Cybersecurity in a Mobile IP World

Transcription

1 Cybersecurity in a Mobile IP World Alexander Benitez, Senior Scientist, ComSource Introduction by Robert Durbin, Cybersecurity Program Manager, ComSource

2 Introduction ComSource s cybersecurity initiative is directed toward protecting critical infrastructure The primary customers are the process manufacturing industries using SCADA and other industrial control systems M2M systems supporting process manufacturing will take advantage of 4G data capability Providing security for critical infrastructure and the networks they use is a national security imperative A legislative mandate is coming, the only question is to what degree standards will or will not be mandatory. 2

3 Overview Mobile network architectures Implications of upgrade path Real security vs. compliance Application of a Vulnerability Assessment (VA) methodology to the Long Term Evolution (LTE) migration challenge

4 3G Mobile Network Architecture 3G 4

5 LTE/ 3.9 G Mobile Network Architecture 3G LTE 5

6 Implications of Upgrade Path from 3G to LTE 3G operators were phone companies LTE/4G operators are now ISPs! 3GPP, the standards organization for mobile networks, provides the standards for comms between all Evolved Packet Core servers. 3GPP does NOT specify the network architectures or security to be implemented within an operator network or over the Internet 6

7 Security vs. Compliance NIST SP Recommended Security Controls for Federal Information Systems and Organizations NIST SP Guide to Industrial Control System Security NIST SP Technical Guide to Information Security Testing and Assessment The International Society of Automation ISA-99 Industrial Automation and Control System Security North American Electric Reliability Corporation Critical Infrastructure Protection NERC CIP-002 => 009 DoD Information Assurance (IA) Implementation under DoD Information Assurance Certification and Accreditation Process (DIACAP) ISO/IEC Information technology -- Security techniques -- Information security management systems -- Requirements 7

8 Twenty Critical Security Controls for Effective Cyber Defense 8

9 Application of a VA Methodology Analysis Network design (as-built) Configuration Data flow Findings Mitigation strategies Recast problem set using ISA-99 model Zones and conduits At choke-points establish: Firewalls Network monitoring Intrusion detection Life cycle support 9

10 Introduction of Vulnerabilities into Networks ABB s ac500 PLC with integrated 3G connectivity Comms path circumvents corporate firewalls! 10

11 SMS Injection Some microprocessors in use within selected Bulk Power System (BPS) control networks or physical security perimeter control networks today may have cellular signal reception capability but do not have adequate application space or CPU speeds to assure message confidentiality, integrity, or guarantee of origin. For this reason, attackers can inject malicious commands towards unsecured end points. The security researcher has indicated that these vulnerabilities potentially extend to any architecture dependent on chipset embedded application processors and subject to cellular intercept where target control system networks utilize unsecured end points. 11

12 INL Project Aurora Mark Zeller, Myth or Reality Does the Aurora Vulnerability Pose a Risk to My Generator, 2011 Conference for Protective Relay Engineers, Texas A&M 12

13 Project Aurora 13

14 Summary Overview of 3G and LTE/4G networks Migration from 3G to LTE Telephone companies become ISPs There is no requirements or roadmap to secure provider networks Overview of cybersecurity standards 20 Critical Security Controls Vulnerability assessment methodology Mitigation Strategies Zones and Conduits Not a one-time exercise Current examples of system vulnerabilities introduced through normal system upgrades 14

15 ComSource Qualifications Software development, ISO testing certifications, lab management, large system characterization, and data analysis Objectives Address cybersecurity as it applies to critical business infrastructure ISAsecure certified embedded systems test lab Vulnerability assessment of complex industrial networks Uniquely placed in the wireline and wireless environments to handle migration of networks, performing vulnerability assessments, and deploying integrated security solutions Questions? 15

16 16