GIS Applications to Cyber Security and Critical Infrastructure Protection

Transcription

1 GIS Applications to Cyber Security and Critical Infrastructure Protection Brian Biesecker, Esri Paul Geraci, OSIsoft Shane Cherry, Idaho National Labs

2 Threats to Critical Infrastructure are Increasing Subhead Here

3 Devices and Networks exist in Space and Time and integrate together Missions / Operations Information Technology Operations Technology Critical Infrastructure

4 ArcGIS Integration for Critical Infrastructure Protection Subhead Here Executive Dashboards - Status Reports, Trends, Brand Sentiment, Financials Cyber Tools & Data- IDS/IPS, HBSS, Virus Scanning, Patch Monitoring Desktop Web Device Ops Data - Mission Activity, Status Reports, Real-time monitoring Portal Ops Dashboard IT Tools & Databases - IT Inventory, Device Locations, Health and Status Monitoring Sensor Networks - SCADA, ICS Server Online Content and Services Facilities Data - CAD & GIS of Buildings and Campuses, Electric, Water, HVAC, Facilities Monitoring, Physical Security

5 Operations Dashboard for Cyber Security

6 OSIsoft Paul Geraci Senior Director, Intelligence and National Security

7 THE PI SYSTEM: THE CRITICAL INFRASTRUCTURE FOR OUR NATION S CRITICAL INFRASTRUCTURE REAL-TIME COLLECTION, ANALYTICS, AND DISSEMINATION

8 OSIsoft and The PI System Mission Critical Infrastructure Bring Your Maps to Life Questions Copyright 28 OSIsoft, LLC

9 A Unique and Proven Vision For over 37 years OSIsoft has provided: Infrastructure for consolidation and centralization of sensor based data Open infrastructure to support best of breed Public and Private ecosystems Near limitless deployment scalability Connected Digital and Physical assets for Real Time Intelligence for Situational Awareness and Decision Support Copyright 28 OSIsoft, LLC

10

11 Providing Operational Intelligence on a Global Scale Moscow, Russia Calgary, Alberta Mayfield Heights, OH San Leandro, CA Phoenix, AZ Montreal, Quebec Philadelphia, PA Johnson City, TN Savannah, GA Washington, DC London, UK Paris, France Madrid, Spain Frankfurt, Germany Ostrava, Czech Republic Beijing, China Shanghai, China Seoul, South Korea (AID) Tokyo, Japan Mexico City, Mexico Houston & Longview, TX Manama, Bahrain Singapore São Paulo, Brazil Durban, South Africa Perth, Australia Sydney, Australia OSIsoft Headquarters DC Regional Office OSIsoft Offices Copyright 28 OSIsoft, LLC

12 The Global Leader Enabling Operational Intelligence Over, of the world s leading Power & Utilities companies 95% of the Global Fortune Top 4 Oil & Gas companies 4+ Pulp & Paper sites deployed worldwide % of the Global Fortune Top Metals & Mining companies 37 of 5 of the World s Largest Chemical & Petro- Chemical companies 9 / of the Global Fortune Top Pharma companies Copyright 28 OSIsoft, LLC

13 % of the ISOs/RTOs in the United States of America Use the PI System for Real Time Situational Awareness Copyright 28 OSIsoft, LLC

14 The PI System Server - Straight Forward - Uncomplicated - Invaluable Copyright 28 OSIsoft, LLC

15 Silos to Standards / Complexity to Simplicity PLC SCADA Historian Excel PLC2 SCADA 2 DCS DCS 2 Asset Reliability ERP Traditional Strategy Instrument PAT CAPA Planning and Scheduling Instrument PAT 2 CBM Learning Mgmt. Controller EMS LIMS Copyright 28 OSIsoft, LLC

16 Silos to Standards / Complexity to Simplicity PLC SCADA PLC2 SCADA 2 IPC IPC 2 Instrument PAT Collect Enhance Deliver ERP Instrument PAT 2 Asset Reliability Controllers Energy Efficiency LIMS Copyright 28 OSIsoft, LLC

17 A Real-Time Operations Data Infrastructure For Federal Mission-Critical Global Infrastructures Automation/Control Systems New Sensor Technologies Remote and Mobile Assets Enterprise Operations Infrastructure Real-time Monitoring Vendor Applications Analytics 3 rd Party Services +45 connectors Copyright 28 OSIsoft, LLC

18 Deliver Real-time Analytics from the Operator to Headquarters Executive Dashboards Visibility Situational awareness Drill into the Problem Multiple layers of information Data Analysis Ad-hoc trending Model training Take Action, Track & Document Copyright 28 OSIsoft, LLC

19 The PI System as a Central Data Infrastructure Vital reporting on key Data Center business metrics All critical data sources feed into the PI System IT data Electricity data Building Management System data All analysis applications read from one central source: the PI System * Permitted for use by Ebay Corp. Copyright 28 OSIsoft, LLC

20 Our Federal Mission at OSIsoft Empower stakeholders, agencies, and communities to transform their operational data into real-time operational intelligence. Operations Missions Multiple Sensors Multiple Assets Multiple Operations Multiple Missions and Operations Copyright 28 OSIsoft, LLC

21 A Real Time Data Infrastructure: The Agent for Federal Enterprise Transformation Energy Asset Health Energy Process Efficiency Holistic Cyber Security & Asset Safety Health Quality Regulation Regulation PI System Software Infrastructure Copyright 28 OSIsoft, LLC

22 The White House Office of the Press Secretary For Immediate Release February 2, 23 Presidential Policy Directive Critical Infrastructure Security and Resilience PRESIDENTIAL POLICY DIRECTIVE/PPD-2 SUBJECT: Critical Infrastructure Security and Resilience The Presidential Policy Directive (PPD) on Critical Infrastructure Security and Resilience advances a national unity of effort to strengthen and maintain secure, functioning, and resilient critical infrastructure. 22

23 PPD-2 Introduction The Nation's critical infrastructure provides the essential services that underpin American society. Proactive and coordinated efforts are necessary to strengthen and maintain secure, functioning, and resilient critical infrastructure including assets, networks, and systems that are vital to public confidence and the Nation's safety, prosperity, and wellbeing. The Nation's critical infrastructure is diverse and complex. It includes distributed networks, varied organizational structures and operating models (including multinational ownership), interdependent functions and systems in both the physical space and cyberspace, and governance constructs that involve multi-level authorities, responsibilities, and regulations. Critical infrastructure owners and operators are uniquely positioned to manage risks to their individual operations and assets, and to determine effective strategies to make them more secure and resilient. Critical infrastructure must be secure and able to withstand and rapidly recover from all hazards. Achieving this will require integration with the national preparedness system across prevention, protection, mitigation, response, and recovery. This directive establishes national policy on critical infrastructure security and resilience. This endeavor is a shared responsibility among the Federal, state, local, tribal, and territorial (SLTT) entities, and public and private owners and operators of critical infrastructure (herein referred to as "critical infrastructure owners and operators"). This directive also refines and clarifies the critical infrastructure-related functions, roles, and responsibilities across the Federal Government, as well as enhances overall coordination and collaboration. The Federal Government also has a responsibility to strengthen the security and resilience of its own critical infrastructure, for the continuity of national essential functions, and to organize itself to partner effectively with and add value to the security and resilience efforts of critical infrastructure owners and operators. Copyright 28 OSIsoft, LLC

24 Threats to U.S. Critical Infrastructure Insider Threats Natural Disasters Terrorism Malicious/Non-Malicious Hacktavists Organizational / State Sponsored Copyright 28 OSIsoft, LLC

25 IT OT IT connects people with each other via , web collaboration tools and even voice communications - with information, via various databases, etc. Malware, data theft and corrupted data or devices can disrupt user productivity and even a stakeholder s transactional capabilities. This is one of the biggest differences between enterprise network security and industrial network security. If a deliberate hacker-saboteur, or an Insider Threat penetrates an industrial network and disrupts critical processes or controls, and even automated life safety protections, the populace could get seriously or even mortally hurt and our nation could come to standstill. Copyright 28 OSIsoft, LLC

26 Pervasive Data Collection Real-time sensor-based data from: Distributed Remote Mobile Assets May be collected, stored, analyzed, and streamed into the PI System Uncover hidden patterns, correlations and other strategic operational and business intelligence Copyright 28 OSIsoft, LLC

27 Gain Visibility Into Operational IT Assets Asset-based PI tools can help you monitor the status, health, and performance of IT assets in real-time PI AF Element Templates -build an AF Element hierarchy around enterprise IT assets to create and configure PI Tags for: standard IT Monitor PI Interfaces Ping TCP Response Performance Monitor SNMP Copyright 28 OSIsoft, LLC

28 PI Framing the Puzzle Connecting and framing data for a complete, reliable, valid, timely, accurate and analytically real-time and predictive picture. Copyright 28 OSIsoft, LLC

29 The PI System: A Data Infrastructure for Global Mission Critical Infrastructure Process Efficiency Maintenance Asset Health Equipment Energy Infrastructure Quality Utilities 3 rd Party Services Holistic Cyber Security & Safety Compliance Compliance Officer Mission Critical Infrastructure Copyright 28 OSIsoft, LLC

30 Real-time Data in Spatial Context Copyright 28 OSIsoft, LLC

31 Copyright 28 OSIsoft, LLC

32 (Video) 32

33 The PI System: A True Global Situational Awareness Architecture Eliminating your data silos: Anywhere Anytime Real-Time Copyright 28 OSIsoft, LLC

34 Idaho National Labs Shane Cherry Infrastructure Analysis and Technology Development National and Homeland Security Directorate

35 Understanding Holistic Effects of Cyber Events on Critical Infrastructure Shane Cherry Infrastructure Analysis and Technology Development National and Homeland Security Directorate March 2, 28 INL/CON

36 Information Technology vs. Operational Technology Information Technology: The study or use of systems (especially computers and telecommunications) for storing, retrieving, and sending information Oxford Dictionary Operational Technology: The hardware and software dedicated to detecting or causing changes in physical processes through direct monitoring and/or control of physical devices such as switches, pumps, valves, etc. such as those used in critical infrastructure systems. International Society of Automation

37 Increased IT-OT Connectivity Our national critical infrastructure consists of systems of geographically distributed assets, from regional and national networks to micro-scale controllers and sensors Increasingly, these assets, across all scales, are connected via IT and OT networks and thus potential cyber targets

38 Increased Focus on OT Related Cyber Activity

39 Increase in Cyber Events Related to Operational Technologies In Fiscal Year 26, DHS ICS-CERT coordinated 35 unique vulnerabilities and responded to 29 incidents associated with industrial control systems ICS-CERT Year in Review, 26 Large-scale cyberattack to electrical grid could lead to $243B - $T loss to the U.S. economy Health and safety impacts would include increased rate of illness and death in impacted areas Impact to DoD (and DHS) missions would significantly impact the security of the United States Lloyd s and University of Cambridge Centre for Risk Studies; President s Council of Economic Advisors, February 28

40 Elements of Cyber Physical Interactions

41 Interdependency Discovery Approach All-Hazards Analysis Framework (A-HA)

42 Interdependency Mapping

43 Developing Multi-Scale Facility Profiles Regional Scale Dependencies Process Scale Dependencies Control System Scale Dependencies Notional System

44 Modeling Functional Impacts

45 Holistic Cyber-Physical Analysis Process Reported OT Vulnerabilities or Threats Identify Standard OT Components Across Sectors Potentially Affected and Model Functional Impacts Link to Potential Facility Locations Model Potential Cascading Impacts Provide Actionable Information to Decision Makers and Stakeholders

46 Esri and INL: Partnering for Cyber Resilience

47

48 Print Your Certificate of Attendance Print stations located in the 4 Concourse Tuesday 2:3 pm 6:3 pm GIS Solutions Expo Hall B Wednesday :3 am 5:5 pm GIS Solutions Expo Hall B 5: pm 6:3 pm GIS Solutions Expo Social Hall B 6:3 pm 9: pm Networking Reception Smithsonian National Portrait Gallery

49 Download the Esri Events app and find your event Please Take Our Survey in the Esri Events App Select the session you attended Scroll down to find the feedback section Complete answers and select Submit

50 Brian Biesecker, Esri Paul J. Geraci, OSIsoft Shane Cherry, INL