SCADA Risks and Emergency Preparedness

Similar documents
SCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E (mobile)

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

SNAP WEBHOST SECURITY POLICY

CYBER SECURITY POLICY For Managers of Drinking Water Systems

Three Simple Steps to SCADA Systems Security

DISASTER RECOVERY WITH AWS

Security Issues with Integrated Smart Buildings

Birkenhead Sixth Form College IT Disaster Recovery Plan

SCADA. The Heart of an Energy Management System. Presented by: Doug Van Slyke SCADA Specialist

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

[Insert Company Logo]

Leveraging the Industrial Internet of Things (IOT) to Optimize Renewable Energy

DISASTER RECOVERY AND NETWORK REDUNDANCY WHITE PAPER

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Backup Strategies for Small Business

What You Should Know About Cloud- Based Data Backup

a Disaster Recovery Plan

Lessons Learned from a Basic Vulnerability Assessment and Emergency Response Plan Update Project in Greensboro

Fiscal Year Information Technology Request

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity

Availability and Disaster Recovery: Basic Principles

Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi

StratusLIVE for Fundraisers Cloud Operations

Designing a security policy to protect your automation solution

ICT Disaster Recovery Plan

TELECOMMUNICATION SYSTEM HAZARD MITIGATION STRATEGIC PLANNING

MEDIAROOM. Products Hosting Infrastructure Documentation. Introduction. Hosting Facility Overview

Backup & Disaster Recovery Options

APPENDIX 7. ICT Disaster Recovery Plan

Business Continuity Planning

What is the Cloud, and why should it matter?

APPENDIX 7. ICT Disaster Recovery Plan

HARVARD RESEARCH GROUP, Inc.

Backup is Good, Recovery is KING

Template Courtesy of: Cloudnition LLC 55 W. 22 nd St Suite 115 Lombard, IL (630)

DISASTER RECOVERY PLANNING GUIDE

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

Disaster Recovery & Business Continuity Dell IT Executive Learning Series

Security Policy JUNE 1, SalesNOW. Security Policy v v

Disaster Recovery and Business Continuity What Every Executive Needs to Know

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Risk Mitigation of Aging Electrical Infrastructure

How Secure is Your SCADA System?

HMS Industrial Networks. Putting industrial applications on the cloud

Abhi Rathinavelu Foster School of Business

Why Smart Water Networks Boost Efficiency

Clinic Business Continuity Plan Guidelines

Tk20 Backup Procedure

Office of Information Technology Hosted Services Service Level Agreement FY2009

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.

Cloud Computing Disaster Recovery (DR)

Computing: Public, Private, and Hybrid. You ve heard a lot lately about Cloud Computing even that there are different kinds of Clouds.

DISASTER RECOVERY. Omniture Disaster Plan. June 2, 2008 Version 2.0

Are you prepared to be next? Invensys Cyber Security

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

The evolution of data connectivity

Success or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper

Level I - Public. Technical Portfolio. Revised: July 2015

RL Solutions Hosting Service Level Agreement

Total Business Continuity with Cyberoam High Availability

Remote Backup Solution: Frequently Asked Questions

Introduction to Virtualization. Paul A. Strassmann George Mason University October 29, 2008, 7:20 to 10:00 PM

disaster recovery - the importance of having a plan

White Paper: Librestream Security Overview

Data Center Infrastructure & Managed Services Outline

NRG Energy Center Minneapolis

LOCAL RADIO STATION MODEL VULNERABILITY ASSESSMENT CHECKLIST. Developed by the Toolkit Working Group for the Media Security and Reliability Council

Cloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud

For Utility Operations

Business Continuity White Paper

Session 14: Functional Security in a Process Environment

Disaster Recovery Strategies

DATA CENTER SERVICES

INSIDE. Preventing Data Loss. > Disaster Recovery Types and Categories. > Disaster Recovery Site Types. > Disaster Recovery Procedure Lists

Guardian365. Managed IT Support Services Suite

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 125. When Disaster Strikes Are You Prepared?

How To Write A Server On A Flash Memory On A Perforce Server

ISO IEC ( ) INFORMATION SECURITY AUDIT TOOL

TO AN EFFECTIVE BUSINESS CONTINUITY PLAN

Woodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview

VDI can reduce costs, simplify systems and provide a less frustrating experience for users.

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Transcription:

SCADA Risks and Emergency Preparedness A Practical Guide to Being Prepared for the Worst 2014 WWOA Annual Conference 3:30pm Wednesday October 8 th, 2014 Presented by and Authored by Jeff M. Miller, PE, ENV SP

About the Presenter Jeff M. Miller, PE, ENV SP Jeff M. Miller is a Water Solutions Architect for Schneider Electric s Water Wastewater Competency Center. Jeff has a B.S. in Electrical Engineering and has worked as an engineering consultant and systems integrator for 25 years where he has delivered on over 30 wastewater treatment, 25 water treatment and 45 pump station projects ranging in size from small lift stations to 370 MGD treatment plants. Jeff is the cofounder and past chair of the NC AWWA-WEA Automation Committee and is also an active member of several national and regional Automation and Plant O&M related committees. 2

Are You a Gambler? How much do you put at risk? Do you know the rules? Do you know the odds? What would you do to better the odds? 3

What risks and threats do SCADA systems normally face? How can we prevent or mitigate these risks? When disaster strikes how do we recover? How come you don t have comfortable seats like ours? 4

SCADA IMPACTS 5

How Would the Loss of SCADA Impact You? Health & Safety Services Resources Financial Required data record keeping Personnel Safety Regulatory Compliance Uninterrupted production and delivery of safe water 6

How Would the Loss of SCADA Impact You? Health & Safety Services Resources Financial Business Continuity Process Automation Service Interruptions or Delayed Responses Water Quality Issues Customer Satisfaction Smart City Integration 7

How Would the Loss of SCADA Impact You? Health & Safety Services Resources Financial Additional manpower on loss of automation or data collection Overwhelmed maintenance staff Availability of backup or rented equipment 8

How Would the Loss of SCADA Impact You? Health & Safety Services Resources Loss of Revenue Recovery Costs Waste Fines Financial 9

SCADA RISKS AND THREATS 10

Are You Prepared for Disaster? Fire, Earthquakes Extreme Weather Flooding, Lightning Power Failure Outages, Catastrophic Faults Security Threats Accidents Critical Failures 11

What is the Greatest Threat Your SCADA System Will Face? If I answer this correctly will I get free stuff? 12

Beware Be Scared Be Very Scared Lack of Knowledge Transfer of a Retiring or Moving-On Workforce Older Technologies Not Known or Expected by a Younger and More Technology-Driven Workforce Generation 13

There s More? Lack of SCADA Specific Planning Cyber Risks Maintenance and Support Risks Environmental Risks Interrelated System Risks AWARENESS IS KEY! 14

Cyber Security Vulnerabilities Hardware Access Wireless Cross-Network Connections External Network Connections Hardware Access False Sense of Security with Partial Solutions Threats Malware / Spyware / Viruses Unauthorized Access Hackers, Vandals, Internal Unintended Cyber Events Operator Errors 15

Miscellaneous Risk and Threats Maintenance & Support Version Control Updates and Upgrades Critical Parts Availability Eg. RAID Hard Drives Knowledge Eg. Automation Logic Staff Transitions Environmental Below Grade Locations Temperature Differentials Condensation Cutting Oil Miscellaneous HVAC Location, Location, Location Conduit Entry 16

Threats to Wiring Infrastructure Mitigation SPDs Pest Guards Equipment Location and Conduit Routing Multiple Path Communications Coordinated Power Distribution 17

Water Water Everywhere A Tale of the Unexpected 18

Corrosion Everywhere Two Tales of A City 19

SCADA RISK PREVENTION AND MITIGATION 20

Emergency Planning Awareness Culture Risk Analysis and Brainstorming Prevention and Mitigation Plan Recovery Plans 21

Cyber Security Have a Plan Firewalls (sniffing) Access Control Unique Passwords Secured Equipment Achilles Certification Allow access or it may be accessed around protective measures 22

System Architecture Goals Redundancy Resiliency Prevention of Common Mode Failures Separate Power Sources Physically Separated Network Cabling Offsite Redundant or Backup Resources 23

Power Resiliency Backup Power UPS should last at least until Standby Generator Provides Power UPS with health status and annunciation Not easily disconnected but easily replaced Separated for redundant equipment Consider cooling circuits Beware of risks of routing fiber with power cables Protect equipment with SPDs 24

Installation Resiliency Separate Terminal Cabinet No Conduit Leak or Contaminate Paths Appropriate Environment and Location Ensure Adequate Cooling if Needed 25

System Architecture Terminal Server Servers 26

System Architecture Redundancy Remote or Cloud Servers Terminal Server Remote or Cloud Server Redundant SCADA Servers Redundant Network Switches Redundant PLCs Redundant Wireless Communications 27

System Architecture Resiliency Remote or Cloud Servers Terminal Server Remote or Cloud Backup Mobile HMI Local HMI PLC-RIO Self Healing Ring Network Non-Terminal Server HMI in Control Room HMI-PLC Self Healing Ring Network Terminal Server and Firewall 28

Be Prepared! 29

Have a Plan SOPs / Contingency Plans Means of Alternate Operation Manual Controls Drills & Exercises Critical Components and Functions Identified Critical Spare Parts Version Control and Backup Accessible Documentation and References 30

Critical Parts and Tools Identified Available or Stocking Agreements with Suppliers or Others? Pre-Configured? Kept in a safe and secure location Everything needed to recover available? 31

Archival, Backup and Recovery Continuous? Auto Restore? Cloud Services? Multiple Copies of Latest Configuration? Offsite or Remote Storage Version Control Covert to Accessible Media Types! 32

Can you find your SCADA Guru? Emergency Contacts Informative Contacts Stocking Distributers Manufacture, Supplier, Representative Local and Corporate Technical Support Original Engineer, Designer, Installer, Contractor History of System / Component Contacts 33

What Threat You Will Face? AWARENESS IS KEY! 34

Questions? Mike Schmidt Business Development Manager Water Wastewater Competency Center Minneapolis, MN Cell: 715-307-3894 Michael.Schmidt@schneider-electric.com www.schneider-electric.com/us Jeff M. Miller, PE, ENV SP Solutions Architect Water Wastewater Competency Center 8001 Knightdale Blvd. Knightdale, NC 27545-9023 Office: 919.266.8360 Mobile: 919.824.9114 JeffM.Miller@Schneider-Electric.com www.schneider-electric.com 35

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information