An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist

Transcription

1 An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist Standards Certification Education & Training Publishing Conferences & Exhibits Speakers: Bryan L. Singer, CISM, CISSP, CAP 2012 ISA Water & Wastewater and Automatic Controls Symposium August 7-9, 2012 Orlando, Florida, USA

2 Introduction of Presenter Instructor Bryan L Singer, CISSP, CISM, CAP Vice President, Kenexis Security Corporation Previous Chairman ISA-99 Industrial Automation and Control Systems Security Chair ISA-84/99 JWG for Safety and Security Appointee to NERC CIP SAR and Drafting Team DHS PCSF former board member and current governing board Experienced in cyber forensic investigations, network architecture and design, security assessments, software coding, penetration testing, vulnerability research, malware research, and system commissioning bryan.singer@kenexis.com

3 What are the Threats? What do attacks look like? What do I need to protect? How do attackers gain access to ICS? ICS SECURITY BACKGROUND

4 Why Do I need ICS Security? Process plants contain hazards that are controlled High Temperatures and Pressures Toxic/Flammable materials Under attack, controlled hazards can be released These systems are exposed to external attack if they are networked

5 Pathways into the Control Network Internet Infected Remote Support Office LAN Mis-Configured Firewalls Plant Network Infected Laptops Unauthorized Connections Modems Control LAN RS-232 Links External PLC Networks

6 Common ICS Vulnerabilities Susceptible to high rates of TCP Traffic Network anomalies create nuisance shutdowns due to fragility of network stacks and time dependent functions Broadcast and multicast traffic creates excessive communications due to flat networks Alarm and Event traffic not rate limited or throttled Static IP Addressing, fixed link and duplex mixed with dynamic addressing and auto-negotiate Non-standard images or applications on process control networks

7 ICS Security Axioms The Following Principles Outline Unique Challenges for ICS Security ICS security requires more than the traditional Confidentiality, Integrity, and Availability models ICS Security is an Engineering Problem, and Requires Engineering Solutions There is a difference between valid communications and possible communications The Principle Lines of Defense come from Network Architecture and Design

8 ICS Security Axioms - Continued Single point vulnerabilities are of minimal value to ICS attackers The threat is just as effective, if not worse, than the attack Additional failure modes for ICS include (in order of relative impact, least to most) Loss of View (LoV) Manipulation of View (MoV) Denial of Control (DoC) Loss of Control (LoC)

9 Common ICS Security Applications Firewalls DMZ Intrusion Detection Systems Virtual Private Networks Anti-Virus/Anti-Spyware Patch Management Services Vendor and Owner Certification and Practices This equipment is often already installed and operating, but poor installation, configuration, and management make them ineffective.

10 What are the critical first steps? What resources are available? How do I get started? APPLYING ISA-99

11 Overview of the ISA-99 Standard

12 Organization Work Group 1 Security Technologies Inactive Work Group 2 Defining a Security Program Inactive Work Group 3 Terminology, Concepts & Models Inactive Work Group 4 Technical Requirements Active Work Group 5 Committee Leadership Active Work Group 6 Patch Management Active Work Group 7 Work Group 8 Security and Safety (Joint with ISA84) Communications and Outreach (Joint with Compliance Institute) Active Restarting Work Group 9 Wireless Security (Joint with ISA100) Active Work Group 10 Operating a Security Program Starting Work Group 11 Nuclear Plant Security (Joint with ISA67) Active 12

13 Where it starts: ISA : Establishing an Industrial Automation and Control Systems Security Program Risk Analysis Business Rationale Risk Identification, Classification & Assessment Addressing Risk with the CSMS Security Policy, Organization, and Awareness Selected Security Countermeasures Implementation CSMS Scope Organizational Security Staff Training & Security Awareness Business Continuity Plan Security Policies & Procedures Personnel Security Physical & Environmental Security Network Segmentation Access Control: Account Administration Access Control: Authentication Risk Management & Implementation System Development & Maintenance Information & Document Management Incident Planning & Response Access Control: Authorization Monitoring & Improving the CSMS Compliance Review, Improve, & Maintain the CSMS

14 Step 1: Dividing Up The Control System into Security Zones Following the ISA99 standard (and other security standards), it is critical to offer a level of segmentation and traffic control inside the control system. Control networks should be divided into security zones based on control function and risk. A security zone is a logical grouping of physical, informational, and application assets sharing common security requirements.

15 Step 2: Connecting Control System Zones Connections between the zones are called conduits, and these must have security controls to: Control access to key systems Resist Denial of Service (DoS) attacks or the transfer of malware Shield other network systems Protect the integrity and confidentiality of network traffic. It is important to understand and manage all your conduits between zones, not just the obvious ones.

16 Step 3: Multilayer Architecture By Zone

17 Step 4: Providing Defense in Depth to Critical Assets Need to protect legacy components without capability for good access control, antivirus, antimalware, OS patches What components? DCS controllers PLCs RTUs IEDs (Intelligent Electrical Devices) If your systems are critical, your risk analyses may show the need to add defense in depth for these components. Additional segmentation and firewalls are a solution Practical control systems specific firewall appliances are now available that can provide additional defense in depth for these components that cannot protect themselves

18 Summary ICS are under increasing attack Solid guidance is available! Key Steps: Understand pathways into your control systems Divide your system up into logical zones and conduits to facilitate risk analysis Follow ISA-99 for Defense in Depth Strategies! TODAY is the day ISA Establishing an Industrial Automation and Control Systems Security Program - standard lays out the requirements for this a program. ISA Operating an Industrial Automation and Control Systems Security Program - (future) defines how to run the program

19 Questions? Standards Certification Bryan L Singer, CISM, CISSP, CAP Bryan.singer@kenexis.com Education & Training Publishing Conferences & Exhibits