Industrial Control Systems Security Guide

Similar documents
NIST Cybersecurity Framework Manufacturing Implementation

NIST Cybersecurity Initiatives. ARC World Industry Forum 2014

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

NERC CIP VERSION 5 COMPLIANCE

Standard CIP 007 3a Cyber Security Systems Security Management

Securing The Connected Enterprise

Cybersecurity and internal audit. August 15, 2014

Network/Cyber Security

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Cisco Advanced Services for Network Security

Facilitated Self-Evaluation v1.0

Cyber Security Risk Management: A New and Holistic Approach

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

DeltaV System Cyber-Security

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Securing Industrial Control Systems on a Virtual Platform

Guide to Industrial Control Systems (ICS) Security

Best Practices for PCI DSS V3.0 Network Security Compliance

FISMA Implementation Project

A Systems Approach to HVAC Contractor Security

How To Secure Your System From Cyber Attacks

Roadmaps to Securing Industrial Control Systems

Standard CIP Cyber Security Systems Security Management

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Recommended IP Telephony Architecture

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

ISACA rudens konference

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric

NHTSA S AUTOMOTIVE CYBERSECURITY RESEARCH. Arthur Carter, Frank Barickman, NHTSA

Industrial Security Solutions

Industrial Security for Process Automation

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Innovative Defense Strategies for Securing SCADA & Control Systems

Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security

Critical Controls for Cyber Security.

Cyber Security Implications of SIS Integration with Control Networks

Security Implications Associated with Mass Notification Systems

Guide to Industrial Control Systems (ICS) Security

March

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Feature. SCADA Cybersecurity Framework

Industrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities

Looking at the SANS 20 Critical Security Controls

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

LOGIIC Remote Access. Final Public Report. June LOGIIC - APPROVED FOR PUBLIC DISTRIBUTION

The Protection Mission a constant endeavor

Seven Strategies to Defend ICSs

Splunk Enterprise Log Management Role Supporting the ISO Framework EXECUTIVE BRIEF

Cybersecurity considerations for electrical distribution systems

PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor January 23, 2014

Security Policy for External Customers

This is a preview - click here to buy the full publication

Defending against modern threats Kruger National Park ICCWS 2015

Panel Session: Lessons Learned in Smart Grid Cybersecurity

SANS Top 20 Critical Controls for Effective Cyber Defense

ISA-99 Industrial Automation & Control Systems Security

74% 96 Action Items. Compliance

Redhawk Network Security, LLC Layton Ave., Suite One, Bend, OR

UF Risk IT Assessment Guidelines

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015

ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE

Vulnerability Analysis of Energy Delivery Control Systems

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk

Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Computer System Security Updates

An Evaluation of Security Posture Assessment Tools on a SCADA Environment

Chapter 1 The Principles of Auditing 1

IG ISCM MATURITY MODEL FOR FY 2015 FISMA FOR OFFICIAL USE ONLY

Architecting and Development of the SecureCyber: A SCADA Security platform Over Energy Smart Grid

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Information Bulletin

Fujitsu s Approach to Cloud-related Information Security

Practical Steps To Securing Process Control Networks

Summary of CIP Version 5 Standards

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Cloak and Secure Your Critical Infrastructure, ICS and SCADA Systems

Microsoft Systems Architecture 2.0 (MSA 2.0) Security Review An analysis by Foundstone, Inc.

1B1 SECURITY RESPONSIBILITY

KeyLock Solutions Security and Privacy Protection Practices

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB Cyber Risk Management Guidance. Purpose

The Internet of Things (IoT) and Industrial Networks. Guy Denis Rockwell Automation Alliance Manager Europe 2015

How To Protect Water Utilities From Cyber Attack

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

IBM QRadar Security Intelligence April 2013

IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector

Verve Security Center

Office of Inspector General

Symphony Plus Cyber security for the power and water industries

CONCEPTS IN CYBER SECURITY

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

BSM for IT Governance, Risk and Compliance: NERC CIP

1.3 Prohibit Direct Public Access - Prohibit direct public access between the Internet and any system component in the cardholder data environment.

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Transcription:

Industrial Control Systems Security Guide Keith Stouffer, Engineering Lab National Institute of Standards and Technology

NIST SP 800-82, Rev 2 and ICS Cybersecurity Testbed Keith Stouffer Project Leader, Cybersecurity for Smart Manufacturing Systems Engineering Lab, NIST

Industrial Control System (ICS) Cybersecurity NIST has been a key player in the development of ICS cybersecurity standards and guidelines since 2000.

ICS Cybersecurity Research Current efforts are focused on the development of a cybersecurity risk management framework with supporting guidelines, methods, metrics and tools to enable manufacturers to quantitatively asses the cyber risk to their systems, and develop and deploy a cybersecurity program to mitigate their risk, while addressing the demanding performance, reliability, and safety requirements of manufacturing systems.

ICS Cybersecurity Research Implementation of the cybersecurity framework in various manufacturing scenarios including Process Control Collaborative Robotics Additive Manufacturing Development of guidelines, methods, metrics and tools to enable manufacturers to implement the cybersecurity framework while addressing the demanding ICS performance, reliability, and safety requirements

Framework Components Aligns industry standards and best practices to the Framework Core in a particular implementation scenario Cybersecurity activities and informative references, organized around particular outcomes Supports prioritization and measurement while factoring in business needs Framework Profile Framework Core Enables communication of cyber risk across an organization Framework Implementation Tiers Describes how cybersecurity risk is managed by an organization and degree the risk management practices exhibit key characteristics

Framework Profiles Aligns industry standards and best practices to the Framework Core in a particular implementation scenario Supports prioritization and measurement while factoring in business needs Framework Profile

NIST ICS Cybersecurity Testbed Goal of the testbed is to measure the performance of ICS when instrumented with cybersecurity protections in accordance with practices prescribed by national and international standards and guidelines such as NIST SP 800-82 and ISA/IEC 62443 standards Research areas include Perimeter network security Host-based security User and device authentication Packet integrity and authentication Encryption Zone-based security Field bus (non-routable) protocol security Robust/ fault tolerant systems

NIST ICS Cybersecurity Testbed Reconfigurable nature of testbed will allow for researching various implementations for each ICS scenario Research outcomes will be used to provide guidance to industry on best practices for cost effectively implementing cybersecurity standards and guidelines without negatively impacting ICS performance

NIST SP 800-82 Guide to Industrial Control Systems Security Provides guidance for establishing secure ICS, while addressing unique performance, reliability, and safety requirements, including implementation guidance for NIST SP 800-53 controls Downloaded over 3,000,000 times since initial release in 2006 and is heavily referenced by the public and private industrial control community Revision 2 is currently in development

NIST SP 800-82 Content Overview of ICS ICS Risk Management and Assessment ICS Security Program Development and Deployment ICS Security Architecture Applying Security Controls to ICS Appendixes ICS Threats, Vulnerabilities, and Incidents Activities in Industrial Control Systems Security ICS Security Capabilities and Tools ICS Overlay

Major ICS Security Objectives Restrict logical access to the ICS network and network activity Demilitarized zone (DMZ) network architecture Separate authentication mechanisms and credentials for users of the corporate and ICS networks. Network topology that has multiple layers, with the most critical communications occurring in the most secure and reliable layer. Restrict physical access to the ICS network and devices Unauthorized physical access to components could cause serious disruption of the ICS s functionality. Combination of physical access controls should be used, such as locks, card readers, and/or guards.

Major ICS Security Objectives Protect individual ICS components from exploitation Deploy security patches in as expeditious a manner as possible Disable unused ports and services Restrict ICS user privileges to only those that are required Tracking and monitor audit trails Implement antivirus and file integrity checking software where feasible to prevent, deter, detect, and mitigate malware Maintain functionality during adverse conditions Design ICS so that critical components have redundant counterparts Component failure should not generate unnecessary traffic on the ICS or other networks, or should not cause another problem elsewhere, such as a cascading event Deploy security solution based on potential impact Not a one size fits all solution

ICS Overlay ICS overlay provides tailored NIST SP 800-53, Rev 4 security control baselines for Low, Moderate, and High impact ICS and adds supplementary guidance specific to ICS. The ICS overlay is intended to be applicable to all ICS systems in all industrial sectors. Further tailoring can be performed to add specificity to a particular sector (e.g., manufacturing). ICS overlay is included as Appendix G in NIST SP 800-82, Revision 2

Facility Control Systems Although NIST SP 800-82 provides guidance for securing ICS, other types of control systems share similar characteristics and many of the recommendations from the guide are applicable and could be used as a reference to protect such systems against cybersecurity threats. For example, although many building, transportation, medical, security and logistics systems use different protocols, ports and services, and are configured and operate in different modes than ICS, they share similar characteristics to traditional ICS.

NIST SP 800-82, Rev 2 Schedule Initial public draft comment period on NIST SP 800-82, Rev 2 was May 15 July 18, 2014 Final public draft comment period is February 9 March 9, 2015 Available on the NIST Computer Security Resource Center http://csrc.nist.gov/publications/pubssps.html NIST SP 800-82, Rev 2 scheduled to be published May 2015

ISA99 Committee The International Society of Automation (ISA) Committee on Security for Industrial Automation & Control Systems (ISA99) 500+ members Representing companies across all sectors, including: Chemical Processing Petroleum Refining Food and Beverage Energy Pharmaceuticals Water Manufacturing Copyright ISA

The ISA/IEC-62443 Series Copyright ISA

Testbed Scenarios Continuous Processes Chemical Processing Advanced Discrete Processes Dynamic Robotic Assembly Additive Manufacturing Distributed Operations Smart Transportation Smart Grid

Process Control Scenario: The Tennessee Eastman Process Continuous process Dynamic Oscillations Integrated safety system Multiple Protocols EtherNET/IP OPC DeviceNet Hardware-in-the-loop PLC-based control

Dynamic Robotic Assembly Discrete process Cooperative robotics Dynamic Planning Integrated safety system Computer Vision Embedded control A variety of protocols including EtherCAT

Transportation Railway Track sensing & control Train Scheduling Locomotive Automotive Vehicle-vehicle communications Infrastructure sensing & control

ICS Cybersecurity Testbed

NIST Virtual Cybernetic Building Testbed (VCBT) The VCBT is a whole building emulator designed with enough flexibility to be capable simulating normal operation and a variety of faulty and hazardous conditions that might occur in a building where numerous building control systems are integrated together and with outside entities such as utility providers. The VCBT control hardware consists of BACnet products from multiple companies that are used for HVAC control, lighting control, physical access control, and fire detection.

Contact Info Keith Stouffer 301-975-3877 keith.stouffer@nist.gov Engineering Laboratory National Institute of Standards and Technology 100 Bureau Drive, Mail Stop 8230 Gaithersburg, MD 20899-8230 USA

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information