Service-Aware Security for Distributed Automation. Ilan Barda GRIPS SciREX Symposium February 2 nd 2015

Similar documents
Secure Networking for Critical Infrastructure. Ilan Barda March 2014

Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

Network Cyber Security. Presented by: Motty Anavi RFL Electronics

Cyber Security Implications of SIS Integration with Control Networks

Homeland Security Solutions

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

October Field Area Communication Networks for Digital Oil and Gas Fields

THE FUTURE OF SMART GRID COMMUNICATIONS

SCADA SYSTEMS AND SECURITY WHITEPAPER

Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

Building Secure Networks for the Industrial World

AutoLog ControlMan. Remote Monitoring & Controlling Service

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Cyber Security. Smart Grid

SecFlow Security Appliance Review

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

IT Security and OT Security. Understanding the Challenges

LOGIIC Remote Access. Final Public Report. June LOGIIC - APPROVED FOR PUBLIC DISTRIBUTION

Industrial Security Solutions

CYBER SECURITY TRENDS FOR FUTURE SMART GRID SYSTEMS. Y. Illuz* G. Wainblat S. Barda ECI Telecom ECI Telecom ECI Telecom Israel Israel Israel

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

The Internet of Things (IoT) and Industrial Networks. Guy Denis Rockwell Automation Alliance Manager Europe 2015

Complete SCADA solution for Remote Monitoring and Control

Securely Connect, Network, Access, and Visualize Your Data

How To Protect Your Network From Attack From A Cyber Threat

New Era in Cyber Security. Technology Development

ISACA rudens konference

The Internet of Everything:

Product Factsheet MANAGED SECURITY SERVICES - FIREWALLS - FACT SHEET

Utility Telecom Forum. Robert Sill, CEO & President Aegis Technologies February 4, 2008

CERIAS Tech Report Mapping Water Sector Cyber-Security Vulnerabilities by James H. Graham, Jeffrey L. Hieb and J. Chris Foreman Center for

Secure Access Control for Control System Operations. Andrew Wright, CTO

Communication Networks. We are securing the past in a fast moving future. FOX605 multiservice platform.

INFORMATION TECHNOLOGY PROGRAM DESCRIPTIONS OPERATIONAL INVESTMENTS

SECURING AN INTEGRATED SCADA SYSTEM. Technical Paper April 2007

RAD s Solutions for. Power Utility. Communications. Service Assured Networking

Introduction. Cyber Security for Industrial Applications

Holistic View of Industrial Control Cyber Security

High Level Overview of IPSec and MPLS IPVPNs

Communication Security Measures for SCADA Systems

How To Secure A Wireless Utility Network

Secure Access Solutions for the Petroleum Industry. Secure. Easy. Protected. Access.

How To Create A Large Enterprise Cloud Storage System From A Large Server (Cisco Mds 9000) Family 2 (Cio) 2 (Mds) 2) (Cisa) 2-Year-Old (Cica) 2.5

EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

Designing a security policy to protect your automation solution

Smart Substation Security

Secure Access into Industrial Automation and Control Systems Best Practice and Trends

The Internet of Things

What is Really Needed to Secure the Internet of Things?

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

Network Security Infrastructure Testing

CG Automation Solutions USA

Smart Solutions for Network IP Migration

Three Simple Steps to SCADA Systems Security

Lessons Learned from AMI Pioneers Follow the Path to Success

Open Enterprise Architectures for a Substation Password Management System

HMS Industrial Networks. Putting industrial applications on the cloud

On the use of Honeypots for Detecting Cyber Attacks on Industrial Control Networks

Unified Threat Management, Managed Security, and the Cloud Services Model

ThreatSpike Dome: A New Approach To Security Monitoring

Innovative Defense Strategies for Securing SCADA & Control Systems

SNMP I/O Devices Make Monitoring Environmental Conditions Easy. Austin Lin Product Manager Wayne Chen Technical Service Moxa Inc.

Internet of Things (IoT): Security Awareness. Sandra Liepkalns, CRISC

The Importance of Cybersecurity Monitoring for Utilities

How Secure is Your SCADA System?

N-Dimension Solutions Cyber Security for Utilities

Roger W. Kuhn, Jr. Advisory Director Education Fellow Cyber Security Forum Initiative

Internet of Things Security Companion to the CIS Critical Security Controls (Version 6)

Security Intelligence and Analytics in Industrial Systems

Robert Malmgren. Smart Grid. Security Challenges - Legacy and Infrastructure Burdens

How to Choose the Right Industrial Firewall: The Top 7 Considerations. Li Peng Product Manager

Dr. György Kálmán

NEW GENERATION PROGRAMMABLE AUTOMATION CONTROLLER

Secure access to a water treatment plant s SCADA network

Implementing Cisco IOS Network Security

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

CCNA Security 2.0 Scope and Sequence

EU CIP Project DENSEK. Joining forces against cyber threats on European level

WHITE PAPER. Securing Process Control Networks

SCADA Security: Challenges and Solutions

Session 14: Functional Security in a Process Environment

SCADA Security Training

LTE Solution and Requirements for Smart Grids

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Industrial Firewalls Endpoint Security

Going Critical. How to Design Advanced Security Networks for the Nation s Infrastructure. w w w. G a r r e t t C o m. C o m

Secure Networks for Process Control

CONTENTS. PCI DSS Compliance Guide

Network Security. Intertech Associates, Inc.

SCADA/Business Network Separation: Securing an Integrated SCADA System

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

NERC CIP Whitepaper How Endian Solutions Can Help With Compliance

NERC CIP Substation Cyber Security Update. John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

DNP Serial SCADA to SCADA Over IP: Standards, Regulations Security and Best Practices

Protecting Critical Infrastructure. Secure Fashion. Kevin McPoland GarrettCom

Cisco Fog Computing Solutions: Unleash the Power of the Internet of Things

Safe Network Integration

Transcription:

Service-Aware Security for Distributed Automation Ilan Barda GRIPS SciREX Symposium February 2 nd 2015

The market Securing the Industrial IoT Source: MarketsandMarkets, December 2014-2-

Radiflow Mission Utilities deploy modern Distributed Automation devices connecting Remote locations over large-scale IP networks Exposing Critical applications to Cyber Security Attacks Radiflow provides Cyber Security solutions for Critical Distributed Automation networks - 3-

Growing cyber-threat for SCADA networks - 4-

Attack Vectors on the OT network Control center Excess Access Rights PLC PLC Malware in the SCADA Computers OT network Man in the Middle Compromised Field Device

Remote utility sites are the weakest link SCADA networks were designed for security by obscurity Industrial automation devices utilize basic authentication methods SCADA protocols do not support any role-base authorizations Physical access to a remote site can be easily gained Remote sub-stations are unmanned Authorized site visitors gain access to the local network Inter-site sessions should not considered trusted An insider in 1 site can gain unsupervised access to other sites Man-in-Middle attacks can hack into the private network smart grid cyber-security guidelines did not address an important element risk of attacks that use both cyber and physical means Electricity Grid Modernization; Report to Congressional requesters, US GAO, January 2011-6-

Radiflow Portfolio Evolution SCADA Behavioral Detection Server Identity Management SCADA IPS/IDS Secure Utility Gateway/Router Physical & Cyber Integration

Easy deployment using Secure Gateways/Routers Multi- Service Service Management User Validation Resilient Network Service Validation Ruggedized System Field deployment Power Sub-stations Railways/Highways Explosive areas Variety of interfaces Ethernet Serial Cellular Discrete I/O Security tool-set Application validation User authentication Data encryption - 8-

Integrated Physical & Cyber security Distributed SCADA IPS in each site Correlation with physical security systems for dynamic user authentication Validate per-user SCADA operations Integration with central SIEM tool Task-based access control by dynamically allocating physical & logical security resources based on physical & logical triggers - 9-

Security solution validated by US Research Labs Role Based IPS/IDS for SCADA Protocols Securing Data Traffic (Legacy or IP) Secure Authentication Persistent, Reliable Logging - 10-

Field-proven technology - 11-

Focus applications Power T&D (Smart-Grid, Sub-station automation) Smart-City, Safety and Security Intelligent Transportation (Railways, Highways) Drilling and Pipelines (Water, Oil & Gas)

Secure Access for Substation Automation Identity management for detailed per user authorizations Validation of SCADA behavior per user Automatic learning of SCADA behavior Detailed log of user activities IPsec VPN for inter-site connectivity Support Ethernet and Serial devices - 13-

Large scale control for Intelligent Transportation Modern Railway/Highway control applications require Ethernet rings for reliable networking Mixture of Ethernet, PoE, Serial & Discrete ModBus firewall for secure traffic flow User Authentication for remote maintenance Message boards RS-232/485 Traffic control QoS Security cameras PoE Tetra base stations 1588 clock sync Remote site Ring 1 Ring 1 Ring 6 Ring 6 Central site 1588 clock - 14-

Summary Modern distributed automation applications use IP networks Intra-network security is mandatory Radiflow Service-aware Industrial security solution Integrated defense-in-depth tool-set Optimize CapEx and OpEx For more details: info@radiflow.com www.radiflow.com - 15-

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information