Cyber Security Bryan Owen PE Principal Cyber Security Manager October 11, 2016

Transcription

1 Cyber Security Bryan Owen PE Principal Cyber Security Manager October 11, 2016

2 Agenda Overview What s new in PI Security Demo What s coming next Call to Action 2

3 Cyber Security is more of a Marathon than a Sprint Release Cadence Quicker response time More agile and predictable Most, not all products Ethical Disclosure Policy Transparency Do no harm 3

4 Boundary Protection is Essential Transmission & Distribution SCADA Critical Systems Limits direct access to critical systems while expanding the value use of information. Plant DCS PLCs Infrastructure Environmental Systems Other critical operations systems Security Perimeter Reduce the risks on critical systems

5 Best Practices are Advancing Engineering Bow-Tie Model ICS Security Bow-Tie Evaluating Cyber Risk in Engineering Environments: A Proposed Framework and Methodology

6 Attack & Defend Reduce Impact Attack & Defend Reduce Impact Attack & Defend Reduce Impact Classic PI System Kill Chain Many opportunities to defend Attack scenarios are complex Resists common malware 1 The Internet WEB Page Drive By Processbook Client Admin OS Access Unauthenticated access PI Data Archive Unauthorized access to data Administrative access to operating system Interface Node Control system pwned 5 Control System Social Engineering Web Browser Compromise User OS Access Administrative access to operating system PI Data Archive Compromise Missing or tainted data sent to users or downstream services Exploit vulnerable product or service to inject malware on interface node Interface Node Compromise Control system slow or unresponsive Phishing Network Node Access Authenticated PI data access Service delays or unresponsive Use interface output points for sending data to control systems Loss of control including anomalous actuator operation Exploit vulnerable service on PI Server Manipulation of configuration Use interfaces to overload control system Loss of view including fake sensor data Overload PI Server Pivot to other servers (PI Server as client to another server or unauthorized call home) Use PI data as part of a covert command and control channel Spread malware to client connections 6

7 What s New in PI Security 7

8 Classic PI Client Desktop Processbook 2015 R2 Memory corruption defenses (VS2013) Removes.NET Framework 3.5 dependency Improves support for EMET PI SDK 2016 Memory corruption defenses (VS2015) MS Runtime Updates Transport Security (Data Integrity and Privacy) KB How To Enhance Security in PI ProcessBook Using EMET 8

9 Attack & Defend Reduce Impact Attack & Defend Reduce Impact Attack & Defend Reduce Impact Attack & Defend Reduce Impact Modern PI System Kill Chain Latest defensive technology More separation from threat to target Shifts cost from defender to attacker 1 The Internet WEB Page Drive By Coresight Client in Web Browser Admin OS Access Unauthenticated access Coresight Server Unauthorized access to data Unauthenticated access PI Server Unauthorized access to data Administrative access to operating system Connector Control system pwned 6 Control System Social Engineering Web Browser Compromise User OS Access Authenticated Access Coresight Server Compromise Manipulation of configuration Administrative access to operating system PI Server Compromise Missing or tainted data sent to users or downstream services Exploit vulnerable product or service to inject malware on interface node Connector Compromise Control system slow or unresponsive Phishing Network Node Access Exploit vulnerable product or service Missing or tainted data sent to users or downstream services Authenticated PI data access Service delays or unresponsive Use interface output points for sending data to control systems Loss of control including anomalous actuator operation Admin Access to OS/ SQL Server Service delays or unresponsive Exploit vulnerable service on PI Server Manipulation of configuration Use interfaces to overload control system Loss of view including fake sensor data Overload Server (DoS) Spread malware to client connections Overload PI Server Pivot to other servers (PI Server as client to another server or unauthorized call home) Use PI data as part of a covert command and control channel Coresight acts as client to another resource Spread malware to client connections PI Square: Hardcore PI Coresight Hardening 9

10 Advanced Security in PI Coresight 2016 R2 Login using an external Identity Provider No need to expose corporate AD credentials PI Coresight OpenID Connect Claims ID Provider Active Directory PI Server PI3, WCF Business Network Business Partner/Cloud/Mobile Network 10

11 Security Changes for PI Server 11

12 PI AF Recent Security Changes 2015 Identity Mappings Service Hardening AF Client to Data Archive Transport Security 2016 IsManualDataEntry Annotate Permission File Attachment Checks File Type MS Office Text rtf, txt Image ProcessBook Allowed Extensions csv, docx, pdf, xlsx gif, jpeg, jpg, png, svg, tiff pdi PI System Explorer 2016 User Guide: Security for Annotations 12

13 PI Data Archive Recent Security Changes 2015 Compiler Defenses Code Safety Transport Security 2016 Auto Recovery Archive Reprocessing 13

14 Security Changes for PI System Interfaces 14

15 PI Buffer Subsystem 2015 Code Safety Transport Security with Windows Authentication 2016 Service Accounts Managed Service Account (Domain only) Virtual Service Account API BUFSERV for Windows

16 PI Interfaces New options for securing Data Source Read PI Interface Input Write Output Operating System 16

17 PI Interfaces New options for securing Data Source Read PI Interface Input Write X X Output White list Operating System New Features: 1. Least privileges 2. Read-only and read-write 3. White list output points 17

18 Code Hardened PI Interfaces Hardened PI Interface for ESCA HABConnect Alarms and Events PI Interface for Cisco Phone PI Interface for ESCA HABConnect PI to PI Interface PI Interface for CA ISO ADS Web Service PI Interface for IEEE C PI Interface for Performance Monitor PI Interface for Siemens Spectrum Power TG PI Interface for OPC DA PI Interface for Relational Database (RDBMS via ODBC) PI Interface for Universal File and Stream Loading (UFL) Hardened + Read-Only Available PI Interface for Foxboro I/A 70 Series PI Interface for Metso maxdna PI Interface for Citect PI Interface for SNMP Trap PI Interface for Modbus Ethernet PLC PI Interface for OPC HDA PI Interface for GE FANUC Cimplicity HMI PI Interface for ACPLT/KS 18

19 Transport Security Everywhere From Connection PI Trust NTLM RC4/MD5 Active Directory (Kerberos) AES256/SHA1* PI Buffer Subsystem PI Connectors PI Datalink PI Processbook PI Interfaces 19

20 Introducing PI API 2016 for Windows Integrated Security 20

21 PI API 2016 for Windows Integrated Security Compiler Defenses Code Safety Transport Security Data Integrity and Privacy Backward Compatible No changes to existing PI Interfaces PI Mapping is Required, PI API 2016 does not attempt PI Trust connection! 21

22 22

23 Security Changes in Progress 23

24 PI Connector Architecture PI Connectors PI Connector Relay Certificates Windows Security Edge DMZ Enterprise 24

25 PI System Connector Source PI System & PI System Connector PI Connector Relay Destination PI System PI Points Real-time Data Elements Templates Control DMZ Corporate 25

26 Attack & Defend Reduce Impact Attack & Defend Reduce Impact Attack & Defend Reduce Impact Attack & Defend Reduce Impact Attack & Defend Reduce Impact PI System Kill Chain with Relay Latest defensive technology More separation from threat to target Flexible and defensible architecture 1 The Internet WEB Page Drive By Coresight WEB Client Admin OS Access Unauthenticated access Coresight Server Unauthorized access to data Unauthenticated access PI Archive & AF Servers Unauthorized access to data Administrative access to operating system Connector Relay Control system pwned Administrative access to operating system Connector Control system pwned 7 Control System Social Engineering Web Browser Compromise User OS Access Authenticated Access Coresight Server Compromise Manipulation of configuration Administrative access to operating system PI Archive or AF Compromise Missing or tainted data sent to users or downstream services Exploit vulnerable product or service to inject malware on interface node Connector Relay Compromise Control system slow or unresponsive Exploit vulnerable product or service to inject malware on interface node Connector Compromise Control system slow or unresponsive Phishing Network Node Access Exploit vulnerable product or service Missing or tainted data sent to users or downstream services Authenticated PI data access Service delays or unresponsive Use interface output points for sending data to control systems Loss of control including anomalous actuator operation Use interface output points for sending data to control systems Loss of control including anomalous actuator operation Admin Access to OS/ SQL Server Service delays or unresponsive Exploit vulnerable service on PI Server Manipulation of configuration Use interfaces to overload control system Loss of view including fake sensor data Use interfaces to overload control system Loss of view including fake sensor data Overload Server (DoS) Spread malware to client connections Overload PI Server Pivot to other servers (PI Server as client to another server or unauthorized call home) Use PI data as part of a covert command and control channel Use PI data as part of a covert command and control channel Coresight acts as client to another resource Spread malware to client connections 26

27 Infrastructure Hardened PI System Global. Trusted. Sustainable. 27

28 What is Infrastructure Hardened? Extremely Reliable Well Tested Proven Capability Trusted Security Development Lifecycle Process Training Requirements Design Implementation Verification Release Response 28

29 29

30 Microsoft Project Springfield Early Adopter Resists pathological PI SQL data queries Cortana Ready Data Safe import and export of AF asset structures Robust support for intensive bulk data calls Reliable access to archive data

31 Key PI System Security Resources

32 Actions Defend your critical systems Establish an update cadence Take advantage of integrated security 32

33 Contact Information Brian Bostwick Market Principal, Cyber Security Bryan Owen PE Principal Cyber Security Manager 33

34 Thank You