Airports and their SCADA Systems. Dr Leigh Armistead, CISSP. Peregrine Technical Solutions



Similar documents
TRIPWIRE NERC SOLUTION SUITE

White Paper. April Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

White Paper. Information Security -- Network Assessment

Understanding SCADA System Security Vulnerabilities

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott

The Importance of Cybersecurity Monitoring for Utilities

Utility of the Future Virtual Event Series Monthly Virtual Studio Event Series for Utilities

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

NERC CIP VERSION 5 COMPLIANCE

Cybersecurity in a Mobile IP World

This is a preview - click here to buy the full publication

Security Issues with Integrated Smart Buildings

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

future data and infrastructure

Claes Rytoft, ABB, Security in Power Systems. ABB Group October 29, 2009 Slide 1

LogRhythm and NERC CIP Compliance

William Hery Research Professor, Computer Science and Engineering NYU-Poly

Cyber Security for NERC CIP Version 5 Compliance

Symphony Plus Cyber security for the power and water industries

The Internet of Things Risks and Challenges

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Critical Controls for Cyber Security.

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

Update On Smart Grid Cyber Security

GE Measurement & Control. Cyber Security for NERC CIP Compliance

Internet of Things (IoT): Security Awareness. Sandra Liepkalns, CRISC

The Protection Mission a constant endeavor

DeltaV System Cyber-Security

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

What is Really Needed to Secure the Internet of Things?

Frost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends

How to Choose the Right Industrial Firewall: The Top 7 Considerations. Li Peng Product Manager

Ecom Infotech. Page 1 of 6

Risk and Security Assessment. Zbigniew Kalbarczyk

PCI Solution for Retail: Addressing Compliance and Security Best Practices

An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011

ForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

The Next Generation of Security Leaders

Cyber Threats in Physical Security Understanding and Mitigating the Risk

NERC CIP Whitepaper How Endian Solutions Can Help With Compliance

Verve Security Center

CONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

Lessons Learned CIP Reliability Standards

The Business Case for Security Information Management

for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs

Defending Against Data Beaches: Internal Controls for Cybersecurity

Waterfall for NERC-CIP Compliance

ISACA rudens konference

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

AUDITOR GENERAL S REPORT. Protection of Critical Infrastructure Control Systems. Report 5 August 2005

Cisco Advanced Services for Network Security

Practical Steps To Securing Process Control Networks

SCADA Security: Challenges and Solutions

SCADA/Business Network Separation: Securing an Integrated SCADA System

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

SCADA SYSTEMS AND SECURITY WHITEPAPER

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

National Railroad Passenger Corp. (AMTRAK) Session 1 Threats and Constraints. Continuous. - Continuous Monitoring. - Continuous Assessment

Security Controls What Works. Southside Virginia Community College: Security Awareness

Cyber Security Compliance (NERC CIP V5)

Smart Grid Cybersecurity

Achieving Compliance with the PCI Data Security Standard

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Security Whitepaper: ivvy Products

Cisco SAFE: A Security Reference Architecture

Models for Cyber Security Analysis

Deploying Firewalls Throughout Your Organization

Industrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005

Understanding & Preventing DDoS Attacks (Distributed Denial of Service) A Report For Small Business

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi

Using Monitoring, Logging, and Alerting to Improve ICS Security ICSJWG 2015 Fall Meeting October 27, 2015

Joe Andrews, MsIA, CISSP-ISSEP, ISSAP, ISSMP, CISA, PSP Sr. Compliance Auditor Cyber Security

CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System

Critical Infrastructure Security: The Emerging Smart Grid. Cyber Security Lecture 5: Assurance, Evaluation, and Compliance Carl Hauser & Adam Hahn

1 Purpose Scope Roles and Responsibilities Physical & Environmental Security Access Control to the Network...

Cyber Security Response to Physical Security Breaches

Help for the Developers of Control System Cyber Security Standards

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Designing secure networks for substation automation and control systems

Transcription:

Airports and their SCADA Systems Dr Leigh Armistead, CISSP Peregrine Technical Solutions

What We May Face For an attack to be successful it only has to cause disruption not loss of life to a significant number of Americans Such a focused attack would become an immediate, and perhaps overwhelming, distraction for our national leadership

Weapons of Mass Disruption Incidents: Continuing, Increasing, More Sophisticated Insurance Standards Will Increase; Insurance Will Cost More (If Available) Loss of Public and Customer Confidence => Potential Flood of Liability Judgments Demand for Safe Harbors and Risk Mitigation Measures

It gets worse with increased reliance on automated systems SCADA Control Systems Lights-Out Nodes Automated Switches Just-In-Time Deliveries, System-Based Manufacturing, etc. Future: Smart Houses, Intelligent Highways, Ubiquitous Information Appliances, etc.

Reduced Reaction Time Failure Propagation Time Decreasing Rapidly Fewer Circuit Breakers (Actual or Logical) Less Time to Muddle Through

Threats to Airports Information Age depends on reliable, predictable, affordable infrastructures Uncertainty chills investment climate Unreliability raises costs, scares customers Protection of the airports networks and systems is therefore necessary for continued expansion and daily operation

What s so special about SCADA? Highly distributed systems Control geographically dispersed assets, often scattered over thousands of square kilometers Control and monitoring data transmitted over Long-distance communications networks Most research concerning SCADA systems deals with these standard bad examples Power grid Oil and gas distribution Water treatment The controlled assets are critical to our way of life Transportation systems Typically this is railroads when it should be airports

NERC Top Vulnerabilities Remote access to the control system without appropriate access control Use of inadequately secured wireless communication for control Insufficient application of tools to detect and report on anomalous or inappropriate activity Unauthorized or inappropriate applications or devices on control system networks Control systems command and control data not authenticated 14

The Key Point for Airport Systems Widely available, low-cost Internet Protocol (IP) devices are now replacing proprietary solutions, which increases the possibility of cyber security vulnerabilities and incidents Bottom-line: They are starting to represent IT systems They are being connected to the same network The networks may be accessible to the public Are these true in the typical airport environment? SCADA systems on the same pipe? Maybe! Free Wi-Fi on the same pipe? Free, anyway! Separation between the two? Who knows?

Specific Airport SCADA Concerns What ABOUT airports? Are they vulnerable? Modern airports are highly competitive cost driven operations that offer a range of public and private services Many airport systems such as building control systems are SCADA controlled access control and perimeter intrusion systems eenabled aircraft systems radar systems network-enabled baggage systems 16

Airport SCADA Hype Expected Threats Aircraft fuel handling systems Distributed airport systems such as ground approach Runway signaling, radar, This is based on the perceived, typical SCADA issues and concerns 17

Airport SCADA Reality However A widely held belief is that the SCADA systems in the airport were isolated from the main IT backbone Often the car parking and baggage control systems were separated from the main IT network by hardware firewalls These firewalls were assumed secure by IT staff but it was unclear who had responsibly for the managing and configuration of these firewalls 18

Why do these vulnerabilities exist? Additional services could be added to the network without all relevant IT staff being aware of the changes There appeared to be no overarching group or committee that had a direct focus on cyber security measures despite the considerable size of the airport Security measures were left in multiple hands and ad hoc systems were assumed isolated 19

Most immediate SCADA issues So while there may be outside hype on enterprise Airport SCADA systems such as the radar, fuel handling, etc From research conducted late last year, the main SCADA-like systems of most concern to the airport staff are as follows: Automated or semi-automated baggage handling systems Car parking systems (it s the driver mentioned above) 20

Car Parking? Baggage? Seriously? But you can t get to those car parking and baggage networks, right? The public network (WiFi) and the airport network were the same network but there are Firewalls between them The reason that the IT infrastructure even has security? It has to deal with credit card transactions over the airport network, which forced these networks to become PCI compliant 21

A Network is a Network is a.. Also on this same Airport network are all of the flight arrival/departure displays.. Plus this system (ie the same network) also has of the departure displays at the gates In addition, this common Airport network also hosts all of the tag scanners for the baggage handlers. Everything is interconnected and no one in monitoring the network holistically 22

How does this affect you? Realization that Airports face a management challenge as well as a technical challenge Development of Risk Management Approach Growing interest from Auditors Insurance Industry Attorneys You need to look at continuing to maximize computer connectivity as an open invitation to malicious activity (at best) and cyber terrorism (at it s extreme)

Risk Management Approach Poor Operational Coordination & Readiness Symptoms No Common Training or Doctrine Inadequate communication across different airport departments, with no one group looking at airport security from a holistic viewpoint No Real Scenario-Based Combined Planning Policy and Standards are important too!

The SCADA Standards Labyrinth The good thing is that There s plenty to choose from! NIST (for about everyone) Enhancement to 800-53 800-82 NERC (for the power industry) In Hindi it means Hell Coincidence? Cyber protection CIP augmentations, Being enforced from July 2009 ISO / IEC standards 26

Conclusions Because of the ubiquity of network-enabled airports connected both internally and externally, network security is paramount to ensuring international transportation safety SCADA is important, but in areas that most do not Each is different with particular quirks; there is no standardization in the IT infrastructures available or used at a particular location Airports continue to integrate more and more functionality into the infrastructures, including Electronic Flight Bags and back-office systems 27

Summary Cyber Security for Airport SCADA systems is a real vulnerability for needs to be part of a holistic solution to maintaining a smooth running operation All systems connected to the network must be evaluated for the threats they introduce and an enterprise approach to protecting Airports must consider who has access to what, when and how often.

Questions?

Dr Leigh Armistead, CISSP President Peregrine Technical Solutions 114 Ballard Street Yorktown, VA 23690-0520 larmistead@gbpts.com (757) 581-9550