Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG All rights reserved

Transcription

1 Siemens AG - Corporate Technology - IT Security Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG All rights reserved

2 Not a single day without an IT security disaster Page 2 March 2015 Corporate Technology Siemens AG All rights reserved

3 The threat level is rising attackers are targeting critical infrastructures The Age of Computerworms Cybercrime and Financial Interests Politics and Critical Infrastructure Hacking against physical assets Code Red Slammer Blaster Zeus SpyEye Rustock Aurora Nitro Stuxnet "Hacking for fun" "Hacking for money" "Hacking for political and economic gains" States Criminals Hobbyists Organized Criminals Hacktivists State sponsored Actors Terrorists Activists Backdoors Worms Anti-Virus Hackers BlackHat Viruses Responsible Disclosure Credit Card Fraud Botnets Banker Trojans Phishing Adware SPAM WebSite Hacking SCADA Anonymous RSA Breach DigiNotar APT Targeted Attacks Sony Hack # of new malware samples Cyberwar Hacking against critical infrastructure Loss of privacy Identity theft # of published exploits # of published vulnerabilities Data sources: IBM X-Force Trend and Risk Report HP Cyber Risk Report Symantec Intelligence Report Page 3 March 2015 Corporate Technology Siemens AG All rights reserved

4 Incidents on critical infrastructure are taken seriously by governments The US government runs the ICS CERT 1) to monitor the increasing number of incidents in critical infrastructure From ICS-CERT Monitor January April 2014 Internet Accessible Control Systems At Risk "Tools, such as SHODAN, Google and other search engines, enable researchers and adversaries to easily discover and identify a variety of ICS devices that were not intended to be Internet facing. Adding to the threat landscape is the continued scanning and cataloguing of devices known to be susceptible to emerging vulnerabilities such as the OpenSSL Heartbleed." Public Utility Compromised "A public utility was recently compromised when a sophisticated threat actor gained unauthorized access to its control system network. After notification of the incident, ICS-CERT validated that the software used to administer the control system assets was accessible via Internet facing hosts. The systems were configured with a remote access capability, utilizing a simple password mechanism; however, the authentication method was susceptible to compromise via standard brute forcing techniques." ICS CERT reports 257 incidents in critical infrastructure in 2013 Healthcare Commercial Facilities Financial Information Technology Water Emergency Services Government Facilities Energy Communications Critical Manufacturing Nuclear Dams Transportation Data sources: ICS-CERT Report "ICS-CERT Year-in-Review 2013" ICS-CERT Monthly Monitor January April ICS CERT = Industrial Control Systems Cyber Emergency Response Team Page 4 March 2015 Corporate Technology Siemens AG All rights reserved

5 Different factors are driving the research demand for IT Security New Functionality Example Integrated solutions Device connectivity Security Use Case Examples Know-how protection Industry 4.0 scenarios Quality of Security Examples Robust and easy to use Long term security Page 5 March 2015 Corporate Technology Siemens AG All rights reserved

6 From standalone embedded systems to secure and intelligent Cyber-Physical Systems SW Open Source SW Intermodal Interaction Ambient Intelligence Cloud Computing Data Multi-Core Embedded System In-memory computing/ real-time DA 1) Social Networks and Platforms Knowledge Virtual World Cyber Security Standalone embedded systems Closed network of distributed embedded systems IT Security Open network of systems of systems of embedded systems Real World Yesterday Today Tomorrow 1) Data Analytics Page 6 March 2015 Corporate Technology Siemens AG All rights reserved

7 Future Trends will increase the need for Product and Solution Security Increased software use makes IT security more relevant Closed IT systems often not prepared against hostile external access Operational efficiency requires more and more open and interconnected systems (mobile devices, cloud, remote maintenance, always-connected ) Long system life cycles increase vulnerability and demands specific solutions, e.g. SW Off-site IT Cloud Tech cycles System life HW/SW changes Patching/ Virus scan Information technology 1-2 yrs 3-5 yrs Day/Week Standard Operation technology 3-5 yrs 5-15 yrs Mth/Yr Case by case? Safety technology 20 yrs yrs Decade Contradicts safety case! Security will make a difference in competitive environments.. Page 7 March 2015 Corporate Technology Siemens AG All rights reserved

8 IT-Security Challenges & Hacking Trends Open connectivity Every device is network enabled Everything runs IP and is cloudified with easy access & interpretation of data Internet, office & production networks are becoming one flat network (with some separation in between) Remote access, maintenance & adminstration to reduce costs Many multi-national subcontractors & OEM vendors with non-fitting security achitectures and legal issues Attackers get more sophisticated Embedded hardware hacking, reverse engineering, fuzzing, concolic testing Attacks shift to the application layer Attacks are (almost?) impossible to distinguish from normal user behavior How to reduce the attack surface? Right level of segmentation? End-to-end secure authentication, encryption & integrity protection? Secure against physical attacks, also on embedded device level? How much money to spend on security controls? Effective disaster recovery? Application level security including detection mechanisms? Clear understanding of worst case scenarios and consistant controls? Page 8 March 2015 Corporate Technology Siemens AG All rights reserved

9 Industrial and office IT have different management & operational characteristics Industrial IT Office IT Component Lifetime Availability requirement Real time requirement Physical Security Application of patches Anti-virus Security testing / audit Up to 20 years Very high Critical Very much varying Slow Uncommon / hard to deploy Occasional 3-5 years Medium, delays accepted Delays accepted High (for critical IT) Regular / scheduled Common / widely used Scheduled and mandated Security Awareness Security Standards Increasing Under development High Existing Page 9 March 2015 Corporate Technology Siemens AG All rights reserved

10 Industrial and office IT have different functional security requirements Industrial IT Office IT Confidentiality (Data) Low Medium High Integrity (Data) High Medium Availability / Reliability (System) 24 x 365 x Medium, delays accepted Non-Repudiation High Medium Office security concepts and solutions are not directly applicable for industrial control systems Page 10 March 2015 Corporate Technology Siemens AG All rights reserved

11 Industrial Security Defense-in-Depth-Conzept Plant Security Access Control Security Management Network Securiy Controlled Access between IT and OT networks, industrial firewalls Segmentation of OT networks System Integrity Antivirus- and Whitelisting-Software Systemhardening Maintenance and Patching Identification and Access Management Production Plant Plant Security NetworkSecurity System Integrity Security solutions in the context of industrial IT-security have to consider all protection layers Page 11 March 2015 Corporate Technology Siemens AG All rights reserved

12 We proactively address the paradigm shift towards open, interconnected industrial IT systems Paradigm shift towards open, interconnected IT systems à rising complexity Overall goals: improving usability, reducing complexity and optimizing the cost structure of secure products & solutions Security questions Authentication of a device What is it? Authorization of a device What is the device allowed to do? Trust in device Is it sufficiently secure? Interaction between systems How do devices communicate in a secure, reliable way Project goals for industrial environment Lean management of identities, access rights and keys for industrial devices and users Trust within the device: unforgeable identity, protection of credentials, authenticated access to data and commands Confidential, authenticated and integrity-checked information flow, reliable and in time Deliverables Managed Identities & Access Public Key Infrastructure (PKI) Identity and Access Management (IAM) Trust Anchor within the device Security Kernel for Embedded Systems (ESK) Modular Crypto Library Secure, reliable communication Embedded Security Protocol Library Secure industrial Gateway Page 12 March 2015 Corporate Technology Siemens AG All rights reserved

13 Secure, reliable communication is the key for the interaction between distributed systems Common situation today Solutions use products and services that build on communication. They often apply generic security communication stacks, were an internal coordination (integration options, licensing, testing, etc.) is missing. Business innovations demand that formerly isolated networks are opened and interconnected for enhanced services. Limits of current practices Many solutions build upon similar external secure protocol stacks. Integration within (embedded) platforms as well as updates of distinct security solutions are costly and of limited flexibility. Coupling between low security networks with high security networks preserving security, safety, availability and reliability only partly addressed. Paradigm shift towards open, interconnected IT systems We address the challenges in secure reliable communication in vertical and horizontal IT systems by supporting: Embedded Security Protocol Library Secure Industrial Gateway Page 13 March 2015 Corporate Technology Siemens AG All rights reserved

14 A trust anchor in the device as basis for customized cryptographic security mechanisms What is a trust anchor? Realization options for trust anchors Examples and limits of available HW trust anchors Provide secure key storage and protect security related calculations against manipulation and compromise HW based trust anchors provide the trustful means for cryptographic supported security operations Pure SW solutions provide only limited protection within the device HW-based solutions Function within main CPU Integration within system-on-chip / ASIC* Separate security chip on platform Add-on solution to system SW-based solution High integration effort No long-term availability High dependency on supplier Ø In-house solution required ASIC: Application Specific Integrated Circuit Page 14 March 2015 Corporate Technology Siemens AG All rights reserved

15 Embedded hardware security kernel realizes a trust anchor for devices Develop modular library for HW/SW-based security kernels Integrate customized solutions on embedded product platforms Realize prototypes within pilot projects Provide support for product developments Security Kernels within embedded systems consist of protected data and protected execution environments. They support attack-resistant processing of sensitive applications. The proposed implementation of a security kernel realizes a security anchor for embedded devices The result is a Siemens in-house realization of a security kernel implemented as customizable VHDL*/C design IP for FPGAs (and also ASICs*) Current Pilots : Rail Automation, Industry Automation Ø Consulting during design, product evaluation, realization, deployment and operation *FPGA: Field Programmable Gate Array VHDL: Very High Speed Integrated Circuit Hardware Description Language ASIC: Application-Specific Integrated Circuit Page 15 March 2015 Corporate Technology Siemens AG All rights reserved

16 Siemens Corporate Technology 2014 Thank you for your attention! Siemens AG All rights reserved