Pareto's View on ICS Cyber Security. Dirk Seewald CEO, Innominate Security Technologies AG

Transcription

1 Pareto's View on ICS Cyber Security Dirk Seewald CEO, Innominate Security Technologies AG ARC Forum Europe 2015

2 Scope Of This Talk This Presentation is focussing on securing process and factory plants taking an automation system perspective covering both, greenfield and brownfield applications pragmatic, yet systematic This Presentation is not covering the development and povisioning of secure automation components academic 2 / Dirk ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

3 Why This Talk? We do have vulnerable IT/OT operations. There is no 100% security. Deployable ICS cyber security measures are often counter-intuitive to today's operating precedures. ICS cyber security is not only technology. ICS cyber security is an investment which competes with other spending options. 3 / Dirk ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

4 World Economic Forum & McKinsey Recommendations to implement institutional readiness for robust cyber resiliance: Prioritize information assets based on business risks. Develop deep integration of security into the technology environment to drive scalability. Provide differentiated protection based on the importance of assets. Deploy active defences to uncover attacks proactively. Test continuously to improve incident response. Help personnel to understand the value of information assets. Integrate cyber resistance into enterprise-wide risk management and governance processes. Source: Insight Report "Risk and Responsibility in a Hyperconnected World", Jan / Dirk ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

5 Vilfredo Pareto Vilfredo Federico Damaso Pareto ( ) was an Italian engineer, sociologist, economist, political scientist, and philosopher. He introduced the concept of Pareto efficiency and helped develop the field of microeconomics. The Pareto principle was named after him and built on observations of his such as that 80% of the land in Italy was owned by 20% of the population. Source: Wikipedia, March / Dirk ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

6 "Pareto Principle", As Used Here. CONCEPTUAL Cause Effect 20% 80% 80% 20% 6 / Dirk ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

7 What Is At Stake? Cyber security is a business risk. Deploying cyber security measures also is a business enabler for innovative operating procedures (such as preemptive remote maintenance), and innovative business models (such as "Industry 4.0"). 7 / Dirk ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

8 Business Risk - Applying The "Pareto Principle" CONCEPTUAL Severity Effort Likelihood Risk "Low Hanging Fruits" 8 / Dirk ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

9 Business Risk - Risk Assessment Matrix Uncontrolled status of a nuclear enrichment plant Unintended PLC reprogramming by service technician Complete removal of data on IT/OT infrastructure CONCEPTUAL Severity of Damage Criminal hostagetaking of a production process Leak of IP due to unmanaged remote access across the Internet Accidential halt of production due to unintended OT virus scan Ongoing covert proliferation of OT equipment infections Color indicates Risk Level: Low High Unresponsive OT equipment due to network traffic overflow, DoS Unauthorized access using hardcoded passwords Likelihood of Occurance 9 / Dirk ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

10 Business Risk - Risk Management Matrix Uncontrolled status of a nuclear enrichment plant CONCEPTUAL Risk Management Effort Unintended PLC reprogramming by service technician Color indicator: "Low Hanging Fruits" Leak of IP due to unmanaged remote access across the Internet Accidential halt of production due to unintended OT virus scan Ongoing covert proliferation of OT equipment infections Complete removal of data on IT/OT infrastructure Risk Level 10 / Dirk ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

11 Business Enabler - After Sales Business Source: VDMA/McKinsey, "Zukunftsperspektive deutscher Maschinenbau", July 2014 Increasing importance of aftersales/service for machine builders Secure Remote Connectivity 11 / Dirk ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

12 Business Enabler - Industry 4.0 Secured Data Encrypted Communication Trustworthy Identities Source: acatech, "Recommendations for implementing the strategic initiative INDUSTRIE 4.0", Apr / Dirk ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

13 "Low Hanging Fruits" EXAMPLE Risk, Enabler Risk: Complete removal of data on IT/OT infrastructure Risk: Accidental halt of production due to un-intended OT virus scan Mitigation, Implementation Options Implement backup technology and desaster recovery procedures Implement separation between IT and OT (firewall, DMZ) Risk: Ongoing covert proliferation of OT equipment infections Risk: Leak of IP due to unmanaged remote access across the Internet Enabler: Preemptive remote maintenance Enabler: Encrypted communication Implement separation between automation cells (firewall, DMZ) Determine, document and monitor Internet-facing systems Provide only managed authenticated remote access to automation suppliers Implement encryption techniques for data leaving your plant Deploy authenticated, encrypted communicaton to your customers' plants Deploy authenticated, encrypted communicaton across the entire product value chain 13 / Dirk ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

14 Caution! Be aware of the "Pareto Principles" limitations. "Black Swans" do exist. Characteristics of a "Black Swan" event (acc. to Nassim Nicholas Taleb): 1. The event is a surprise (to the observer). 2. The event has a major effect. 3. After the first recorded instance of the event, it is rationalized by hindsight, as if it could have been expected. 14 / Dirk ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

15 Innominate Security Technologies AG Highly targeted portfolio of software and hardware products and solutions for the cyber protection of Industrial Control Systems Established 2001, German company Inventor and licensor of technology Several hundred customers, more than products in the field Since 2008 fully owned by PHOENIX CONTACT 15 / Dirk ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

16 Thank You. protecting industrial networks Dirk Seewald Chief Executive Officer Vorstand Innominate Security Technologies AG Rudower Chaussee Berlin, Germany Tel.: Fax: A Phoenix Contact Company dseewald@innominate.com 16 / Dirk ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY