Security: A Pillar of Wonderware Products and Support Services. By Rashesh Mody, Chief Technology Officer & Vice President of Product Definition

Transcription

1 Security: A Pillar of Wonderware Products and Support Services By Rashesh Mody, Chief Technology Officer & Vice President of Product Definition

2 Table of Contents 1. Introduction The Plant: A Complex Environment Security Ecosystem 6 3. About Wonderware Products.8 4. Security Integrated in Wonderware Products Group and Role-Based Security Data-Level Security Defining the Security Model Secured Writes and Verified Writes Supporting Security-Related Operating System Releases Wonderware Best Practices Microsoft s Trustworthy Computing Initiative Invensys Alliance with Microsoft Wonderware Participation in Standards Committees Conclusions Resources..20 Security: A Pillar of Wonderware Products and Support Services Page 2

3 1. Introduction Information systems in manufacturing facilities are rapidly evolving. Along with these technological advances come security risks. The evolution of these information systems is driven by manufacturers need for easier integration, easy access to data and lower maintenance costs. Invensys Wonderware business unit is actively taking on the challenge of providing customers in the manufacturing sector with the flexible, scalable products that they need while also ensuring that the proper application of those products is resistant to security risks. Wonderware provides high-quality products that address the complex security issues presented by the plant environment. Wonderware achieves the creation of securable applications, tools and architecture, as well as best practices, deployment guidelines and prescriptive guidance for maintaining a secure environment, by collaborating with customers and other industry experts. To address the challenge of delivering software solutions to manufacturing facilities that are open, safe and secure and facilitate the sharing of information, Wonderware integrates security features into its products. Wonderware also works closely with Microsoft and industry standards organizations like the Microsoft Manufacturing Users Group (MSMUG), OPC Foundation (open connectivity via open standards) and ISA (The Instrumentation, Systems, and Automation Society) to get multiple vendors involved in an industry-wide approach to solving security problems. Also, Invensys offers site security assessment services using teams of Invensys, Microsoft and other third-party experts. Security: A Pillar of Wonderware Products and Support Services Page 3

4 2. The Plant: A Complex Environment Information systems in manufacturing plants have become much more complex over the past four decades. In the 1970s, hardware was central to most information systems and the systems were hierarchical. Commercial systems were centered on the company mainframe and typically there were separate design, engineering and shop-floor solutions. In the 1980s, information systems for manufacturing were focused on applications and there were a number of available applications for tasks ranging from process control and manufacturing planning to product design. PC networks and UNIX-based systems appeared in large numbers. Open systems promised easy integration and access to data as well as vendor independence. If a new application needed a new operating system (OS), then as long as enough open system standards were supported, the new OS could fit into the enterprise s information technology (IT) architecture. As a result of these trends, a variety of different systems on different hardware platforms are present in manufacturing plants. These systems can be difficult to interface and integrate. Specialists are required in order to work with different operating systems, databases and applications. These systems are complex, expensive to support and difficult to change. The need for protecting manufacturing and control systems has grown in importance over the last several years due to: The proliferation of open systems; Wireless technologies; An increase in joint ventures, mergers and acquisitions; Strategic alliances; Outsourced services; Regulatory mandates; Complex plant environments systems from multiple vendors, mission-critical applications, proprietary systems, etc.; Growth in intelligent manufacturing equipment; Increased connectivity, both internally and externally; and Rapidly increasing incidents of network intrusion, intelligent hackers and malicious software. In addition to the complex information systems in manufacturing plants, other factors that Invensys considers in developing products are asynchronous processing, multiple interfaces, complex information flows, the use of proprietary hardware and software, and change management within complex information systems. Security: A Pillar of Wonderware Products and Support Services Page 4

5 It is also important to be aware of the fact that multiple vendors are involved in developing and maintaining information systems in manufacturing plants. Platform, software, application-design, system-integration and maintenance vendors are typically involved. The roles of these vendors must be considered during the process of developing automation and information software for manufacturing plant applications. Security: A Pillar of Wonderware Products and Support Services Page 5

6 2.1 Security Ecosystem As a plant automation and information software vendor, Wonderware recognizes that the security concerns that customers in the industrial and manufacturing sectors are facing are becoming more complex as technology advances. Supervisory and information systems in manufacturing facilities are evolving rapidly and along with the technological advances come security risks. The evolution of these information systems is driven by manufacturers need for easier integration, easy access to data and lower maintenance costs. Wonderware is actively taking on the challenge of providing customers in the manufacturing sector with the flexible, scalable products that they need while also ensuring that the applications of those products are resistant to security risks across their lifecycle in other words, security through prevention. The plant environment presents many risks. Wonderware identifies and reduces these risks with software expertise and high-quality products. Wonderware collaborates with its customers and third parties to provide securable applications, best practices for a secure architecture and deployment guidelines, as well as tools and prescriptive guidance for maintaining a secure environment. Security: A Pillar of Wonderware Products and Support Services Page 6

7 To address the challenge of delivering solutions to manufacturing facilities that are open, safe, secure and facilitate the sharing of information, this paper will discuss manufacturing software from the perspectives of: Industry regulations These laws, such as the Sarbanes-Oxley Act, typically regulate business processes; Standards organizations PCSRF (Process Control Security Requirements Forum), NIST (National Institute for Standards and Technology), ISA SP99, GAO (General Accounting Office), and Sandia National Lab; Risk assessment Describe risk and action areas, using Invensys and Microsoft service offerings and provide recommendations on how to start the process; Evolution to compliance dealing with legacy systems; Product security; Application and systems architecture; External and internal influences; Working with the multiple vendors in the manufacturing ecosystems; and Policy and best practices for making security consistent across the lifecycle of systems intrusion prevention and vulnerability maintenance. Wonderware s approach is based on three main work practices: awareness and assessment, policy and procedure, and developing secured solutions. In its commitment to address customers security concerns, Wonderware recognizes that the current industrial and manufacturing security ecosystem consists of the following components: System architecture - The system architecture in the security ecosystem for customers in the industrial and manufacturing sectors includes the platform, application software, network, system security and system configuration; External and internal influences - The external and internal influences that affect the security ecosystem are people and their roles and system access levels, the environment, and communication within companies, among plants and enterprises; Vendors - The primary types of vendors involved in the security ecosystem are platform vendors (hardware and OS software), automation and information software vendors, application designers, system integrators and maintenance vendors. Platform vendors provide hardware and/or software for use in manufacturing plants and also for use in developing products such as plant automation and information software; and Policies & procedures - The critical policies and procedures within a security ecosystem are standard operating procedures (SOPs), audit and review procedures, standards, and best practices. Security: A Pillar of Wonderware Products and Support Services Page 7

8 3. About Wonderware Products Wonderware develops software products that provide supervisory HMI (human-machine interface), SCADA (supervisory control and data acquisition), production management and real-time performance management. Wonderware requires that its integrated suite of products incorporates robustness, efficiency, scalability and security. Wonderware products are developed on Microsoft platforms. Invensys ArchestrA technology is a highly productive and secure software architecture that underlies Wonderware s FactorySuite A² and other Invensys product lines. ArchestrA technology is developed using Microsoft s development tools, Visual Studio.NET, software management products from IBM Rational and McAfee Enterprise VirusScan. Wonderware products are firewall-friendly. Users with proper access rights can access a plant s database information though a firewall with a single port open, so the information remains secure. Wonderware is working very closely with platform vendors such as Microsoft to address security concerns from customers. Security: A Pillar of Wonderware Products and Support Services Page 8

9 4. Security Integrated in Wonderware Products Wonderware is committed to developing products with robust security features. Operating system-based security is integrated into Wonderware products such as the Wonderware Industrial Application Server, InTouch HMI software, SuiteVoyager portal software and InBatch production management software. Security based on the operating system ensures that there is one means of authentication across the board, as opposed to multiple means of authentication across many systems in many different plants. This makes it much easier to deploy and manage systems. These products also incorporate OS group-based security so that users can be managed within a group with appropriate access rights. Many traditional SCADA and HMI systems, as well as DCSs (distributed control systems), enforce security at the individual display-window level, which is difficult to manage and may not meet government and industry requirements. The Wonderware Industrial Application Server, built on ArchestrA technology, provides an unparalleled security model enforced at the data level with full traceability of runtime changes. It also provides a secure clientindependent access layer on top of a wide range of different automation hardware. Industrial Application Server security can be defined down to the object-attribute level. The permission requirements can be set for each of the attributes. This can be done at the object-template level, thereby enabling rapid and efficient reuse and enforcement of userconfigured security practices. Object instances that have the same access characteristics are classified into security groups. Roles can be given operational permissions that can be configured for each of the security groups. Users can have multiple roles. OS user-based authentication enables user administration to be performed from the operating system. OS group-based authentication enables user groups (roles) to be administered from the operating system. Key features of the ArchestrA technology security model: Group and role-based security; Data-level security; Secured Writes and Verified Writes; Protocol security (Message Exchange/MX), which is a secure implementation of TCP/IP sockets; Device integration objects (DI Objects) that encapsulate OPC (DCOM-based) servers and other protocol-based servers in order to integrate tightly with the ArchestrA architecture s data-level security; and Network-wide security as a result of the ArchestrA architecture s global namespace. Security: A Pillar of Wonderware Products and Support Services Page 9

10 4.1 Group and Role-Based Security The Industrial Application Server provides data-model security at the lowest level of granularity and extends the Microsoft Windows security model down to the physical equipment layer, providing security attributes that specifically match factory requirements. The Industrial Application Server features the same centralized, easy log-in procedures that the Microsoft security model offers, but also expands that model by carrying it down to the equipment and associated automation levels. This provides more granular, secured access for electronic signatures and audit trails. Examples of Industrial Application Server security settings include: Alarm limits, tuning parameters and change privileges; User-configurable security settings for users, devices and physical locations; Template configuration; and Modification tracking. 4.2 Data-Level Security The Industrial Application Server promotes engineering reuse through application objects. Application objects represent physical equipment or logical constructs, such as automation control loops or advanced plant-performance calculations. These application objects contain all of the associated configuration elements, including I/O definitions, logic and scripting, history configuration, security and access controls, and alarm/event configuration. This approach differs from traditional plant I/O tag-based approaches, which segment all of the configuration information into different databases and require multiple editors to manage them. This self-contained object approach dramatically reduces the engineering time associated with the initial creation and maintenance of applications. By keeping all object configuration tightly related and contained within the object itself, there is no need to use multiple editors to make sure that the alarming, I/O definitions, scripting, history and security are consistent for an object. The security of application objects resides within the object definition that is in the operating Industrial Application Server. Therefore, when a security or other definition is changed, it is only necessary to make the change once for all application uses. Authorized users of the Integrated Development Environment (IDE) can make changes with no impact to the runtime system. The following image illustrates how information is secured on the Industrial Application Server. Security: A Pillar of Wonderware Products and Support Services Page 10

11 Data-level security enables application developers to define which users can access, read, modify and configure specific data. In the image below, the command-attribute security classifications of a DiscreteDevice are displayed. The image shows that the security is set at an attribute level. Intrusion protection and prevention has become a viable way of raising the level of security within a TCP-IP LAN or WAN infrastructure. Intrusion-detection systems that monitor network traffic and alert users when known malicious traffic or repeated password guessing is detected have been in use by IT departments for many years. Over the past few years, intrusion-prevention technology has become the preferred method to not only detect and alert when hacking or virus/worm attacks are present, but to block such attempts by managing firewall policies, switching ports and router paths, and trapping s before damage can be done. Because intrusion-detection and -prevention systems can present a risk to the functionality and operation of a supervisory and control system, a well-developed design with strong policies and procedures should accompany any implementation plan. Security: A Pillar of Wonderware Products and Support Services Page 11

12 4.3 Defining the Security Model The following is an illustration of how security is defined for the Industrial Application Server. In this case, the user Joe is given permission to work in the Industrial Application Server s IDE and runtime environment. First, application objects are assigned to security groups. These groups are areas of the plant where operating authority is usually defined. Users can then be defined using the IDE or they can be inherited from the operating system s security definitions. Second, user roles based on the job titles at the plant are created. Next, the roles are associated with areas and permissions that are already defined. The final step is to link the users to their roles. In the example above, Joe, who is an operator, has security rights to start and stop application objects and interfaces in the processing area of the plant. One such object is a tank. 4.4 Secured Writes and Verified Writes The Industrial Application Server's approach to security is ideal for industrial applications that are impacted by FDA 21 CFR Part 11 requirements and other regulations. Engineering FDA-regulated applications is now simpler than ever with support for automated configuration audit trails, secure writes and verified reads. A Secured Write operation requires an operator s permission. The destination object verifies the credentials and then the write is performed, logged in the event sub-system and reported back to the HMI operator station. During a Verified Write operation, the user must re-enter a password; then the destination object verifies the credentials and performs the write. Verified Write is similar to the Secured Write operation, but it requires two signatures, per FDA regulations. Security: A Pillar of Wonderware Products and Support Services Page 12

13 5. Supporting Security-Related Operating System Releases Microsoft is diligently working on Microsoft Windows operating system releases with an emphasis on trustworthy computing initiatives. Microsoft released the Windows XP SP2 operating system in 2004 and the Windows 2003 Server SP1 operating system in early Wonderware s goal is to validate its software offerings within 30 days of general availability from Microsoft. Accordingly, Wonderware offers a standalone program called the OS Configuration Utility, which makes the appropriate changes to Windows XP platforms. This utility modifies security settings and enables Wonderware products to operate as designed when running on the Windows XP SP2 operating system. It also opens the appropriate ports within the internal firewall, configures the appropriate registry settings and configures DCOM settings. Wonderware s automated OS Configuration Utility greatly simplifies the migration of existing applications so that they work properly and securely using the latest, most secure version of the Microsoft Windows XP operating system. Wonderware is making an extra effort to work proactively with Microsoft in securing platforms and helping customers to address security. Security: A Pillar of Wonderware Products and Support Services Page 13

14 6. Wonderware Best Practices Wonderware s internal practices serve as an example of its commitment to managing security risks. Wonderware has instituted the following internal practices: Access management (network, wireless, firewall, VPN); Quality-management systems and SOPs; Security reviews; Laptop checks to secure remote users (All laptops that are brought into the facility are checked by IT services and must be cleared before they can be connected to the network.); Network reviews of the firewall and wireless access using VPN; and Anti-virus protection on each PC. Wonderware recommends that customers scan their machines and networks for computer viruses and mal-ware. There are many companies, including Microsoft, providing solutions for these issues. Users should work closely with their IT departments in correctly deploying these scanners and using them in conjunction with Wonderware applications, especially those requiring nearly all dedicated machine resources. Wonderware Technical Support can provide guidance in the use of several of the more popular virus scanners and tools. Further information is available to help Wonderware customers make good decisions about what scanning and detection software might be needed in their enterprises. Security: A Pillar of Wonderware Products and Support Services Page 14

15 7. Microsoft s Trustworthy Computing Initiative Microsoft launched a company-wide Trustworthy Computing Initiative to provide users with a secure and reliable experience when using Microsoft s products. Microsoft s Chief Technology Officer is leading this initiative, which is meant to provide safer Internet browsing, enhanced default security settings, and automatic updates to install new features that protect users from security risks. Microsoft also provides training to promote security best practices to customers and businesses worldwide. Microsoft s goals for its Trustworthy Computing Initiative are designed to provide security, privacy, reliability and business integrity. Microsoft has defined these goals as follows: Security - Amid increasingly frequent and sophisticated network attacks, users expect their data to remain confidential and available. They expect the integrity of their data to be maintained, without sacrificing the resiliency of their systems; Privacy - People are increasingly using computers to manage information important to their everyday lives. They expect and demand control over access to and use of their personal information; Reliability - As computers become increasingly central to how people live and work, it s essential that they perform as expected. Users look for a consistently trouble-free computing experience; and Business Integrity - People's perception of technology reflects their perception of the technology industry. Belief in technology is stronger when the industry is responsive, responsible and respectful. i Microsoft is working to make improvements on its security framework for existing products and new products. This part of the Trustworthy Computing Initiative is called SD3+C, which stands for secure by design (improving product architecture and engineering), secure by default (reducing the potential for attacks by disabling unnecessary functions), secure in deployment (continuing protection, detection, defense, recovery and maintenance via tools and guidance), and open communication regarding security. ii Microsoft s security initiative is product-focused and includes a security review in all phases of development including the design, coding, testing, product release, and product support phases. Microsoft also provides guidance for deploying patch and service pack updates. Patch management solutions include updates, critical updates and security updates for Microsoft operating systems. Microsoft provides the System Management Server (SMS) and Software Update Service (SUS) feature packs to enable businesses to manage security updates. The SMS and SUS Security: A Pillar of Wonderware Products and Support Services Page 15

16 help customers by making them aware of potential security threats and providing patches to protect against those threats in a timely manner. In addition, Microsoft offers training to promote best practices, helps organizations plan and manage security systems, and provides security resources such as white papers and bulletins for security administrators. Overall, Microsoft is working on blocking viruses and malicious code at the point of entry by enhancing security handling within the operating system, reducing the attack surface and improving manageability. Recently, Microsoft released the Windows XP SP2 operating system to reduce commonly available scenarios for malicious attacks on the Microsoft Windows XP OS. Microsoft plans to reduce the most common attacks by: Improving network shields, particularly for DCOM communication, and enabling internal firewall and RPC communication; Enhancing memory protection; Enabling safer handling; and Enhancing security for Internet browsing Wonderware products are qualified on specific Microsoft operating system versions, including the Windows 2003 Server SP1 and Windows XP SP2 operating systems. Security: A Pillar of Wonderware Products and Support Services Page 16

17 8. Invensys Alliance with Microsoft In 2003, Invensys and Microsoft formed an alliance to combine Invensys' strengths in process and manufacturing applications with Microsoft's platform, technology and enterprise products. As a part of the alliance, Microsoft s platform is being integrated into a wider portfolio of Invensys product lines. Microsoft helps Invensys develop enhanced productivity tools, products and customer solutions. Alliance activities include ongoing development of Invensys' ArchestrA architecture with Microsoft.NET and Windows Server System software. Invensys solutions built on the ArchestrA architecture enable businesses to achieve their goals without abandoning previous investments in systems or production processes. The ArchestrA architecture provides a foundation for industrial automation and information solutions and can be integrated with all systems in a plant. The alliance aims to extend the ArchestrA architecture using Microsoft.NET to create a shared environment for integrating all production management systems. The results are already creating a comprehensive business framework based on Microsoft.NET and Web Services for manufacturing plants of the future. In addition, Microsoft provides Invensys with early releases of products so that Invensys can use them for testing before patches and/or service packs are released to the market. Invensys and Microsoft engineers are working together to embed ArchestrA software technology at the information level to create Invensys automation systems that are suitable for mission-critical industrial applications. Invensys and Microsoft expect that this alliance will ultimately: Provide real-time connections between shop-floor, engineering and supply-chain applications, product-lifecycle management tools, and enterprise applications; Maximize customers' investments and increase productivity ; Increase reliability and asset availability for managing multiple sites, integrating third-party offerings and optimizing complex supply chains; and Demonstrate that technology and solutions from Invensys and Microsoft are flexible, scalable and secure. iii Security: A Pillar of Wonderware Products and Support Services Page 17

18 9. Wonderware Participation in Standards Committees Wonderware participates in industry standards committees and is a Charter Member of the OPC Foundation. In fact, Wonderware s Chief Technology Officer serves as Chief Architect for the OPC Foundation, which works to ensure interoperability in automation by creating and maintaining specifications that standardize the communication of process data, alarm and event records, historical data, and batch data to multi-vendor enterprise systems. iv The OPC Foundation promotes vendor-to-vendor cooperation in addressing the security problems that exist for manufacturers and works closely with platform and automation vendors to address these issues. The OPC Foundation s goal is to establish standards, specifications and common practices to help platform and automation vendors solve the security problem together. The foundation is also working to build security within the evolving OPC specifications known as the OPC UA (OPC Unified Architecture). Wonderware is participating actively in following Standards organizations: OPC, MSMUG, PCSRF (Process Control Security Requirements Forum), NIST (National Institute for Standards and Technology), ISA (SP99), GAO (General Accounting Office) and Sandia National Lab. Security: A Pillar of Wonderware Products and Support Services Page 18

19 10. Conclusions The complexity of information systems in manufacturing plants is increasing and brings increased security risks along with it. The security ecosystem consists of four primary elements and vendors need to understand these four elements in order to identify security risks and mitigate them. Microsoft launched a company-wide security initiative to provide users with safe, secure and reliable products. Wonderware integrates operating system-based security in its products to ensure that there is one means of authentication across the board, which makes it easier to deploy and manage systems across multiple facilities. Data-level security enables application developers to define which users can access, read, modify and configure specific data in a manufacturing plant, making the production process more secure. Wonderware is establishing internal best practices in order to develop robust, secure automation and information software products. The alliance between Invensys and Microsoft facilitates the development of technology and solutions that are flexible, scalable and secure. Wonderware is working with the Microsoft Manufacturing Users Group (MSMUG), OPC Foundation and ISA to promote cooperation among hardware, software and automation vendors and to establish industry standards to solve security issues. Invensys offers site-security assessment services using teams of Invensys, Microsoft and other third-party experts. Security: A Pillar of Wonderware Products and Support Services Page 19

20 11. Resources The following document provides additional information and best practices for defining the security needs of plant environments: Wonderware FactorySuite A² Security Guidance The following websites provide additional information about the specific organizations involved in promoting cooperation among hardware, software and automation vendors, and establishing industry standards to solve security issues: The OPC Foundation - The Instrumentation, Systems, and Automation Society - Microsoft Manufacturing Users Group - Information on the MSMUG is available at the Open Modular Architecture Controls Users Group website at Contact Wonderware or your local Wonderware Distributor for information about software products for industrial automation. Wonderware Rancho Parkway South, Lake Forest, CA Tel: (949) Fax: (949) Invensys Systems, Inc. All rights reserved. No part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording or otherwise), or for any purpose, without the express written permission of Invensys Systems, Inc. Invensys, Wonderware, ArchestrA, FactorySuite, FactorySuite A2, InBatch, InTouch and SuiteVoyager are trademarks of Invensys plc, its subsidiaries and affiliated companies. All other brands and product names may be the trademarks or service marks of their respective owners. Part No ; 5/05 i Microsoft Corporation, Trustworthy Computing Website, ii Microsoft Corporation, Security and Trustworthy Computing: Q&A with Mike Nash, July 3, 2003, iii Microsoft Corporation Press Release, Microsoft, Invensys Form Alliance for Intelligent Business, Plant Solutions, October 21, iv What is the OPC Foundation? OPC Foundation Website, Security: A Pillar of Wonderware Products and Support Services Page 20