Cyber Security Challenges in the Energy Context Guido Gluschke

Transcription

1 Cyber Security Challenges in the Energy Context Guido Gluschke Institute for Security and Safety (ISS) at the Brandenburg University of Applied Sciences, Germany NISS / NATO ENSE CoE Kyiv, 17 March 2016

2 Introduction Guido Gluschke Co-Director Institute for Security and Safety at the Brandenburg University of Applied Sciences 30+ years experience in computer technology 15+ years experience in security management in critical infrastructures, in particular energy sector 7+ years experience in security management at nuclear power plants (NPP) Program manager for joint activities with UN, IAEA, OSCE, EU and NATO Member of the Energy Expert Cyber Security Platform - Expert Group of the European Commission DG-ENERGY Member of IAEA International Nuclear Security Education Network (INSEN)

3 EC DG ENER Cyber Security Expert Group Mission and duties of the EECSP-Expert Group The mission of the EECSP-Expert Group is to provide guidance to the Commission on policy and regulatory directions at European level, addressing the energy sector key points including infrastructural issues, security of supply, smart grids technologies as well as nuclear. EECSP = Energy Expert Cyber Security Platform

4 International Cyber Activities ISS Is Involved Supporting international organisations with our expertise: Cooperation with Think Tanks and NGOs:

5 Literature On The Cyber-Energy and Cyber-Nuclear Complex coming soon

6 Capacitity Building On Cyber And Nuclear Security Developed by Brandenburg University of Applied Sciences together with IAEA.

7 Four Nuclear IT/Cyber Security Professional Development Courses

8 Four Nuclear IT/Cyber Security PDCs Nuclear IT/Cyber Security PDCs 59 Participants 21 Countries Austria Canada Egypt Ghana Iraq Jamaica Jordan Kenya Malaysia Morocco Nigeria Poland Republic of Macedonia Russian Federation South Africa South Korea Tanzania Thailand UK Ukraine US

9 ISS Support of Locked Shields Cyber Exercise 2015 at NATO CCDCoE in Tallinn The backup power generator was part of an attack scenario in which generators should be destroyed by a cyber attack. DHS / INL Aurora Project virtualization / simulation with real ICS equipment

10 Locked Shields 2015 Virtual Blue Team Environment: Drone Research Facility

11 Focus Energy sector - Electricity

12 Computer Security Domains Related To A Nuclear Power Plant Administration (Office IT) Control Room (Office IT and I&C) Nuclear section (Digital I&C) Internet IT = Information Technology I&C = Instrumentation & Control

13 Computer Security Domains Related To A Electricity Grid Infrastructure Grid (ICS) Administration (Office IT) Control Room (Office IT und ICS) Internet Transformer Station IT = Information Technology ICS = Industrial Control Systems

14 Detection and Identification of Systems Relevant To Energy

15 Identified Systems

16 Trend of ICS Internet Connectivity Source: Collaborative research project with Berlin Free University 2012 to detect Industrial Control Systems connected to the Internet

17 Trend of Targeted Attacks with Advanced Persitent Threats Agent.btz Animal Farm Aurora Black Energy Carbanak Cloud Atlas CosmicDuke Crouching Yeti Dark hotel Desert Falcons Duqu Epic Turla Equation FinSpy Flame Gauss Hacking Team RCS Icefog Kimsuky Machete Madi MiniDuke MiniFlame NetTraveler Red October Regin SabPub Shamoon TeamSpy The Mask / Careto Winnti Wiper Source:

18 Advanced Persistant Threats Against Energy Sector Example Dragonfly: 3-phase attack over 14 months Source: Symantic Security Response Documents

19 In Nuclear: Design Basis Threat (DBT) Methodology A DBT is the State s description of a representative set of attributes and characteristics of adversaries, based upon (but not necessarily limited to) a threat assessment, which the State has decided to use as a basis for the design and evaluation of a physical protection system. A DBT is a description of the attributes and characteristics of potential insider and outsider adversaries who might attempt a malicious act, such as unauthorized removal or sabotage against which a physical protection system for nuclear or other radioactive material or associated facilities is designed and evaluated. Funding, Support structure, Modes of transportation Group Size, Tools, Weapons, Explosives Motivation, Willingness, Intentions Knowledge, Skills, Tactics, Insider threat issues

20 Design Basis Threat (DBT) Responsibilities High Threat Capabilities e.g. military attacks Maximum Threat Capability against which protection will be reasonably ensured beyond DBT e.g. terrorist attacks Design Basis Threat State Responsibility e.g. attack by single person Operator Responsibility Low Threat Capabilities

21 How to handle cyber in DBT? OR Source: Michael Beaudette, WINS workshop Toronto March 2012

22 The ISS perspective Cyber Military

23 Cyber Military Threat Groups The Nation State's Dilemma In the western hemisphere military attacks against nuclear installations are typically beyond DBT They are assigned to the nation state; in any case the licencee is not responsible for protecting his plant against this threats This view can be argued by the following paradigms: Military weapons are controlled by nation-state Theft, as well as illigal movement, illigal import, or illigal use of military weapons should be detected/tracked by nationstate intelligence services In case of use, military activities has to be fended off by nation-states forces

24 Probability Cyber As A Powerful Weapon high conventional/ physical cyber biological chemical radiological low nuclear difficult Feasibility easy

25 Simple Model A B Highly Targeted Targeted Zone 4 Internet Zone 3 Zone 2 Zone 1 Reactor-near zone C Untargeted Administrative zone Operational zone/ Main Control Room A Highly targeted: Targeted against particular component/system B Targeted: C Untargeted: Targeted against particular organization/facility Not targeted against particular organization/facility (Random target/target of opportunity)

26 Characteristics A B C Highly Targeted Targeted Untargeted Zone 4 Internet Zone 3 Zone 2 Zone 1 Motivation Willingness Intention Funding Support Logistics Planning Knowledge A Highly targeted: Military-style adversary B Targeted: Traditional adversary groups C Untargeted: Everyone else A Highly targeted*: no prevention, advanced detection and response B Targeted**: extended prevention, advanced detection and resp. C Untargeted: standard prevention, detection and response *State-of-the-art is definitly not be enough **State-of-the-art is most likely not be enough

27 Consequences A B C Highly Targeted Targeted Untargeted Zone 4 Internet Zone 3 Zone 2 Zone 1 New cyber weapons Come closer to nuclear protection goals Increased insider knowledge A Highly targeted: Threat is not understood B Targeted: Threat is basically understood C Untargeted: Threat is well understood A Highly targeted: can be understood through exercises/simulation B Targeted: can be understood through incident analysis C Untargeted: can be understood through technical press

28 Highly Targeted: Beyond State? Targeted: Beyond DBT? In the physical world 'physical threat bounderies' exists There is always something more In general, understanding/definition of this limit is necessary Beyond State Level Beyond DBT Within License for Nuclear Facility

29 Room For "Beyond DBT" and "Beyond State" In Cyber For cyber the "Maximum Threat Capability" could be considered as "Threats, a nation state by itself is unable to defeat", for example: DoS: When a state has no capability to handle massive DDoS attacks Encryption: When a state has no capability to evaluate if an encryption is strong enough for its intended purpose Malware: When a state has no detection mechanism for zero day exploits or advanced malware Supply Chain: When a state is not able to detect if computer systems within the supply chain are free of malware

30 What Do We Need? Cyber Security = Competency x Readyness Complexity x Malicous Intent Cyber Security Education / Capacity Building Cyber Security Exercises / Readyness Cyber Security Expertise Cyber Security Awareness / Culture Trust / Transparency / Confidence Building Measures International Cooperation

31 Trends and Research Areas Understanding the infrastructures and dependencies, modelling the threats and risks Digitalisation of analog elements in all relevant domains, such as physical protection systems New technology trends with increasing internetdependency New operational models for energy sector, such as turn-key solutions or virtual power plants Cyber as a new domain of military actions Industrial Control Systems (ICS) as new targets

32 Thank you for your attention! Guido Gluschke