Securing Your Terminal

Transcription

1 learn share network grow Securing Your Terminal Brian Sherman, Micki Verhagen, Frank Beesley, Chris Olnhausen, August 6-9, 2017 Omaha, NE

2 Non-competitive discussion This presentation is to be a general discussion of security for process control networks There will be discussion about terminal operations please stop discussions that might be viewed as anti-competitive This is intended to be educational with free exchange of ideas to properly secure our terminal operations from unauthorized access Confidential Property of DTN Page 2

3 Agenda 1 Cyber threats 2 Securing the terminal 3 Technology at the terminal 4 Questions and Announcements Confidential Property of DTN Page 3

4 Cyber threats Confidential Property of DTN Page 4

5 In the news Confidential Property of DTN Page 5

6 Threats Two types of hackers have been driving increasingly coordinated and dangerous cyber attacks: nation-sponsored groups and organized cybercriminals. The former execute attacks on behalf of geo-political objectives, and the latter simply chase financial gain. Fortune March 2016 Confidential Property of DTN Page 6

7 Threats Take Down 2015 Ukrainian Power Plant Physical Damage 2008 Turkish Oil Pipeline Explosion 2014 German Steel Factory Sabotage Stuxnet Confidential Property of DTN Page 7

8 Ransomware 2017 Attacks on companies 3x in 2016 Ransomware variants grew by 30x in 2016 Every 40 seconds a COMPANY gets hit with Ransomware Doxing makes wiping and recovering from a backup no longer viable Confidential Property of DTN Page 8

9 What should I do? Confidential Property of DTN Page 9

10 Other internal threats USB Malware Wired Networks Operators/Drivers/Cleaning Crew/Visitors Wireless Networks Confidential Property of DTN Page 10

11 Securing the terminal Confidential Property of DTN Page 11

12 Definition Common Terms Process Control Network (PCN) is a communications network that is used to transmit instructions and data between control and measurement units and SCADA equipment Industrial Control System (ICS) is a general term that encompasses several types of control systems used in industrial production, including SCADA systems, distributed control systems (DCS), and other smaller control system configurations such as PLC Demilitarized Zone (DMZ) a physical or logical subnetwork that contains and exposes an organization s external-facing services to an untrusted network Principle of Least Privilege requires that every module must be able to access only the information and resources that are necessary for its legitimate purpose Confidential Property of DTN Page 12

13 Executive Order Executive Order 13636: Improving Critical Infrastructure Cybersecurity directs the Executive Branch to: Develop a technology-neutral voluntary cybersecurity framework Promote and incentivize the adoption of cybersecurity practices Increase the volume, timeliness and quality of cyber threat information sharing Incorporate strong privacy and civil liberties protections into every initiative to secure our critical infrastructure Explore the use of existing regulation to promote cyber security Confidential Property of DTN Page 13

14 Executive Order Identify Identify the equipment that should be on the network (audit) Protect Protect the equipment that is on the network (patching, passwords) Detect Detect unauthorized access (monitoring, firewalls, logging) Respond Respond to unauthorized access (shutdown networks, machines) Recover Recover from unauthorized access (restore from backups) Confidential Property of DTN Page 14

15 Technology at the terminal Confidential Property of DTN Page 15

16 Technology migration Which ones are you using: Serial (RS232/422/485) WiHART (Wireless HART) Ethernet WiFi (Wireless Ethernet 900 MHz, 2.4 GHz, 5.8 GHz) - Bridge - Access Point - Mesh Technology Confidential Property of DTN Page 16

17 Technology migration To the following devices: Tank Gauging Valve Control Pump Control Facility Entry PLC Comms Metering Devices (Accuload/Omni) Confidential Property of DTN Page 17

18 Technology migration Ethernet networks Benefits: Current Technology Debugging Remote Support Ease of adding new devices Higher speeds/more bandwidth Confidential Property of DTN Page 18

19 Corporate IT Confidential Property of DTN Page 19

20 Corporate IT Confidential Property of DTN Page 20

21 DTN in DMZ Confidential Property of DTN Page 21

22 What is needed Implement executables to be ran as services so that one continuous console login is not required Utilize newer technologies such as SCP, SFTP, HTTPS Recommended or tested patch lists Design the different DTN Guardian3 elements (Exchange, Remote Exchange, Server, Scheduler) to be configurable to run at multiple layers of DMZ Confidential Property of DTN Page 22

23 Questions?. Confidential Property of DTN Page 23

24 Announcements Please complete the survey Through the app or a paper copy in your welcome packet. Check out the MarketPlace reception Runs from 3:45PM until 5PM in front of Ballroom C/D/E. Join us for dinner at the Durham Western Heritage Museum Buses start leaving at 6PM at the main entrance. The cocktail reception starts at 6:30PM, Dinner at 8PM, and return back to the hotel around 9:30PM. Tomorrow morning Times to remember Breakfast (Blackstone Ballroom): 8-9AM First Session (Ballroom C/D/E): 9AM Confidential Property of DTN Page 24

25 . Thank you Brian Sherman Product Manager Micki Verhagen Senior Operations Manger Frank Beesley Flint Hills Resources Chris Olnhausen Software/Architect Manager Confidential Property of DTN Page 25

26