Industrial Security in the Connected Enterprise

Transcription

1 Industrial Security in the Connected Enterprise Presented by Rockwell Automation 2008 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

2 THE CONNECTED ENTERPRISE Optimized for Rapid Value Creation Supply Chain Integration Collaborative, Demand Driven Compliant and Sustainable Enterprise PRODUCTIVITY SUSTAINABILITY Smart Grid AGILITY Customers Supply Chain COMPANY CONFIDENTIAL Distribution Center Copyright 2013 Rockwell Automation, Inc. All Rights Reserved. 2

3 3

4 INDUSTRIAL Internet of Things Active Energy Management CONTROLLER CONTROLLER

5 The Internet of Things IoT Continuing Trend in Industrial Applications More Things are being embedded with smart sensors and gaining the ability to communicate Things become the tools for better understanding complex processes and can adapt to changes quickly Things are linked through wired & wireless networks using the same network technology as the internet Ethernet IP (Internet Protocol) Smarter machines can be better controlled - thereby increasing efficiency Plant-wide Optimization Securing the architecture from attacks, data authentication & access control become increasingly important Faster Time to Market Improved Asset Utilization Lower Total Cost of Ownership Risk Management

6 Connected Enterprise - The IoT at work for Industrial Applications The IT Influence Increasing in Automation buying decisions Big Data & Analytics Information available to manage the supply chain & complex processes Machine data is expected to grow by a factor of >15 Cloud Computing & Virtualization Speed up deployment, Increase longevity, reliability & provide disaster recovery Centers around IT - Information Technology Mobility & BYOD Improve maintainability, uptime, asset longevity, safety and cost control Workforce is mobile during typical work day

7 Risks and Threats Application of Security patches Natural or Man-made disasters Worms and viruses Theft Sabotage Unauthorized access INFORMATION Denial of Service Business Risk Unauthorized actions by employees Unauthorized remote access Unintended employee actions OPERATIONS Security risks increase potential for disruption to System uptime, safe operation, and a loss of IP

8 Rockwell Automation s Approach to Industrial Security Build in Security Quality by Providing control system solutions that follow global standards and regulatory security requirements Utilizing common secure design requirements for our products Leading the industry in Responsible Disclosure policies and processes Create Security Value by Building compelling security related products, features and functionality Supply detailed and useful system architecture recommendations Provide access to experts in control system security to help customers design and maintain robust systems Rockwell Automation Enables Defense in Depth 8

9 Network Hardening Tamper Detection Content Protection Access Control

10 Connected Enterprise Collaboration of Partners Rockwell Automation and Partner Portfolio Rockwell Automation Cisco Automation & Process Control Wireless, Security, Switching & Routing Panduit Fluke Networks Physical Network Layer Verification, Network Troubleshooting Infrastructure Tools Microsoft VMWare Information Solutions Data Center Virtualization

11 Industrial Network Security Trends Established Industrial Security Standards International Society of Automation ISA/IEC (Formerly ISA-99) Industrial Automation and Control Systems (IACS) Security Defence-in-Depth IDMZ Deployment National Institute of Standards and Technology NIST Industrial Control System (ICS) Security Defence-in-Depth IDMZ Deployment Department of Homeland Security / Idaho National Lab DHS INL/EXT Control Systems Cyber Security: Defence-in-Depth Strategies Defence-in-Depth IDMZ Deployment A secure application depends on multiple layers of protection. Industrial security must be implemented as a system. 11

12 Industrial Network Security Trends Industrial vs Enterprise Network Requirements Industrial Requirements Switches Managed and Unmanaged Layer 2 is predominant Traffic types Information, control, safety, motion, time synchronization, energy management Performance Low Latency, Low Jitter Data Prioritization QoS Layer 2 & 3 IP Addressing Static Security Industrial security policies are inconsistently deployed Open by default, must close by configuration and architecture Enterprise Requirements Switches Managed Layer 2 and Layer 3 Traffic types Voice, Video, Data Performance Low Latency, Low Jitter Data Prioritization QoS Layer 3 IP Addressing Dynamic Security Pervasive Strong policies Similarities and differences? 12

13 Industrial Network Security Trends Policies - Industrial vs. Enterprise Network Requirements Focus Precedence of Priorities Types of Data Traffic Access Control Implications of a Device Failure Threat Protection Upgrades Industrial (IAT) Network 24/7 operations, high OEE Availability Integrity Confidentiality Converged network of data, control, information, safety and motion Strict physical access Simple network device access Production is down ($$ s/hour or worse) Isolate threat but keep operating Scheduled during downtime Enterprise (IT) Network Protecting intellectual property and company assets Confidentiality Integrity Availability Converged network of data, voice and video Strict network authentication and access policies Work-around or wait Shut down access to detected threat Automatically pushed during uptime 13

14 Network Security Framework Converged Plant-wide Ethernet (CPwE) Reference Architectures Structured and Hardened IACS Network Infrastructure Industrial security policy Pervasive security, not a bolt-on component Security framework utilizing defense-indepth approach Industrial DMZ implementation Remote partner access policy, with robust & secure implementation Standard DMZ Design Best Practices Enterprise Zone Levels 4-5 Industrial Demilitarized Zone (IDMZ) Physical or Virtualized Servers Patch Management Remote Gateway Services Application Mirror AV Server AAA - Application Authentication Server, Active Directory (AD), AAA - Network Remote Access Server Level 3 Site Operations FactoryTalk Client Client Hardening Level 2 Area Supervisory Control VLANs, Segmenting Domains of Trust Unified Threat Management (UTM) VLANs Catalyst 3750 StackWise Switch Stack Enterprise WAN Cisco ASA 5500 Firewall (Active) Network Status and Monitoring Catalyst 6500/4500 Controllers, I/O, Drives Firewall (Standby) HMI Plant Firewall: Inter-zone traffic segmentation ACLs, IPS and IDS VPN Services Portal and Terminal Server proxy Network Device Resiliency Network Infrastructure Access Control and Hardening Physical Port Security Network Security Services Must Not Compromise Operations of the IACS Controller Hardening, Encrypted Communications Controller Hardening, Physical Security Controller Level 1 - Controller Controller I/O Drive Level 0 - Process MCC Soft Starter 14

15 Industrial Network Security Trends EtherNet/IP Industrial Automation & Control System Network Open by default to allow both technology coexistence and device interoperability for Industrial Automation and Control System (IACS) Networks Secured by configuration: Protect the network - Electronic Security Perimeter Defend the edge - Industrial DMZ (IDMZ) Defense-in-Depth Multiple layers of security 15

16 Defense in Depth A secure application depends on multiple layers of protection. Industrial security must be implemented as a system. Layered Security Model Shield potential targets behind multiple levels of protection to reduce security risks Defense in Depth Use multiple security countermeasures to protect integrity of components or systems Openness Consideration for participation of a variety of vendors in our security solutions Flexibility Able to accommodate a customer s needs, including policies & procedures Consistency Solutions that align with Government directives and Standards Bodies

17 Assessing & Mitigating Threat Sources Presented by Rockwell Automation 2008 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

18 Industrial Security Risk & Threats 91% = number of cybersecurity breaches that took hours or less to perpetrate 62% = number of cybersecurity breaches that took months or years to discover 53% = number of cybersecurity breaches that took months or more to contain 21% = number of successful Intellectual Property external cybersecurity breaches that had internal help, and 80% of those exploited normal users, not administrators 10% = number of cybersecurity breaches detected by internal resource Source : 2013 DBIR

19 Is Your Company Protected? Some organizations will be a target regardless of what they do, but most become a target because of what they do Compromising network security is a $6 billion global underground industry of which $300 million is directly tied to manufacturing If your organization is a target of choice, understand as much as you can about what your opponent is likely to do and how far they are willing to go. Source : 2013 DBIR

20 Historical Industrial Control System (ICS) Common Traits to Historical ICS Proprietary Complete vertical solutions Customized Specialized communications Wired, fiber, microwave, dialup, serial, etc. 100s of different protocols Slow; e.g baud Long service lifetimes: years Not specifically designed with security in mind

21 Modern ICS Internet Enterprise Network Firewall Workplaces IP Enterprise Optimization Suite Enterprise Network Third Party Application Server Mobile Operator Services Network Connectivity Server Historian Server Application Server Engineering Workplace Control Network Serial, OPC or Fieldbus Device Network Redundant Third Party Controllers, Servers, etc. Serial RS485

22 Technology Trends in ICS COTS (Commercial-Off-The-Shelf) technologies Operating systems Windows, WinCE, embedded RTOSes Applications Databases, web servers, web browsers, etc. IT protocols HTTP, SMTP, FTP, DCOM, XML, SNMP, etc. Networking equipment switches, routers, firewalls, etc. Connectivity of ICS to enterprise LAN Improved business visibility, business process efficiency Remote access to control center and field devices IP Networking Common in higher level networks, gaining in lower levels Many legacy protocols wrapped in TCP or UDP Most new industrial devices have Ethernet ports Most new ICS architectures are IP-based

23 Availability, Integrity and Confidentiality Enterprise networks require C-I-A Confidentiality of intellectual property matters most Industrial Control Systems require A-I-C Availability and integrity of control matters most control data has low entropy little need for confidentiality Many ICS vendors provide six 9 s of availability Ensuring availability is hard Cryptography does not help (directly) DOS protection, rate limiting, resource management, QoS, redundancy, robust hardware with high MTBF Security must not reduce availability!

24 DoS and DDoS Attacks Denial of Service (DoS) attack overwhelms a system with too many packets/requests Exhausts TCP stack or application resources Defenses include connection limits in firewall Distributed Denial of Service (DDoS) attack coordinates a botnet to overwhelm a target system No single point of attack Requires sophisticated, coordinated defenses Weapon of choice for hackers, hacktivists, cyber-extortionists DoS, DDoS particularly effective when availability is critical, against ICS

25 Unpatched Systems Many ICS systems are not patched current Particularly Windows servers No patches available for older versions of windows OS and application patches can break ICS OS patches are commonly tested for enterprise apps not ICS Uncertified patches can invalidate warranty Patching often requires system reboot Before installation of a patch: Vendor certification typically one week Lab testing by operator Staged deployment on less critical systems first Avoid interrupting any critical process phases

26 Limited use of Host Anti-Virus AV operations can cause significant system disruption at inopportune times 3am is no better than any other time for a full disk scan on a system that operates 24x7x365 ICS vendors only beginning to support anti-virus Anti-virus is only as good as the signature set Signatures may require testing just like patches AV may be losing ground in enterprise deployments Impact on hosts, endpoint security not getting better Virus writers have learned to test against dominant AV Application whitelisting can be a good alternative Enumerate goodness rather than badness

27 Poor Authentication and Authorization Machine-to-machine comms involve no user Many ICS have poor authentication mechanisms and very limited authorization mechanisms Many protocols use cleartext passwords Many ICS devices lack crypto support Sometimes passwords left at vendor default Device passwords are hard to manage appropriately Often one password is shared amongst all devices and all users and seldom, if ever, changed

28 Requirements for 3rd Party Access Firmware updates and PLC, IED programming are sometimes performed by vendor Many ICS have open maintenance ports Infected vendor laptops can bring down an ICS Partners may require continuous status information Partner access is often poorly secured Partner channels can serve as backdoors 3 rd parties may include: ISO, transmission provider or grid neighbor, equipment vendor, emissions monitoring service or agency, water level monitoring agency, vibration monitoring service, etc.

29 People Issues ICS network often managed by Control Systems Department, distinct from IT Department running enterprise network ICS personnel are not IT or networking experts IT personnel are not ICS experts Significant portion of control systems workforce is older and nearing retirement Fewer young people entering this field Fewer academic programs

30 Ways to Address Risk There are four ways to deal with risk: 1. Risk Mitigation address it head on 2. Risk Acceptance i.e. the Risk Tautology (it is what it is) 3. Risk Transference i.e. insurance 4. Risk Avoidance Project X is risky let s not do Project X

31 Recommendations for Defending ICS Separate control network from enterprise network Harden connection to enterprise network Protect all points of entry with strong authentication Make reconnaissance difficult from outside Harden interior of control network Make reconnaissance difficult from inside Avoid single points of vulnerability Frustrate opportunities to expand a compromise Harden field sites and partner connections Mutual distrust Monitor both perimeter and inside events Periodically scan for changes in security posture

32 Network & Security Services -at a Glance Recover Protect ASSESS WHY is my network not operating according to operational / availability baselines? IS the network architecture robust enough to protect my intellectual property and assets? HOW do I know if issues I have on my network are security related, and how do I fix them? Detect Respond Defend DESIGN DOES my existing As-Is architecture protect against malware attacks? WHAT do I need to do to ensure my architecture scales to accommodate demands? HOW do I prioritize technology refresh tasks to maximize operational availability? IMPLEMENT HOW do I configure devices to best interface with Process Controls network? WHAT will the impact be if I upgrade to X and how do I go about making changes? HOW do I securely dispose of old equipment to ensure my data is not exposed? GOVERNANCE AM I required to be compliant with any regulations, and if so WHAT are they and HOW do I comply? WHAT is the risk if I am not compliant and HOW long do I have to become compliant? MANAGE/MONITOR HOW do I securely access my network remotely? DOES Rockwell Automaton provide a Virtual Support Engineer to help me maintain availability?

33 Rockwell Automation Industrial Security Resources Security-enhanced Products and Technologies Rockwell Automation product and technologies with security capabilities that help increase overall control system system-level security. EtherNet/IP Plantwide Reference Architectures Control system validated designs and security best-practices that complement recommended layered security/defence-in-depth measures. Network & Security Services (NSS) RA consulting specialists that conduct security risk assessments and make recommendations for how to avert risk and mitigate vulnerabilities. Remote Asset Monitoring Services The Virtual Support Engineer is a service that offers a simple and secure approach to monitoring your equipment and collecting valuable performance analytics.

34 Rockwell Automation: Industrial Security Resources Assessment Services Security Technology Security FAQ Security Services Leadership & Standards Security Resources Security Advisory Index MS Patch Qualification Reference Architectures Assessment Services Pretty Good Privacy (PGP) Public Key 34

35 Educational Tools & Content Industrial IP Advantage Website A new go-to resource for educational, technical and thought leadership information about industrial network communication Visit Industrial IP Advantage to learn more SANS Training Material Security policy blueprint (for IACS) available EX: Remote Access Policy, Router Security Policy Visit to learn more

36 Thank You