Cyber Security From product to system solution

Transcription

1 Markus Brändle, Network Management Forum Heidelberg, 8./9./10. October 2013 Cyber Security From product to system solution ABB Network Management Forum October 14, 2013 Slide 1

2 Cyber Security A definition in the context of power and automation technology Measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack* translates into Measures taken to protect the reliability, integrity and availability of power and automation technologies against unauthorized access or attack *Merriam-Webster s dictionary

3 Existing regulatory frameworks Energiewirtschaftsgesetz (EnWG) currently in force: 11 (1a): "Der Betrieb eines sicheren Energieversorgungsnetzes umfasst [ ] einen angemessenen Schutz gegen Bedrohungen für Telekommunikations- und elektronische Datenverarbeitungssysteme[ ]. Die Regulierungsbehörde erstellt hierzu [ ] einen Katalog von Sicherheitsanforderungen [ ]. Ein angemessener Schutz des Betriebs eines Energieversorgungsnetzes wird vermutet, wenn dieser Katalog der Sicherheitsanforderungen eingehalten und dies vom Betreiber dokumentiert worden ist. Die Einhaltung kann von der Regulierungsbehörde überprüft werden. [ ]" The mentioned catalogue of requirements is not available yet! Images: animalethics.umwblogs.org ABB Network Management Forum October 14, 2013 Slide 3

4 Upcoming regulatory frameworks "Referentenentwurf": "Gesetz zur Erhöhung der Sicherheit informationstechnischer Systeme" Establishes German BSI as the "competent authority. Requires operators of critical infrastructure to implement state-of-the-art security controls. Requires operators to report significant incidents to the BSI. Refers to industry standards and proven-in-the-field practices as expected state-of-the-art. Images: animalethics.umwblogs.org ABB Network Management Forum October 14, 2013 Slide 4

5 Cyber Security Why is Cyber Security an issue? Cyber security has become an more important issue by introducing Ethernet (TCP/IP) based communication protocols to industrial automation and control systems. e.g. IEC , DNP 3.0 via TCP/IP or IEC61850 Connections to and from external networks (e.g. office intranet) to industrial automation and control systems have opened systems and can be misused for cyber attacks Cyber attacks on industrial automation and control systems are real and increasing, leading to large financial losses Utilities need to avoid liability due to non-compliance with regulatory directives or industry best practices October 14, 2013 Slide 5

6 The biggest challenges - organizational Risk Management Awareness Competence Management Compliance Images: wegilant.com blogpool4tool.com ABB Network Management Forum October 14, 2013 Slide 6

7 The biggest challenges - technical Installed Base Situational Awareness Sustaining Security Heterogeneity Vulnerabilities Disruptive Changes Images: blog.monitorscout.com nl.123rf.com ABB Network Management Forum October 14, 2013 Slide 7

8 Cyber Security BDEW White Paper Requirements Motivation: Security measures for control and telecommunication systems Protect the operation of these systems against security threats Main Requirements: Robustness Testing / Product & System Hardening User Account Management User activity logging / Audit Trail Secure Communication Antivirus Firewall Patch Management October 14, 2013 Slide 8

9 Cyber Security for the energy sector ABB Network Manager Holistic Approach to Cyber Security Protect Monitor 5. Cyber Security management system Manage 4. System protection 3. System monitoring System status Secure network architecture October 14, 2013 Slide 9

10 Cyber Security for the energy sector Steps to sustainable cyber security network architecture No direct access to secure zone No services (e.g. remote desktop) between insecure and secure zone No direct data exchange between office and SCADA network (e.g. use of data diodes) Control of traffic between zones Firewall between zones October 14, 2013 Slide 10

11 Cyber Security for the energy sector Steps to sustainable cyber security system monitoring Automated and centralized monitoring: Host monitoring: Event-logs, processes, resources Server and workstations Equipment monitoring: Ping, SNMP, Syslog RTUs, switches and routers Network monitoring: performance incl. SCADA protocols (e.g. IEC , DNP 3.0, Modbus, ICCP, ) Monitoring within network zones October 14, 2013 Slide 11

12 Cyber Security for the energy sector Steps to sustainable cyber security system protection System protection includes: Access control Antivirus systems (in Windows environments if possible) Whitelisting following need-to-know principle Security updates of applications, operating systems and third party products Trusted shares for updates of applications October 14, 2013 Slide 12

13 Cyber Security for the energy sector Steps to sustainable cyber security management system Fulfillment of policies: BDEW Whitepaper, DIN 27009, ISO/IEC TR Internal policies (e.g. ISMS, integrated security management systems) Asset management for IP-based system components: Baseline of current status Procurement, commissioning and service Change Management: Traceability of software changes (e.g. operating system, applications, and configurations) System restore (backup strategy) October 14, 2013 Slide 13

14 Cyber Security for the energy sector Partnership ABB and Industrial Defender Managing Diverse Requirements of Automation Systems Environments The convergence of: Why Industrial Defender? Global leader in automation systems management for industrial control systems Customer benefits? Technology alignment Verified solutions Combined Know-How Efficient and comprehensive security solutions October 14, 2013 Slide 14

15 From product to system solution Summary Cyber security from ABB is embedded in substation automation products and solutions is an integral part of product development and quality assurance comprises the latest technology and high competence enables customers to protect, monitor and manage their systems safeguards systems in a changing world October 14, 2013 Slide 15

16 October 14, 2013 Slide 16