Aproved by: doron berger Data Security Manager - National Security unit

Transcription

1 Israel Electric Corporation National Security unit Data Security Security of critical project performed by vendor abroad Aproved by: doron berger Data Security Manager - National Security unit

2 Project system security standard specification 1. Introduction Israel Electric Corporation (IEC) being an organization directed according to Israeli public bodies security act -is subject to regulation pertaining its critical SCADA/DCS assets. This document sets security requirements the purpose of which is to ensure the proper management of security in development or upgrade of a critical project for IEC (henceforth: the requirements). The body performing this development/upgrade will be called henceforth: the supplier. Compliance of supplier to the requirements set forth in this document will be accomplished when: a. The supplier declares, in appendix A, that he adheres to the requirements included in this document. b. IEC representatives will conduct a survey with satisfactory results at supplier premises prior to project kickoff or during other early stage, in coordination with the supplier security entities. 'Information' - This document regards information as any data and/or technical material and/or personal and/or technological and/or commercial of IEC and/or its affiliates; including that handed to IEC by third party, as long as it hasn't become public according to IEC permission; and any data pertaining IEC business or its customers' business, given to the supplier and/or to supplier employees and/or became their possession during their work, by heart, in writing, in electronic media or any other way, including any product, idea, plan or document. Any technological and managerial information in the project are included in the above 'information' definition. The security requirements are as follows: 2. Supplier structure, policy and procedures 2.1 The supplier shall present security policy or alternatively shall refer specifically, in its quality control policy, to: Managing the protection of IEC hardware and software assets, particularly IEC critical assets; Supplier organizational structure which supports the security issue; The commitment of supplier management to fulfill the requirements of this document. 2.2 The supplier is required to nominate a manager to the project security.

3 2.3 Supplier shall present procedures supporting the implementation of the requirements included in this document. 2.4 Supplier shall present an appropriate organizational structure which supports the above procedures (par. 2.2) and their enforcement on its employees and third party/affiliates; including presentment of evidential documents such as minutes-of-meetings, verification of training etc.). 2.5 Supplier shall prepare a security plan for the project. The plan shall include implementation of the requirements in this document and detailed reference regarding the following subjects: risk management and vulnerability scans and their remedies/treatment; prohibiting access to the project information including industrial espionage; and possible advanced security measures exercised by supplier in the project. All the requirements included in this document apply to any place in which the project or part of it is performed, including third parties. The security plan shall be handed to IEC for approval prior to project design and shall be a pre-requisite to project development. 3. Project security implementation 3.1 IEC representative will supervise the implementation of project security throughout its phases, beginning with design, development, through factory erection, FAT, till disassembly for shipping, packing and marking for delivery (henceforth: project period). The supplier shall be responsible for the integrity and completeness of the system throughout the transportation from supplier premises to IEC project site. 3.2 IEC representative will install and operate logical security tools on the project system, in collaboration with the supplier, including hardening. As an extra security measure, IEC representative may be granted full control on the security tools in the project system. 3.3 The supplier agrees to accept the directives of IEC representative per par. 3.2 above throughout the project period. 3.4 In collaboration with supplier, IEC representative will be entitled to conduct inspections, for the purpose of reviewing the implementation of the security requirement at the supplier premises. Supplier shall cooperate and grant the needed assistance in fulfillment of this audit. 3.5 In the framework of security activity, IEC representative will be allowed, with prior supplier consent, to copy the project system portable media (such as hard disks) for further security checks and/or to install security tools intended to register/capture the project configuration for future verification and vulnerability analysis. 4. Physical security 4.1 Supplier shall allocate a separate secured and controlled physical working environment for the project (henceforth: the secured area). All the elements of the project, including all scope of delivery and project ancillary equipment in supplier premises, such as test equipment, must reside in the

4 secured area throughout the project period, including the stages of packing and storing for dispatch. 4.2 The secured area walls shall be rigid construction. The secured area shall have four walls, ceiling and floor. 4.3 The entrance doors to the secured area shall be metal made and equipped with electromagnetic locks. The locks shall be approved beforehand in writing by IEC. The entrance to the secured area shall be controlled according to the following conditions: Identification via biometric or encrypted proximity card, in a reputed standard approved by IEC beforehand The entrance control shall be in the supplier internal network and shall not be connected to any external network or Internet Entitlement to give entrance permits shall be granted only to a supplier employee, whom IEC will approve beforehand. The supplier shall prepare a procedure for entrance permits, which will include a process for granting reasonable permits to authorized personnel The entrance control system shall enable entry of authorized personnel only. It shall alarm on unauthorized access attempts, on attempts to neutralize the control system, and any illegal attempt to enter the secured area through its doors The entrance control system shall alarm on 'bothered' door whenever the secured area door is left open for a period longer than one minute The entrance control system shall provide reports and facilitate forensic features namely. full interrogation of events at least ninety days back. 4.4 The secured area shall not be identified as an IEC project. 4.5 CCTV cameras shall be installed in the secured area to cover the whole area. The cameras shall photo and record 24 hours. The records shall be stored and available for at least 90 days back. The recording computer and records shall reside in a place which may be accessed by security personnel only. 4.6 Physical intrusion detection system shall be installed in the secured area. It shall cover the whole area and all apertures. The intrusion detection system shall adhere to reputed standards; include local horn; and connection to security center as per par.4.7. The intrusion detection system shall include at least two communication channels (cellular and wire) which enable messaging alarms/faults. The intrusion detection system center/concentrator shall reside in a place which may be accessed by security personnel only. 4.7 The entrance control system, the intrusion detection system and the CCTV shall be connected to security center which is active around the clock. The security center shall be able to send a force which will reach the secured area within maximum period of 10 minutes from receipt of alarm or other security message.

5 4.8 IEC will be authorized to watch, under prior coordination with supplier, the information depicted above, on the security systems - in order to examine security events. 4.9 The supplier undertakes to inform IEC of any intrusion to its premises even though nothing has been stolen, immediately upon occurrence. The supplier shall be responsible to inform IEC security entities via IEC central security; available 24 hours including weekends and holydays, on phone number (multi-line). Example events are: theft of data/information, intrusion, lost of laptop/external memory etc. 5. Supplier employees 5.1 Supplier shall manage records on employees who are involved in any stage of an IEC project. 5.2 Supplier shall submit to IEC the records of every employee designated to work on IEC critical project for a security compliance check, to be performed by IEC prior to any access of the worker to any stage of the project. The supplier shall not employ anyone on the IEC project at its premises or at subcontractor/third party premises, unless IEC has given in writing its approval. 5.3 The supplier undertakes to inform IEC promptly of any change in the status of any employee (including third party/subcontractor) who is working on any stage of an IEC project. Examples are: criminal conduct, termination of employment, prolonged private staying abroad without reasonable cause etc. 5.4 The supplier shall submit a copy of the records to IEC prior to employment of the person on IEC project. It is emphasized that a person shall not be allowed to work or enter the secured area unless prior written consent from IEC. 5.5 The supplier undertakes to monitor the permits and privileges of its employees in a manner which grants access to the secured area and/or to IEC information and/or to handling IEC project items only to authorized personnel. In this context the supplier undertakes to promptly remove the permits and privileges of any person who ceased for any reason to work on any stage of IEC project. 5.6 The supplier undertakes to sign up each and every authorized worker on the Non Disclosure Agreement (NDA), appendix 2 of this document. 6. Handling IEC data 6.1 A dedicated and secured hard disk shall be allocated by supplier to IEC project data. The network on which this data resides shall meet the following requirements: Disconnected from Internet Identification to access the data shall be done via complex password with at least six characters comprising special character and alphanumeric. Password change shall be enforced once every ninety

6 days. Last six passwords shall not be allowed. Access shall be locked upon three erroneous trials The supplier shall monitor for authorized access to IEC data, and proper audit trail and logging of this activity The supplier shall record and audit all data retrievals The supplier shall backup IEC data and verify that the backup files are separated from the general premises backup system namely, IEC backup shall be done in a secured network. 6.2 Access to IEC data shall be granted only to security authorized persons. 6.3 Access rights to IEC data shall be periodically verified (at least once a month). This activity shall be recorded. 6.4 The supplier shall manage, and present upon request, records of all IEC data owned at its premises including data/information developed by supplier for IEC; including physical and electronic/computerized. The records shall also include dates of receipt and dates of handling. 6.5 Security of records The supplier shall centrally manage IEC data, which is stored on IEC physical items/entities, at the secured area or at other secured area conforming to the above security requirements. Regarding this clause, data is any material pertaining IEC and the services given by supplier to IEC critical systems, which is stored at supplier premises or at subcontractors / third parties. The supplier shall store the data in locked metal cabinets or vaults. Access to the stored data physical location shall be granted only to IEC and supplier authorized personnel. 6.6 Cleaning of the secured area shall be done only in the presence of authorized personnel. The entry and/or work of visitors, maintenance personnel, cleaners etc. to the secured area shall be personally accompanied by supplier employee(s) throughout their presence in the secured area. 6.7 The door of the office/place in which the cabinet/vault is located shall be locked upon leaving of the last authorized person. 6.8 Duplication and coping of the material shall be done only by authorized person. Surplus copies shall be promptly discarded via shredding. 6.9 The supplier shall not forward IEC information to third party unless given in advance written consent from IEC. The information shall be transferred in encrypted manner If IEC classified information/data needs to be processed on an external computing machine such as a laptop (henceforth: laptop), the following directives shall apply: The laptop shall be connected only to the secured network of the supplier per par The laptop shall not be connected to any other network, including wireless. This directive shall be enforced by physical and logical disconnection of the connection capability.

7 Supplier shall enforce its security policy, including antivirus updates, on these laptops The hard disc of the laptop and any other device which storing IEC classified material, shall be encrypted. The encryption tool shall be approved in advance by IEC security bodies Laptops shall not be left unattended in a parking car or other vehicle, including trunk /luggage compartment IEC data shall not be allowed to be taken to workers residence via laptop or any other mean. 7. Protection of the project computerized items 7.1 The project shall be developed in an isolated network (henceforth: the secured network). The secured network shall not be connected to internet or any external network. The data may be stored on the secured network. 7.2 The secured network configuration shall be planned in advance with IEC collaboration. The command and control on the secured network components shall be solely in the hands of the supplier, not by any third party. 7.3 The secured network configuration shall be preserved throughout the project. Any configuration change shall have prior written IEC approval. 7.4 The supplier shall monitor and control the secured network and its configuration continuously. As a minimum the supplier shall control the users, password policy change, complexity, configuration of security devices, updated antivirus, communication security and prevention of attempt to connect unauthorized devices. The supplier shall own documented procedures for this activity. 7.5 The test equipment used during all phases of the project shall conform to the following requirements: The test equipment shall be connected to the secured network only, and comply the secured network requirements In case the test equipment had been used in other projects, the supplier shall fully reset the equipment, uninstall and erase all tools and files which where used by the previous projects, perform antivirus check, neutralize all access from external devices, perform hardening according to joint IEC-supplier procedures; and prevent execution of any files which are not legal part of IEC project. 7.6 On any security event in the secured network such as intrusion, virus, unidentified device or any exception from the network routine activity/behavior the supplier undertakes to promptly inform IEC security bodies, via IEC security report center; the availability of which is 24 hours, including weekends and holidays, phone number (multi line), matebit@iec.co.il. The message must be by phone and the mail should serve as a backup only. 8. Termination of project at the facility, packing and delivery

8 8.1 Upon termination of the project at supplier premises the following actions shall be performed, in the presence and with supervision of IEC representative: 8.2 Disassembly of project items and preparation to delivery. 8.3 IEC representative shall put a unique sticker on each case (namely items which unite to a case such as PC, controller etc.). The sticker will be supplied by IEC security department. The sticker shall be placed in a manner which disables the opening of the case from any side unless damaging the sticker. 8.4 The delivery list shall indicate every device which had been marked with a sticker. 8.5 During the entire packing and delivery phases the project equipment shall be placed in the secured area. 8.6 Upon receipt of delivery in Israel, the cases shall be opened in the presence of IEC representative, and all listed stickers shall be checked for integrity. In case any of the above requirements is violated, an immediate notification to IEC security center shall be made. 8.7 Supplier shall return to IEC all the information stored at its premises regarding IEC project, except for technical documentation which has been decided by IEC and supplier to remain in the hands of the supplier for maintenance. All security requirements shall apply regarding this information as long as it is being held at supplier premises, even though the project period is over. 9. Correspondence and exchange of information 9.1 All correspondence between IEC and the supplier regarding the critical system, such as operation, maintenance, configuration, reports etc; and particularly configurations of security measures shall be done via encrypted media. The encryption of the media shall be done by reputed standard and proven technology which conforms to the networking/communication and security infrastructure at IEC. General guidelines for this issue are: data encryption, authentication of data source, integrity of data, ratification upon receipt and sending of data. 9.2 Validity these requirements shall be valid for all phases of the contract, beginning with kickoff, through installations and operation. 10. Supplier employee conduct at IEC sites

9 10.1 Entering the Site Supplier personnel shall coordinate all site visits with the power plant personnel and will be escorted during their visits Connecting portable computers to the system Supplier support personnel shall comply with IEC and the power station's general policy and rules of data security Any requirement for the connection of an external computer to the system shall be previously coordinated with the power plant data security manager and the system manager The external computer shall have an updated version of security safeguard programs for online protection, detection, cleaning and logging of executed actions to protect from viruses, vandals, worms etc Prior to the connection of the external computer to the system, supplier personnel shall hand-in the computer to the data security manager in the power plant for thorough checkup of the computer. Only after this checkup is completed, may the external computer be connected to the system If after the checkup, the external computer has been exposed to external data (other than the System's network, internet, external data transfer such as via Disk On-Key etc.), the computer shall be handed-in again to the data security manager in The power plant for checkup of the newly added files.