Cyber Security – Secure Architecture Challenges for Real Businesses
Introducing a further gripping presentation to be given by Cliff Martin, Principal Engineer, BAE Systems Submarines, at our “Smart way to Industry 4.0 with PROFINET Based Technologies” series of seminars to be held in Coventry and London this March.
In 2015, approximately 225,000 Ukrainians suddenly found themselves with no electricity at Christmas as a result of a successful phishing email. It is widely believed that Russian operators were responsible for this in support of their hybrid warfare strategy in Ukraine; further to this, they were also successful in slowing remote remediation efforts (between 3 & 6 hours).
These attackers are some of the most capable and well-funded in the world, yet they carried out the power-down segments of their attacks with shocking simplicity; they logged into HMIs and pressed soft-buttons using valid user credentials.
There has been much reporting around the Ukraine cyber-attacks, particularly in the Operational Technology space, however, it is important to draw attention away from the Fear, Uncertainty and Doubt, and towards those aspects that can help us learn and better model threats.
One lesson we can learn of the Ukraine attacks – that attackers, whilst focussed on effectiveness, will invariably follow the path of least resistance. Operational Technology security has always required a different approach to traditional IT, and whilst technically, OT security improves technically, year on year, it is important that security programmes continue to take account of the architecture and people/process aspects that influence their risks; in a complex space of multiple suppliers, contractors, customers and sites, evaluating the path of least resistance can be difficult, and the mobile and reactive nature of third-party support can further compound these issues.
This talk will draw on the path-of-least-resistance considering lessons from the Ukraine and similar types of attacks, discussing, from an introductory level, good practice secure architecture models and the challenges posed to their implementation by emerging technology and support requirements.
Attention will be paid to the way real-world support & operations solutions can unintentionally, or invisibly bridge security enforcement zones, and what this means for your threat model.
Click here for more information about the seminars and how to register
The PROFIBUS Group
- 0208 144 9597
- uk@profibus.com
- http://www.profibusgroup.com
- Suite 183, 19 Lever Street, Manchester, M1 1AN GB
About us
PI UK was founded as The PROFIBUS Group in 1993 to promote the use of PROFIBUS in the UK. More recently it has added PROFINET and IO-Link to the range of technologies supported by the group and is now known as PROFIBUS and PROFINET International UK, or PI UK for short. Registered in the UK as a Trade Association, PI UK is run by a Steering Committee elected by its members. It is not a limited company and hence has no company registration number, but it is fully accountable within the UK and is VAT registered, number GB 643240662.
Where we supply to
Europe, Africa, Asia, Australia, South America, North America
Industries we supply to
Automation, Chemicals, Consultants, Components Electronics, Energy and Power, Food and Beverage, Glass Ceramics Cement, Metals and Minerals, OEM, Paper and Pulp, Pharmaceutical Cosmetics Toiletries, Plastics and Rubber, Recycling, Textiles, Tobacco, Water and Wastewater
