ACWA Fall Conference 2017 - SeNet Security Presentation

SeNet International attended the Association of California Water Agencies (ACWA) conference and exhibition on November 28 through December 1 in Anaheim, CA. Rehan Bashir and Steve Davis presented at the conference on why cyber security is imperative in both information and operation technology segments in water districts.

ACWA 2017 CYBERSECURITY PRESENTATION

GrassMarlin – An Industrial Control System (ICS)/Supervisory Controls and Data Acquisition (SCADA) Situational Awareness Tool

ICS and SCADA networks are often the most critical components of an organization’s IT environment. Unfortunately, for a variety of reasons, these systems do not often undergo comprehensive, active security testing. One of SeNet’s approaches to assessing the security posture of ICS/SCADA environments is to perform a passive security review using a tool such as GrassMarlin.

GrassMarlin was developed by the National Security Agency (NSA) to provide situational awareness for ICS/SCADA system environments. It is a lightweight Java-based graphical tool that passively sniffs traffic on an ICS/SCADA network to create logical and physical graphs. GrassMarlin runs both in Windows and Linux-based operating systems. Graphs in GrassMarlin can be generated by pointing it to already captured packet files (PCAPs). Once the traffic is captured, the generated logical layout can be grouped in various ways in order to obtain an in-depth understanding of the flow of traffic and the protocols being utilized. Analysis on ICS/SCADA traffic can be done by grouping as:

·        Network

·        Country

·        Manufacturer

·        Role

·        Category

·        ICS Protocol

By grouping traffic in various ways as mentioned above, a great deal of awareness can be achieved. GrassMarlin consists of a GeoIP database, various fingerprints, and vendor IDs. It displays a country’s flag if the traffic is reaching out to any public IP in the USA or to any other country in the world. The Vendor ID identifies the vendor of the network interface cards on the devices.

                                                  Traffic Grouped by Manufacturer

                                                  Traffic Grouped by Manufacturer

                                                        GrassMarlin Logical Graph

                                                        GrassMarlin Logical Graph

For example, ICS/SCADA system misconfigurations can be detected along with a careful analysis of traffic which may provide a clue if any of the components of the ICS/SCADA system is infected with malware and is trying to communicate outside of the network where it has no business communicating.  

GrassMarlin also allows the user to view all frames being transferred between two hosts on the network. By simply right-clicking on any host and then selecting the “view frames option,” you will be provided with a great deal of communication information as shown in the figure below:

                                                              View Frame Interface

                                                              View Frame Interface

GrassMarlin can be downloaded for free from through the following link:

https://github.com/iadgov/GRASSMARLIN

A collection of sample ICS/SCADA network PCAP files are available through the following link:

https://github.com/automayt/ICS-pcap

Feel free to download and import the above mentioned files in GrassMarlin in order to obtain a deeper understanding of the tool and/or perhaps find a way to use it in your next testing assignment.

BMM Testlabs to Expand Gaming Security Offerings in Partnership with SeNet

BMM Testlabs, the world's best gaming testing laboratory and technical consultancy, is proud to announce a partnership with SeNet to complement and expand existing gaming security service offerings.

SeNet specializes in information security, both for tribal gaming and government entities. SeNet's security services and product offerings are designed to help customers protect their systems, networks and data.

Travis Foley, EVP Operations BMM North America commented, "We are very pleased to be able to partner with SeNet. SeNet is a highly-respected organization in the field of International Security and we look forward to working closely with them to assist BMM's clients to further achieve their goals."

Services and products offered through the BMM/SeNet partnership will include:

  • Security code review and vulnerability analysis 
  • Vulnerability assessments and penetration testing 
  • Information security architecture design and implementation 
  • Secure application engineering 
  • Compliance/regulatory review 
  • Payment card industry (PCI) compliance testing 


Gus Fritschie, SeNet's CTO stated, "A partnership with BMM will help to bring our comprehensive security services to a larger clientele and we couldn't be more excited about all of the possibilities. SeNet has over 20 years of experience working with corporations and government agencies and partnering up with BMM is the next big step into offering our services to the gaming industry."

SeNet will be participating at Tribal Net 2017 on November 6-9 in Phoenix, where Fritschie will be on-hand to discuss gaming security services with attendees. Fritschie will also be conducting a workshop on IT Security on the first day of the event at 1:15pm