docIndustrial IT Security “BK Giulini Kläranlage Werk
download 
Report Transcription
Industrial IT Security “BK Giulini Kläranlage Werk
Betrieb eines ICS-Test- und Prüflabors / Hackerspace Bremen, 16-06-21 About Koramis © 2015 KORAMIS GmbH IT Security Industrial Software Industrial Automation Industrial Continuity Management ICS Testlab Setup of a realistic industrial process control simulation and honeypot environment for an analysis of attack and threat pattern Workshops and trainings on industrial process control systems and infrastructures Using the test laboratory for research and development tests Product testing - integration or stand alone © 2015 KORAMIS GmbH The HoneyTrain-Project ICS-Testlab (Hackerspace) © 2015 KORAMIS GmbH Implementation © 2015 KORAMIS GmbH Implementation © 2015 KORAMIS GmbH Implementation © 2015 KORAMIS GmbH Implementation Digital Ethernet Power supply CANBUS PROFIBUS DP © 2015 KORAMIS GmbH CANBUS Implementation • • • • • 2 trains, ≈ 12 sq. m Based on Siemens components: S7-1500, S7-1200 and TIA Portal 253 PLC variables 28/2 digital I/O 52/52 analog I/O © 2015 KORAMIS GmbH The results The HoneyTrain-Project © 2015 KORAMIS GmbH Results (over 6 weeks) • 14000-19500 Scans per day • 8 Attacks using “brainpower” – – – – – 1 Attack vs. the ESX-Server 4 Attacks vs. the PLC 3 Attacks vs. the web frontend 1 Attack at protocol level (no further analysis) 1 Attack vs. the HMI © 2015 KORAMIS GmbH Results (over 6 weeks) © 2015 KORAMIS GmbH Results (over 6 weeks) © 2015 KORAMIS GmbH Results (over 6 weeks) © 2015 KORAMIS GmbH Whitepaper www.sophos-events.com/honeytrain/ © 2015 KORAMIS GmbH Questions/Discussion? Follow Me @ © 2015 KORAMIS GmbH Your Contact KORAMIS GmbH: Europaallee 5 66113 Saarbrücken Germany [email protected] www.koramis.de Office Berlin: Uhlandstraße 125 10717 Berlin Germany Wigand Weber Follow Me @ Senior Software Consultant [email protected] Phone: Fax: +49 681 968191 34 +49 681 968191 900 © 2015 KORAMIS GmbH Thank you for your attention © 2015 KORAMIS GmbH
