Patch Management. Is it recommended to patch an Industrial Automation Control System and, if so, why? Siemens AG All Rights Reserved.

Transcription

1 Patch Management Is it recommended to patch an Industrial Automation Control System and, if so, why?

2 Facts Most of the computer components of modern Industrial Automation Control System are based on standard operating systems (Microsoft Windows XP / 7 / Server 2003 / Server 2008). Microsoft releases on each Microsoft-Patch-Day, which is usually the second Tuesday of each month, security patches. A patch is a piece of software designed to fix a problem like a security vulnerability. 90% of all successful cyber security attacks are based on vulnerabilities for which patches have already been released. Only 2% of all equipment is completely patched (source: Secunia) Page Carsten Lener

3 What happened in the past? Davis Besse Nuclear Power Plant Event: Aug 20, 2003 Slammer worm infects plant Impact: Complete shutdown of digital portion of Safety Parameter Display System (SPDS) and Plant Process Computer (PPC) Specifics: Worm started at contractors site Worm jumped from corporate to plant network and found an un-patched server Patch had been available for 6 months Page Carsten Lener Recovery time: SPDS 4hours 50 min PPC 6 hours 9 min Source: U.S.Department of Homeland Security) Control System Security Program

4 What happened in the past? Hatch Nuclear Power Plant Event: A software update caused control system to initiate plant shutdown. Impact: The Plant was shutdown for 48 hours Specifics: An engineer installed a software update (Patch) on a computer that operating on the plant's business network. When the updated computer rebooted, it reset the data on the control system, causing safety systems to errantly interpret the lack of data as a drop in coolant water reservoirs Page Carsten Lener Recovery time: 48 Hours Source: U.S.Department of Homeland Security) Control System Security Program

5 Vulnerability Programs are made by humans and humans make failures. A vulnerability is a programming weakness/failure, which allows an attacker to reduce a system s information assurance. Exploit An exploit is a piece of software or similar that takes advantage of a vulnerability. A Zero-Day-Exploit takes advantage of a vulnerability, which no one know. Payload The payload refers to the part of an attack or a computer virus which performs a malicious action. Page Carsten Lener

6 Demonstration how to exploit a vulnerability The following video presents: How to identify vulnerable systems using Nessus. How to use Metasploit to exploit a well-known Windows vulnerability. How to create an executable that calls back home and opens an interactive command shell. Page Carsten Lener

7 Demonstration how to exploit a vulnerability Network Diagram: Page Carsten Lener

8 Mitigations Defence in Depth is essential! Don t rely on a single technology Network segmentation, firewalls, and IDS Apply patches, HIPS, host firewalls, access control and authentication mechanisms, disable unnecessary services, etc. Simply stated: Implement the Security Concept for PCS 7 and WinCC Page Carsten Lener

9 Deep graded security architecture Defense-in-Depth strategy Potential Attacker Physical Security -Building measures Organizational Security -Risk-Management, Assessments and Audits -Compliance -Business Continuity Management & Disaster Recovery DCS System hardening - De-Installation of not needed Applications - Handling of mobile devices (CD/DVD, USB, ) Page Carsten Lener Segmentation in Zones / Security Cells - Segmentation of the plant system Safeguarding the access points - Implementation of Firewalls as the only access point to a security cell Secure Communication - Safeguarding of communication over unsecure networks (Internet) Account Management - Administration of operator und user rights (role based access control) Patch Management Malware detection and prevention

10 Patch Management: Use of Microsoft Patches in SIMATIC PCS 7 This is effective for the following components Windows Operating System Internet Explorer Microsoft SQL-Server Microsoft Office PCS 7/WinCC support for Microsoft Patches New Microsoft Patches (Security Patches and Critical Updates) are tested for compatibility with latest/supported versions of PCS 7 Test results published via Newsletter and FAQ Use of Windows Server Update Services in PCS 7 for installation of Microsoft patches Patch Deployment via centralized Patch Server located in a perimeter network and Windows Server Update Service (WSUS) Setup of Patch Groups and Procedures for updating online (redundant system) Page Carsten Lener

11 Security concept PCS 7 and WinCC Basic document Defense-in-Depth architecture Segmentation Security Cells Firewalls Network Subnets, Addresses, Name resolution Active Directory Domain Workgroups DCS Remote access (VPN, IPsec) Virus scanner Time synchronization Administarion of user- und operator rights Windows Security Patch-Management documented at Page Carsten Lener

12 Thank you for your attention! Carsten M. Lener Technical Consultant - Industrial Security I IA AS S SUP PA Oestliche Rheinbrueckenstraße Karlsruhe Phone: carsten.lener@siemens.com D: \ 01 Plant IT-Security \ Veranstaltungen-Vorträge-Workshops \ Answers for Industry Manchester UK \ AfI_PatchManagement_V3.ppt