An International Perspective on Security and Compliance



Similar documents
Safe Network Integration

New Technologies for Substation Cyber Hardening

An Analysis of the Capabilities Of Cybersecurity Defense

UNIDIRECTIONAL SECURITY GATEWAYS. Utilizing Unidirectional Security Gateways to Achieve Cyber Security for Industrial Environments

13 Ways Through A Firewall What you don t know will hurt you

Waterfall for NERC-CIP Compliance

Strong Security in NERC CIP Version 5: Unidirectional Security Gateways

SCADA Security Training

Stronger than Firewalls And Cheaper Too

Cyber Security Summit Milano, IT

13 Ways Through A Firewall

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

Cyber Security focus in ABB: a Key issue. 03 Luglio 2014, Roma 1 Conferenza Nazionale Cyber Security Marco Biancardi, ABB SpA, Power System Division

Keeping the Lights On

How To Protect Your Network From Attack From A Hacker (For A Fee)

Cybersecurity Guidance for Industrial Automation in Oil and Gas Applications

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

Stronger Than Firewalls: Unidirectional Security Gateways

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity

WORKSHOP Rethinking Cyber Security for Industrial Control Systems

Applying NERC-CIP CAN-0024 Guidance for Data Diodes To Unidirectional Security Gateways

Frost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends

Resilient and Secure Solutions for the Water/Wastewater Industry

Enabling a Smarter and Safer Nuclear Industry with a Secure, Real-time Data Infrastructure

Experience with Unidirectional Security Gateways Protecting Industrial Control Systems

Cybersecurity in a Mobile IP World

Dr. Markus Braendle, Head of Cyber Security, ABB Group 10 Steps on the Road to a Successful Cyber Security Program Asia Pacific ICS Security SUMMIT

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

Roadmaps to Securing Industrial Control Systems

SCADA Security: Challenges and Solutions

Meeting the Cybersecurity Standards of ANSI/ISA with Data Diodes

Options for Cyber Security. Reactors. April 9, 2015

Remote Access Considered Dangerous. Andrew Ginter, VP Industrial Security Waterfall Security Solutions

A Regulatory Approach to Cyber Security

Communication Security Measures for SCADA Systems

The Importance of Cybersecurity Monitoring for Utilities

AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

Cyber Security nei prodotti di automazione

Help for the Developers of Control System Cyber Security Standards

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

What Risk Managers need to know about ICS Cyber Security

Building Insecurity Lisa Kaiser

Trends in Security Incidents and Hitachi s Activities

Cyber Security Presentation. Ontario Energy Board Smart Grid Advisory Committee. Doug Westlund CEO, N-Dimension Solutions Inc.

Smart Grid Cybersecurity

SANS SCADA and Process Control Security Survey

State of the State of Control System Cyber Security

AURORA Vulnerability Background

Executive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.

Cyber Security and Privacy - Program 183

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Regulatory Compliance Management for Energy and Utilities

New Era in Cyber Security. Technology Development

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

FUNDAMENTALS OF CYBER SECURITY FOR NUCLEAR PLANTS

Energy Cybersecurity Regulatory Brief

Cyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

Cyber Security Controls Assessment : A Critical Discipline of Systems Engineering

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Cyber Security Design Methodology for Nuclear Power Control & Protection Systems. By Majed Al Breiki Senior Instrumentation & Control Manager (ENEC)

Feature. SCADA Cybersecurity Framework

NERC CIP-007 v. 5 Patch Management: Factors for Success

N-Dimension Solutions Cyber Security for Utilities

GE Measurement & Control. Cyber Security for Industrial Controls

Announcement of a new IAEA Co-ordinated Research Programme (CRP)

A Concise Model to Evaluate Security of SCADA Systems based on Security Standards

Liability Management Evolving Cyber and Physical Security Standards and the SAFETY Act

Supporting our customers with NERC CIP compliance. James McQuiggan, CISSP

ISACA rudens konference

GOOD PRACTICE GUIDE PROCESS CONTROL AND SCADA SECURITY

October 29, Washington, DC. Copyr i g h t O S Is o f t, LLC. 1

Cybersecurity Leadership

The Changing Threat Surface in. Embedded Computing. Riley Repko. Vice President, Global Cyber Security Strategy

Process Control System Cyber Security Standards an Overview

IAEA 2015 INTERNATIONAL CONFERENCE ON COMPUTER SECURITY IN A NUCLEAR WORLD

CIP Supply Chain Risk Management (RM ) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016

IT Security & Compliance Risk Assessment Capabilities

April 8, Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

Transcription:

UNIDIRECTIONAL SECURITY GATEWAYS An International Perspective on Security and Compliance ICSJWG Fall Conference 2014 Lior Frenkel, CEO and Co-Founder Waterfall Security Solutions Andrew Ginter, VP Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 2014

Nuclear Industry 2008-9 Unidirectional Gateways deployed at first nuclear generator Word spread quickly within American market - by 2010 hardwareenforced communications were effectively required by NEI 08-09 and NRC 5.71 By the end of 2012, all American reactors had deployed unidirectional communications, the majority Waterfall s World-wide gateways deployed in nuclear generators in another dozen countries Nuclear generation embraced hardware-enforced unidirectional communications NRC Regulatory Guide 5.71 Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 2

North America NERC CIP CIP standards are widely studied and emulated, even outside NA and outside the power sector CIP V1 in 2007 made no mention of Unidirectional Gateway tech firewalls were seen as adequate CIP V5 in 2013 encourages unidirectional communications exemptions from 37 of 103 requirements FERC must carry out cost/benefit analysis, and is not permitted to require unduly expensive reliability or security measures Not permitted to require solving a problem until a solution exists How are conventional cyber risks different from nuclear risks? Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 3

Israel Small state, surrounded by unfriendly neighbours Actively sought solutions security for critical infrastructures in 2004 Academia Private Sector Nurtured Waterfall as a stronger alternative to firewalls By 2007 Waterfall is used by effectively all industrial critical infrastructures in the country Israel demanded technology that did not exist And then nurtured and embraced that technology Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 4

Singapore and South Korea Small states, surrounded by unfriendly neighbours, like Israel Singapore: Often takes inspiration from Israeli solutions and technologies Unidirectional Security Gateways now deployed at multiple industrial sites Korea: Regulations are evolving, especially in the nuclear sector How are Singaporean and S. Korean cyber-risks different from anyone else s? Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 5

IEC/ISA SP-99-3-3 Feedback Waterfall submitted comments to ISA SP99 working group developing System Security Requirements and Security Levels Waterfall asked that the standard recommend unidirectional gateway to protect most secure safety-instrumented networks Response: This standard does not mandate specific solutions which are state-of-the-art at the time of publication, per IEC guidelines. This in spite of wide-spread adoption in the nuclear industry, and increasingly wide-spread adoption in conventional generation and other sectors Should the IEC/ISA standards document existing practice? Or advance the state of the practice? Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 6

Japan Initial deployments of Unidirectional Gateway technology in Japan In spite of this, Japan deployed Unidirectional Security Gateways on ICS Security test beds Used for research and training Japanese infrastructures are largely privately owned Should governments document existing practice? Or advance the state of the practice? Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 7

Threat Environment All software has bugs, and some bugs are vulnerabilities, so in practice, all software can be hacked Modern targeted, persistent attacks (TPAs) routinely defeat conventional software-based security controls TPA techniques are widely documented, and widely practiced All cyber-threats are pervasive Eg: cloud control systems are strategic targets whose compromise puts hundreds of identically-provisioned ICS sites at risk at once Should we be defending against motives? Or against universally- available capabilities? Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 8

Observations Israeli, Singaporean and increasingly S. Korean and Japanese governments are advancing the state of the practice demanding / developing / demonstrating effective solutions to new cyber threats Nuclear regulators in North America have embraced stronger-thanfirewall security, and nuclear regulators world-wide are moving as well FERC, ISA SP-99 and IEC document solutions industry has developed and deployed already Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 9

Conclusions Threats continue to evolve, and so must defenses Different geographies & cultures perceive risks differently Size of infrastructure Public vs private ownership of infrastructure Private owners may not have the same priorities as do governments Progress strong Unidirectional Gateway technology is increasingly deployed in many geographies and industries Key Question: are cyber threats not universal? Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 10

Waterfall Security Solutions Headquarters in Israel, sales and operations office in the USA Deployed world-wide in all critical infrastructure sectors 2012, 2013 & 2014 Best Practice awards for Industrial Network Security and Oil & Gas Security Practice IT and OT security architects should consider Waterfall for their operations networks Waterfall is key player in the cyber security market 2010, 2011, & 2012 Only unidirectional technology on US Department of Homeland Security s National SCADA Security Test Bed, and Japanese Test Bed Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 11

Waterfall Product Accreditations Only unidirectional technology with cyber security assessment by Idaho National Laboratories Certified Common Criteria EAL4+ (High Attack Potential) Strategic partnership agreements / cooperation with: OSIsoft, GE, Schneider Electric, Westinghouse, and many other industrial vendors Recognized as an industrial cyber-security best-practice by DHS, NERC CIP, NRC, industry analysts & leading industrial cyber-security experts Market leader for unidirectional server replication in industrial environments Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 12

Conclusions Threats continue to evolve, and so must defenses Different geographies & cultures perceive risks differently Size of infrastructure Public vs private ownership of infrastructure Private owners may not have the same priorities as do governments Progress strong Unidirectional Gateway technology is increasingly deployed in many geographies and industries Key Question: are cyber threats not universal? Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information