NIST Briefing: ICS Cybersecurity Guidance NIST SP , Guide to ICS Security

Transcription

1 NIST Briefing: ICS Cybersecurity Guidance NIST SP , Guide to ICS Security Keith Stouffer Mechanical Engineer Engineering Laboratory August 28, 2013

2 Industrial Control Systems (ICS) Overview Industrial Control Systems (ICS) is a general term that encompasses several types of control systems including: Supervisory Control and Data Acquisition (SCADA) systems Distributed Control Systems (DCS) Other control system configurations such as Programmable Logic Controllers (PLC) ICS are specialized Information Systems that physically interact with the environment Many ICS are components of the Critical Infrastructure

3 SCADA Examples SCADA systems are used in the electricity sector, oil and gas pipelines, water utilities, transportation networks and other applications requiring remote monitoring and control.

4 DCS Examples Manufacturing Electric Power Generation Refineries

5 Comparing Information Systems and Industrial Control Systems Different Performance Requirements Information Systems Non-Realtime Response must be reliable High throughput demanded High delay and jitter accepted Realtime Industrial Control Response is time critical Modest throughput acceptable High delay and/or jitter is a serious concern

6 Comparing Information Systems and Industrial Control Systems Different Reliability Requirements Information Systems Scheduled operation Occasional failures tolerated Beta testing in the field acceptable Industrial Control Continuous operation Outages intolerable Thorough testing expected

7 Comparing Information Systems and Industrial Control Systems Different Risk Management Requirements: Delivery vs. Safety Information Systems Data integrity paramount Risk impact is loss of data, loss of business operations Recover by reboot Industrial Control Human safety paramount Risk Impact is loss of life, equipment or product, environmental damage Fault tolerance essential These differences can create large differences in acceptable security practice

8 Why Secure ICS? The recent Executive Order No , National Infrastructure Protection Plan (NIPP) and other documents including GAO cite industrial control systems as critical points of vulnerability in America's utilities and industrial infrastructure... Successful attacks on control systems could have devastating consequences, such as endangering public health and safety. Electric power Water Oil & Gas Chemicals Pharmaceuticals Mining, Minerals & Metals Pulp & Paper Food & Beverage Consumer Products Discrete Manufacturing (automotive, aerospace, durable goods)

9 ICS Security Challenges Real time constraints - IT security technology can impact timing, inhibit performance (response times are on the order of ms to s) Balancing of performance, reliability, flexibility, safety, security requirements Difficulty of specifying requirements and testing capabilities of complex systems in operational environments Security expertise and domain expertise required, but are often separated

10 ICS Security Standards and Guidelines Strategy Add control systems domain expertise to: Already available Information Security Risk Management Framework Provide workable, practical solutions for control systems without causing more harm than the incidents we are working to prevent This expertise takes the form of specific cautions, recommendations & requirements for application to control systems - throughout both technologies and programs NIST SP Guide to Industrial Control System (ICS) Security ICS Overlay for NIST SP , Rev 4 security controls

11 NIST SP Guide to Industrial Control Systems Security Provide guidance for establishing secure ICS, including implementation guidance for SP controls Content Overview of ICS ICS Characteristics, Threats and Vulnerabilities ICS Security Program Development and Deployment Network Architecture ICS Security Controls Appendixes Current Activities in Industrial Control Systems Security Emerging Security Capabilities ICS in the FISMA Paradigm Downloaded over 2,500,000 times since initial release and is heavily referenced by the public and private industrial control community

12 Major ICS Security Objectives Restricting logical access to the ICS network and network activity This includes using a demilitarized zone (DMZ) network architecture with firewalls to prevent network traffic from passing directly between the corporate and ICS networks, and having separate authentication mechanisms and credentials for users of the corporate and ICS networks. The ICS should also use a network topology that has multiple layers, with the most critical communications occurring in the most secure and reliable layer. Restricting physical access to the ICS network and devices Unauthorized physical access to components could cause serious disruption of the ICS s functionality. A combination of physical access controls should be used, such as locks, card readers, and/or guards.

13 Major ICS Security Objectives Protecting individual ICS components from exploitation This includes deploying security patches in as expeditious a manner as possible, after testing them under field conditions; disabling all unused ports and services; restricting ICS user privileges to only those that are required for each person s role; tracking and monitoring audit trails; and using security controls such as antivirus software and file integrity checking software where technically feasible to prevent, deter, detect, and mitigate malware. Maintaining functionality during adverse conditions This involves designing the ICS so that each critical component has a redundant counterpart. Additionally, if a component fails, it should fail in a manner that does not generate unnecessary traffic on the ICS or other networks, or does not cause another problem elsewhere, such as a cascading event.

14 NIST SP , Rev 2 NIST SP , Rev 2 is a major update Updates to ICS threats and vulnerabilities Updates to ICS risk management, recommended practices and architectures Updates to current activities in ICS security Updates to security capabilities and technologies for ICS Additional alignment with other ICS security standards and guidelines New tailoring guidance for NIST SP , Rev 4 security controls including introduction of overlays ICS overlay for NIST SP , Rev 4 security controls that will provide tailored security control baselines for Low, Moderate, and High impact ICS

15 ICS Tailoring Guidance for NIST SP Controls - History NIST SP , Revision 2 Appendix I Industrial Control Systems Security Controls, Enhancements, and Supplemental Guidance, 2007 NIST SP , Rev 1 Appendix G Industrial Control Systems Security Controls, Enhancements, and Supplemental Guidance, May 2013 NIST SP , Rev 2 Appendix G - ICS overlay for NIST SP , Rev 4 security controls that will provide tailored security control baselines for Low, Moderate, and High impact ICS

16 NIST SP Security Baselines LOW Baseline - Selection of a subset of security controls from the master catalog consisting of basic level controls MOD Baseline - Builds on LOW baseline. Selection of a subset of controls from the master catalog basic level controls, additional controls, and control enhancements HIGH Baseline - Builds on MOD baseline. Selection of a subset of controls from the master catalog basic level controls, additional controls, and control enhancements Categorization based on the potential level of impact if the Availability, Integrity or Confidentiality of the system or information on the system is compromised.

17 Low Impact System

18 ICS Impact Level Definitions Low Impact ICS Product Examples: Non hazardous materials or products, Non-ingested consumer products Industry Examples: Plastic Injection Molding, Warehouse Applications Security Concerns: Protecting people, Capital investment, Ensuring uptime

19 Moderate Impact Systems 19

20 ICS Impact Level Definitions Moderate Impact ICS Product Examples: Some hazardous products and/or steps during production, High amount of proprietary information Industry Examples: Automotive Metal Industries, Pulp & Paper, Semi-conductors Security Concerns: Protecting people, Trade secrets, Capital investment, Ensuring uptime

21 High Impact System

22 High Impact System!!!

23 ICS Impact Level Definitions High Impact ICS Product Examples: Critical Infrastructure, Hazardous Materials, Ingested Products Industry Examples: Utilities, PetroChemical, Food & Beverage, Pharmaceutical Security Concerns: Protecting human life, Ensuring basic social services, Protecting environment

24 World Record High Impact System 24

25 NIST SP , Rev 2 Schedule NIST will collaborate with the public and private sectors over the next year to produce SP , Rev 2 Two drafts for public comment are expected First public draft expected early 2014 Final public draft expected summer 2014 NIST SP , Rev 2 is expected to be finalized late 2014

26 ISA-99 Standards Committee ISA-99 Committee on Industrial Automation and Control Systems Security developing a series of standards NIST has played key roles Members: ISA-99 Leadership Committee Co-Chair and General Editor: ISA-99 Committee Lead Editor: Working Group 2 Integrating Security into the Industrial Automation & Control Systems Environment Lead Editor: Joint Working Group 7 Safety & Security Technical Input: Working Group 4 Technical Requirements for Industrial Automation and Control Systems Member: ISA Standards and Practices Board NIST SP and SP provided as references to consider in the development of the standards ISA-99 standards also co-branded as IEC standards ISASecure Certification of ICS devices and systems

27 Contact Info Keith Stouffer Engineering Laboratory National Institute of Standards and Technology 100 Bureau Drive, Mail Stop 8230 Gaithersburg, MD