ABB s approach concerning IS Security for Automation Systems

Transcription

1 ABB s approach concerning IS Security for Automation Systems Copyright 2006 ABB. All rights reserved. Stefan Kubik [email protected] The problem Most manufacturing facilities are more connected (and more vulnerable) than their owners and operators may think Off-the-shelf technology has often been deployed without an adequate understanding of the impact on risk Neither Information Systems nor Process Control departments have all the required skills Problems are similar but not identical Requirements on availability, performance, and immediate access Failures may cause endangerment of employee, public, and environmental safety This is not just a matter of technology it s about people, relationships, organizations, and processes 2005 ABB - 2

2 The problem A dramatic development from relatively few primarily internally initiated security incidents to large volumes of externally initiated incidents ABB - 3 The Myths and Facts behind Cyber Security Risks for Industrial Control Systems, Eric Byres, BCIT The problem World-Wide Attack Trends Infection Attempts 900M 800M 700M 600M 500M 400M 300M 200M 100M Polymorphic Viruses (Tequila) Mass Mailer Viruses (Love Letter/Melissa) Zombies Denial of Service (Yahoo!, ebay) Blended Threats (Code Red, Nimda, Slammer) Malicious Code Infection Attempts Network Intrusion Attempts , , ,000 75,000 50,000 25,000 Network Intrusion Attempts 2005 ABB - 4 Source: CERT

3 Security is not just a technical solution Security Policy Responsibilities Information Security Organization Personnel Job Definitions Training Incident Handling Secure Areas General Controls Equipment Physical Security Process Control Security Access Control User Authorities Firewall Configuration IT Security Monitoring Audits Legal Security Policy Compliance Administration Maintenance Procedures Security Updates System Updates 2005 ABB ABB - 5 Security Solutions There is no single solution that is effective for all organizations and applications Security begins and ends with human behavior 100% security is not feasible Physical Security Organization Compliance Process Control Security Personnel Administration & Maintenance Access Control Like safety, security is a continuous process, not a once and for all technology solution!

4 Security is a Continuous Process Risk Analysis Audit Policy 2005 ABB - 7 Goals : Administration Long-term strategy Consistent processes Appropriate technology Qualified and motivated people Implementation Security Solutions Risk reduction should be balanced against the cost of security measures to mitigate the risk risk = (probability of successful attack) x (potential consequences) 2005 ABB - 8

5 Security Solutions Risk reduction should be balanced against the cost of security measures to mitigate the risk risk = (probability of successful attack) x (potential consequences) Security Usability Low Cost 2005 ABB ABB - 9 Security Solutions Most (but not all) attacks use known weaknesses Most (but not all) hackers go after easy targets Basic security measures can prevent casual attacks Protection against determined attacks may require extensive security measures Multilayered solutions providing defense-in-depth Prevention + Detection + Response

6 Good Practices Develop a security policy Define clear organizational responsibilities Plan for incident response, including how to recover from potential disasters Regularly audit security systems and procedures, and compliance with the security policy Use anti-virus SW Keep the system updated Use the concept of security zones 2005 ABB - 11 Security begins and ends with human behavior! Security Zones Different zones for different security levels Resources in same zone have the same minimum level of trust Access between zones only through secure interconnections Corporate network Available to all employees Site intranet Available to local employees Automation system Available to operators and process and control engineers 2005 ABB - 12

7 Network Security Zones 2005 ABB - 13 A high security zone should be small and independent Separate domain Connect to external networks only if absolutely necessary Limit traffic through firewalls to what s absolutely necessary Apply the principle of minimum privileges Monitor for intrusion attempts Restrict use of laptops and portable memory devices Scan for viruses immediately before connecting Use strict procedures for SW updates Check origin and scan for viruses before introducing No , instant messaging, or internet surfing in high security zones Network Security Zones - Example 2005 ABB - 14

8 Security is ultimately the user s responsibility Proper implementation, configuration, operation, and maintenance of security procedures and equipment is the responsibility of the user of the automation system Effective security solutions require support from Automation System and Solution vendors Operating system provider 2005 ABB - 15 The SD 3 Security Framework 2005 ABB - 16 Secure by Design Development processes that specifically address security Conscious efforts to analyze threats and to identify and remove vulnerabilities Secure by Default By default the system presents a minimal attack surface after installation Secure default settings, turn off unused features, Secure in Deployment User documentation and training to ensure that the system is installed, configured, and operated in a secure way Adequate features for Detection of and defense against attacks Disaster recovery Secure system management

9 ABB s contribution Quality Management System for secure product development Threat analysis Secure coding practices Checklist based design and code reviews Quality assurance testing Penetration testing Product features designed to regulatory requirements Role and location based security on object and attribute level Re-authentication, Double authentication, Log over Audit trail, Digital signatures Automated system installation Secure default settings, incl. Windows hardening 2005 ABB ABB - 17 ABB s contribution Validation of Microsoft security updates All relevant updates are tested for compatibility Result available within 2 7 days Anti-virus SW configuration guidelines Security related configuration advice, guidelines, and consulting services More information at > Control Systems > Security

10 ABB s Security Packages Consulting Policy Solution Maintenance 2005 ABB - 19 Security Workshop Risk Assessment Security Training Notification and Update Service Policy implementation Automation Network Security Audit Technology Solutions Disaster Recovery Plan Site to Site Security Workplace Wireless LAN Remote IT Security Enterprise Connection Services Remote Access Antivirus & Patch Management Summary The security of manufacturing and control systems becomes increasingly critical as disparate networks and systems are integrated Users and vendors of automation systems need to pay correspondingly increased attention to these issues Similar to process and safety improvements, security needs to be a continuous activity No security can be 100% effective, but careful planning and implementation of security measures can reduce risks to acceptable levels for each application and organization 2005 ABB - 20

11