ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

Similar documents
Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, CASE: Implementation of Cyber Security for Yara Glomfjord

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Industrial Security for Process Automation

Verve Security Center

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

IT Security and OT Security. Understanding the Challenges

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Ovation Security Center Data Sheet

Defending Against Data Beaches: Internal Controls for Cybersecurity

Cyber Security for NERC CIP Version 5 Compliance

Dr. György Kálmán

CONCEPTS IN CYBER SECURITY

SANS Top 20 Critical Controls for Effective Cyber Defense

Symphony Plus Cyber security for the power and water industries

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Ovation Security Center Data Sheet

Document ID. Cyber security for substation automation products and systems

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

Effective Defense in Depth Strategies

GE Measurement & Control. Cyber Security for NERC CIP Compliance

The first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.

Copyright 2011 Rockwell Automation, Inc. All rights reserved. Quick Industrial Security Assessment

Critical Controls for Cyber Security.

ICS CYBER SECURITY RKNEAL, INC. Protecting Industrial Control Systems: An Integrated Approach. Critical Infrastructure Protection

Cyber Security focus in ABB: a Key issue. 03 Luglio 2014, Roma 1 Conferenza Nazionale Cyber Security Marco Biancardi, ABB SpA, Power System Division

Introduction to Cyber Security / Information Security

GE Measurement & Control. Cyber Security for Industrial Controls

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Network/Cyber Security

Cyber Security nei prodotti di automazione

DeltaV System Cyber-Security

Practical Steps To Securing Process Control Networks

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Critical Infrastructure Cybersecurity

Cyber Security and Privacy - Program 183

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Protection from cyber threats

Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s

TRIPWIRE NERC SOLUTION SUITE

Enterprise Cybersecurity: Building an Effective Defense

ABB s approach concerning IS Security for Automation Systems

Supporting our customers with NERC CIP compliance. James McQuiggan, CISSP

Industrial Cyber Security 101. Mike Spear

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

Data Security and Healthcare

Decrease your HMI/SCADA risk

How To Secure Your System From Cyber Attacks

Remote Services. Managing Open Systems with Remote Services

Network Security Administrator

Control System Integrity (CSI) Tools and Processes to Automate CIP Compliance for Control Systems

Session 14: Functional Security in a Process Environment

Maturation of a Cyber Security Incident Prevention and Compliance Program

Industrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities

Protecting Your Organisation from Targeted Cyber Intrusion

Information Shield Solution Matrix for CIP Security Standards

F G F O A A N N U A L C O N F E R E N C E

ISACA rudens konference

Virginia Government Finance Officers Association Spring Conference May 28, Cloud Security 101

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

IIABSC Spring Conference

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Protecting productivity with Plant Security Services

Better secure IT equipment and systems

A Tactical Approach to Continuous Compliance. Walt Sikora, Vice President Security Solutions EMMOS 2013

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

Five keys to a more secure data environment

SUPPLIER SECURITY STANDARD

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA

Security Controls What Works. Southside Virginia Community College: Security Awareness

Critical Security Controls

Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi

OPC & Security Agenda

Cyber Security Seminar KTH

LogRhythm and NERC CIP Compliance

Cyber security tackling the risks with new solutions and co-operation Miikka Pönniö

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric

Plant Network Security

FIREWALL POLICY November 2006 TNS POL - 008

Loophole+ with Ethical Hacking and Penetration Testing

8/27/2015. Brad Schuette IT Manager City of Punta Gorda (941) Don t Wait Another Day

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

SCADA Security Training

THE TOP 4 CONTROLS.

ICANWK406A Install, configure and test network security

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

Ease Server Support With Pre-Configured Virtualization Systems

Navigate Your Way to NERC Compliance

Securing the Service Desk in the Cloud

NERC CIP Version 5 and the PI System

Cisco Security Optimization Service

Healthcare IT (HIT) Strategic Planning & Budgeting MARCH 26, 2014

Name: Position held: Company Name: Is your organisation ISO27001 accredited:

Transcription:

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

Agenda Threats Risk Assessment Implementation Validation Advanced Security Implementation Strategy Slide 2

Examples of events Slide 3

What is Cyber Security? Measures taken to protect a computer or computer system against unauthorized access or attack Merriam-Webster s dictionary Slide 4 Hacking Malicious software Unauthorized use

Why is cyber security an issue? Slide 5

IT vs. OT best practices Information Technology (IT) Operations Technology (OT) Confidentiality Availability Differing priority Integrity Availability Integrity Confidentiality 3 bad password tries; locks account Operator loses control! Deployment guidelines Different approach Install new patches ASAP May not work! May need reboot! Vendor validate Patches Use firewalls and Intrusion Detection Systems Do they know the industrial protocols used? Vendor validate solutions Slide 6

Risk and cost The cost of security measures should be balanced against the desired risk reduction Risk = f(threat, vulnerability, consequences) Optimal security for minimum cost Cost of security We will bankrupt ourselves in the vain search for absolute security - Dwight Eisenhower Cost Probability of a security breach Security Level Slide 7

Cyber Security standards and best practices Energy Industrial Automation IT NIST 800-53 Design Details IEEE P 1686 IEC 62351 Technical Aspects Details of Relevance Operations CPNI for Manufacturers NERC CIP ISO 27K ISA 99* Operator Completeness Manufacturer Slide 8 * Since the closing of the ESCoRTS project, ISA decided to relabel the ISA 99 standard to ISA 62443 to make the alignment with the IEC 62443 series more explicit and obvious.

Connectivity / and the myth of Air gaps Slide 9

Remote access Remote connection via VPN IT solution, not designed to ICS Access control issues Hard to make compliant NOT RECOMMENDED Remote connection via RAP Designed for ICS Access control schema Cyber security compliant RECOMMENDED Slide 10

Control System Architecture - what to protect Slide 11

Things to check System Procedures and Protocol Group Security Policies Computer Settings Organization Personnel Access Control Administration Maintenance Compliance Physical Security Passwords user Accounts Security Audit Recovery Console Interactive Logon System and Devices Network Access Network Security System Cryptography Policy Enforcement Operating System Services Firewall Shares MS Security Updates Antivirus Open Ports Startup Items Installed Applications Slide 12

One way to protect the DCS on the factory floor Switches on the cabinet doors Door opens -> alarm goes off Alarm goes off -> control room will investigate Slide 13

Cyber Security Fingerprint - where to start Nothing can make a control system completely secure. Provides a comprehensive view of your site s cyber security status Identifies strengths and weaknesses for defending against an attack within your plant s control systems Reduces potential for system and plant disruptions Increases plant and community protection Supplies a solid foundation from which to build a sustainable cyber security strategy Slide 14

Time flies 2001 April 8 th 2014 Slide 15

800xA Whitelisting SE46 Whitelisting SE46: Only SW with valid Application Ce800xA certificate (AppCert) allowed to run. The alternative approach is blacklisting, e.g. antivirus. SE46 runs on existing 800xA nodes: No extra HW needed Integration with Industrial Defender: SE46 log events collected for centralized analysis. SE46 Studio DC SE46 Agent AS SE46 DP SE46 Agent CS SE46 Agent Client SE46 Agent Slide 16

Modern vs Legacy Systems + Modern System Supports modern cyber security measures Familiar interface COTS Legacy System Sometimes proprietary hardware, software and communication - = Affected by modern threats Networked systems COTS Apply best practices DMZ Antivirus Security Patching etc. Unsupported = no patches Modern defenses not supported Upgrade Strengthen other measures Physical security Procedures & Protocol etc. Slide 17

Cyber Security Implementation Strategy - Challenges Identify and balance the following: Management needs Security needs Safety needs Regulatory needs Site ability to deliver Slide 18

Cyber Security Corporate vs Site Corporate Corporate would like to use same approach as already deployed on desktop environment via IT Why re-invent the wheel or buy $$$ new products? Strategy for corporation align approach with IT security, but maintain separation. Insure IT solutions will work with A&PC needs. SIEM / IDS / Anti-virus / patching / incident reporting Multiple vendors different issues / different solutions Siemens / Honeywell ABB / Emerson / Yokogawa / Invensys Site Site process control practitioners do not want association with IT Ownership of equipment (turf wars) If it breaks, I need to fix it. IT support is 8x5, I need 24x7 Trust issues Initial programs (on learning curve) left bad memories IT security v. process control freedoms I want to do IT my way Time constraints I have my 40 hour job to do plus 2 other corporate initiatives Slide 19

Cyber Security Closing the Gap Top Down Design / Bottom Up Implementation Corporate Direction Standards How do we address the Gap? Site Slide 20

Cyber Security Choosing Leaders Choose a Corporate leader Access to corporate leadership Expresses ideas clearly Knows process control network Knows process control working parameters Knows Cyber Security or can learn Choose a Site leader Ability to manage multiple tasks Access to site leadership Knows Process Control Systems Slide 21

Cyber Security Closing the Gap Choosing Leadership Corporate Direction Standards Corporate Leader Site Leader Site Slide 22

Cyber Security Site Activity Project No corporate project authorized Utilized site resources via influence SWAT team approach at first site Visited site Outlined Gaps Developed plan with site and IT Used MS Project to track Provided services as needed Worked next 4 months w/ site to close gaps Slide 23

Cyber Security Site Activity Sustain Plan Act Do Check Not one and done Need to sustain this activity Follow standards Stay current and connected to corporate cyber security Slide 24

Cyber Security Closing the Gap Site Activity Corporate Direction Standards Corporate Leader Site Project Site Support & Site Leader Site Support Site & Site Support Leader & Site Leader Implementation Site Slide 25

Cyber Security Completing the picture Leveraging solutions to others shared common solutions Tap corporate SMEs (Subject Matter Experts) Corporate Windows patching service IDS Network and Host Anti-virus delivery SIEM (Security Incidents and Events Monitor) Whitelisting Corporate delivered GPO policy updates (currently manual process) Slide 26

Cyber Security Completing the picture Communicate communicate, communicate quarterly meeting, monthly steering team with immediate management, periodic meetings with Regional Leadership Team, periodic meetings with plant managers Be available work with vendors assist site in performing work continuous dialog follow-up with sites Slide 27

Cyber Security Sustain Corporate Activity Plan Act Do Check Refresh Standards Align with global regulations Monitor industry trends Monitor Cyber Activity Monitor US-CERT* Incident response Stay current and connected to sites Slide 28

Cyber Security Closing the Gap Leveraged Solutions Corporate Direction Standards Corporate Leader Leveraged Solutions Site Project Site Support & Site Leader Site Support & Site Leader Site Slide 29

Final thoughts The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts. Eugene H. Spafford Slide 30

Contact information If you have further questions, please contact us at: PRESENTER Patrik Boo COMPANY ABB CONTACT PHONE (804) 931-4596 CONTACT E-MAIL patrik.boo@us.abb.com Slide 31

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information