Industrial Security - Protecting productivity IEC INDA

Transcription

1 Industrial Security - Protecting productivity IEC INDA siemens.com/industrialsecurity

2 Industrial Security IEC Page

3 IACS, automation solution, control system Industrial Automation and Control System (IACS) Asset Owner System Integrator IACS environment / project specific operates designs and deploys Basic Process Control System (BPCS) Operational and Maintenance policies and procedures + Automation solution Safety Instrumented System (SIS) is the base for Complementary Hardware and Software Product Supplier Independent of IACS environment develops Embedded devices Control System as a combination of Network components Host devices Applications Page

4 Actual structure of IEC / ISA Main documents to be published IEC / ISA General Policies and procedures System Component 1-1 Terminology, concepts and 2-1 Requirements for an IACS 3-1 Security technologies for IACS models security management system IS* 2009 TR* 2009 Ed.2.0 Profile of ISO / Master glossary of terms and abbreviations 1-3 System security compliance metrics DTS* 1Q14 Rejected CDV* 3Q Patch management in the IACS environment TR* 06/ Requirements for IACS solution suppliers 3-2 Security risk assessment and system design CDV* 3Q System security requirements and security levels IS* 08/ Product development requirements DC* 1Q Technical security requirements for IACS products DC* 3Q15 IS* 06/15 Definitions Metrics Requirements placed on security organization and processes of the plant owner and suppliers Requirements to achieve a secure system Requirements to secure system components *DC: Draft for Comment *IS: International Standard *CDV: Committee Draft for Vote *TR: Technical Report *ID: Initial Draft Functional requirements Processes / procedures Page

5 Various parts of IEC / ISA are addressing Defense in Depth IACS environment / project specific Asset Owner Operational and Maintenances policies and procedures System Integrator Policies and procedures Security capabilities of the Automation Solution Product Supplier Security capabilities of the products Development process Independent of IACS environment Page

6 Each stakeholder can create vulnerabilities Example User Identification and Authentication Asset Owner System Integrator can create weaknesses IACS environment / project specific designs and deploys can create weaknesses operates Industrial Automation and Control System (IACS) Basic Process Control System (BPCS) Operational and Maintenance policies and procedures + Automation solution Safety Instrumented System (SIS) is the base for Complementary Hardware and Software Invalid accounts not deleted Non confidential passwords Passwords not renewed Temporary accounts not deleted Default passwords not changed Product Supplier can create weaknesses Independent of IACS environment develops Embedded devices Control System as a combination of Network components Example: User Identification and Authentication Host devices Applications Elevation of privileges Hard coded passwords Page

7 Industrial Security IECEE / INDA Page

8 IECEE INDA / Industrial Security IEC CB Schemes MEAS POW Industrial EMC Product Safety.. Security Management Processes Products Systems Organizational Contracts Plant Audit Product Development Page

9 IEC EE INDA / Industrial Security IEC CB Schemes MEAS POW Industrial EMC Product Safety.. Security Management Processes 3 Products 4 Systems Organizational Contracts 1 Plant Audit 2 Product Development Page

10 Actual structure of IEC / ISA Main documents to be published IEC / ISA General Policies and procedures System Component 1-1 Terminology, concepts and 2-1 Requirements for an IACS 3-1 Security technologies for IACS models security management system IS* 2009 TR* Ed.2.0 Profile of ISO / Master glossary of terms and abbreviations 1-3 System security compliance metrics DTS* 1Q14 Rejected Definitions Metrics 1 CDV* 3Q Patch management in the IACS environment TR* 06/ Requirements for IACS solution suppliers IS* 06/15 Requirements placed on security organization and processes of the plant owner and suppliers Security risk assessment and system design CDV* 3Q System security requirements and security levels IS* 08/2013 Requirements to achieve a secure system Product development requirements DC* 1Q Technical security requirements for IACS products DC* 3Q15 Requirements to secure system components *DC: Draft for Comment *IS: International Standard *CDV: Committee Draft for Vote *TR: Technical Report *ID: Initial Draft Functional requirements Processes / procedures Page

11 IEC / IECEE Working Groups IEC CAB WG 17 Group for Cyber Security Decision 37/21 CAB WG 17 Cyber Security The CAB thanked WG 17 for its report, CAB/1383/R, noted that its scope is focused on home automation, smart devices (such as smart meters) and medical devices, and indicated that WG 17 should focus on all those sectors concerned with cyber security except those currently being worked on in IECEE (industrial automation). IECEE-PSC WG 3 TF 2 Task Force Cyber Security Terms of Reference: To make an unique approach for conformity assessment to IEC62433 series The initial set-up of a guidance Operational Document to describe how the conformity assessment can be handled. To describe the use of testing tools (start of instrument list) and test protocols. Page

12 Industrial Security Protection Levels / Holistic Approach Page

13 Assessment scopes Asset Owner Service Provider System Integrator Operational and maintenance procedures Realized capabilities of the Automation Solution Protection of an installation in operation Assessment of the operational and maintenance policies and procedures of the asset owner incl. people qualification Assessment of the (realized) functional capabilities of the Automation Solution Objective of cybersecurity System Integrator (Service Provider) Policies / procedures System capabilities IECEE WG3 TF2 Capabilities of the system integrator Assessment of the capabilities of a representative instance of an automation solution Assessment of the processes of the system integrator Gives a certain confidence that the system integrator can realize the required functionalities of the automation solution Product supplier System capabilities Product capabilities Development process Capabilities of the products Assessment of the capabilities of products and the systems Assessment of the quality of the development process Gives a certain confidence that the products and systems realize the claimed functionalities and have less vulnerabilities Page

14 Goal of governments Asset Owner Service Provider System Integrator Operational and maintenance procedures Realized capabilities of the Automation Solution Scope of Protection Levels Protection of an installation in operation Assessment of the operational and maintenance policies and procedures of the asset owner incl. people qualification Assessment of the (realized) functional capabilities of the Automation Solution Objective of cybersecurity Improving Critical Infrastructure Cybersecurity, Executive Order NIST Cybersecurity Framework Loi de programmation militaire pour les années 2014 à 2019 ANSSI Cybersécurité pour les systèmes industriels, Mesures détaillées IT Sicherheitsgesetz BSI Bundesamt für Sicherheit der Informationssysteme Commission Proposal for a Directive concerning measures to ensure a high common level of network and information security (NIS) across the Union Goal of the governments: Protection of critical infrastructures Control System Security Center (CSSC) CSS-Base6 Cybersecurity Test Bed Page

15 Basic documents of IEC / ISA are stable enough to be used IEC / ISA General Policies and procedures System Component 1-1 Terminology, concepts and models 1-2 Master glossary of terms and abbreviations 2-1 Requirements for an IACS security management system Ed.2.0 Profile of ISO / Security technologies for IACS 3-2 Security risk assessment and system design 4-1 Product development requirements 4-2 Technical security requirements for IACS products 1-3 System security compliance metrics 2-3 Patch management in the IACS environment 3-3 System security requirements and security levels Approved ISO/IEC can be used till this part is approved 2-4 Requirements for IACS solution suppliers Approved Definitions Metrics Requirements placed on security organization and processes of the plant owner and suppliers Requirements to achieve a secure system Requirements to secure system components *DC: Draft for Comment *IS: International Standard *CDV: Committee Draft for Vote *TR: Technical Report *ID: Initial Draft Functional requirements Processes / procedures Page

16 Process requirements and functional requirements are linked IACS environment / project specific Protection Level Conformance Cluster 1 Protection Level Conformance Cluster 2 Protection Level Conformance Cluster n Related policies and procedures Related policies and procedures Related policies and procedures AO IEC IEC IEC IEC IEC IEC SI Realized capabilities of the Solution Realized capabilities of the Solution Realized capabilities of the Solution PS IEC IEC IEC Page

17 Protection Levels cover security functionalities and processes Assessment of security functionalities Assessment of security processes SL 1 Capability to protect against casual or coincidental violation ML 1 Initial - Process unpredictable, poorly controlled and reactive. SL 2 Capability to protect against intentional violation using simple means with low resources, generic skills and low motivation ML 2 Managed - Process characterized, reactive SL 3 Capability to protect against intentional violation using sophisticated means with moderate resources, IACS specific skills and moderate motivation ML 3 Defined - Process characterized, proactive deployment SL 4 Capability to protect against intentional violation using sophisticated means with extended resources, IACS specific skills and high motivation ML 4 Optimized - Process measured, controlled and continuously improved Protection Levels Maturity Level Security Level PL 1 PL 2 PL 3 PL 4 Protection against casual or coincidental violation Protection against intentional violation using simple means with low resources, generic skills and low motivation Protection against intentional violation using sophisticated means with moderate resources, IACS specific skills and moderate motivation Protection against intentional violation using sophisticated means with extended resources, IACS specific skills and high motivation Page

18 Assessment is conducted in 4 steps Conformance Clusters should cover all relevant security dimensions The Protection Level is assessed for each Conformance Cluster Conformance Cluster 1 Conformance Cluster 2 Conformance Cluster 3 Conformance Clusters Conformance Cluster 4 Conformance Cluster 5 PL 1 PL 2 PL 3 PL 4 Protection against casual or coincidental violation Protection against intentional violation using simple means with low resources, generic skills and low motivation Protection against intentional violation using sophisticated means with moderate resources, IACS specific skills and moderate motivation Protection against intentional violation using sophisticated means with extended resources, IACS specific skills and high motivation Assess Business Risk to determine Criticality Assign Target Protection Levels Assess Protection Levels Achieved Protection Levels Page

19 Process controls and functional requirements provide the framework for an holistic assessment of Protection Levels Protection Level Conformance Cluster 1 Protection Level Conformance Cluster 2 Protection Level Conformance Cluster 3 Protection Level Conformance Cluster 4 Protection Level Conformance Cluster 5 Asset Owner IEC ISO/IEC All controls of IEC / ISO Service Provider IEC All requirements of IEC Automation Solution IEC All requirements of IEC Page

20 Thank you for your attention! Dr. Pierre Kobes Product and Solution Security Officer PD TI ATS TM 2 pierre.kobes@siemens.com siemens.com/industrialsecurity Page