Industrial Security , Mannheim, VDI. Tino Hildebrand Head Marketing & Promotion SIMATIC HMI Industrial Automation Systems Siemens AG

Transcription

1 Wie sichern Sie Ihre Produktionsanlagen vor Angriffen aus dem Internet Industrial Security to guarantee top performance in production , Mannheim, VDI Tino Hildebrand Head Marketing & Promotion SIMATIC HMI Industrial Automation Systems Siemens AG

2 CERT (Computer Emergency Response Team): Global Network for cyber security issues and requests The organizational background for CERT organizations CERT cooperation Department of Homeland Security (DHS) The first CERT was founded in 1988 as a consequence of the first Internet Worm National Cyber Security Division (NCSD) Approx. 250 CERT organizations worldwide representing both governmental and private organizations Trusted information exchange via the FIRST (Forum of Incident Response and Security Teams) organization, new parties must be introduced by at least two existing members Expected rules of cooperation between FIRST members are defined in FIRST operational framework Control Systems Security Program (CSSP) Industrial Control System CERT (ISC-CERT) Focus : Control Systems only cooperates with US-CERT Focus: All IT-related issues related to US Page I IA AS S MP / Tino Hildebrand

3 Current CERT landscape showing Siemens CERT and other exemplary CERT organizations Communication between Siemens & ICS-CERT CERT cooperation Worldwide CERT network (over 250 governmental / private CERT organizations) Siemens CERT is first contact point for cyber security issues and requests concerning Siemens internal IT as well as product issues and requests CERT-Bund (Part of BSI) US-CERT ICS-CERT GovCERT.NL UKCERT Information is exchanged via trusted, encrypted channels (data) or telephone CERT.CC Siemens CERT ICS-CERT has so far notified Siemens CERT with several vulnerabilities which were disclosed by researchers to them AusCERT CNCERT Product CERT Service Corporate CERT Service Source: CERT/CC Page I IA AS S MP / Tino Hildebrand

4 Introduction Technological challenges How to implement Industrial Security Siemens to support your Industrial Security strategy The Defense in Depth Strategy in detail Summary

5 What are the current publications all about? Remember Stuxnet in 2010? Stuxnet was a highly sophisticated piece of malware Combined known and unknown vulnerabilities Designed to sabotage industrial processes What are this new SIMATIC vulnerability? Test of automation vendor components by ICS-CERT CERT ICS = Computer Emergency Response Team(s) = Industrial Control Systems Negative test results are sent as alerts to vendors Vendors patch weaknesses and/or warn customers Page I IA AS S MP / Tino Hildebrand

6 Vulnerability Disclosures Trends and Growth Reasons for a strong growth of vulnerability disclosures Trends Applications shifting to Cloud Computing approaches Increased use of Mobile Devices Weak members in the corporate security chain (top down) Employee Smartphone Laptops PC workstations Network infrastructure Mobile storage devices Tablet PC Computer centre Policies and guidelines Printer Production systems Page I IA AS S MP / Tino Hildebrand

7 Why is Industrial Security so important? Industrial Security for protection of production plant and automation systems Possible threat scenarios: Spying on data, recipes, Sabotage of production plant Plant downtime e.g. caused by virus and malware Manipulation of data or of application software Unauthorized use of system functions Possible effects of a security incident: Risk of death and serious injury Environmental impact Loss of intellectual property Loss of production or impaired product quality Damage to company image and financial loss Page I IA AS S MP / Tino Hildebrand

8 Introduction Technological challenges How to implement Industrial Security Siemens to support your Industrial Security strategy The Defense in Depth Strategy in detail Summary

9 has to cover a broad range of objectives Market security requirements Security requirements are driven by Process Automation (e.g. Pharmacy, FDA) and Energy Industry: Automated asset management of used components Automated identification of status of production (Legal) Proof of authorized exchange of devices OEM request: copy protection (even if reverse engineering is used) of their Software Components Requirements in integrated security for automation products Know How Protection Access Protection and User Management Communication Security System Integrity Process security for the whole Supply Chain Additional Malware/Spyware protection Industrial Security addresses end customers, machine builders and system integrators requirements Page I IA AS S MP / Tino Hildebrand

10 Office and Industrial World with different requirements Office Security Confidentiality Integrity Availability Industrial Security Availability Integrity Confidentiality Requirements that a Security solution must meet in an industrial context 24/7/365 availability has top priority Open standards for seemless communication and functionality Common standards, e.g. Microsoft systems software, as basis of automation solutions Constant operability and assured system access System performance Protection against mal-operations and sabotage Know-how protection System and data integrity Continuous communication between office and production IT systems for real time monitoring and controlling Data transfer in real time for efficient production processes Support throughout the lifecycle of a plant Security trail and change management Page I IA AS S MP / Tino Hildebrand

11 Introduction Technological challenges How to implement Industrial Security Siemens to support your Industrial Security strategy The Defense in Depth Strategy in detail Summary

12 Why to implement a security strategy instead of having just security measures? Great Wall Unconquerable wall single layer of protection no more checkpoints behind the wall No single security measure is good enough to prevent intrusions! Defense in Depth multiple layers of protection each layer supports the other layers for every transition between two layers an attacker must spend time and effort Page I IA AS S MP / Tino Hildebrand

13 Defense in Depth strategy - Creating multiple layers of protection Potential Threat Physical Security - Physical access to facilities and equipment Policies & procedures -Security management processes -Operational Guidelines -Business Continuity Management & Disaster Recovery DCS Security cells & DMZ -Secure architecture based on network segmentation Firewalls and VPN - Implementation of Firewalls as the only access point to a security cell System hardening - adapting system from default to secure User Account Management - Administration of operator und user rights (role based access control) Patch Management Defense in Depth because you should not rely on just one measure Malware detection and prevention - Anti Virus and Whitelisting Page I IA AS S MP / Tino Hildebrand

14 Defense in Depth strategy - Example Prevention: Firewall VPN Reaction: IDS IPS Virus Scanner Tolerant: Embedded hardening A safe and trustworthy operation needs more than one security layer - embedded security is needed Page I IA AS S MP / Tino Hildebrand

15 Fundamental Industrial Security levels Plant security Access blocked for unauthorized persons Physical prevention of access to critical components Plant IT security Controlled interfaces between office and plant network e.g. via firewalls Further segmentation of plant network Antivirus and whitelisting software Maintenance and update processes Access protection User authentication for plant or machine operators Integrated access protection mechanisms in automation components Industrial Security levels according to current standards and regulations Security solutions in an industrial context must take account of all protection levels Page I IA AS S MP / Tino Hildebrand

16 Automation Cells guarantee high productivity and ensure security requirements Complete plant security Internet Secure automation cells Structured actions as part of a comprehensive security concept are required on several different levels. One important protection level is to create secure automation cells by segmenting the network and restricting communication between the cells. Open communication between different automation components within a secure automation cell is state-ofthe-art and standardized (It is, for example, quite common to run production via OPC.) = secure communication between automation cells Page I IA AS S MP / Tino Hildebrand

17 Automation Cells guarantee high productivity and ensure security requirements Complete plant security Secure automation cells Internet Secure automation cells Structured actions as part of a comprehensive security concept are required on several different levels. One important protection level is to create secure automation cells by segmenting the network and restricting communication between the cells. Open communication between different automation components within a secure automation cell is state-ofthe-art and standardized (It is, for example, quite common to run production via OPC.) = secure communication between automation cells Page I IA AS S MP / Tino Hildebrand

18 needs contribution by everyone Management Operators OEM / System integrators Measures and processes that prevent unauthorized access of persons to the surrounding area of the plant Physical access protection for critical automation components (e.g. locked control cabinets) Requirements that operators of industrial automation systems must meet: Security guidelines and processes, Risk management in terms of security Information and document mgmt. etc. System-side requirements in terms of. Access protection, user control Data integrity and confidentiality Controlled data flow, etc. Component suppliers Requirements that components of an automation system must meet in terms of Product development processes Product functionalities Page I IA AS S MP / Tino Hildebrand

19 Introduction Technological challenges How to implement Industrial Security Siemens to support your Industrial Security strategy The Defense in Depth Strategy in detail Summary

20 Fundamental Industrial Security levels Plant security Access blocked for unauthorized persons Physical prevention of access to critical components Plant IT security Controlled interfaces between office and plant network e.g. via firewalls Further segmentation of plant network Antivirus and whitelisting software Maintenance and update processes Access protection User authentication for plant or machine operators Integrated access protection mechanisms in automation components Industrial Security levels according to current standards and regulations Security solutions in an industrial context must take account of all protection levels Page I IA AS S MP / Tino Hildebrand

21 Siemens Industrial Security approach Siemens Industrial Security approach Implementation of practicable and comprehensive Security Management in terms of the technology used as well as the engineering and production processes. The interfaces to office IT and the Internet/Intranet are subject to clearly defined regulations - and are monitored accordingly. PC-based systems (HMI, engineering and PC-based controls) must be protected with the aid of anti-virus software, whitelisting (positive lists) and integrated security mechanisms. The control level is protected by various integrated security functions. Communication must be monitored and can be intelligently segmented by means of firewalls. The Siemens Industrial Security approach is based on five key points that cover the main aspects of protection in all Industrial Security levels. Page I IA AS S MP / Tino Hildebrand

22 Siemens offering Industrial Security Services Professional consulting from the initial planning steps, through implementation and operation of a tailor-made solution, right up to its modernization Analysis of weak points Design of customized security solutions Security Management Within operations there is a clear need for processes and policies that cover all aspects for security Operational guidelines form an essential part of every Industrial Security concept Products & Systems Well thought-out concepts for the security of PCs, controllers and networks, fully in keeping with the spirit of Totally Integrated Automation Integral security in PCs and controllers Security products for networking and communication Siemens supports in selectively implementing these measures within the scope of an integrated range for industrial security Page I IA AS S MP / Tino Hildebrand

23 Security Management Industrial IT Security Services Security Management Products & Systems Security Management Security Management Process Security management and operational guidelines form an essential part of every Industrial Security concept Security measures have to be defined depending on the identified threats and risks to the plant Achievement and continuous preservation of the necessary security level needs a consequent security management process containing risk analysis with definition of mitigation measures coordination of organizational / technical measures regular / event-based repetition of the risk analysis. Industrial Security must be established at suppliers, integrators and operators likewise. Products, plants and processes have to be compliant with existing due diligence based on laws, standards, internal guidelines and state of the art. 4 Validation & improvement 1 3 Risk analysis Technical measures 2 Policies, Organizational measures Operational guidelines covering organizational and technical measures Page I IA AS S MP / Tino Hildebrand

24 Introduction Technological challenges How to implement Industrial Security Siemens to support your Industrial Security strategy The Defense in Depth Strategy in detail Summary

25 Defense in Depth strategy - Creating multiple layers of protection Potential Threat Physical Security - Physical access to facilities and equipment Policies & procedures -Security management processes -Operational Guidelines -Business Continuity Management & Disaster Recovery DCS Security cells & DMZ -Secure architecture based on network segmentation Firewalls and VPN - Implementation of Firewalls as the only access point to a security cell System hardening - adapting system from default to secure User Account Management - Administration of operator und user rights (role based access control) Patch Management Defense in Depth because you should not rely on just one measure Malware detection and prevention - Anti Virus and Whitelisting Page I IA AS S MP / Tino Hildebrand

26 - Defense in Depth strategy Physical Security Ignoring the risk of physical security could undo all other security measures Restrict physical and unauthorized access to Facilities and buildings Control and equipment rooms Cabinets Devices, PCs (USB, CD/DVD) Switches, cables and wiring LAN Ports, WiFi, Controller, IO System, PS, etc. Page I IA AS S MP / Tino Hildebrand

27 - Defense in Depth strategy Policies, Procedures,Training: Most critical path of an effective security strategy Management buy-in Defined Responsibilities Control System specific: Remote access & Service Laptops Portable Media Patch Management Strategy Malware Protection Mitigation and Disaster Recovery Plan Change Management & documentation Maintenance of Security Measures (e.g. FW rules) Regular Auditing of implemented measures Raise security awareness of personnel Provide training on policies and procedures Page I IA AS S MP / Tino Hildebrand

28 - Defense in Depth strategy Security Cells and DMZ: Key to a Secure System Architecture Limits the effect of a security threat to the local cell Internal network structure will not be visible from outside Access to the security cell only via clearly defined access points Page I IA AS S MP / Tino Hildebrand

29 - Defense in Depth strategy Firewalls and VPN: Secure access to the security cell Virtual Private Networks (VPN) with Data Encryption secure connections between cells through an unprotected network SCALANCE S for encypted, authenticated data exchange between devices through the IPsec tunnel in the VPN The data exchange/communication is protected against: eavesdropping espionage and manipulation Page I IA AS S MP / Tino Hildebrand

30 - Defense in Depth strategy System Hardening Commercially available PCs contain a lot of software that is not used by the process control system Many viruses are written against common software like Internet Explorer, Media Player, Active X, Javascript, Adapt an out of the box system from default to secure: Disable or lock down USB, CD/DVD, unused communication ports Remove and disable unnecessary applications, protocols and services e.g. , Games, Autorun, Screensaver, Messenger, Apply latest MS Patches SSC Siemens Security Console (DCOM, FW, limiting file registry, sharing, and database access) Bios PW and limit desktop and system access IP hardened equipment ensures that critical automation components do not fail when subjected to communication stress Page I IA AS S MP / Tino Hildebrand

31 - Defense in Depth strategy Preventing a wide range of attacks: Patch Management 90% of all successful cyber security attacks are based on vulnerabilities for which patches have already been released Only 2% of all equipment is completely patched (source: Secunia) PCS 7/WinCC support for MS Security Patches New MS Security Patches are tested for compatibility with latest/supported versions of PCS 7 Test results published via Newsletter and FAQ Patch Deployment via centralized Patch Server located in a perimeter network (DMZ) and Windows Server Update Serv. (WSUS) Setup of Patch Groups and Procedures for updating online (redundant system) Page I IA AS S MP / Tino Hildebrand

32 - Defense in Depth strategy Malware detection and prevention: Virus Scanner & Whitelisting The following virus scanners are approved: Trend Micro Office Scan Symantec Endpoint Protection McAfee VirusScan Enterprise To avoid a negative impact on performance or response time of the system, follow the recommended setup guidelines for PCS 7/ WinCC based Control systems Whitelisting to Stop unauthorized applications and malware Whitelisting software creates or holds a list of programs and applications that are allowed to be executed on a PC Software that is not part of the Whitelist will not be executed Benefits no pattern updates required less maintenance effective protection against zero-day exploits Page I IA AS S MP / Tino Hildebrand

33 - Defense in Depth strategy Summary Office PC OS Client OS Server Enterprise Control Network Office PC Perimeter Netzwork (DMZ) OS Client Process Control Network (DCS) OS Server WSUS or WWW IT - Firewall WSUS WAN AV Server Whitelisting Console Front - Firewall Engineering Station Quarantine - PC Back - Firewall Page I IA AS S MP / Tino Hildebrand Segmentation in Security Cells and DMZ Cell access via Front & Back FW only All Ports and Media Drives disabled PC hardening Latest MS Patches Role-Based Access Control and User Account Management with least privilege principle Anti Virus & Whitelisting File and data transfer to and from PCS 7 via Quarantine PC and FTP/SFTP in DMZ Remote access via secure communication, dedicated Access points and defined support user accounts and Policies and Procedures!

34 Introduction Technological challenges How to implement Industrial Security Siemens to support your Industrial Security strategy The Defense in Depth Strategy in detail Summary

35 More security where it matters in industrial automation Security at the control level Security Management Security at the communication level IT Link to the Office World PC based security functions see the website Page I IA AS S MP / Tino Hildebrand

36 Summary Industrial Security is not only a topic of technical implementation, but starts from security awareness across all layers of management and employees Industrial Security Security is an ongoing task and must be ensured through all lifecycle phases There is no 100% security Security is a process involving management, operators, integrators and suppliers and not only a product for sale Siemens Industry Automation provides products, systems and solutions as well as professional services to ensure overall Industrial Security for customers Page I IA AS S MP / Tino Hildebrand

37 Thank you for your attention! Tino Hildebrand Head Marketing & Promotion SIMATIC HMI I IA AS S MP Phone: +49 (911) Fax: +49 (911) Cellular: +49 (173) tino.hildebrand@siemens.com _IndustrialSecurity_VDI_Mannheim_Hildebrand_EN.ppt