Multidimensional Cyber Security Methodology for Critical Infrastructure
VDAMP Principle reflects CRITIFENCE vision to a stable, secure and survivable cyber defense methodology of physical processes in Critical Infrastructures, SCADA and Industrial Control Systems. CRITIFENCE is committed to ensure a stable methodology that consists from the most comprehensive cyber security perception to protect Critical Infrastructure, ICS and SCADA Systems, and the cyber security principles of: Visibility, Detection, Analysis, Management and Protection.
OT Network Discovery (OND) and PLC Models Classification (PMC) Modules provide full visibility of ICS and SCADA hardware over the OT network, OT network topology, active hardware components and the relation between them in real time.
Anomaly Detection Engine (ADE) and Auto-Discover Module (ADM) allow detection of malicious activities and cyber-attacks over the OT network, and for passive detection of new guests devices and hardware equipment the OT network.
Machine Learning module (MLM) collects OT network traffic and to analyzes the behavior of OT network and hardware equipment. Process Learning Engine (PLM) analyze process related commands, values and set points.
Inventory Management Module (ILM) and the OT Cyber Security Policy Management (OTSPM) allow to manage OT network hardware and large-scale of SCADAGate+ Agent appliances in order to manage and control cyber security policy in large and complex OT environments.
Detection of SCADA cyber-attack vectors. Detection of abnormal access and connectivity to target devices over the OT network. Detection of cyber-attacks tools and different behavioral patterns of other tools include scanners, fuzzers and enumeration tools.
Secure and Survivable Critical Infrastructure Cyber Defense
Most of our Critical Infrastructure, factories and plants are managing and operating their processes through Supervisory Control and Data Acquisition (SCADA) systems. Originally, SCADA networks and systems were designed with no security under the assumption that they will stay disconnected from other corporate IT networks and from the Internet. Most SCADA protocols were never intended to be used on publicly accessible networks, and in some cases, not even on IP networks. With the growing connectivity of networks today, alongside the evolution of cyber threats, SCADA networks are exposed to cyber-attacks. These are hapening all over the world and are evolving exponentially. Criminals, anarchists, terrorists and state actors are targeting today's critical infrastructure and Industrial Control Systems (ICS).
Nuclear power stations, Production, Chemical and power plants, Fabrication, Refining industries and more.
Electrical power transmission and distribution stations, Water pumping and waste treatment plants, Oil and gas processing facilities and more.
Manufacturing, Large communication systems, Offices, Data centers, Control rooms and more.
Airports, Ports, Train-stations, Truck and vehicle fleets, Connected cars and more.
Protecting critical infrastructure from cyber-attacks introduces unique challenges. The OT environments can be harsh and often use legacy systems and proprietary protocols. CRITIFENCE® SCADAGate+ is a new generation of cyber security technology which monitors and controls OT networks passively through a server/agent architecture and enables remote sites connectivity. This cuƫng edge technology gives a multilayered defense to the OT networks. It is able to detect, to alert and to prevent both known and unknown or 0-day cyber-attacks, using different techniques such as machine-process learning and anomaly detection.
Learn more about CRITIFENCE® Cyber Security Solution for Critical Infrastructure, SCADA and Industrial Control Systems.
Cyber security threats and vulnerabilitites which discovered
by CRITIFENCE® Critical Infrastructure and SCADA/ICS Cyber Threats Research Group
The use cases identified demonstrate the ability to generate a freeze conditions on the HMI, that can lead to a denial of servicedue to incomplete error management of HTTP requestsin the Web Gate Server.
CVE-2016-8374e has been assigned to this vulnerability. Schneider Electric’s CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).f
Schneider Electric has become aware of a vulnerability. It impacts the Modicon family of PLCs, specifically when replaying run/stop and upload/download requests in the Modbus protocol commands. Because the vulnerability concerns the replay of run/stop and upload/download Modbus requests, it could potentially allow a malicious attacker to execute unwanted commands on the target PLC.
Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download. CVE-2017-6034 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)