WORKSHOP Rethinking Cyber Security for Industrial Control Systems

Transcription

1 WORKSHOP Rethinking Cyber Security for Industrial Control Systems Bob Mick, Workshop Moderator VP Emerging Technologies ARC Advisory Group 1

2 Re-Thinking Cyber Security Why Re-Thinking? An ARC Advisory Group Perspective Are we on the Right Track? What are the Emerging Opportunities? Are We Investing in the Right Security Activities? 2

3 Security In Manufacturing, Utilities Industrial Control Systems ICS Business Systems ERP, SCM, CRM, EAM, BI Lab Systems, Engineering Systems Remote Access Networking Software Servers Business Systems Remote Users Operations Management Networks Intelligences, Analytics, Integration Historians, Recipe Management, User Interface Networks HMI DCS Trending SCADA Operations Management Engineering Automation Systems Network Unit Controllers, PLCs, Devices Automation Laboratories Network Perspective Security Zone Perspective Focus on Cyber Security for ICS Operations Management and Automation 3

4 How Do We Approach Re-Thinking for ICS? Industrial Control System (ICS) Cyber Security Examine Fundamental Issues Miles McQueen, University of Idaho - Idaho National Labs INL is involved in several activities relative to ICS Basic Research participate in the academic community Miles challenge: Make us think Listen to a Voice of Experience Ernie Rakaczky, Invensys Contributed to many ICS Cyber Security activities Ernie s challenge: Represent the Supplier Perspective Open Discussion (~40 min) You, from your perspectives Your challenge: Share your ideas and issues (be positive) The Workshop Strategy 4

5 Rethinking Cyber Security For Control Systems Address Fundamentals Build on Experiences Start Title Speaker 200 2:00pm Opening and Overview Bob Mick, ARC Re-thinking Cyber Security for ICS 2:15pm 3:15pm Software and Human Vulnerabilities Implications for our Critical Infrastructures Break (30 minutes) Miles McQueen, INL 3:45pm Human Factors and a Need for Resilience Miles McQueen, INL 4:45pm Automation Suppliers Perspective and Strategies Ernie Rakaczky, Invensys 5:15pm 6:00pm Q&A Panel and Open Discussion All participants Conclude (for today) Bob Mick, ARC Take Notes about Your Questions and Ideas For the Open Discussion 5

6 Miles McQueen Idaho University Idaho National Labs Principal Investigator, Cyber Security R&D Department, Idaho National Laboratory Miles has held a variety of leadership roles at INL and has also been Director of the University of Idaho s Computer Science Program at the Idaho Falls Center for Higher Education. With well over 20 peer-reviewed reviewed scientific publications, Miles is currently leading research teams investigating cyber threat attack propagation and consequence modeling for multiple infrastructure simulation efforts. Previously, he investigated novel, first of a kind, 0Day vulnerability estimation techniques. Before the 0Day research, Miles led research teams in the investigation of security metrics, attack graphs, and attack surfaces in collaboration with Carnegie Mellon University and Princeton University Computer Science faculty. Miles has been invited, and has served, on a variety of national level security working groups providing assessments of the current state of the art in cyber security, evaluating the strengths and weaknesses in foundational principles, and identifying promising directions for future research and development. 6

7 Ernie Rakaczky Invensys Operations Management Program Manager, Control System Cyber Security Ernie has played an active role within the process control arena for over 32 years with the past 7 years fully dedicated in addressing the cyber security requirements for process control systems and raising the overall protection of our global infrastructures. Currently he has the responsibility to ensure a clear understanding and focus on cyber security requirements within all IOM product strategies at Invensys. As each product strategy is defined, consideration of current regulatory requirements, industry best practices and requirements that IOM clients are specifying within their procurement processes are addressed. Additionally, Ernie participates in the efforts underway at ISA within SP99, Automation Federation, NIST-SMART GRID, within ICSJWG from DHS, MSMUG and plays an active role in the various security initiatives with DOE, DHS, INL, NRC, NPRA, IAEA, and SANDIA. 7

8 Rethinking Cyber Security For Control Systems Address Fundamentals Build on Experiences Start Title Speaker 200 2:00pm Opening and Overview Bob Mick, ARC Re-thinking Cyber Security for ICS 2:15pm 3:15pm Software and Human Vulnerabilities Implications for our Critical Infrastructures Break (30 minutes) Miles McQueen, INL 3:45pm Human Factors and a Need for Resilience Miles McQueen, INL 4:45pm Automation Suppliers Perspective and Strategies Ernie Rakaczky, Invensys 5:15pm 6:00pm Q&A Panel and Open Discussion All participants Conclude (for today) Bob Mick, ARC Take Notes about Your Questions and Ideas For the Open Discussion 8

9 Let s Get Started! For more information, contact [email protected] or visit 9