Critical Infrastructure Cybersecurity

Transcription

1 Critical Infrastructure Cybersecurity Webinar July 23, 2014 Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Kim Legelis Vice President, Marketing Lockheed Martin Industrial Defender L O C K H E E D M A R T I N I N D U S T R I A L D E F E N D E R. A L L R I G H T S R E S E R V E D.

2 Security Posture Proportional to + Program vs. Project 7/25/2014 2

3 Risk Management - A Fundamental Driver Risk Escalation is Real and Continuing Viruses More Integration More Connectivity Diverse Sophisticated Combination Attacks Criminals and Insider Threats Cyber Warfare Highly Targeted Governments Stuxnet Infected [Oil & Gas Companies] IT Networks Wall Street Journal November 2012 Obama Executive Order Redefines Critical Infrastructure Computerworld February 2013 House Democrats Report Says Power Grid is Vulnerable to Cyberattack The Washington Post May 2013 Major Cyber Attack Aimed at Natural Gas Pipeline Companies Msnbc.com May 2012 Iran Hacks Energy Firms, U.S. Says Wall Street Journal May 2013 Chinese Hackers Stole Plans For Dozens Of Critical US Weapons Systems Business Insider May 2013 Businesses Will Get More Help in Defining Risk 7/25/2014 3

4 Rethinking Cyber-Security We Now have Years of Experience Security is Complex Security Issues Cost is High Motivations for Investing in Security is Changing Solving Persistent Security Problems Securing Remote Access Accelerating Standards Development Explanation The cost of implementation and maintaining security is high, it adds nothing to the value of most manufactured products and security is never 100% no matter how much is invested. Over recent years, regulations and government involvement have driven security investments, especially in critical infrastructure industries. Regulations are likely to broaden and spread to other industries, changing security strategies significantly. One example: Patches cannot be tested and installed fast enough for systems operations because of the large variety of applications and system configurations. Consequently, the period of high exposure to successful attack is too long Effective maintenance of business assets requires that service providers remotely access the assets, yet the risk of connecting assets to the internet is high. Many approaches are used but a consistent, cost effective, and highly secure solution is needed. Standards are critical for improving security but the process is too slow and the results are barely adequate. Most standards must be adapted and extended for systems in operations. Making Sure We Are on Track Cyber security activity is intense; it is a good time to step back and be sure we are working on the right problems and solutions Are We on the Right Track? What are the Emerging Opportunities Are We Investing in the Right Security Activities? 7/25/2014 4

5 Security Is Not a One-time Investment Practices are Maturing - It Is Difficult Skills Shortage? New Business Initiatives Acquisitions Partners Regulations Cost Pressures Applications Systems New Technologies Architectures Practices Design Assess Renovate Test, Monitor, Mitigate, Adapt Audit New Vulnerabilities Threats Patches People Organizations Governments Cyber Security is a Very Dynamic Activity Continued Investment is Required 7/25/2014 5

6 Evolutionary Security Maturity Where Are You Today? Intelligence Driven Defense (Predictive) Cyber Intelligence Integrated in Operations Sustainable Security (Proactive) Automation and Efficient IT/OT Process Integration Compliant Security (Reactive) Procedures and Documentation Basic Security Foundational Security Technologies Developing a Security Roadmap is Essential to Your Long Term Program Success Where Do You Want to be Tomorrow? 7/25/2014 6

7 Integrated Risk Management at All Levels Board of Directors Aware of Cyber Threats Ensures Controls and Adequate Resources Exist Understands Risk Exposure Executive Management Alignment of Resources to Risk Measures Success of Cyber Defenses Ensures Return on Security Investment Cyber Intel Analysts Understands the Adversary Derives Intelligence from Internal & External Sources Integrates Cyber Intelligence into Security Operations 7/25/2014 7

8 Understand the Challenges Business Adverse impact on critical infrastructure from potential cyber attacks Increasing level of government oversight and regulatory interest Complex mix of IT and OT environments Disciplined programmatic approaches to safety and availability Business investment constraints Security staffing and training challenges for security Varying security maturity levels across business areas & supply chains Measure of security effectiveness/roi Operational Fragmented situational awareness across the enterprise Overabundance of technology point solutions Challenged to stay ahead of the threat landscape Priority & fidelity of intelligence sources Strategic and sustainable cybersecurity roadmap Governance & risk management Regulatory reporting requirements (internal & external) Uptime and reliability drivers 7/25/2014 8

9 Unique Requirements of IT & OT Enterprise IT Systems Management Business critical Confidentiality and integrity take priority reboot common Transactional orientation HP, Cisco, McAfee, etc. PCs, servers and cloud Web services model is dominant Many commercial OTC software products installed Protocol is primarily HTTP/HTTPS over TCP/IP - widely known Office environment, plus mobile Governance and compliance OT Systems Management Safety first Zero downtime focus & real-time focus Few people; many, many devices ABB, Siemens, GE, Honeywell, Emerson, etc. Sensors, Controllers, Servers, Industrial Devices (IED, RTU, PLC) Polled process control model Purpose-specific devices Industrial Protocols: ICCP, Modbus, DNP3, some over TCP/IP Harsh operating plant environments Industry regulations 7/25/2014 9

10 Threat Trends for Control Systems 7/25/

11 Impacts to Automation Systems Loss of Control, Production and Physical Damage STUXNET Exfiltration of data related to ICS DUQU Theft of legitimate user accounts Flame Espionage, Data theft Gauss Operator Error 7/25/

12 Technology Sophistication Security Evolution in Industrial Control Systems Firewalls Business connectivity Locks on the Door Intrusion Detection Network Based Host Based Known Bad Industrial Protocols Alarm Sensors Event Monitor Central Logging Monitor and respond Alert on Events of interest Log everything and apply forensics Incident Management Flight recorder Intrusion Prevention Network Based Host Based Deep packet inspection Known Bad signatures Known Good Signatures Whitelisting System hardening System locked down Security Management Automate manual process Enforce policy, process & procedures Leverage baselines Manage changes Audit reporting Continuous assessments Attestation data Doing it and Proving you are doing it Today 7/25/

13 Converging Challenges Improving cybersecurity, addressing compliance mandates, and enhancing operational effectiveness. Cybersecurity Threats exist from both malicious outsiders and well-intentioned insiders. Compliance Increasing external oversight from government (NERC CIP, BSI). Internal compliance with corporate policies, industry associations and best practices (NIST, CPNI, ISA99, API 1164, etc.) Change Management Need to know what assets are in your environment and when changes are made to those assets. 7/25/

14 Automation Systems Balancing Act Secure, Comply Gain Operational Advantage Security We need to do it Insurance Compliance We have to do it Corporate tax Operational Management We want to do it! Business Advantage! Striving for Operational Excellence via Improved, Reliability, Availability, Health and Safety 7/25/

15 Operational Challenges Balancing operational requirements with emerging cybersecurity, compliance and change management requirements: More complex automation systems Budgetary pressure Need for increased security Increasing compliance requirements Fewer resources and increasing skill set gaps Limited resources to allocate for change management and business process requirements 7/25/

16 Meeting the Challenge Vendor agnostic offering across disparate asset base Reduced manual labor through automation More complex automation systems Budgetary pressure Integrated defense-in-depth Need for increased security Automated collection tools and standardized reports Ease-of-use software. Outsourced partnership options Baseline archiving, variances, workflow, trouble-ticketing Increasing compliance requirements Fewer resources and increasing skill set gaps Limited resources to allocate for change management and business process requirements 7/25/

17 Lockheed Martin Cyber Security Solutions Risk Assessment Lockheed Martin Intelligence Driven Defense Risk Mitigation Risk Management Professional Services Enterprise Solutions Managed Services Intelligence Situational Awareness Actionable Intelligence 7/25/

18 Lockheed Martin Comprehensive Portfolio Intelligence Driven Defense Portfolio Professional Services Enterprise Solutions Managed Service Intelligence Security Risk assessment Cyber Architecture Systems Integration Incident Response SIC/SOC Transformation IT/SOC Insource/Outsource Training Cyber Intelligence Management Automation (OT) Systems Management Solution External and Insider Threat ID Solutions Security Education & Awareness SOC/SIC/MSSP Services Advanced Threat Mitigation LM & Classified Intelligence Analysis-on-Demand Managed IT Intelligence Driven Defense Cyber Kill Chain Analysis Industry-Specific and Cross-Industry Visibility 12-year Knowledge Base Across >25 SOC/SICs Risk Assessment Risk Mitigation Risk Management Risk Lifecycle Over 3,000 Cyber-Security Professionals on Staff 7/25/

19 Industrial Defender s ASM Architecture Asset Event Configuration Policy Compliance Work Automation Optional Agent Automation Systems End-Points 7/25/

20 Applications Asset Management Event Management Configuration Management A single unified view of all assets enables onboarding and decommissioning of assets, device status reporting, information access and state information. Brings visibility to control system and networks by providing event log data from multiple security sources, centralizes operations and reduces expenses. Track and audit device settings, software, firewall rules and user accounts and view and baseline the system configurations, ports & services, and software. Policy Management Communicate new policies, track acceptance and manage conformance. Compliance Reporting Work Automation Suite A comprehensive suite of standard configurable reports to meet audit requirements, internal or external. Enables users to define, generate and automate reports as needed. Integrates document management, ticketing, and reporting as part of a structured workflow enabling ICS professionals to initiate, track, approve, document, and report on changes made to control system assets. 7/25/

21 Capabilities Event logging, correlation, and archiving Customizable user interface dashboards Scalable architecture Configuration change management File integrity monitoring Device configuration file archiving Network traffic monitoring Critical process & service monitoring Report subscriptions User account change identification Network & system health and performance Analyze changes across asset base & environment Maintain central configuration policy Collect & report on settings, accounts, configurations Manage hardened electronic security perimeter Extensive Capabilities on a Single Platform 7/25/

22 In Depth Integration Integration with: ABB 800xA, ABB Symphony/Harmony, ABB Infi90, ABB FACTS and ABB SYS600C & MicroSCADA, Ventyx Network Manager Elster Calisto & EnergyAxis Emerson DeltaV and Emerson Ovation GE XA / 21 & PowerOn FUSION Foxboro I/A Series Honeywell Experion Itron OpenWay System Rockwell RSView Schneider Electric Momentum, Quantum, OASyS, Citec Siemens PCS7 and many more! Operating Systems Windows NIT, 2003, NT, 7, 8 HP-UX PA-RISC & Itanium Linux DEC Tru-64 Sun Solaris IBM AIX Industrial Rules DNP3 Modbus ICCP IEC Siemens S7 Protocol TCP/IP 7/25/

23 Industrial Defender FleetView Unprecedented situational awareness for control systems. a a a a Aggregates data across all sites for improved visibility Easily view trends over time at site-bysite level, or to specific systems and assets Quickly spot trends in changes between groups of assets including firewalls, switches, or routers Compare changes over time to see where anomalies exist for process improvements 7/25/

24 The Industrial Defender Platform is Open in its Ability to Integration with Enterprise IT & Security Systems Integrate with Enterprise IT & Security Systems Third Party Threat Intelligence Threat Intelligence Feeds Systems Management Change Management Policy Management Patch Management Infrastructure/Utility Event, Log Data End-Point Data Compliance SIEM 7/25/

25 Industrial Defender Solutions Simplify and scale with a complete turnkey solution. Asset Event Configuration Policy Compliance Work Automation a Infrastructure Address resource and expertise challenges with a single view, vendor agnostic platform. a Applications Tackle increasing security, compliance and change management challenges despite resource constraints. a Services Partner with Lockheed Martin s OT-experienced team so your team can deliver on reliability and availability of your systems. 7/25/

26 Best Practices Recommendation 1. Encourage Dialogue between the key stakeholders Engineering, Enterprise Security and Operations 2. Keep a regular inventory of Applications and Infrastructure dependencies Hardware, software, interdependencies 3. Understand that many OT systems were not designed with Security in mind Availability and operational efficiency 4. Understand your cybersecurity maturity Create an ongoing program 5. Ensure situational awareness across the entire organization: IT &OT Understand the differing requirements for cybersecurity Leverage vendors and expertise unique to your business and operations 7/25/

27 Questions Please use the Ask a Question button at the top of the Player to interactively text your questions in to our presenter Want to know more about Industrial Defender ASM? Join a Product Webinar and Demonstration: or visit 7/25/

28