IT Security and OT Security. Understanding the Challenges



Similar documents
Industrial Security for Process Automation

Innovative Defense Strategies for Securing SCADA & Control Systems

Verve Security Center

Critical Infrastructure Cybersecurity

RuggedCom Solutions for

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

GE Measurement & Control. Cyber Security for NERC CIP Compliance

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

IT Networking and Security

Protecting productivity with Plant Security Services

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

Ovation Security Center Data Sheet

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric

Cyber Security for NERC CIP Version 5 Compliance

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

Industrial Security Solutions

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Security Testing in Critical Systems

SANS Top 20 Critical Controls for Effective Cyber Defense

John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

GE Measurement & Control. Cyber Security for NEI 08-09

Symphony Plus Cyber security for the power and water industries

Chapter 9 Firewalls and Intrusion Prevention Systems

Ovation Security Center Data Sheet

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Roger W. Kuhn, Jr. Advisory Director Education Fellow Cyber Security Forum Initiative

NERC CIP Substation Cyber Security Update. John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

Sygate Secure Enterprise and Alcatel

Cyber Security nei prodotti di automazione

ISACA rudens konference

How To Secure Your System From Cyber Attacks

The Protection Mission a constant endeavor

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices

INTRUSION DETECTION SYSTEMS and Network Security

CYBER SECURITY: SYSTEM SERVICES FOR THE SAFEGUARD OF DIGITAL SUBSTATION AUTOMATION SYSTEMS. Massimo Petrini (*), Emiliano Casale TERNA S.p.A.

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

GE Measurement & Control. Cyber Security for Industrial Controls

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

CYBER SECURITY. Is your Industrial Control System prepared?

Protecting Critical Infrastructure

AutoLog ControlMan. Remote Monitoring & Controlling Service

FOXBORO. I/A Series SOFTWARE Product Specifications. I/A Series Intelligent SCADA SCADA Platform PSS 21S-2M1 B3 OVERVIEW

A Strategic Approach to Protecting SCADA and Process Control Systems

Windows Server 2003 End of Support. What does it mean? What are my options?

NERC CIP Version 5 and the PI System

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Decrease your HMI/SCADA risk

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

Did you know your security solution can help with PCI compliance too?

Chapter 1 The Principles of Auditing 1

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

IP Telephony Management

Building a SCADA Cyber Security Operations Center - PCN

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Introduction to Cyber Security / Information Security

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, Concepts.

Ease Server Support With Pre-Configured Virtualization Systems

IT Networking and Security

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005

Document ID. Cyber security for substation automation products and systems

Missing the Obvious: Network Security Monitoring for ICS

Effective Defense in Depth Strategies

Tk20 Network Infrastructure

Configuring and Managing Token Ring Switches Using Cisco s Network Management Products

Optimizing and Securing an Industrial DCS with VMware

Operational Guidelines for Industrial Security

Description of Actual State Sensor Types for the Software Asset Management (SWAM) Capability. 7 Jul 2014

74% 96 Action Items. Compliance

Cyber Security From product to system solution

Secure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco

Secure Communication Made Easy

Goals. Understanding security testing

New Era in Cyber Security. Technology Development

The Need to Be Innovative and Agile. Bridging the IT/OT Divide Using Software-defined Solutions

DNP Serial SCADA to SCADA Over IP: Standards, Regulations Security and Best Practices

Session 14: Functional Security in a Process Environment

Technology Spotlight on Cellular Data Networking for SCADA system networks. Presented by Teamwork Solutions, Inc.

CONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT

Network Security Administrator

Utility Telecom Forum. Robert Sill, CEO & President Aegis Technologies February 4, 2008

Lessons Learned from AMI Pioneers Follow the Path to Success

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Secure Networks for Process Control

The Advantages of an Integrated Factory Acceptance Test in an ICS Environment

How To Test A Control System With A Network Security Tool Like Nesus

RUGGEDCOM CROSSBOW. Secure Access Management Solution. siemens.com/ruggedcom. Edition 10/2014. Brochure

An Analysis of the Capabilities Of Cybersecurity Defense

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Transcription:

IT Security and OT Security Understanding the Challenges

Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2

Technology Sophistication Security Maturity Evolution in Industrial Control Firewalls Business connectivity Locks on the Door Intrusion Detection Network Based Host Based Known Bad Industrial Protocols Alarm Sensors Event Monitor Central Logging Monitor and respond Alert on Events of interest Log everything and apply forensics Incident Management Flight recorder Intrusion Prevention Network Based Host Based Deep packet inspection Known Bad signatures Known Good Signatures Whitelisting System hardening System locked down Security Management Automates manual process Enforces policy, process & procedures Leverages baselines Manages changes Audit reporting Continuous assessments Attestation data Doing it and Proving you are doing it 2003 2005 2007 2009 2012 5/4/2012 # 3

IT Drivers vs. OT Drivers Enterprise IT Automation Systems OT 5/4/2012 # 4

Control Systems Have Unique Architectures What Needs To Be Protected and Monitored? Servers HMI s Control System Networks Network Devices PLC s IED s RTU s Device Interfaces and Communications Event / log collection IDS / IPS Configuration and patch data collection Remote access controls Servers: PCS, SCADA, Automation Systems Devices Firewalls Hardened networking devices IEDs, Sensors, Controllers Work stations HMI Stations 5/4/2012 # 5

Automation Systems Security Really Unique? Not life threatening Corporate IT Availability important Transactional orientation IBM, SAP, Oracle,.. People ~= Devices PCs and Servers Web services model is dominant MS Windows is dominant OS Many commercial software products installed on each PC Protocol is primarily HTTP/HTTPS over TCP/IP -- widely known Office environment, plus mobile Cross-industry IT jargon Cross-industry regulations (mostly) Safety first Automation Systems IT Non-interruption is critical Real-time focus ABB, Emerson, GE, Honeywell, Siemens... Few people; Many, many devices Sensors, Controllers, Servers Polled automation control model Vendor-embedded operating systems Purpose-specific devices and application Many industrial protocols, some over TCP/IP vendor and sector-specific Harsh operating plant environments Industry sector-specific jargon Industry-specific regulations 5/4/2012 # 6

IT/Data Center Environment Dedicated Specialists - Desktop - Database - Network - Security Dedicated Tools - Desktop Management - Database Management - Network Management - Security Monitoring 5/4/2012 # 7

Operations Technology(OT) Environment OT Specialists Dedicated Applications Specialists Manage Control Network and Control Systems Generalists, Not Specialists OT Tools Diagnostic Tools Are Usually Supplied by Control Systems Vendor Control Systems Tools Are Application Centric Network, Security, Database, Desktop Support Tools Not Available or Not Present Learning 4-5 IT Tools To Manage Environment Not Practical 5/4/2012 # 8

Unique Challenge: 15+ Year Duty Cycle on Control Systems Legacy Systems Create Unique Challenges Operating Systems No Longer Supported by Manufacturer Windows NT Older Unix Systems Such as AIX or Solaris Limited Network Bandwidth Older Networks Will Be Adversely Affected By Some Standard IT Monitoring Technologies Look For: Security Technologies That Support Legacy Systems Technologies That Utilize Limited Network Bandwidth For Reporting/Monitoring 5/4/2012 # 9

Unique Challenge: Industrial Controls Environment Industrial Protocols Within Control System Networks Modbus DNP3 Industrial End Point Devices Programmable Logic Controllers (PLCs) Intelligent Electronic Devices (IEDs) Remote Terminal Units (RTUs) Look For: Technologies that support network monitoring of industrial protocols via purpose built signatures for industrial protocols Technologies that can monitor configurations of industrial end point devices 5/4/2012 # 10

Recommended OT Security Deployment Network Segment Monitoring Network Intrusion Monitoring for Including Industrial Protocols Monitoring of Servers Syslog Embedded Agents Monitoring of Workstations Syslog Embedded Agents Perimeter Firewalls Anti-Virus Anti Malware Blacklist (signature based) Whitelist (application based) Configuration Management Monitoring and Baselines of Configuration Changes 5/4/2012 # 11

Generation Plant Security Deployment 5/4/2012 # 12

Power Fault ProCurve 600 rps/eps J8168A PoE 1 3 5 7 9 11 13 15 17 19 23 25 27 29 31 33 35 37 39 2 4 1 3 STATUS 10/100/100 ETHERNET LAYER 3 SWITCH Fan/Temp Status Fan/Temp Status flash = Temperature too high Fan/Temp Status + Fault flash = Fan failure 5 6 7 8 9 10 Device Connected - E2 Power Status - Power Fault 11 12 1 EPS Port Status 13 ProCurve 600 rps/eps J8168A Fan/Temp Status PoE E1 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 RPS Port Status 39 40 41 41 43 45 47 1 3 5 7 9 11 13 15 17 19 23 25 27 29 31 33 35 37 39 2 STATUS 3 4 10/100/100 ETHERNET LAYER 3 SWITCH Fan/Temp Status flash = Temperature too high Fan/Temp Status + Fault flash = Fan failure 5 6 7 8 10 Device Connected - E2 9 Power Status - 11 12 EPS Port Status 13 E1 14 15 16 17 Device Connected - R6 R5 R4 R3 R2 R1 Power Status - 18 19 20 21 22 23 24 25 26 27 28 Device Connected - Power Status - 29 30 42 31 43 32 44 33 45 34 46 35 47 36 48 37 38 RPS Port Status CONSOLE 39 AUX 40 41 Catalyst 2948G-L3 1000 Base - X PSI RPSU 49 50 41 43 45 47 R6 R5 R4 R3 R2 R1 42 43 44 45 46 47 48 49 50 CONSOLE AUX Catalyst 2948G-L3 1000 Base - X PSI RPSU 49 50 49 50 3 4 5 6 7 8 3 4 5 6 7 8 3 4 5 6 7 8 3 4 5 6 7 8 3 4 5 6 7 8 3 4 5 6 7 8 3 4 5 6 7 8 Ready Clean Attention Error Cancel Enter SBS Technologies, Inc. Expansion Unit Previous Next StorageWorks MSL2024 Tape Library 3 4 5 6 7 8 3 4 5 6 7 8 SBS Technologies, Inc. Expansion Unit 3 4 5 6 7 8 3 4 5 6 7 8 Security Components SCADA SCADA Servers Oracle Servers UDW Historian / PC Apps Servers w/ MSL2024 Tape Library Proliant DL380R06 Domain Controller Servers Proliant DL380R06 HMI Workstation w/ 4 Monitors To QAD Cisco Switch WS-C3560G-48TS Cisco Switch WS-C3560-48TS RSA Two Factor Appliance RSA Two Factor Appliance EMS LAN A EMS LAN B RTU LAN A RTU LAN B PCU 400 Servers ID HIPS ID NIDS Satellite Clock Expansion Unit with ICP Cards DMZ LAN A 16 Port Breakout Panel DMZ LAN B CNP / ICCP Servers Proliant DL380R06 Thin Client Server Proliant DL380R06 Modem Share Panel ID ESP HA Customer Provided Modems Customer RTU Corporate WAN Backup Control System ID SEM PRIMARY Routers Provided by RRI Host Intrusion Detection/Prevention Example SCADA Management System 5/4/2012 # 13

Development of Secure Products Role-Based Access Control Functions and data Prevent database changes that produce system failures Prevent more than one operator from controlling a single point simultaneously. Encryption and Communications Audit Trail History of each users access to objects, attributes, data, displays, production areas and controls. Vulnerability Testing Independent, un-biased Installation Best Practices and Guidelines 5/4/2012 # 14

Cyber Security Project Execution Planning Functional Design Specification Security Policy Network Topology Drawings Upgrades and Testing Deployment and Commissioning Installation and Hardening Guideline Remote Access and File Transfer Networks and Interfaces Group Policy and Organizational Units Operation Computer and User Administration Backup and Recovery Patch and Rollup Management Communicate and agree Secure the system and make it available Operation starts on day one 5/4/2012 # 15

Summary OT Has Unique Operating Environments Legacy Systems Industrial Systems And Endpoints OT Has Unique Threats OT Has Limited Tools and Resources Look For: Tools That Are Specialized For OT Tools That Have Been Developed with Security as a Requirement Tools That Have Been Tested By Control System Vendors Are Purpose Built For OT Professionals Proven Methods for Developing and Deploying Secure SCADA Solutions 5/4/2012 # 16

5/4/2012 # 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information