RIPE RIPE-17 Table of Contents The Langner Group Washington Hamburg Munich
RIPE Operations Technology Management Plan (MP-17) 0.1 Purpose... 4 0.2 Process Overview... 4 0.3 Implementation Scope... 5 0.4 Revision Notes... 5 1 Organizational Resources... 6 1.1 OT Support Center... 6 1.2 Cooperation of other Departments... 6 1.3 Use of External Resources... 7 2 Asset and Configuration Management... 8 2.1 System Inventory... 8 2.2 Network Architecture and Data Flow Diagrams... 9 2.3 OT Planning, Configuration, and Procurement... 10 3 Workforce and Contractor Management... 12 3.1 Workforce Information Database... 12 3.2 Training Program... 12 3.3 Policies and Standard Operating Procedures... 13 4 Incident Management... 15 4.1 Incident Response Capability... 15 4.2 Incident Detection and Assessment Procedure... 15 4.3 Incident Response and Recovery Protocol... 16 5 Managerial Control... 18 5.1 Performance Measurement... 18 5.2 Vulnerability and Fragility Analysis... 19 5.3 Performance Evaluation and Improvement... 19 5.4 Reporting and Management Sign-Off... 20 RIPE-17 Table of Contents - 2-2017 Langner.com
RIPE Implementation Plan (IP-17) 0.1 Scope and Structure of this Document... 4 0.2 Using this Document... 4 0.3 Revision Notes... 6 1 Pre-RIPE: Setting the Stage... 8 1.0 Overview... 8 1.1 Define Objectives, Priorities, and Implementation Scope... 8 1.2 Provide Organizational Resources... 9 1.3 Set up an OT Configuration Management Database (CMDB)... 10 1.4 Set up a Workforce Information Database... 11 1.5 Set up an Online Document Repository... 12 1.6 Provide Tools for Creation of Network Diagrams... 13 1.7 Provide Tools for the Creation of Data Flow Diagrams... 14 1.8 Document Efforts, Results, and Lessons Learned... 15 2 RIPE Cycle Zero: Introducing the RIPE Instruments... 16 2.0 Overview... 16 2.1 Plan and Schedule Activities... 17 2.2 Develop a Conceptual Framework for the System Inventory... 17 2.3 Produce or Update Preliminary Network Diagrams... 18 2.4 Produce Preliminary Data Flow Diagrams... 19 2.5 Populate the Workforce Information Database... 20 2.6 Customize the Training Curriculum and Start Training Courses... 21 2.7 Customize and Rollout Policies and SOPs... 22 2.8 Customize and Rollout the OT Reference Architecture... 23 2.9 Introduce a System Procurement Guideline... 24 2.10 Customize Incident Management Procedures and Protocols... 25 2.11 Collect, Analyze, and Report Results... 26 3 RIPE Cycles One to N: Continuous Improvement... 28 3.0 Overview... 28 3.1 Write a Cycle Implementation Plan... 28 3.2 Introduce Improved RIPE Instruments... 29 3.3 Apply the Prescriptive RIPE Instruments... 29 3.4 Improve the System Model... 30 3.5 Develop and Maintain a Cyber Incident Response Capability... 31 3.6 Perform Audits... 32 3.7 Analyze and Report... 32 RIPE-17 Table of Contents - 3-2017 Langner.com
RIPE System Inventory (SI-17) 0 Introduction... 5 0.1 Scope and Intended Audience... 5 0.2 The Role of the System Inventory within RIPE... 5 0.3 The RIPE System Inventory Data Model... 6 0.4 Revision Notes... 8 1 Identifier Nomenclature... 9 1.1 Purpose and Usage of a Nomenclature... 9 1.2 Component Identifiers... 9 1.3 Network Identifiers... 9 1.4 Cable Identifiers... 9 1.5 System Identifiers... 10 2 System Context... 11 2.1 Functional Context... 11 2.2 Product Context... 11 2.3 Location... 12 3 Device Classes... 13 3.1 Identification Attributes... 13 3.2 Qualifying Attributes... 13 3.3 Connectivity Attributes... 14 3.4 Informational Attributes... 14 4 Device Instances... 15 4.1 Inherited Attributes... 15 4.2 Identification Attributes... 15 4.3 Qualifying Attributes... 15 4.4 Configuration Attributes... 16 4.5 Remote Configuration Detection & Verification Support... 16 4.6 Informational Attributes... 16 5 Software Classes... 18 5.1 Identification Attributes... 18 5.2 Qualifying Attributes... 18 5.3 Integrity Attributes... 19 5.4 Connectivity Attributes... 19 5.5 Informational Attributes... 19 6 Software Instances... 20 6.1 Inherited Attributes... 20 6.2 Identification Attributes... 20 6.3 Qualifying Attributes... 20 6.4 Integrity Attributes... 20 6.5 Connectivity Attributes... 20 RIPE-17 Table of Contents - 4-2017 Langner.com
6.6 Informational Attributes... 21 7 Developing a System Inventory... 22 7.1 Develop an Identification Nomenclature, if not existing already... 22 7.2 Collect System Context Information... 22 7.3 Identify OT Hardware and Software Products used at given Site... 22 7.4 Identify Individual Devices and Software Instances... 22 7.5 Complete Configuration Details... 23 RIPE-17 Table of Contents - 5-2017 Langner.com
RIPE Network Diagram Style Guide (NW-17) 0.1 Scope of this Document... 4 0.2 Intended Audience... 4 0.3 Revision Notes... 4 1 Network Diagrams... 6 1.1 General Definitions and Conventions... 6 1.2 Granularity, Hierarchy Layers, and Network Diagram Types... 6 1.3 Identifying Location... 9 1.4 Diagram Labels... 9 1.5 Junction Points... 9 1.6 Referencing other RIPE Resources... 10 1.7 File Format for Documentation Purposes... 10 2 Nodes... 11 2.1 Node Symbols, Color Codes, and Labels... 11 2.2 Network Switch... 12 2.3 Router... 12 2.4 Firewall... 13 2.5 Wireless Access Point... 13 2.6 Modem... 13 2.7 Data Diode... 13 2.8 Server... 14 2.9 Workstation... 14 2.10 Operator Panel... 14 2.11 Mobile Workstation... 15 2.12 Industrial Automation and Control Device... 15 2.13 Sensor and Actuator... 15 2.14 Printer... 15 2.15 Other Components... 16 3 Networks and Subsystems... 17 3.1 Ethernet-based Networks... 17 3.2 Fieldbusses... 17 3.3 Subsystems... 17 4 Communication Links... 18 4.1 Link Type: Ethernet vs. Fieldbus... 18 4.2 Link Type: Copper vs. Fiber Optics... 18 4.3 Point-to-Point Connections... 18 4.4 Interface and Link Labels... 18 RIPE-17 Table of Contents - 6-2017 Langner.com
RIPE Data Flow Diagram Style Guide (DF-17) 0.1 Scope and Intended Audience... 4 0.2 Understanding Data Flow Diagrams... 4 0.3 Revision Notes... 4 1 Components and Subsystems... 6 1.1 General... 6 1.2 Components... 6 1.3 Subsystems... 6 2 Data Flow... 8 2.1 General... 8 2.2 Interfaces... 8 2.3 Connected Interfaces vs. Open Interfaces... 8 2.4 Data Flow Categories and Color Codes... 9 2.5 Interface Labels... 9 RIPE-17 Table of Contents - 7-2017 Langner.com
RIPE Reference Architecture (RA-17) 0.1 Scope and Intended Audience... 4 0.2 Reading the Rules... 4 0.3 Revision Notes... 5 1 Network Architecture... 6 1.1 General... 6 1.2 Corporate Network Interface... 6 1.3 Remote Access... 6 1.4 Email... 7 1.5 Web Access... 7 1.6 Wireless LAN... 7 1.7 Network Access by Mobile Systems from Non-Staff... 8 1.8 Isolation of Black Boxes... 8 2 Network Infrastructure Services... 9 2.1 General... 9 2.2 DHCP... 9 2.3 DNS... 9 2.4 Active Directory, Domain Controllers, and LDAP... 9 2.5 Time Servers (NTP and similar Protocols)... 9 2.6 Backup Sinks... 10 2.7 Anti-Virus Signature Update Service... 10 2.8 Security Patch Update Service... 10 3 Network Devices... 11 3.1 Firewalls... 11 3.2 Wireless Access Points... 11 3.3 Network Switches and Routers... 11 4 Computer Systems... 13 4.1 General... 13 4.2 SCADA/DCS Servers... 14 4.3 HMIs and Operator Panels... 14 4.4 Mobile Engineering Systems... 15 4.5 Operations Technology Systems other than SCADA/DCS... 15 5 Industrial Control Systems... 16 5.1 General... 16 5.2 Programmable Logic Controllers... 16 RIPE-17 Table of Contents - 8-2017 Langner.com
RIPE System Procurement (SP-17) 0.1 Intended Audience... 4 0.2 The Role of System Procurement in RIPE... 4 0.3 The RIPE System Procurement Philosophy... 5 0.4 Suggested Use of the RIPE System Procurement Module... 6 0.5 Revision Notes... 6 1 Product Documentation... 8 1.1 Basic documentation quality... 8 1.2 Hardware Documentation... 8 1.3 Software Documentation... 8 1.4 Network Documentation... 9 1.5 Disaster Recovery and Contingency Planning... 9 2 Configuration Integrity Assurance... 10 2.1 System Hardening... 10 2.2 Detection of Unauthorized Software Installation and Execution... 10 2.3 Version Control... 10 2.4 Controller Configuration Target Verification... 10 2.5 Configuration Integrity Verification... 11 2.6 Disaster Recovery... 11 3 Network Resilience and Robustness... 12 3.1 Address Space Allocation... 12 3.2 Network Resilience... 12 3.3 Vulnerability Scans... 12 3.4 Non-Use of Insecure Services... 12 3.5 System and Network Monitoring... 12 3.6 Clock Synchronization... 12 4 Access Control and Account Management... 13 4.1 Authorization... 13 4.2 Passwords... 13 4.3 Account Management... 13 4.4 Logging... 13 4.5 Network Accessibility... 14 5 Vendor Processes and Procedures... 15 5.1 Quality Management... 15 5.2 Policy Compliance Statement... 15 5.3 Flaw Remediation... 15 5.4 Cyber Security Focal Point... 15 RIPE-17 Table of Contents - 9-2017 Langner.com
RIPE Workforce Management (WM-17) 0 Introduction... 5 0.1 Scope and Intended Audience... 5 0.2 The Role of Workforce Management within RIPE... 5 0.3 Understanding User Roles... 6 0.4 Workforce Management Functions... 8 0.5 Revision Notes... 9 1 End User... 10 1.1 Typical Job Positions and Use Cases... 10 1.2 Operations Technology Rights and Responsibilities... 10 1.3 Document Access... 10 1.4 Nomad Systems and Remote Access Privilege... 11 2 Engineer... 12 2.1 Typical Job Positions and Use Cases... 12 2.2 Operations Technology Rights and Responsibilities... 12 2.3 Document Access... 12 2.4 Nomad Systems and Remote Access Privilege... 13 3 Administrator... 14 3.1 Typical Job Positions and Use Cases... 14 3.2 Operations Technology Rights and Responsibilities... 14 3.3 Document Access... 14 3.4 Nomad Systems and Remote Access Privilege... 15 4 Planner/Developer... 16 4.1 Typical Job Positions and Use Cases... 16 4.2 Operations Technology Rights and Responsibilities... 16 4.3 Document Access... 16 4.4 Nomad Systems and Remote Access Privilege... 17 5 RIPE Support... 18 5.1 Typical Job Positions and Use Cases... 18 5.2 Operations Technology Rights and Responsibilities... 18 5.3 Document Access... 18 5.4 Nomad Systems and Remote Access Privilege... 19 6 Visitor... 20 6.1 Typical Job Positions and Use Cases... 20 6.2 Operations Technology Rights and Responsibilities... 20 6.3 Document Access... 20 6.4 Nomad Systems and Remote Access Privilege... 20 7 Supervisor... 22 7.1 Typical Job Positions and Use Cases... 22 RIPE-17 Table of Contents - 10-2017 Langner.com
7.2 Operations Technology Rights and Responsibilities... 22 7.3 Document Access... 22 7.4 Nomad Systems and Remote Access Privilege... 23 8 Incident Response... 24 8.1 Typical Job Positions and Use Cases... 24 8.2 Operations Technology Rights and Responsibilities... 24 8.3 Document Access... 24 8.4 Nomad Systems and Remote Access Privilege... 25 RIPE-17 Table of Contents - 11-2017 Langner.com
RIPE Policies and Standard Operating Procedures (PO-17) 0.1 Scope and Intended Audience... 4 0.2 Understanding User Roles, Policies, and SOPs... 4 0.3 The RIPE Policy Philosophy... 4 0.4 Revision Notes... 4 1 External Engineers (Contractors)... 6 1.1 Using Computer Systems... 6 1.2 Using Mobile Systems that Enter and Leave the Facility (Nomad Laptops)... 6 1.3 BYODs (Smartphones, Tablet Computers, MP3 Players etc.)... 7 1.4 Using Networks... 7 1.5 Using Mobile Media... 7 1.6 Exchanging Files... 8 1.7 Using Remote Access... 8 1.8 Configuration Change Management Procedure... 8 2 Operations Technology Users... 10 2.1 Using Computer Systems... 10 2.2 Using Mobile Media and Mobile Systems... 10 2.3 Using the Internet and Email... 10 2.4 Exchanging Files... 10 3 Engineering and System/Network Administration... 12 3.1 Using Computer Systems... 12 3.2 Using Mobile Systems not Leaving the Facility (Resident Laptops)... 12 3.3 Using Mobile Systems Entering and Leaving the Facility (Nomad Laptops)... 12 3.4 Using Networks... 13 3.5 Using Mobile Media... 13 3.6 Exchanging Files... 13 3.7 Maintaining Endpoint Security... 13 3.8 Maintaining Network Security... 14 3.9 Firewall Rule Set Update Procedure... 14 3.10 Generic Configuration Change Management Procedure... 15 4 OT Planning and System Design... 16 4.1 Exchanging Files... 16 4.2 Planning Design and Configuration Change Procedure... 16 4.3 System Acquisition Procedure... 16 5 Visitors... 18 5.1 Using Computer Systems and Networks... 18 5.2 Using the Internet and Email... 18 5.3 Exchanging Files... 18 RIPE-17 Table of Contents - 12-2017 Langner.com
RIPE Incident Management (IM-17) 0.1 Scope and Intended Audience... 4 0.2 The Role of Incident Management in RIPE... 4 0.3 Understanding OT Incident Management... 4 0.4 Revision Notes... 5 1 Cyber Incident Response Capability... 6 1.1 Cyber Incident Response Personnel and Relevant External Parties... 6 1.2 Technical Cyber Incident Management Requirements... 7 1.3 Cyber Incident Response Prerequisites... 7 1.4 Training and Exercises... 9 2 Cyber Incident Detection and Assessment... 10 2.1 Cyber Incident Identification, Validation and Assessment... 10 2.2 Cyber Incident Prioritization... 11 2.3 Cyber Incident Notification... 12 2.4 Mobilization of Response Forces... 12 3 Cyber Incident Response... 14 3.1 Predictive Analysis of Potential Incident Response Side Effects... 14 3.2 Cyber Incident Containment... 14 3.3 Eradication and Recovery... 15 4 Post-Incident Procedures... 18 4.1 Post-Recovery Notification... 18 4.2 In-Depth Forensic Analysis... 18 4.3 Cyber Incident Response Review and Documentation... 18 RIPE-17 Table of Contents - 13-2017 Langner.com
RIPE Training Curriculum (TC-17) 0.1 Scope... 4 0.2 Training Formats... 4 0.3 Training Overview... 4 0.4 Verification... 5 0.5 Revision Notes... 5 1 Policy Related Training... 6 1.1 End User Policies... 6 1.2 Contractor Policies Part I: Acceptable System Use... 6 1.3 Contractor Policies Part II: Network and Media Use... 7 1.4 Engineering and Administrator Policies Part I: Acceptable System Use... 8 1.5 Engineering and Administrator Policies Part II: Network and Media Use... 8 1.6 Remote Access... 9 1.7 Visitor Policies... 10 2 Task Specific Training... 11 2.1 Applying the RIPE System Procurement Module... 11 2.2 Turning RIPE System Procurement Security Criteria into Requirements... 11 2.3 Applying the RIPE Reference Architecture to Network Infrastructure... 12 2.4 Applying the RIPE Reference Architecture to Systems... 13 2.5 Applying the RIPE Reference Architecture to Electrical Systems... 14 2.6 Maintaining Endpoint Security... 14 2.7 Practical Control Network Troubleshooting... 15 2.8 Incident Response Procedures and Protocols... 16 2.9 Incident Response Drill... 16 2.10 Incident Response Tabletop Exercise for Management... 17 3 Background Knowledge... 18 3.1 OT Boot Camp... 18 3.2 Cyber Attacks Against Industrial Facilities: Lessons Learned from Known Attacks.. 18 3.3 Control Networks 101... 19 3.4 Design Issues and Strategies for Control Networks... 20 RIPE-17 Table of Contents - 14-2017 Langner.com
RIPE Capability Metrics (CM-17) 0 Introduction... 5 0.1 Purpose... 5 0.2 Subject Under Consideration and Time of Verification... 5 0.3 Metric Types... 5 0.4 Revision Notes... 7 1 Indexes... 9 1.1 OT Security Resources... 9 1.2 Workforce... 9 1.3 Installed System Base: Resident Hardware Components... 9 1.4 Installed System Base: Mobile Devices... 10 1.5 Installed System Base: Networks... 11 2 System Inventory (SI)... 12 2.1 RIPE.SI.Capability... 12 2.2 RIPE.SI.%Completeness... 12 2.3 RIPE.SI.%Accuracy... 12 3 Network Architecture Model (NA)... 14 3.1 RIPE.NA.Capability... 14 3.2 RIPE.NA.%Completeness... 14 3.3 RIPE.NA.%Accuracy... 14 4 Data Flow Model (DF)... 16 4.1 RIPE.DF.Capability... 16 4.2 RIPE.DF.%Completeness... 16 4.3 RIPE.DF.%Accuracy... 17 4.4 RIPE.DF.%Accuracy.Protocols... 17 4.5 RIPE.DF.%Accuracy.MobileDevices... 17 5 Workforce Management (WM)... 19 5.1 RIPE.WM.Capability... 19 5.2 RIPE.WM.%Completeness... 19 5.3 RIPE.WM.%Accuracy... 19 5.4 RIPE.WM.%Completeness.ThirdParties... 20 6 Training Program (TP)... 21 6.1 RIPE.TP.Capability... 21 6.2 RIPE.TP.%Completeness... 21 6.3 RIPE.TP.%Compliance... 21 6.4 RIPE.TP.%Compliance.ThirdParties... 22 7 Policies and Standard Operating Procedures (PO)... 23 7.1 RIPE.PO.Capability... 23 7.2 RIPE.PO.%Completeness... 23 RIPE-17 Table of Contents - 15-2017 Langner.com
7.3 RIPE.PO.%Compliance... 23 7.4 RIPE.PO.%Compliance.ThirdParties... 24 8 System Procurement (SP)... 25 8.1 RIPE.SP.Capability... 25 8.2 RIPE.SP.%Completeness... 25 8.3 RIPE.SP.%Conformity... 25 9 OT Planning and Configuration (PC)... 27 9.1 RIPE.PC.Capability... 27 9.2 RIPE.PC.%Completeness... 27 9.3 RIPE.PC.%Conformity... 27 10 Consolidated Security Capability (SC)... 29 10.1 RIPE.SC.Overall... 29 10.2 RIPE.SC.Model... 29 10.3 RIPE.SC.Policies... 29 RIPE-17 Table of Contents - 16-2017 Langner.com
RIPE Concepts and Terminology (CT-17) Asset CAPEX CCSE CIFS CMDB Computer Console Control Network Controlled Software CPE Critical Systems/Networks DCOM Digital Device DCS Distributed System DMZ Downstream Engineering FAT FTP HMI Incident ICS IED ISMS Mobile System Network Zone Network Component Nomad System NTP OPC Operations Technology (OT) OPEX OS OTSC Perimeter PG PLC Quality RPC Remote Access Point Resident System REST RFP RIPE SAT SCADA SDL SMB Sniffing SNMP SOAP SOP System Context TCO Thin Client Upstream USB Whitelisting Workforce Management Unauthorized Software, Hardware, Access UML UPS VLAN VPN RIPE-17 Table of Contents - 17-2017 Langner.com