NIST Cybersecurity Testbed for Transportation Systems. CheeYee Tang Electronics Engineer National Institute of Standards and Technology

Transcription

1 NIST Cybersecurity Testbed for Transportation Systems CheeYee Tang Electronics Engineer National Institute of Standards and Technology

2 National Institute of Standards and Technology (NIST) About NIST NIST s mission is to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life. Federal, non-regulatory agency formed in 1901 Agency of U.S. Department of Commerce 3000 employees 2700 guest researchers Two main locations: Gaithersburg, MD, and Boulder, CO $840 million annual budget NIST Laboratories National measurement standards Manufacturing Extension Partnership Centers nationwide to help small and medium sized manufacturers NIST Priority Research Areas Advanced Manufacturing IT and Cybersecurity Healthcare Forensic Science Disaster Resilience Cyber-physical Systems Advanced Communications 2

3 The Cybersecurity Framework Developed in response to February 2013 Presidential Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity(link is external) NIST s Framework role is reinforced by the Cybersecurity Enhancement Act of 2014 (P.L ), which calls on NIST to facilitate and support the development of voluntary, industry-led cybersecurity standards and best practices for critical infrastructure. NIST was directed to work with industry leaders to develop the Framework which initially took place in a year-long, collaborative process with industry, academia, and government stakeholders and continues today. 3

4 Cybersecurity Framework Components Aligns industry standards and best practices to the Framework Core in a particular implementation scenario Cybersecurity activities and informative references, organized around particular outcomes Supports prioritization and measurement while factoring in business needs Framework Profile Framework Core Enables communication of cyber risk across an organization Framework Implementation Tiers Describes how cybersecurity risk is managed by an organization and degree the risk management practices exhibit key characteristics 4

5 What processes and assets need protection? What safeguards are available? What techniques can identify incidents? What techniques can contain impacts of incidents? What techniques can restore capabilities? Cybersecurity Framework Core Function Category ID Identify Protect Detect Respond Recover Asset Management ID.AM Business Environment ID.BE Governance ID.GV Risk Assessment ID.RA Risk Management Strategy ID.RM Access Control PR.AC Awareness and Training PR.AT Data Security PR.DS Information Protection Processes & Procedures PR.IP Maintenance PR.MA Protective Technology PR.PT Anomalies and Events DE.AE Security Continuous Monitoring DE.CM Detection Processes DE.DP Response Planning RS.RP Communications RS.CO Analysis RS.AN Mitigation RS.MI Improvements RS.IM Recovery Planning RC.RP Improvements RC.IM Communications RC.CO 5

6 Draft Cybersecurity Framework Manufacturing Profile 6

7 NIST Cybersecurity for Smart Manufacturing Systems Testbed Goal of the testbed is to measure ICS network and operational performance impacts when instrumented with cybersecurity protections in accordance with practices prescribed by national and international standards and guidelines such as Cybersecurity Framework Manufacturing Profile, NIST SP and ISA/IEC Research areas include Perimeter network security Host-based security User and device authentication Packet integrity and authentication Encryption Anomaly detection Malware detection and mitigation Application whitelisting Zone-based security Field bus (non-routable) protocol security Robust/ fault tolerant systems 7

8 Testbed Scenarios Continuous Processes Chemical Processing Discrete Processes Collaborative Robotics Additive Manufacturing Distributed Operations Smart Grid Smart Transportation 8

9 System Network Diagram 9

10 C2WT Architecture Experimental Architecture C2WT HLA Bus Operator Communication Network OMNeT++ Control Commands (click (x,y) coordinated of signal or switch, etc.) Train Director Control Response (alert messages arrived on time, running late, etc.) Message Message + HMAC Message Communication Delay Sender Create HMAC Verify HMAC Receiver Computation Delay Computation Delay 10

11 Train Director Experiment video 11

12 C2WT Distributed Model Hardware in the loop C2WT-1 HLA Bus Firewall Encryption/Decryption Data Diode C2WT-2 HLA Bus Operator Communication Network OMNeT++ Control Commands (click (x,y) coordinated of signal or switch, etc.) Cybersecurity Measures hardware in the loop Communication Network OMNeT++ Control Commands (click (x,y) coordinated of signal or switch, etc.) Train Director Control Response (alert messages arrived on time, running late, etc.) Control Response (alert messages arrived on time, running late, etc.) 12

13 Example: Performance Measurement of an ICS firewall The baseline average round-trip time was 0.8ms. With an ICS firewall, the average round-trip time was 0.95ms, a 0.15ms increase. 13

14 Scenario: Railway Communications 14

15 Scenario: ICS Rail Crossing Source: 15

16 Hardware in the loop Setup 16

17 NIST Cybersecurity for Smart Manufacturing Systems Testbed Collaborative Robotics Enclave Process Control Enclave Measurement Enclave 17

18 Thank You! CheeYee Tang ICS Cybersecurity National Institute of Standards and Technology Engineering Laboratory 100 Bureau Drive Gaithersburg, MD