OT网络的安全漏洞及其审计方法的概述和技术深度探讨.pdf

《OT网络的安全漏洞及其审计方法的概述和技术深度探讨.pdf》由会员分享，可在线阅读，更多相关《OT网络的安全漏洞及其审计方法的概述和技术深度探讨.pdf（21页珍藏版）》请在三个皮匠报告上搜索。

1、OT is a Dirty WordAn overview and technical deep dive into the security flaws of OT networks and how to audit themAbout UsTyler KaphingstCyber Security and audit professional 8 years:Senior Cyber Assurance Specialist at GE HealthCareAdvocate Aurora Health Senior Network Security EngineerBaker Tilly

2、Senior Risk and Internal Audit ConsultantNew Dad,full time NerdAdeline GreeneCyber Security and audit professional 6 years:Cyber Assurance Specialist at GE HealthCareBoeing Cyber Security Incident Response SpecialistVirginial Commonwealth University Security AnalystDungeons&Dragons expertOverviewWha

3、t is OT?Fictional Factory auditInsecure by DesignHow Do We Audit This?Q&AWhat Is OT?Manufacturing vs OTThe Manufacturing Environment Internet of Things(IoT)Printing Machines Product Test systems Supervisors machines Metrics&Activity CollectorsFrom IBMs X-Force Threat Intelligence Index 2024Top 5 Lar

4、gest Manufacturing&Utility Breaches in 2023Credential Harvesting and Data Theft 36%Data Destruction and Extortion 16%From IBMs X-Force Threat Intelligence Index 20241.Comcast 35.9 Million Records2.VF Corporation 35.5 Million Records3.AT&T 9 Million Records4.PurFoods 1.2 Million Records5.Topgolf Call

5、away Brands 1.1 Million RecordsTotal#of breaches 302Total#of records affected 87,717,122Average#of records affected 398,714Total cost of breaches$14,473,325,130Attackers Goals:From the Department of Energys Securing Energy Infrastructure Executive Task Force Reference OT ArchitectureSeven Hills Tech

6、nology Small manufacturing company in Lynchburg,Virginia.Two factories and an office making smart robotics products.Approximately 300 employees.Recently adopted new cloud infrastructure but still relies on a legacy datacenter.The Different Networks Found at Seven Hills Technology IT OT IT/OT(non-seg