Bio: Artur Sidorko Seasoned expert in industrial control systems’ implementations, SCADA systems architecture and SCADA security. In 2004-2008 he participated in the key projects of modernization and implementation of SIEMENS SCADA systems at Polish major energy distributor (PSE-Operator S.A.). At PSE-Operator S.A. Artur also implemented ICCP connections between transmission systems operators as well as participated in defining scope for SCADA systems. From 2008 to 2009 Artur led IT infrastructure department at yet another leading Polish energy sector company (PGE S.A). Titles hold and certificates obtained: CSSA – Certified SCADA Security Architect by IACRB, CompTIA Network+, PRINCE II Practiitoner. As one of the few in Poland he participated in Control Systems Cyber Security Advanced Training conducted by U.S. Department of Homeland Security. He also participated in Siemens Energy Management & Automation Trainings: Multi-site System, Spectrum Installation and Administration, Utilities.
Topic of Presentation: Industrial control systems security architecture
Speakers: Artur Sidorko, Piotr Ciepiela
Protecting critical infrastructure has become in recent years one of the world’s most important issues of general security. SCADA industrial control systems are the main center of critical infrastructure due to their critical importance for the functioning of core installations and the high risks related to the cybercrime threat.
Every once a while, we hear about attacks on the SCADA systems, with a remarkable Stuxnet worm, which was designated as one of the most advanced malicious code. That marks the importance and threats to the security of critical infrastructure, whose elements are real-time monitored by the SCADA systems.
There are a couple of potential risks for SCADA environments: business driven need for constant access to data collected by SCADA systems; long process of switching from dedicated technologies (i.a. closed protocols) to standard technologies (Windows, TCP/IP); centralization of monitoring and control systems, correlated with a need of transferring data to long distances, with a use of infrastructure beyond the control of a given operator.
Industrial control systems and the devices controlled by them were not designed to be used in environments, which are not physically separated from the outer network, which poses a threat as there are lots of vulnerabilities, which can be used to interrupt the industrial process.
Specialists from Ernst & Young will be talking about attack methods, vulnerabilities of SCADA components and the solutions for reducing the potential threat. They will base their presentation upon experiences from different projects for ICS operators in Europe and North America.