Cyber Security in the Digital Substation and Beyond. Energy Management > Energy Automation

Transcription

1 Cyber Security in the Digital Substation and Beyond Energy Management > Energy Automation siemens.com/gridsecurity

2 Cyber Security Offerings From Siemens Energy Management Integrated Security in our products Secure Substation Design Solution Page 2 April 13-17, 2015 siemens.com/gridsecurity Bisale/Kohl Energy Management

3 Security is a must for Digital Substations Business targets Are you prepared for Cyber Security? Achieve Power System Operator Organization Processes Infrastructure Mitigate Comply Cyber risks Cyber Regulations & Standards Page 3 April 13-17, 2015

4 Cyber Risks Examples from IT-Security Report: Austria: Malfunction of control in energy networks Dragon: Targeted attacks to production networks Advanced Persistent Threats (APT): Attack against industrial plants in Germany Bundesamt für Sicherheit in der Informationstechnik: blob=publicationfile Page 4 April 13-17, 2015 siemens.com/gridsecurity Bisale/Kohl Energy Management

5 Cyber Risks ICS-CERT Responses to sector specific cyber security threats across the critical infrastructure sectors in the U.S. in 2014 Percentages related to the total response for 2014 Number of incidents Percentage of incidents Source: The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Unrestricted Siemens AG 2015 All rights reserved. Page 5 April 13-17, 2015 siemens.com/gridsecurity Bisale/Kohl Energy Management

6 Cyber Regulations & Standards Regulation makes implementation of ISMS mandatory General Law Regulation Standard ISO/IEC Standard ISO/IEC ISO/IEC/TR BDEW Whitepaper EnWG 11 Abs. 1 angemessener Schutz BSI Gesetz ( ) IT Sicherheitsgesetz (open) BnetzA / Informationssicherheitskatalog Information Security Management System Implementation Guidelines for ISO Controls Guidelines for process control systems specific to the energy utility industry Requirements for secure process controls and telecommunication system Specific Requirements Organization IT/OT-Processes Process Control Systems Page 6 April 13-17, 2015

7 Cyber Regulations & Standards NERC CIP Critical Infrastructure Protection Standards North American Electric Reliability Corporation (NERC) = Non-Profit Organization in US Specifies the minimum security requirements to ensure the security of the electronic exchange of information for supporting the bulk power system Unified format (intro, rules, measures, compliance (or deviation), regional specifics and history) Scope Physical Security Video, Access Control, Media Management Cyber Security Authorization, Integrity, Segmentation Security Operations Authorization, Integrity, Segmentation Parts Sabotage Reporting BES Cyber System Categorization Security Management Controls Personnel and Training Electronic Security Physical Security Systems Security Management Incident Reporting and Response Planning Recovery Plans for BES Cyber Systems Configuration Change Management and Vulnerability Assestm. Information Protection Mandatory for operators of power systems in USA, Canada and Mexico by Energy Policy Act of 2005 (EPACT) à Compliance process based on self audit, which must be repeated yearly Verification through a local NERC auditor, correction within 30 days required. Page 7 April 13-17, 2015

8 Digital Substations are vulnerable to Cyber Attacks Control Center Level Connectivity brings the high risk of Cyber Threats Unauthorized Access Malware HMI Internet-based Attacks Substation Level Field Level Page 8 April 13-17, 2015

9 Digital Substations are vulnerable to Cyber Attacks Conditions Zone Control Center Level Remote Access Station Level Field Level Conditions: Critical Infrastructure 24 h Operation Windows and Linux standard components Interfaces to unsecure networks Interfaces to office networks Legacy components Proprietary technology Mix of components from different vendors with different technologies Page 9 April 13-17, 2015

10 Digital Substations are vulnerable to Cyber Attacks Possible Threats and Attackers Control Center Level Possible Attackers: States Remote Access Criminal Organizations Zone Misuse of access rights Attacks via internet Attacks via internet Misuse of access rights Malware Malware Station Level Script Kiddies Insider Malware Unauthorized access Unauthorized access Field Level Page 10 April 13-17, 2015

11 Security is a must for Digital Substations Regulatory Compliance is a must for Operators You need a trustworthy and competent partner who delivers secure products and solutions Products and Solutions Process Control Systems Organisation IT/OT- Processes Consulting Coming soon: TÜV SÜD certified secure solutions offered by SIEMENS Page 11 April 13-17, 2015

12 Security is a must for Digital Substations Siemens Covers all Cyber Security Aspects Policies, Processes and Procedures Organizational security, secure development and integration, vulnerability and incident handling Security Technologies Organizational Preparedness Secure System Architecture Secure Development System Hardening Secure Integration and Service Access Control and Account Management Vulnerability and Incident Handling Security Logging/ Monitoring Common security technologies need to be implemented and contribute to the overall secure system architecture Security Patching Malware Protection Backup and Restore Secure Remote Access Data Protection and Integrity Privacy Page 12 April 13-17, 2015

13 Migrating to a Secure Digital Substation Siemens Approach Customer Requirements Asset Inventory Network Topology Assessment Concept / Offer Regulatory Requirements Page 13 April 13-17, 2015

14 Migration to Secure Substation Current State Control Center Level Legend Account Mgmt. RBAC (Roll based Access Control) Malware Protection Remote Access VPN Firewall Trusted Zone Zone Station Level DMZ Untrusted Network Switch Router with Firewall IEDs (Protection Devices, Field Devices) Field Level Station Controller PC Control Center Hardening Measures Page 14 April 13-17, 2015

15 Migration to Secure Substation Secure Architecture Control Center Level Remote Access Zone Consideration of spatial distribution (Physical Security Perimeter) Operational management Used assets Zone I Service PC Station Level Zone II Field Level Page 15 April 13-17, 2015

16 Migration to Secure Substation Hardening Control Center Level Hardening in a heterogeneous environment Remote Access Zone Hardening of products and systems Zone I Service PC Station Level Siemens products 3rd party products Zone II Field Level Page 16 April 13-17, 2015

17 Migration to Secure Substation Access Control / Account Management (ACAM) Control Center Level Remote Access Zone ACAM for PC based systems ACAM for embedded systems Integration into installed systems Zone I Service PC Station Level Zone II Field Level Page 17 April 13-17, 2015

18 Migration to Secure Substation Malware Protection Control Center Level Malware protection for PC based systems Remote Access Zone Antivirus Solution Application Whitelisting Solution Zone I Service PC Station Level Malware protection for embedded devices Zone II Field Level Page 18 April 13-17, 2015

19 Migration to Secure Substation Security Logging / Secure Communication Control Center Level Remote Access Zone Security Logging, e.g. integration into existing infrastructure Secure communication, e.g. communication to control center Zone I Service PC Station Level Zone II Field Level Page 19 April 13-17, 2015

20 Migration to Secure Substation Secure Remote Access Control Center Level Remote Access Zone Secure remote access Secure remote access integration into installed infrastructure Zone I Service PC Station Level Zone II Field Level Page 20 April 13-17, 2015

21 Control Center Level Migration to Secure Substation Security Patching Delivery of a patched system Concept for Patch Management Zone I Station Level Remote Access Zone Service PC Field Level Zone II Page 21 April 13-17, 2015 siemens.com/gridsecurity Bisale/Kohl Energy Management

22 Control Center Level Migration to Secure Substation Backup and Restore Backup and Restore concept for the system Backup and Restore Concept as Remote Access Zone Zone I Station Level base for Patch Management Service PC Backup and Restore Concept as base for disaster recovery plan Field Level Zone II Page 22 April 13-17, 2015 siemens.com/gridsecurity Bisale/Kohl Energy Management

23 Migration to Secure Substation Secure Substation Control Center Level Legend Account Mgmt. RBAC (Roll based Access Control) Malware Protection VPN Remote Access Zone Firewall Zone I Station Level Trusted Zone Service PC DMZ Untrusted Network Switch Router with Firewall IEDs (Protection Devices, Field Devices) Field Level Zone II Station Controller PC Control Center Hardening Measures Page 23 April 13-17, 2015 siemens.com/gridsecurity Bisale/Kohl Energy Management

24 Security is a must for Digital Substations Secure Substation Control Center Level Legend Account Mgmt. RBAC (Roll based Access Control) Malware Protection Security Controls, e.g. Secure Architecture VPN Secure zoning concept Remote Access Zone Firewall Secure Hardening DMZ Malware Protection Untrusted Network Switch Zone I Service PC Station Level Trusted Zone Access Control Account Management Router with Firewall Security Patching IEDs (Protection Devices, Field Devices) Zone II Field Level Station Controller PC Control Center Hardening Measures Page 24 April 13-17, 2015 siemens.com/gridsecurity Bisale/Kohl Energy Management

25 BNetzA conformant Solutions with Out of Band Management Coming Soon: TÜV SÜD Certified Modules offered by Siemens Module: Secure System Components By end of 2015: Windows Security package as part of the Secure System Components module Module: sichere Fernwartung Module: secure maintenance processes Module: Sichere Netzwerkstruktur Processspanning modules Module: Backup und Restore Page 25 April 13-17, 2015 Module: Zentrale Benutzer und Rollenverwaltung Module: SIS4EA Logging

26 Security Patch Management Keeping the Substation Secure & Up-to-date VENDOR-SIDE SECURITY PATCH MANAGEMENT OPERATOR-SIDE SECURITY PATCH MANAGEMENT register notify Patch Information Patch from Vendor 2 Patch from Vendor 1 Patch from Vendor n Patches to apply in the substation Regulation: Challenges: Keep the security patch status of DSAS up-to-date High availability and reliability of operation have priority Patch Management must be scalable, secure and costefficient Automation can help to support the key requirements Page 26 April 13-17, 2015

27 Siemens Cyber Security Solutions help the power system operator We protect your infrastructure so you can focus on your core business Secure your business Mitigate Cyber Risks Comply to Regulations & Standards Page 27 April 13-17, 2015

28 Energy Automation Products at a Glance Protection Security Substation Automation Security Distribution Automation Security Page 28 April 13-17, 2015 siemens.com/gridsecurity Bisale/Kohl Energy Management

29 Protection SIPROTEC 5 Page 29 April 13-17, 2015 siemens.com/gridsecurity Bisale/Kohl Energy Management

30 Safety and Security inside SIPROTEC 5 Multi-level Security Engineering and Operation Encryption of the communication line between DIGSI 5 and the SIPROTEC 5 device Secure development Patch management Antivirus compatibility Connection password according to NERC-CIP and BDEW White Paper Recording of access attempts in a non-volatile security log and IEC messaging Confirmation codes for safety-critical operations Independent testing Secure development Digitally signed firmware Internal firewall Separation of process and management communication Crypto-chip for secure information storage Page 30 April 13-17, 2015

31 Substation Automation SICAM Product Range SICAM SCC HMI SICAM AK 3 Substation Automation SICAM PAS Substation Automation Page 31 April 13-17, 2015 siemens.com/gridsecurity Bisale/Kohl Energy Management

32 SICAM PAS - Substation Automation User Management and Authorization Restrictive Control of User Administration in SICAM PAS/PQS Role to rights assignment for configuration and operation tasks Predefined user groups User Group Manage Access Rights Read Configurati on Write Configurati on View Operations Manage Operations Administrator ü ü ü ü ü System Engineer ü ü ü ü Data Engineer ü ü ü Switch Operator ü ü ü Guest ü ü Page 32 April 13-17, 2015

33 SICAM PAS - Substation Automation Secure Communication Secure Communication in SICAM PAS Certificate management for TLS-based communication IEC conformance IEC conformance Secure IEC 104 slave Secure DNP 3.0i slave Secure DNP 3.0i master Page 33 April 13-17, 2015

34 SICAM RTUs - Substation Automation User Management and Authorization Restrictive Control of User Administration in SICAM TOOLBOX II Role to rights assignment for configuration and operation tasks Extensible user roles User Group Remote Operation Administrat ion Load Firmware Administrator Professional ü ü ü ü ü (Role based Access Control for Standard ü ü 40 operations in User Defined Role 1 ü ü total) User Defined Role n ü Page 34 April 13-17, 2015

35 SICAM RTUs - Substation Automation Secure Communication SICAM AK3 Secure default settings Deactivation of un-used ports (hardening) Whitelisting interface to 3rd party networks Available with IEC 104 and IEC 101 Defined set of classified data Fixed set of rules Limitation of data transfer rate Integrated switch a by hardware By parameter setting a by software Integrated crypto chip Certificates loaded in factory Secured communication (TLS) Random generator for cyclic exchange of session key Page 35 April 13-17, 2015 siemens.com/gridsecurity Bisale/Kohl Energy Management

36 SICAM AK3 Substation Automation Application Firewall Feature Office Zone Control Center Zone Site-to-Site VPN WAN HW based applica-on layer firewall For network segmenta-on To mi-gate the risk of DoS a?acks Integra-on of legacy systems Substation Zone mobile SICAM TOOLBOX II legacy Systems SICAM AK, AK 3, TM & 2 SM-2558 SICAM AK & SM-2556 SAT Ax, SK SICAM TM 1703ACPCP-6014 SICAM TM 1703 ACPCP-6014 SICAM TM & SM-2556 LAN Private messages (no IP) OSI-Stack NIP OSI-Stack NIP2 LAN SICAM MIC SICAM EMIC Page 36 April 13-17, 2015

37 SICAM SCC - HMI User Management and Authorization Flexible Control of Runtime User Administration in SICAM SCC (HMI) Page 37 April 13-17, 2015

38 Security in Substation Automation Security Logs SICAM TOOLBOX II SICAM PAS Page 38 April 13-17, 2015

39 Distribution Automation Product Range SICAM CMIC Distribution and Feeder Automation SICAM SGU SIPROTEC 7SC80 Page 39 April 13-17, 2015 siemens.com/gridsecurity Bisale/Kohl Energy Management

40 SICAM CMIC Distribution Automation Secure Communication & Operation! IEC IEC serial! https GPRS modem IPSec-enabled router WIFI Encryption with IPSec https! 1. Secure Engineering SICAM WEB SICAM TOOLBOX II with https 2. Secure communication with IPSec 3. Penetration testing during system test 4. Certificate Management Concept available Misuse of access rights Page 40 April 13-17, 2015

41 SICAM SGU Distribution Automation End-to-site Secure Cellular Communication Including ping echo to monitor the VPN tunnel VPN tunnel for all communication protocols : Redundant IEC HTTP web configuration Ping supervision IP Security (IPSec) Protocol Tunnel Authentication / Encryption Perfect Forward Secrecy Page 41 April 13-17, 2015

42 Cyber Security Rack RUGGEDCOM CrossBow Features & Benefits FEATURES Security Management Password Management for IEDs Firmware/Configuration monitoring Secure Remote Access (VPN/TLS) A single system can support or more field devices hundreds of users Installed Base Approximately 40 systems in service today primarily in North America Security Solution for legacy and new products BENEFITS Logging of Security Events Audit Log available (IED access, firmware changes, etc) Integrate with Existing User Management Systems Microsoft Active Directory support RSA Secure ID support NERC CIP, BDEW Whitepaper Compliance Access Control Integrity Protection Password Management One system for multiple vendors Siemens, GE, SEL, others Page 42 April 13-17, 2015

43 Cyber Security Rack CrossBow Integration ü Firmware Monitoring ü Configuration Monitoring HMI SICAM SCC CYBER SECURITY RACK RUGGEDCOM CROSSBOW SERVER IED CONFIGURATION DIGSI 5 DIGSI 4! Hosted on rack pc ü Access Control SICAM PAS STATION UNIT SIMATIC IPC RACK PC ü Firmware Monitoring ü Configuration Monitoring ü Password Management ü Firmware Monitoring ü Configuration Monitoring RX 1501 ROUTER ü Password Management ü Firmware Monitoring ü Configuration Monitoring SIPROTEC 5 ü Firmware Monitoring ü Configuration Monitoring SIPROTEC COMPACT Page 43 April 13-17, 2015

44 Cyber Security Rack Secure Communication CYBER SECURITY RACK SIEMENS NBGH HMI IED CONFIGURATION REMOTE SICAM SCC SICAM SCC RUGGEDCOM CROSSBOW SERVER DIGSI 5 DIGSI 4 REMOTE DESKTOP secure connection Remote Security Monitoring SICAM PAS STATION UNIT Hosted on rack pc SIMATIC IPC (RACK PC) RX 1501 ROUTER WIDE AREA NETWORK SCALANCE S ROUTER WIFI NETWORK SICAM CMIC SIPROTEC 5 SIPROTEC COMPACT SICAM SGU IEC 104 over IPSec CELLULAR NETWORK Secure Web Engineering cyber security event over IEC cyber security event over binary input IEC 104 over IPSec WIDE AREA NETWORK Page 44 April 13-17, 2015

45 Thank you for your attention! Chaitanya Bisale Product Lifecycle Manager Cyber Security & Substation Automation EM EA PRO LM2 Humboldtstr Nuremberg Phone: +49 (911) Mobile: +49 (172) Andreas Kohl Lifecycle Manager Cyber Security EM EA SYS LM-O Humboldtstr Nuremberg Phone: +49 (911) Mobile: +49 (172) siemens.com/gridsecurity Page 45 April 13-17, 2015