Secure Networking for Critical Infrastructure. Ilan Barda March 2014



Similar documents
Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment

Homeland Security Solutions

WAN Failover Scenarios Using Digi Wireless WAN Routers

Smart Substation Security

WHITE PAPER. Securing Process Control Networks

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

LTE Solution and Requirements for Smart Grids

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

Communication Networks. We are securing the past in a fast moving future. FOX605 multiservice platform.

RAD s Solutions for. Power Utility. Communications. Service Assured Networking

October Field Area Communication Networks for Digital Oil and Gas Fields

SECURING AN INTEGRATED SCADA SYSTEM. Technical Paper April 2007

THE FUTURE OF SMART GRID COMMUNICATIONS

John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

Computer Networking. Definitions. Introduction

Building Secure Networks for the Industrial World

Network Security Infrastructure Testing

Cisco Which VPN Solution is Right for You?

Cisco Virtual Office Express

Network System Design Lesson Objectives

Telephone Company Lease Line Elimination. Dewey Day Principal Operational Technology Architect Pacific Gas & Electric

Three Simple Steps to SCADA Systems Security

SCADA/Business Network Separation: Securing an Integrated SCADA System

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

NERC CIP Substation Cyber Security Update. John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

Network Cyber Security. Presented by: Motty Anavi RFL Electronics

Technology Spotlight on Cellular Data Networking for SCADA system networks. Presented by Teamwork Solutions, Inc.

SCADA SYSTEMS AND SECURITY WHITEPAPER

Gigabit Multi-Homing VPN Security Router

Secure access to a water treatment plant s SCADA network

Smart Solutions for Network IP Migration

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

High Level Overview of IPSec and MPLS IPVPNs

John Ragan Director of Product Management. Billy Wise Communications Specialist

1.264 Lecture 37. Telecom: Enterprise networks, VPN

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

RIDE-IT System Overview

The Internet of Things (IoT) and Industrial Networks. Guy Denis Rockwell Automation Alliance Manager Europe 2015

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network

End-to-end technology solutions and services

Deploying Firewalls Throughout Your Organization

This webinar brought to you by the Relion product family

R-Win. Smart Wireless Communication Management System

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

High Performance, Secure VPN Servers for Remote Utility, Industrial Automation Systems:

Small, Medium and Large Businesses

Cisco Virtual Office Flexibility and Productivity for the Remote Workforce

Introduction. Technology background

Technical White Paper

Secure SCADA Network Technology and Methods

Professional Mobile radio. NEXIUM Wireless Mission-Critical LTE

Testing Intelligent Device Communications in a Distributed System

Cisco SR 520-T1 Secure Router

rad partners Complementary RAD Group Products

Tech-Note Bridges Vs Routers Version /06/2009. Bridges Vs Routers

Using ISA/IEC Standards to Improve Control System Security

Cisco Router and Security Device Manager (SDM)

Going Critical. How to Design Advanced Security Networks for the Nation s Infrastructure. w w w. G a r r e t t C o m. C o m

13 Ways Through A Firewall

How Secure is Your SCADA System?

Designing a security policy to protect your automation solution

IP/MPLS. Marios Parperis - Alcatel-Lucent Energy Systems Integration Division. October Alcatel-Lucent 2010 All Rights Reserved

Complete SCADA solution for Remote Monitoring and Control

Opengear Application Note

the amount of data will grow. It is projected by the industry that utilities will go from moving and managing 7 terabytes of data to 800 terabytes.

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

MANAGEMENT INFORMATION SYSTEMS 8/E

BUY ONLINE AT:

M!DGE/MG102i. Application notes.

Appendix C Network Planning for Dual WAN Ports

Cisco Group Encrypted Transport VPN: Tunnel-less VPN Delivering Encryption and Authentication for the WAN

Secure Communication Made Easy

GPRS and 3G Services: Connectivity Options

Hirschmann. Simply a good Connection. White paper: Security concepts. based on EAGLE system. Security-concepts Frank Seufert White Paper Rev. 1.

Cyber Security for Power Utilities

Innovative Defense Strategies for Securing SCADA & Control Systems

NATIONAL RESEARCH AGENCY CASE STUDY - CCTV NETWORK SERVICES

Using a VPN with Niagara Systems. v0.3 6, July 2013

Security appliances with integrated switch- Even more secure and more cost effective

SSECMGT: CManaging Enterprise Security with Cisco Security Manager v4.x

Chapter 4 Customizing Your Network Settings

WiFi Anywhere. Multi Carrier 3G/4G WiFi Router. IntraTec Solutions Ltd

!! "# $%!& $!$ +) * ', -./01.//1233/ "4, -./01.//12223 *, 565

Your Best Connection. LTE/HSPA+/UMTS/CDMA/EDGE/GPRS Cellular Router Technology. for Cellular Solutions. Designed for M2M Applications

RAP Installation - Updated

Using a Sierra Wireless AirLink Raven X or Raven-E with a Cisco Router Application Note

Transcription:

Secure Networking for Critical Infrastructure Ilan Barda March 2014

RADiFlow as part of the RAD Group The Access Company Secure Ruggedized Communication Solutions Wireless Mobile Backhaul Group Distributor in Israel Sub-6GHz Wireless Backhaul 2012 Sales = $1.2 Billion Main applications: Telecom - Fixed & Mobile Utilities & Transportation Government & Enterprise About 4,000 Employees Integrated Application Delivery Network Test Solutions CWDM and DWDM Solutions Hi-end Adapters for Servers - 2-

Smart Utilities Applications Utilities deploy Distributed Automation applications over a large-scale network of Ruggedized Ethernet switches Such networks are exposed to cyber security attacks - 3-

Protecting Distributed SCADA from Insider Attacks Attack vector Control-Center malware Field-site breach Man-in-the-Middle Remote maintenance Security Measure Service-aware firewall Distributed firewalls Encryption Secure remote access Control Center HMI Engineering Station Controller1 Controller2 Dev1.1 Dev1.2 Facility1 Dev2.1 Dev2.2 Facility2

Firewall use-case RTU software update The technician laptop infects the Engineering station in the control center The Engineering station downloads new software to the field RTUs DNP3 distributed firewall programmed to allow only access to parameters address ranges during normal operation Stuxnet scenario can be prevented using distributed service-aware firewall Eng. Station Control Center S.S. RTU Technician Sub-Station IEC61850 IEDs Facility RTU - 5-

VPN over public network Connecting private sub-networks over a public network Remote site connection using Hub & Spoke GRE tunnels IP Sec used to encrypt the GRE tunnels Certificates used to authenticate remote parties L2 or L3 VPN modes available IPSec tunnel Primary SIM ACTIVE INTERNET NAT router Cell site ISP #1 IPSec tunnel OFF Secondary SIM Cell site ISP #2-6-

Integrated security in a Ruggedized switch Service Management Operational Simplicity Secure Access Service Validation Defense-in-depth solution Multi- Service Resilient Network Ruggedized System Solid infrastructure - 7-

3180 Secure Utility Gateway 8/16xETH 10/100BaseT 4xRS-232 Dual-SIM 2G/3G Cellular modem 2+2 Discrete I/O ETH switching & IP routing SCADA security tool-set SCADA Gateway - 8-

Focus applications Power T&D (Smart-Grid, Sub-station automation) Smart-City, Safety and Security Intelligent Transportation (Railways, Highways) Drilling and Pipelines (Water, Oil & Gas)

Growing Install-base - 10-

Case Study Consolidated Smart-Grid network Mix of fiber and cellular backhauling Regulation for Separate VPNs for AMI and DA Implementation highlights Service-aware VPN functionality SCADA firewall Fiber or cellular uplinks Service-aware QoS for cellular network Serial interfaces with protocol gateway Zero-touch provisioning for mass deployment - 11-

Large scale transportation control network Large-scale transportation control applications require Ethernet rings for access to backbone Mixture of Ethernet, Serial & Discrete devices PoE support for CCTV cameras IEEE15888v2 support for radio clock synchronization QoS and SCADA firewall for secure and reliable access to the critical automation services Message boards RS-232/485 Traffic control QoS Security cameras PoE Tetra base stations 1588 clock sync Remote site Ring 1 Ring 1 Ring 6 Ring 6 Central site 1588 clock - 12-

Summary Modern critical infrastructure deployments use Ethernet Intra-network security is mandatory RADiFlow Service-aware Industrial Ethernet solution Unique distributed service-aware firewall by the network Integrated defense-in-depth tool-set Optimize CapEx and OpEx For more details: info@radiflow.com www.radiflow.com - 13-

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information