ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

Transcription

1 ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT ENERGY AUTOMATION - SMART GRID Restricted Siemens AG 20XX All rights reserved. siemens.com/answers

2 Frederic Buchi, Energy Management Division, Siemens AG Cyber Security in Energy Networks siemens.com/answers

3 Digital Substations are vulnerable to Cyber Attacks Control Center Level Connectivity increases the exposure to Cyber Threats Unauthorized Access Malware HMI Internet-based Attacks Substation Level Field Level Page 3

4 Cyber Security in Energy Management Our Offerings Secure Products: Example SIPROTEC 5 Protection Devices Encryption of the communication line between DIGSI 5 and the SIPROTEC 5 device Secure development Patch management Antivirus compatibility Connection password according to NERC-CIP and BDEW White Paper Recording of access attempts in a non-volatile security log and IEC messaging Confirmation codes for safety-critical operations Page 4 Independent testing Secure development Digitally signed firmware Internal firewall Separation of process and management communication Crypto-chip for secure information storage

5 Cyber Security over the lifecycle of a system Project Management From Product Security to Operational Security Offer Threat and Risk Analysis Secure System Architecture User Authentication Planning Secure Coding Access Control Access & Account Control and Management Account Management Secure Communication Protocols Security Logging / Monitoring Backup and Restore Implementation (FAT) Installation (SAT) System Hardening and Secure Network Configuration System Hardening Backup & Restore Test Manuals Vulnerability Management & Malware protection Malware Protection Secure Remote Access Page 5

6 Cyber Security need a Holistic Approach A holistic approach is crucial People Awareness and understanding of cyber security. Products Support of CIA criteria (Confidentiality, Integrity, Availability) Complying with industry standards Processes Covering the whole product life-cycle Fostering solution and operational requirements. Page 6

7 Vendor Categorization of Security Standards / Guidelines Guideline Requirement BDEW Whitepaper Ausführungshinweise NIST SP Guide to Industrial Control - Systems (ICS) Security NISTIR 7628 Guidelines for SmartGrid Cyber Security BDEW Whitepaper DIN SPEC Annex B WIB Report M2784-X-10 IEC Req. for IACS Suppliers (and integrators) IEC System Sec. Req. + Security Assurance Levels IEC Embedded Devices IEC Host Devices IEC Data and communication security Realization Standard(s) Matter(s) Operator Integrator NERC-CIP ISO/IEC IEC Establish IACS Sec. Program IEC Operating IACS Sec. Program Page 7

8 Cyber Security from Operator Perspective Business targets Achieve Are you prepared? Power System Operator Organization Processes Infrastructure Mitigate Comply Cyber risks Cyber Regulations & Standards Page 8

9 Siemens Solution Migration concept to secure electrical substations An approach for making existing substations more secure Asset Inventory Network Topology Assessment Concept / Offer Page 9

10 Field Level Station Level Control Center Level Siemens Solution Secure Substation Blueprint Defining a standardized architecture Remote Access Zone Example Siemens Secure Substation Blueprint Substation Control Zone I Service PC Substation Control Zone II Page 10

11 Siemens Solution Categories of Cyber Security Controls Implementing security controls, always a mix of: Processes and Policies Organizational Preparedness Secure System Architecture Security Patching Secure Development System Hardening Malware Protection Secure Integration and Service Access Control and Account Management Backup and Restore Vulnerability and Incident Handling Security Logging /Monitoring Secure Remote Access Security Technologies Data Protection and Integrity Privacy Page 11

12 Siemens Solution Categories of Cyber Security Controls Zoom In Security Patching Implementing security controls, always a mix of: Processes and Policies Organizational Preparedness Secure System Architecture Security Patching Secure Development System Hardening Malware Protection Secure Integration and Service Access Control and Account Management Backup and Restore Vulnerability and Incident Handling Security Logging/Monitorin g Secure Remote Access Security Technologies Data Protection and Integrity Privacy Page 12

13 Security Patching Keeping the Substation Secure & Up-to-date VENDOR-SIDE SECURITY PATCH MANAGEMENT OPERATOR-SIDE SECURITY PATCH MANAGEMENT register notify Patch Information Patch from Vendor 2 Patch from Vendor 1 Patch from Vendor n Patches to apply in the substation Regulation: Challenges: Keep the security patch status of DSAS up-to-date High availability and reliability of operation have priority Patch Management must be scalable, secure and costefficient Page 13 CERT: Computer Emergency Response Team

14 Cyber Security in Energy Management Our Offerings Consulting Security Assessments for existing infrastructure, e.g. Hardening BDEW white paper or NERC CIP compliance audit Consultancy for secure integration of Siemens products and systems Holistic Security Consultancy via Smart Grid Compass Siemens Offerings Today Penetration Tests Products & Solutions Network penetration tests at customer infrastructure (simulating external and internal cyber attacks) Centralized Access Control and Password Management Secure Substation, e.g. migration to a secure substation BDEW white paper compliance modules and products Services Cyber Security Training Security Patch Management Page 14

15 Thank You Frederic Buchi Cyber Security Promoter Siemens Energy Management siemens.com/answers Page 15