1 / 28

Security IT & Control System Security: where are we?

Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems Enzo M. Tieghi – etieghi@visionautomation.it. Security IT & Control System Security: where are we?. Some cases about industrial -infrastructure Cyber incidents:.

edolie
Download Presentation

Security IT & Control System Security: where are we?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Integrating Electronic Security into theControl Systems Environment:differencesIT vs. Control SystemsEnzo M. Tieghi – etieghi@visionautomation.it

  2. Security IT & Control System Security: where are we?

  3. Some cases about industrial -infrastructure Cyber incidents: • In January, 2003, the SQL Slammer Worm penetrated a computer network at Ohio’s Davis-Besse nuclear power plant and disabled a safety monitoring system for nearly five hours; SQL Slammer Worm downed one utility’s critical SCADA network in US; another utility lost its Frame Relay Network used for communications; some petrochemical plants lost Human Machine Interfaces (HMIs) and data historians; a 911 call center was taken offline; Airline flights were delayed and cancelled • in 2001, a series of cyber attacks were conducted on a computerized waste water treatment system by a disgruntled contractor in Queensland, Australia. One of these attacks caused the diversion of millions of gallons of raw sewage into a local river and park. There were 46 intrusions before the perpetrator was arrested.

  4. Some cases about industrial -infrastructure Cyber incidents: • In September, 2001, a teenager allegedly hacked into a computer server at the Port of Houston: the port’s web service, which contained crucial data for shipping pilots, mooring companies and support firms responsible for helping ships navigate in and out of the harbor, was left inaccessible • 1997: Shutdown at traffic air control system tower at Worchester Regional Airport (MA) USA • Italy 2004: Sasser halts 40 PCs in production plant of leading pharmaceutical company (batches to rework, week-end spent to restart plants, reinstall and revalidate systems etc.) • Water distribution SCADA system in California attacked and down (2005) • … • No official statistical source: database with 20-30 tracked incidents in 2002-2004 in California (USA) • Database at BCIT (CA) in construction

  5. Phisical Security (Perimeter): Guard on duty, gates, ports, etc. Human factor Security (Organization): Security policy Security procedures Awareness and training Cyber-Security (Technology): Antivirus Acces control, authentication, … Firewalls, … The 3 security faces

  6. Browser Malware Email Viruses IM Downloads VPN Penetration Internet Unauthorized Access Firewall Penetration EMS/ Indirect System Penetration Contractor Hacking/Malware Vulnerability Exploit POTS Remote Access Flat Networks Resource Constraints Protocol Vulnerabilities Vendor Diagnostics Disgruntled Employee Network Vulnerability: examples Firewall Browser Clients SAP Mail Server Corporate Network MES Desktops Plant Network Web Server Historian Wireless AP Remote Access Server Mobile Operator Ethernet Control System Application Server HMI Process Control Network (Proprietary or Ethernet) Controller or PLC

  7. eSecurity in control systems: industrial and infrastructureconsideration about security (not only “Safety”) 11 items why Security in control systems (DCS, PLC, SCADA/HMI, plant networks, etc. ) is different from IT Security

  8. Manufacturing and Control Traditional IT Systems Systems Availability Confidentiality Integrity Integrity Confidentiality Availability Priority BS7799 vs. ISA-99.00.01Comparison of Objectives

  9. ISA S99 ANSI/ISA-95 Functional Hierarchy

  10. Art. 6.5 Special Considerations for Manufacturing and Control Systems Manufacturing and Control System electronic security plans and programs are consistentwith, and build on, existing IT security experience, programs, and practices. However, there are critical operational differences between IT and Manufacturing and Control Systems that influence how specific measures should be applied. (……). ANSI/ISA—TR99.00.02—2004

  11. Differing risk management goals Rirsk Definition: Human safety and fault tolerance to prevent loss of life or endangerment of public health or confidence, loss of equipment, loss of intellectual property, or lost or damaged product. Why eSec is different - 1

  12. Differing architecture security focus In a typical IT system, the primary focus of security is protecting the information stored on the central server. In manufacturing systems, the situation is reversed. Edge clients (e.g., PLC, operator station, or DCS controller) are typically more important than the central server. Why eSec is different - 2 Perché la Sicurezza è diversa? /2

  13. Differing availability requirements Many manufacturing processes are continuous in nature. Unexpected outages of systems that control manufacturing processes are not acceptable. Exhaustive pre-deployment testing is essential to ensure high availability for the Manufacturing and Control System. In addition to unexpected outages, many control systems cannot be easily stopped and started without affecting production. In some cases, the products produced or equipment being used is more important than the information being relayed. The requirement for high availability, reliability, and maintainability reduces the effectiveness of IT strategies like rebooting. Why eSec is different - 3 Perché la Sicurezza è diversa?/3

  14. Unintended consequences Manufacturing and Control Systems can be very complex in the way that they interact with physical processes. All security functions integrated into the process control system must be tested to prove that they do not introduce unacceptable vulnerabilities. Adding any physical or logical component to the system may reduce reliability of the control system, but the resulting reliability should be kept to acceptable levels. Why eSec is different -4 Perché la Sicurezza è diversa?/4

  15. Time critical responses For some systems, automated response time or system response to human interaction is critical. For example, emergency actions on regulatory process control systems should not be hampered by requiring password authentication and authorization. Information flow must not be interrupted or compromised. Why eSec is different- 5 Perché la Sicurezza è diversa?/5

  16. Differing response time requirements Manufacturing and Control Systems are generally time critical Delay is not acceptable for the delivery of information, and high throughput is typically not essential. Why eSec is different -6 Perché la Sicurezza è diversa?/6

  17. System software Differing and “custom” operating systems and applications may not tolerate typical IT practices. Networks are often more complex and require a different level of expertise (e.g., control networks are typically managed by control engineers, not IT personnel). Software and hardware applications are more difficult to upgrade in a control system network. Many systems may not have desired features including encryption capabilities, error logging, and password protection. Why eSec is different -7 Perché la Sicurezza è diversa?/7

  18. Resource constraints Control systems and their real time operating systems are resource constrained systems that do not include typical IT security technologies. There may not be available computing resources to retrofit these security technologies. Why eSec is different -8 Perché la Sicurezza è diversa?/8

  19. Information integrity In-bound information is highly essential to the control system operation. It is important to take practical precautions to eliminate malicious in-bound information in an effort to maintain control operation. Why eSec is different -9 Perché la Sicurezza è diversa?/9

  20. Communications Communication protocols and media used by control systems environments are typically different from the generic IT environment, and may be proprietary. Examples include radio telemetry using asynchronous serial protocols and proprietary communication networks. Why eSec is different -10 Perché la Sicurezza è diversa?/10

  21. Software Updates Security patches cannot always be implemented on a timely basis because software changes need to be thoroughly tested by the vendor of the manufacturing control application and the end user of the application before being implemented Change management control is necessary to maintain integrity of the control systems. Why eSec is different - 11 Perché la Sicurezza è diversa?/11

  22. These differences require careful assessment by Manufacturing and Control System experts working in conjunction with security and IT personnel. This team of people should carefully evaluate the applicability of IT and specific Manufacturing and Control Systems electronic security features, including thorough testing before application, where necessary. Why eSec is different: final Perché la Sicurezza è diversa?

  23. Network Segregation “Rings of Defense” for Corporate and SCADA Networks – www.dyonyx.com

  24. Industrial Security Assessment Industrial Security Vulnerability Tests Industrial Security Policy Industrial Incident Response Plans Business Continuity & Disaster Recovery Plans Industrial Protection (Industrial IDS/IPS) Monitoring and Managed Services for Industry Audit What to do: ad hoc methodology and tools

  25. Everywhere… Industrial but also Infrastructure Production and Distribution: Water, Oil & Gas, Power, etc. Traffic control: Railways, Highways, Tunnels, Air, etc. Buildings: Airports, Hospitals, Schools, Governament, Research Centers, Universities, Municipalities, etc. TLCs Where Control Systems are?

  26. “21 Steps to improve Cyber Security of SCADA Networks”(USA White House) “Common vulnerabilities in critical infrastructure control systems”(U.S. Dept. Of Energy’s National Nuclear Security Administration) Securing Process Control Systems - IT Security (European Commission) What’s moving…

  27. Industrial security and international standards • BS7799-ISO27000 Information security management systems – Specification with guidance for use • ISO/IEC 17799:2005 Information Technology – Code of practice for information security management • ANSI/ISA SP99 TR1 Security for Manufacturing and Control Systems • ANSI/ISA SP99 TR2 Integrating Electronic Security into Manufacturing and Control Systems Environment • ISO/IEC 15408 Common Criteria • NIST System Protection Profile for Industrial Control Systems (SPP-ICS) • CIDX Chemical Industry Data Exchange - Cibersecurity Vulnerability Assessment Methodology (VAM) Guidance • ISPE/GAMP4 – Good Automated Manufacturing Practices – App. O Guideline for Automated System Security • NERC standards • AGA standards

  28. …need more information?www.visionautomation.itEnzo M. Tieghi - etieghi@visionautomation.it

More Related