NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives

Transcription

1 NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives Center of excellence for secure integration, deployment and sustainment of Industrial Control Systems and Operational Technology infrastructure

2 CONTROL SYSTEMS - THE CYBER- SECURITY LANDSCAPE Historically, PITs were designed to value reliability and safety as opposed to cyber security. Current systems now include network connectivity, and many legacy PITs have been networked using add-on interfaces. It is necessary to evaluate all proposed changes to PIT hardware and software to ensure that existing reliability and safety margins, as well as cyber security requirements, such as access control, need to know, and least privilege, are met. Many older PITs in use do not have any cyber security associated with them Adding them to a network opens them up to security threats that were not applicable while they were stand-alone systems monitored and controlled by local personnel. Many PITs operate on a 24 hour by 7 day basis and cannot be patched during operation Changes to hardware and software must be made in a controlled manner using a test bed to ensure that the PIT will perform properly when upgraded and will have improved cyber security.

3 PIT CYBER TEST BED EMPLOYMENT PIT Cyber Test Bed (PCTB) will be used to: Fulfill multiple missions in support of development, integration, testing, and simulation of Operational and Information Technology related to Control Systems, Data Collection Systems, and Management Information Systems Evaluate all proposed changes to ensure that existing reliability and safety margins are met, and cyber security requirements (i.e., access control, need to know and least privilege) are met Evaluate how people will respond to cyber incidents Test the impact of classified and unclassified security events Test the classified and unclassified impacts of Information Assurance Vulnerability Alerts (IAVA), Information Assurance Vulnerability Bulletins (IAVB), Alerts issued by PIT-CERT, and equivalent monitoring sources

4 PIT CYBER TEST BED DESCRIPTION Collection of systems/devices typical of those used in DOD ashore PIT facilities Buildings, Power Plants, Substations, Attempt to break the systems as installed today Evaluate potential mitigation from commercial vendors, universities, labs Attempt to break the systems after mitigation Provide guidance/lessons-learned to DOD and industry

5 RELATIONSHIP OF PCTB TO CS-CSI PCTB will connect to CS-CSI components to Evaluate ongoing threats to DoD CS networks and configurations Evaluate the impacts of IAVA and IAVB on current (legacy) and future PIT configuration PCTB will support all Automated Meter Infrastructure (AMI) within the CS Cyber Security Infrastructure (CS-CSI) Incorporates many features of CS-CSI but in a test environment PCTB Extensions will allow it to identify risks of attacks and demonstrate improvements to mitigate vulnerabilities

6 DESIGN AND DEVELOPMENT PLANS BUILT TO SUPPORT ASHORE SYSTEMS Phase 1: Support for AMI within the Smart Grid Cyber Security Infrastructure AMI Test and Evaluation Equipment Access to PSNet and NMCI Phase 2: Support for the CAF Test BCS and UCS operating under the CAF Test non-ca BCS and UCS Phase 3: Extension of the PCTB Demonstrate forensics and logging for serial and IP Demonstrate how to encapsulate legacy CS commands Identify system impacts from patching

7 PCTB NECESSARY RESOURCES A controlled environment for testing, improving and maintaining the cyber status of typical systems found in naval facilities Representative CS and CS-PE systems, test hardware and software, and appropriate network connectivity Staff with appropriate expertise and training Develop CS cyber-security policies and procedures Identify, research, fix or mitigate security weaknesses in CS systems Establish methods to patch/upgrade servers and network devices needing constant availability

8 MISSION Be the corporate Baseline for PIT and AMI configuration. Maintain Experimental / Evaluation environment for Enterprise MIS. Simulate Systems load through software emulation. Evaluate New/Modified OT component interaction with the Baseline. Replicate specific FEC environments for training purposes. Replicate specific environmental configurations for intrusion exercises (Red Team / Blue Team). Evaluate integration of experimental technologies (Micro Grid, Solar, etc). Evaluate integrations/interfaces with MIS.

9 PCTB EARLY OPERATIONAL INITIATIVES Emulate AMI and CS-PE operational architectures Evaluate security posture of new and existing UCS and BCS Identify and mitigate vulnerabilities break, fix, try to break some more Test OS and application updates, patches Test newly developed systems before being deployed Test legacy systems identified as being vulnerable. Periodically re-test existing systems to see if security posture has changed. Develop an enterprise patch management process and standard operating procedures Establish CS configuration and change management Ensure compliance with DoD cyber assurance requirements Make use of industry CS cyber security best practices Define systemic and personnel responses to cyber events Conduct red team blue team penetration testing.

10 RECOMMENDED APPROACH Phase 1a NITC Define Implementation Plan based on existing study and requirements. Build Out Baseline Enclave Environment per Enclave CDA guidelines. Establish Configuration / Change Management processes and procedures for updates to the Baseline. Phase 1b HQ Establish overall requirement for access controls and space allocation based on to-be capabilities Evaluate physical environment at PRTH to determine whether any structural modifications are required to establish appropriate testbed environment (including control/operations area, training capabilities, and OT component rack and storage spaces). Evaluate common components that should be included in testbed capability suite.

11 RECOMMENDED APPROACH (CONT.) Phase 2 NITC Build Out simulation environment HQ transfer common components to PRTH as appropriate Identify / Acquire hardware/software suite for load simulation Identify / Acquire hardware/software suite for network environment simulation Establish SOP for documenting testing configuration, goals, and results. IOC Phase 3 Establish Library of configurations for each FEC/Locality operating environment. Establish SOP for altering the testing configuration based on Library contents. Establish SOP for enabling/disabling interconnections/interfaces with MIS during test cases.

12 RECOMMENDED APPROACH (CONT.) Phase 4 Establish SOPs for intrusion testing to include documentation of any purposeful changes to overarching testbed security settings to enable specific components to be tested for vulnerabilities. Establish SOPs for interconnection with experimental engineering environments (micro grid, Labs, etc) FOC

13 PCTB TEST ENVIRONMENT Physical and virtual test environments accurately model existing and proposed Navy CS systems Working copies of deployed PIT Platform Enclaves (PIT-PE) Representative samples of CS as deployed in Navy environments Unique AMI vendor implementations Contemporary and legacy building control systems Data Communication (PSNet, NMCI, regional PIT networks) Utility-scale control systems (SCADA, MicroGrid) Simulated real-world interfaces and operational environments Meters, sensors and controllers Ship, aircraft connect and disconnect (Cold Iron) Power grid management and event communication Weather data

14 PCTB KEY SERVICES PIT vulnerability assessment Network and port mapping Wireless traffic monitoring and tampering Intrusion detection and node behavior analysis User activity monitoring Server and Application security testing Denial of Service Command and Response Injection Response to unexpected inputs (input fuzzing) Loss of control outcomes Data Acquisition and Logging Evaluate logging solutions where current data captured is inadequate Reliability, Availability, Security metrics Hardware and software configuration monitoring

15 SAMPLE ELEMENTS TO BE TESTED Network Operation Center (NOC) Human-Machine Interface (HMI) Overview of system availability, reliability, security Supervisory Station Local control station in building or facility Servers, Software, Communications to data collection devices Remote Terminal Units (RTU) Connected to physical equipment Convert electrical signals from sensors to digital data Field Devices Measure analog or digital values Output to local controllers or metering devices

16 PCTB LOCATION Port Hueneme Bldg 2 (EXWC-NITC) Secure, access-controlled space Existing power with backup generator Access to PSNet and NMCI Rm 140

17 PCTB SCHEDULE Support for AMI within the Smart Grid Cyber Security Infrastructure AMI Test and Evaluation Equipment Access to PSNet and NMCI Support for the Common Architecture Framework (CAF) Test BCS and UCS operating under the CAF Test non-ca BCS and UCS Establish interfaces to MicroGrid Test Facility Extension of the PCTB Demonstrate forensics and logging for serial and IP Demonstrate how to encapsulate legacy PIT (ICS) commands Identify system impacts from patching

18 THE PCTB WILL IMPROVE THE OPERATIONAL SECURITY OF CS Evaluate how cyber systems respond to intentional or unintentional cyber incidents Evaluate how people will respond to cyber incidents and in what time frame Evaluate all proposed changes to CS to ensure that existing reliability and safety margins and cyber security requirements are met Verify that cyber security technologies, testing, and / or operator responses will not impact the reliability and availability of the control systems during normal or upset operation Monitor all network traffic, operator commands, and equipment automatic operations, as well as the ability to simulate operations and operator displays in the face of selected cyber threats

19 MICROGRID TEST FACILITY

20 MICROGRID TEST FACILITY

21 MICROGRID TEST FACILITY Re-configurable test-bed to validate equipment readiness prior to deployment, and test microgrid systems and components featuring developing technologies Integrate and test renewable energy, energy storage, traditional power generation and control systems in combinations to obtain stable and secure microgrid systems Produce Test Reports and guidance documents to assist in successful deployment of distributed energy resources and microgrid systems Construction start FY15 4 th Qtr, complete FY16 2 nd Qtr At MUSE yard, Port Hueneme Interact with PCTB Provide testing and demonstration of control and monitoring functions.