Cyber Security for Utilities - PowerPoint PPT Presentation

romney
cyber security for utilities n.
Skip this Video
Loading SlideShow in 5 Seconds..
Cyber Security for Utilities PowerPoint Presentation
Download Presentation
Cyber Security for Utilities

play fullscreen
1 / 25
Download Presentation
171 Views
Download Presentation

Cyber Security for Utilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Cyber Security for Utilities Authentication and Encryption for SCADA Communications Channels and Maintenance Ports

  2. Agenda • Mykotronx introduction • Cyber security for utilities • Mykotronx security solutions • Working together

  3. Who We Are • NASDAQ (RNBO) since 1987, $128M revenue in 2002 • Top 10 Global Security Provider: • 75% for high assurance T1 & satellite link encryption • 66% in secure Web acceleration (IDC) • 55% market share in software security • 55% in USB token segment (IDC) • 480 employees in U.S., U.K., France, Netherlands, China, Taiwan, Singapore, Australia, India, Japan, Mexico and Brazil (24/7 worldwide technical support in Los Angeles, London, and Singapore) • The two organizations within Rainbow Technologies, Inc. are:

  4. Solutions Overview

  5. 9001 “Best SSL Accelerator” Awards and Recognition • More NSA certified security products than any other company • Product awards • Secure Computing: “Pick of 2001” award for iKey • Communications News Editors Choice • VBPJ Readers Choice Award: Best Security Solution • Network Computing 2001 Editors Choice Award • Network Computing 2001 Well-Connected Award • Network World 2000 Blue Ribbon Award for CS600 • AeA 2001 High-Tech Award for CS HSM • AeA 2000 High-Tech Award CS600 • Organizational Quality and Experience • ISO 9001 certified • FIPS, Common Criteria, NIAP, CCEP evaluated and endorsed

  6. Example of Our Product(s) in Action • Fortezza Plus • Key Management • Encryption • Rated to Top Secret

  7. Cyber security for utilities

  8. We presume you…. • Understand the threat • CIAO findings – July 1997 • AGA/GTI specifications – 1998, completion: 2003 • Sandia National Labs – red team assessment – July 2002 • DIA Threat Assessments – August 2002 (ongoing) • Are following national policies formulation activity • Cyberspace strategy – February 2003 • Physical strategy – February 2003 • Government & Industry recommended practices – ongoing • Will participate in Department of Homeland Security initiatives • Incident reporting • Support to first responders • You have a cyber-security policy for your operations • If not we will provide a template

  9. The issue today is “How to” • Ensure proper “access control” to your resources • Protect against weak access control • Protect against insider threats • Protect against nation state threats • Eliminate “clear text” from the communications wire • Protect against eavesdropping • Protect against replay, spoofing, etc. • Provide an “effective” secure solution • Protect high-value assets • Non-intrusive • Acceptable performance (latency) • Affordable, acceptable total cost of ownership (TCO) • Ensure a “migration path” to future systems • “Comply” with government and association standards

  10. Maintenance Access Configurations Clustered Independent

  11. Mykotronx’ SAM – your first step Secure Authentication Module • Bump-in-the-wire design • Transparent security for existing maintenance dial-up lines • No change to existing hardware • No change to existing communications infrastructure • No change to modem phone numbers or phone lines • Will require a new dialup program at the client computer • Two-factor authentication token for operators • Digitally Signed Challenge/Response • SAM provides strong access control and audit trail

  12. Secure Authentication Module • Security standards • FIPS 140-2 Level 2 • Public Key Authentication • Two-factor tokens • Signed access audit trail • Communication ports • 2 RJ11 phone ports • Phone line • Field device’s modem • Internal modem to accept and authenticate originating call • Internal relay and Ring Generator to wake-up field device’s modem • Power • Derived from the phone line • Environmental • IEEE 1613 (planned)

  13. Two-factor authentication • iKey USB Authentication Tokens • Personal, portable, secure • Digital Signatures & Shared Secret • No reader required • Two-factor authentication • Something you have – the iKey • Something you know – the PIN • Access control examples • Local: SEAM, SAM, workstations • Remote: browser, dialup

  14. Maintenance Access Configurations Clustered Independent

  15. AGA 12-1 SCADA Configurations Point to point Cascaded Multi-drop or Multi-point

  16. Mykotronx’ SEAM – next step Secure Encryption and Authentication Module • Bump-in-the-wire design • Transparent security for existing SCADA systems • No change to existing SCADA hardware • No change to existing communications infrastructure • No change to existing SCADA protocols • Supports bit and byte oriented protocols • Two modes: link encryptor and protocol-aware • “Modem command” pass-through • SEAM provides strong authentication, audit trail, and encryption

  17. SEAM Substation Device • Security standards • FIPS 140-2 Level 2 • AES Encryption • Public Key Authentication • Two-factor tokens • Signed audit trail • Communication ports • 2 Serial ports • SCADA Field device • Communications channel • 2 USB ports • Local management • User authentication token • 2 Ethernet ports (version 2) • Distributed management • Field communications • Power • External +5 to 48VDC • Environmental • IEEE 1613 (planned)

  18. SEAM Control Center Device • Rack mount chassis • 19” chassis, 6U front panel • Security standards • FIPS 140-2 Level 2 • AES Encryption • Public Key Authentication • Two-factor tokens • Signed audit trail • Communication ports • Up to 16 blades • 2 Serial ports per blade • SCADA Master/FEP • Communications channel • Hot-swappable blades • 2 USB ports • Local management • User authentication token • Ethernet ports • Administration • Future communications (2)

  19. AGA 12-1 SCADA Configurations Point to point Cascaded Multi-drop or Multi-point

  20. SEAM, SAM & iKey Management • Life cycle management • CKTO Management Unit • Centralized Configuration, Key, Token & Operator Management • Automated in-band, on-the-fly refresh • Browser-based operator interface • Signed audit trails • Security • FIPS 140-2 Level 3 certification • Public Key Cryptography for operator authentication • AES for confidentiality • Two factor authentication tokens required for operators • Future functionality • Upgradeable firmware/software • Intrusion Detection System

  21. Management Configuration SEAM SEAM CKTO Management SAM

  22. Wrap-up

  23. Why is Mykotronx here? • Our mission is protecting information • Extensive relationships with government agencies - intelligence, defense and civilian • Introduced to the utility need by government agencies • Active members of multiple utility standards organizations • Extensive commercial customers, including utilities • Our expertise is appropriate for the need • High-assurance & high-performance cryptography • User authentication • Confidentiality • Communications – Dialup, T1, Satellite, Internet, Voice, Video • Experienced in Vulnerability, Threat & Risk Assessments, Security Policy, Business Continuity and Disaster Recovery planning

  24. The security solutions • Strong cryptography for SCADA and maintenance communications • Public Key Cryptography-based • Robust trust relationships methodology for SEAM/SAM and operators • Two-factor authentication tokens for operators • AES-based, AGA 12-1 • Life cycle management • Device configuration, keys, two-factor tokens • In-band real-time SEAM/SAM management • Browser-based operator and token management • Intrusion Detection System (future) • Protect your investment • Migration path from legacy channels to Ethernet-based channels

  25. Points of Contact Mykotronx, Inc. 357 Van Ness Way, Suite 200 Torrance, CA 90501 Phone: (310) 533-8100 Fax: (310) 533-0527 STU III: (310) 533-0738 [Secret] (310) 787-2799 [Top Secret] Home page: http://www.mykotronx.com Brad Beutlich Paul Blomgren, CISSP Director, Commercial System’s Security Architect Business Development Business Development Phone (310) 533-8100 x6285 Phone: (310) 533-8100 x6254 E-mail: bbeutlich@mykotronx.com E-mail: pblomgren@mykotronx.com