Emerging SCADA and Security Solutions Presented by; Michael F. Graves, P.E. Chris Murphy, CISSP

Transcription

1 Emerging SCADA and Security Solutions Presented by; Michael F. Graves, P.E. Chris Murphy, CISSP July 25, 2014

2 Topics Improved 4G Communications Mobile Devices Cyber Security Threats Cyber Security Guidance

3 4G Communications When is 4G Acceptable Urban Areas with 4G Service Fiber is not available Cost is an issue Some video is needed Not necessarily a more secure communication approach. Secure endpoints with Firewalls, etc.

4 Typical Modem Installations Single modem with single service provider Relatively simple to install Relatively low cost way to extend networks to remote locations Point to Point connectivity Can handle data and a couple of cameras Uptime availability is relatively low (about 97% to 99%)

5 Newer Installation Method Multiple Provider Networking Uses typical 4G modem or modems System uses multiple providers to increase uptime reliability to over 99.99% Requires 3 rd Party Device to Monitor Signals, Switch Providers, and Auto-Reboot Increases data usage about 10% 3 rd Party Monitoring Device 4G Modem(s) SIM SIM PLCs Cameras Access Control Access Control

6 Mobile Devices SCADA systems are undergoing a shift Makes them easier to use Makes them less secure Major Vendors have Mobile Apps for Apple and Android devices Some offer extensions to customer apps for customers to monitor smart meters and contact customer service Data monitoring versus Control configurations Virtualization technologies are upcoming.

7 Connectivity and Security Can use 4G and Wi-Fi connectivity 4G if mobility outside of plant is needed Wi-Fi for use inside the plant Security Concerns Guidelines Hacking Theft or Loss of Device Social Engineering 3 rd Party Review

8 SCADA/ICS Cyber Security SCADA systems are more vulnerable than in the past. Unprecedented connectivity allows for new risks Not just hackers in basements Disgruntled staff State sponsored actors Organized crime (foreign and domestic)

9 Example: Cybersecurity Threat Intelligence Campaigns against energy sector by group called Energetic Bear or Dragonfly Managed to compromise a number of strategically important organizations for spying purposes If they had used the sabotage capabilities open to them, could have caused damage or disruption to energy supplies in affected countries. Targeted energy grid operators, major electricity generation firms, petroleum pipeline operators, and energy industry industrial equipment providers.

10 Everyone is Vulnerable Firewalls, antivirus, and intrusion detection are good but hackers are clever. Havex Malware Remote Access Trojan (RAT) Used by Dragonfly Samples found that were customized to enumerate SCADA networks Distributed by to specific employees as PDF attachment Compromised legitimate and vendor websites Actually supplanted vendor ICS software available on their sites with altered Havex embedded software

11 Emerging Threats Software Defined Radios (SDR) Traditionally implemented by expensive hardware Now instead software-defined components Makes RF hacking very affordable ($50 - $400) SCADA systems vulnerable (especially older hardware)

12 Cybersecurity Policy and Guidance Executive Order 13636: Improving Critical Infrastructure Cybersecurity Develop a technology-neutral voluntary cybersecurity framework Promote and incentivize the adoption of cybersecurity practices Increase the volume, timeliness and quality of cyber threat information sharing Incorporate strong privacy and civil liberties protections into every initiative to secure our critical infrastructure Explore the use of existing regulation to promote cyber security Presidential Policy Directive-21: Critical Infrastructure Security and Resilience directs the Executive Branch to: Develop a situational awareness capability that addresses both physical and cyber aspects of how infrastructure is functioning in near-real time Understand the cascading consequences of infrastructure failures Evaluate and mature the public-private partnership Update the National Infrastructure Protection Plan Develop comprehensive research and development plan

13 Cybersecurity Guidance NIST Cybersecurity Framework -Technology neutral guide for critical infrastructure sectors to organize cybersecurity initiatives and programs NIST SP Guidelines for selecting and specifying security controls for federal government. Many organizations in private industry use NIST SP as a guide for their own security management. NIST SP rev. 2 - Guide to Industrial Control Systems (ICS) Security Supervisory Control and Data Acquisition (SCADA) Systems, Distributed Control Systems (DCS), and Other Control System Configurations such as Programmable Logic Controllers (PLC) ISO/IEC This standard is a specification for an information security management system (ISMS). Catalogs a wide range of controls and other measures relevant to information security. ISA series Expands on ISO/IEC with more specific guidance such as business and ICS network segregation strategies

14 Questions?