TPM 6

הגנת סייבר

Thursday | 8.11 | 16:30

גבריאל מזוז מכהן כראש מחלקה בכיר, מנהל מחלקת מחשב וסייבר בקבוצת האנרגיה והייצור בחברת החשמל. לגבי תואר ראשון ושני בהנדסת מכונות מהטכניון, תואר MBA מאוניברסיטת חיפה ותואר ראשון בהנדסת חשמל מ-HIT. במהלך 27 שנות עבודתו בחברת החשמל מילא מגוון תפקידים, מזה 11 שנים עוסק בנושאי הגנת סייבר במחלקתו.

לקורות החיים>>

גבי מזוז.jpg

גבי מזוז

חברת החשמל לישראל

תכנית המושב

 

TPM 6.1

An Integrated System-of-Systems Approach for
Aggregated OT Cyber Security

Tali Rosenwaks, mPrest

Modern power utility operations encompass complex IT and OT infrastructures. Until a few years ago, separate teams managed their cyber security operations, another one managing physical security.

IT networks are protected with firewalls, IDS/IPS, endpoint protection systems, etc., and are aggregated via the SIEM/SOC, whereas OT networks are "air-gapped" from the IT network so cyber threats could not infiltrate it. Accordingly, physical network security focuses mainly on access control, asset management, theft prevention and safety.

Today, utility OT networks comprise thousands of devices, increasingly connected with IT networks via the Industrial Internet of Things. This has raised their exposure to cyber threats. In fact, the vast majority of cyber attacks on OT networks actually penetrate the organization through the IT network.

Responding to the convergence of IT and OT cyber threats, utility security teams are seeking a more coherent and integrated view of their cyber security challenges. Various OT cyber security solutions exist, but addressing particular needs, such as detection engines, asset discovery, access control and forensics.

Since physical security, IT cyber security and OT security are managed in separate silos, utilities cannot see the complete cyber attack picture. Given the abundance of data and alerts from multiple sources, utilities need a solution that aggregates and integrates IT and OT Cyber security data (similar to SIEMs in the IT world) for timely response to cyber events. This integrated data, would be best served by correlation with physical security management and live asset sensor information for a complete E2E cyber threat assessment.

We will describe the System of Systems approach for a coherent and holistic integrated solution to the organization’s cyber security challenges. This architecture enables aggregation of OT data from operator consoles, maintenance laptops and Historian servers in the SCADA network, and controllers in the production network. It then integrates data and alarms from IT and OT cyber security, operational systems (OT), and physical security systems. You will learn how by using big data analytics and AI-driven algorithms the utility can connect the dots between the OT, IT, asset and physical worlds and better protect its vital assets from complex cyber threats.

Tali.jpg

Tali Rosenwaks

mPrest

Currently serving as mPrest's Chief Operation Officer, heading the Commercial Division to deliver a game-changing Intelligent Grid Management System of Systems.

This first-of-its-kind platform which is helping leading power utilities worldwide meet the challenges of a rapidly changing energy market.

mPrest is a recognized thought leader in grid modernization, DERMS, Internet of Energy and the application of cutting-edge intelligent technologies to optimize grid operations.

TPM 6.2

Incident Response Team – Under Construction!

Eran Salfati, Lital Badash, Javier Roasso, Tsachi Cahana, Yagil Kadmon, Amir Ellenbogen, NRCN

Publications nowadays show increase in cyber security awareness in critical infrastructures in general and in particular in industrial control systems. Our paper from 2016 [1] discusses three practical and essential steps to implement cyber-security plan: Security policy establishment, Risk assessment and basic implementation of control methods.

We believe that an initial plan for protecting the organization from malicious cyber incidents must consider the control methods as we referred to. These control methods include technical aspects and tools such as Firewalls and Intrusion Detection Systems (IDSs) that provide sustained monitoring and prevention without constant human interaction. But this is not enough.

Relying only on well configured tools is known as Passive Defense. “Passive Defense mechanisms will eventually fail in the face of determined and well-resourced adversaries” [2]. Therefor highly trained security personnel are needed to neutralize highly trained adversaries.

Active Defense is expanding passive defense capabilities and refers to the process of applying advanced, unique and combined techniques for detecting, analyzing and responding to real time incidents. In many ways, this is an act of “hunting” through the network by personnel familiar with the systems and their operations. Performing an excellent active defense depends much on investigating past incidents and consuming up-to-date threat intelligence.

In this paper we will focus on the most important group of analysts, the Incident Response Team, that falls into the category of active defenders. This team will determine the Impact of cyber-attack on your organization.

We will introduce a methodology and tools that will help to establish and operate a well-trained incident response team for your organization.

 

References

[1] E. Salfati, J. Roasso, T. Cahana, Y. Kadmon, A. Ellenbogen, “SCADA Security – Where should we start?”, 2016.

[2] M. Lee, “The Sliding Scale of Cyber Security”, SANS Institute InfoSec Reading Room, 08/2015.

ערן סלפטי מתגורר באופקים, נשוי ואב לארבעה בנים.

לערן תואר ראשון ושני בהנדסת חשמל ומחשבים מאוניברסיטת בן גוריון בנגב.

ערן עובד בקריה למחקר גרעיני כמהנדס במחלקת פיתוח מערכות בקרה תעשייתיות.

את דרכו המקצועית החל כמהנדס פיתוח מערכות בקרה ומזה כשלוש וחצי שנים משמש כראש מוקד ידע סייבר תשתיות (Cyber OT).

Eran Salfati.jpg

ערן סלפטי

NRCN

 

TPM 6.3

פתרונות הגנת סייבר בסביבת תקשורת מחשבים

שירי מנחם, פייברנט

כיום יותר מתמיד איומי הסייבר בעולם עולים וגוברים.

בשנים האחרונות אנו ערים לתקיפות בכל הגזרות בתחום הסייבר (אזרחי, צבאי, כלכלי וחברתי)

כמו כן, האמירה כי פגיעה בתשתיות קריטיות היא ברמת מדינה כבר אינה נכונה, כיום גם להאקר בודד או לקבוצה מאורגנת כדוגמת "אנונימוס" יש את הכלים והיכולות לפגוע בתשתיות קריטיות, אחד האיומים בתחום הסייבר הוא האיום החומרתי, קלות ההטמנה של פוגען או מכשור עוין במוצרי תקשורת (אפילו פאסיביים) הינה בלתי נתפסת , אחת "החוליות החלשות" הינה שרשרת האספקה, בעולם משקיעים משאבים בכדי למנוע התקפות סייבר בתווך התוכנתי ורק בשנים האחרונות העולם

 מתחיל להבין כי ישנו איום נוסף – "האיום החומרתי".

השכלה

2012-2013 : קורס דירקטורים בתאגידים, אוניברסיטת חיפה.

2010-2012 : תואר שני בלוגיסטיקה, אוניברסיטת חיפה.

2005-2008 : תואר ראשון במינהל עסקים, המרכז האקדמי רופין.

2001-2003 : הנדסאית תעשייה וניהול, המכללה למינהל.

1996-1999 : תעודת בגרות מלאה במגמת מנהל וכלכלה , תיכון מקיף נשר.

ניסיון תעסוקתי

2014 – היום - סמנכ"לית פיתוח עסקי בתחום הצבאי בחברת היי טק העוסקת בפתרונות

שירי מנחם-m.jpg

שירי מנחם

פייברנט

 
 

TPM 6.4

Addressing Cyber Risks actively with Siemens Solutions

Benjamin Collar, Siemens, Germany

In recent years the energy sector has become a prime target for cyber-attacks. This has led to a shift in the mindset of those responsible for protecting critical infrastructure: they recognize their challenge with regard to cyber-attacks is no longer “if” but “when.” With this evolving mindset, owners and operators of power plants are implementing a set of counter measures either as part of a sound risk management regime or by following best practices as defined in standards and norms. Government authorities are also responding to the heightened concern by enacting cyber security regulations.

This presentation will address a specific kind of security control, Incident Response (IR). Unlike many other security controls, which try to prevent attacks, IR aims to reduce the impact of adverse events. Incident Response complements traditional preventative and protective measures by improving KPI’s such as Mean Time to Identify (MTTI) and Mean Time to Contain (MTTC).

As a solution supplier for critical infrastructure, Siemens provides robust system components based on international standards. To support our customers in sensitive or critical situations, Siemens has developed an approach to incident response that is tailored to industrial control systems . We take specific aspects into account such as the need to involve ICS/OT domain experts, or the obligation to report particular incidents to authorities.

Benjamin Collar-.jpg

Benjamin Collar

Siemens, Germany

Head of Industrial Cyber and Digital Security in Europe

Siemens AG

Ben Collar is the Head of Industrial Cyber and Digital Security in Europe for Siemens Power Generation Services, supporting customers in their journey to secure critical energy infrastructure. Previously Ben worked for Siemens’ internal research and development unit, leading delivery of tactical cyber-security consulting and innovative, long-range cyber-security research. Ben has been with Siemens for nearly 15 years and has held roles as director of R&D, software development manager and software engineer and has been featured in numerous publications on topics like innovation and critical infrastructure

 

TPM 6.5

הצגת פתרונות סייבר עבור חברת חשמל תפיסה הוליסיטית עם חשיבה קדמה

ארטיום ליכטנשטיין, f5

הגנה על מידע רגיש כגון נתוני הגישה (שם משתמש + סיסמא) ע״י הצפנה נוספת של הערכים בשכבת האפליקציה

הגנה מפני איומי Man in the Browser בצורה שקופה ע״י הזרקת JavaScript ושכתוב הדפים ללא התקנות בצד המשתמש

הגנה מפני בוטים (Bots) ורכיבים אוטומטיים זדוניים גם בגישה לאפליקציות מובייל Native ע״י שימוש ב-Anti-Bot Mobile  ללא SDK

ארטיום ליכטנשטיין-m.jpg

ארטיום ליכטנשטיין

f5

The Systems Engineer (SE) is a technical role that is part of a highly technical sales team, which supports sales and promotes customer satisfaction. Primarily providing pre-sales technical consulting for the implementation of products, applications and solutions. This includes presentations, product demonstrations, assessment of potential application of F5 solutions and the development of account plans.

התאגדות מהנדסי חשמל ואלקטרוניקה בישראל

The Society of Electrical and Electronics Engineers in Israel 

Tel: (+972) 3 6134116 |  Fax: (+972) 3 6134117

All rights reserved to SEEEI Corp.