deputy Director of the NSA will share research and actionable insights on:

    -What it takes to build a winning cyber security strategy

    -Why cyber campaigns are much more effective than reactive cyber tactics

    -How to enhance your organization's cyber security profile and maintain a sustainable security posture

    About Chris Inglis:

    Mr. Inglis retired from the Department of Defense in January 2014 following over 41 years of federal service, including 28 years at NSA and seven and a half years as its senior civilian and Deputy Director. Mr. Inglis began his career at NSA as a computer scientist within the National Computer Security Center followed by tours in information assurance, policy, time-sensitive operations, and signals intelligence organizations. Promoted to NSA's Senior Executive Service in 1997, he held a variety of senior leadership assignments and twice served away from NSA Headquarters, first as a visiting professor of computer science at the U.S. Military Academy (1991-1992) and later as the U.S. Special Liaison to the United Kingdom (2003-2006).
  • Tom Bowers, vCISO for ePlus and their clients, will cover what he sees as the looming threats for 2016, including Threat Intelligence and Sharing, State Sponsored Code and Commercial Malware, Security of Big Data, Embedded Systems, and the Physical and Cyber Convergence.
  • Customer data is complicated. It lives everywhere and changes frequently. Creating a holistic view of the customer journey can be a challenge, even as the opportunities are obvious. Join Larry Drebes, Founder and CEO of Janrain for lessons learned from thousands of enterprises, challenges with different approaches to customer data management, and the benefits of managing customer identity in the cloud.
  • Email is #1 source of risk in today's enterprise, yet also the #1 digital communication channel for businesses today. The United States Postal Service sends more than thirteen million emails per day, which makes their email channel and brand a high-profile target for criminal email cyberattacks. In this case study webinar, hear from Michael Ray, Inspector in Change of Revenue, Product & Cyber Security at the United States Postal Inspection Service, as he shares their story of how they implemented Agari to protect their brand and their customers against fraudulent attacks by securing their email channel.
  • Email is #1 source of risk in today's enterprise, yet also the #1 digital communication channel for businesses today. The United States Postal Service sends more than thirteen million emails per day, which makes their email channel and brand a high-profile target for criminal email cyberattacks. In this case study webinar, hear from Michael Ray, Inspector in Change of Revenue, Product & Cyber Security at the United States Postal Inspection Service, as he shares their story of how they implemented Agari to protect their brand and their customers against fraudulent attacks by securing their email channel.
  • Channel
  • Channel profile
Presentations from the BSides Events and Beyond
Presentations from the BSides Events and Beyond

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: SCADA Security: Why is it so hard?
  • Live at: Feb 27 2012 6:00 pm
  • Presented by: Amol Sarwate
  • From:
Your email has been sent.
or close
You must be logged in to email this