Just How Vulnerable is Your Safety System?

Similar documents
Cybersecurity. Sarabjit Purewal Principal Specialist Inspector BSc ACGI PGDip CEng MIET. Humber Chemical Focus Group 21 July 2016

AUTHORITY FOR ELECTRICITY REGULATION

Cyber security - why and how

How can I use ISA/IEC (Formally ISA 99) to minimize risk? Standards Certification Education & Training Publishing Conferences & Exhibits

IC32E - Pre-Instructional Survey

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

Security analysis and assessment of threats in European signalling systems?

Functional. Safety and. Cyber Security. Pete Brown Safety & Security Officer PI-UK

An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist

ISA99 - Industrial Automation and Controls Systems Security

Expanding Cyber Security Management for Critical Infrastructure

Using ANSI/ISA-99 Standards to Improve Control System Security

Cyber Security for Process Control Systems ABB's view

Integrated and Separate?

Safdar Akhtar, Cyber Director Sema Tutucu, Ops Leader 27 September CYBER SECURITY PROGRAM: Policies to Controls

Practical SCADA Cyber Security Lifecycle Steps

Cybersecurity Training

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

Cyber Security Requirements for Supply Chain. June 17, 2015

Introducing the 9202-ETS MTL Tofino industrial Ethernet security appliance

NEN The Education Network

Cyber security for digital substations. IEC Europe Conference 2017

Industry Best Practices for Securing Critical Infrastructure

Addressing Cyber Threats in Power Generation and Distribution

IoT & SCADA Cyber Security Services

Cyber Security Standards Developments

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

DEMONSTRATION OF INDEPENDENCE

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

ISA99 - Industrial Automation and Controls Systems Security

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Lindström Tomas Cyber security from ABB System 800xA PA-SE-XA

Continuous protection to reduce risk and maintain production availability

Alternatives to Patching for more Secure and Reliable Control Systems

K12 Cybersecurity Roadmap

Introduction to ICS Security

Cloud Security Standards Supplier Survey. Version 1

Navigating Regulatory Issues for Medical Device Software

T22 - Industrial Control System Security

DeltaV SIS and Cybersecurity

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

COMBINED PROCESS CONTROL SYSTEMS AND SAFETY INSTRUMENTED SYSTEMS (SIS) DEMONSTRATION OF INDEPENDENCE

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

IEC A cybersecurity standard approaching the Rail IoT

Nebraska CERT Conference

Ingram Micro Cyber Security Portfolio

SCADA Security at. City of Guelph Water Services

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update)

Safety Systems are the New Target Design Security Using Safety Methods

Network Security Policy

Integrating Cyber Security and Safety Systems Engineering Disciplines with a common Code of Practice

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Securing Plant Operation The Important Steps

External Supplier Control Obligations. Cyber Security

Technical Guidance and Examples

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

NW NATURAL CYBER SECURITY 2016.JUNE.16

ABB Process Automation, September 2014

System Wide Awareness Training. your cyber vulnerabilities. your critical control systems

Canada Life Cyber Security Statement 2018

SECURE INFORMATION EXCHANGE: REFERENCE ARCHITECTURE

Massimo Nardone, TKK, S Security of Communication Protocols

INTERNATIONAL STANDARD

A practical guide to IT security

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Protection Levels, Holistic Approach. ISA-99 WG 3 TG 3 Protection Levels

Top 20 Critical Security Controls (CSC) for Effective Cyber Defense. Christian Espinosa Alpine Security

Designing and Building a Cybersecurity Program

Process System Security. Process System Security

Industrial Control System Security white paper

Procedure for Network and Network-related devices

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

LESSONS LEARNED IN SMART GRID CYBER SECURITY

ICS Security. Trends, Issues, and New Standards. Speaker: David Mattes CTO, Asguard Networks

Cyber risk management into the ISM Code

Cyber Security What we think and what we know?

A Strategic Approach to Industrial CyberSecurity. Kaspersky Industrial CyberSecurity

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

How Breaches Really Happen

Protecting your data. EY s approach to data privacy and information security

Objectives of the Security Policy Project for the University of Cyprus

TARGET, PROTECT. your cyber vulnerabilities

Port Facility Cyber Security

Technical Reference [Draft] DRAFT CIP Cyber Security - Supply Chain Management November 2, 2016

Industrial Network Trends & Technologies

Technical Security Standard

ISASecure SSA Certification for DeltaV and DeltaV SIS

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

existing customer base (commercial and guidance and directives and all Federal regulations as federal)

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

ABB Ability Cyber Security Services Protection against cyber threats takes ability

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith

MIS Week 9 Host Hardening

Cyber Security Technologies

Carbon Black PCI Compliance Mapping Checklist

Information Security Controls Policy

Transcription:

Theme 3: Cyber Security Just How Vulnerable is Your Safety System? Colin Easton MSc, CEng, FInstMC, MIET, ISA Senior Member TUV Rhienland FS Senior Expert PHRA & SIS 6 th July 2017 1

Safety System Security 2 Safety Systems are now more accessible and open than ever before, due to the increasing use of COTS solutions for networking and HMI purposes. Business needs drive the interconnectivity between between OT and IT systems at the same time as we see control and safety system architectures merging. This interconnectivity and merging of systems opens up vulnerabilities in our systems that can be exploited by cyber and physical threats.

Safety System Security 3 Safety Systems operate in real time to protect our processes, tampering with them, either intentionally or unintentionally, can lead to: Loss of Production Environmental releases Heath & Safety consequences Industrial Automation and Control System (IACS) security is about preventing or mitigating the exploitation of the vulnerabilities in our control and safety systems.

What is the Problem? 4 2010 Stuxnet Siemens S7 PLCs access for reconfiguration 2012 - Project Basecamp looking for vulnerabilities in 6 specific IACS devices found several including the ability to access PLC configurations and modify it. These vulnerabilities have been released and are included in publicly available databases for us to identify and protect against threats, but also enabling anyone to find and exploit them. But, not all threats originate from the internet - maintenance activities, software upgrades / patches, remote access, wireless, physical security and unauthorised access are just as big an issue for safety systems

IEC 62443 Security for IACS 5 Therefore, the SIS must be secure from both physical or cyber damage as a result of malicious acts or accidental events that would impact on the SIS s ability to maintain its functional and safety integrity on demand. To prevent both physical or cyber damage the risk reduction must be based on a mix of technical, procedural and managerial protection measures taken from the guidance in IEC 61511, IEC 62443 (ISA99) and in ISA TR84.00.09.

Security Risk Assessment IEC 61511 2 ED Clause 8.2.4 6 States that a SRA must be carried out to identify the security vulnerabilities of the SIS. The SRA output needs to include: 1. A description of the devices covered by the SRA What is the scope of the System Under Assessment (SuC); 2. A description of the identified threats that could exploit vulnerabilities and result in security events; 3. The potential consequences resulting form the security events and the likelihood of these events occurring; 4. Consideration of vulnerabilities and threats at all of the lifecycle phases; 5. The determination of requirements for additional risk reduction; 6. A description of, or references to information on, the security and compensating measures to be taken to reduce or remove the threats.

A description of the devices covered by the SRA 7 IACS Device Asset Operator control room HMI Consequence Rating Likelihood rating IACS Device Risk Level Clearly document the IACS and associated assets. Remote operator Panel Engineering Workstation Historian Server Gather and organise information such as: System architecture diagrams components, connectivity & location Controller Pressure Sensor Valve Positioner Gateway Network diagrams physical construct and assignments Devices (Ethernet & IP Address) Configurations hardware & software - Scan & MAP tools Identify known vulnerabilities IEC 62443-2-1 Example IACS Asset table

Security Vulnerability Assessments (The clever stuff) 8 High Level Gap Assessment: Assessment of existing operational procedures and practices Interviews, site audit, review of drawings, sample configurations, questionaire (Questionnaire could make use of US - Cyber Security Evaluation Tool ICS-CERT) Passive vulnerability assessment: Review architecture & network drawings & traffic analysis tools, Research using vulnerability databases ICS-CERT, NVD, Nessus Active vulnerability assessment Active network scanning Active vulnerability scanning Penetration test. Metasploit

Zones and Conduits 31 ISA-TR84.00.09-2013 9 WLAN Enterprise Web Server Enterprise Firewall Internet Review the system boundaries and break it down into zones and conduits. Control Center Data Historian Maintenance Workstation ` Plant DMZ Domain Controller The zones and conduits should include assets that will be assumed to require the same Security Level: SIS IAMS SIS HMI ` SIS Engineering Workstation BPCS BPCS Engineering Workstation Domain Controller ` IAMS Then carry out a High-level SRA. Handheld Programmer BPCS HMI Domain Controller SIS-PES Control PES Block Valve 24 VDC 4-20 ma 4-20 ma Control Valve 24 VDC 4-20 ma Pump Controller Transmitter Transmitter Figure A.3 Example Network Security Architecture with Integrated 2 Zone SIS

A description of the identified threats that could exploit vulnerabilities and result in security events 10 Stored data (e.g. history, programs) is intentionally modified or corrupted by unauthorised individual through local access Malware: unintentionally installed on control system through remotely connected computer; intentionally installed on control system through a remotely connected computer; enters the system through a laptop connected to the control system network enters the system through infected media (e.g. USB sticks etc.); enters the system through the business network. Confidential controls system data is intentionally disclosed through local or remote access A network device fails causing a network storm impacting system communication A denial of service attack is intentionally launched through remote access

High-level Risk Assessment Tools 11 IEC 62443-2-1 Example tables

The potential consequences resulting form the security events and the likelihood of these events occurring 12 IACS Device Asset Consequence Rating Likelihood rating IACS Device Risk Level Operator control room HMI A Medium High-Risk Remote operator Panel C High Medium-Risk Engineering Workstation A High High-Risk Historian Server B Medium Medium-Risk Controller A Medium High-Risk Pressure Sensor A Medium High-Risk Valve Positioner A Medium High-Risk Gateway B Low Low-Risk Firewall B Low Low-Risk IEC 62443-2-1 Example IACS Asset table with results

The determination of requirements for additional risk reduction 13 Draft IEC 62443-3-2 Security for IACS Workflow diagram to establish zones and conduits ZCR Zone & Conduit Requirement SuC System under consideration PHA Process Hazard Analysis

The determination of requirements for additional risk September 2016 24 ISA-62443-3-2, D6E3 reduction Start 14 Historical data and other threat information sources DRAR 1 Identify threats List of threats Draft IEC 62443-3-2 Security for IACS Workflow diagram for detailed cyber security risk assessment DRAR Detailed Risks Assessment Requirement Vulnerability assessment, prior audits, vulnerability databases, etc. Threats, vulnerabilities, existing PHAs, other risk assessments Lists of threats and vulnerabilities Likelihood, impact, corporate risk matrix Corporate risk matrix with tolerable risk [Updated] List of countermeasures Updated likelihood, impact and corporate risk matrix DRAR 2 Identify vulnerabilities DRAR 3 Determine consequences and impact DRAR 4 Determine unmitigated likelihood DRAR 5 Calculate unmitigated cyber security risk DRAR 6 Determine security level target DRAR 7 Identify and evaluate existing countermeasures DRAR 8 Reevaluate likelihood and impact DRAR 9 Calculate residual risk List of vulnerabilities Assessment of impact Assessment of likelihood Assessment of unmitigated cyber security risk Security level target List of countermeasures Updated likelihood and impact assessment Residual cyber security risk This document includes working drafts of, or extracts from documents in the ISA-62443 series. New versions will be generated periodically as individual documents are revised. IS TO BE USED SOLELY FOR THE PURPOSES OF FURTHER DEVELOPMENT OF ISA STANDARDS, AND MAY NOT BE OFFERED FOR FURTHER REPRODUCTION OR FOR SALE. THE COPYRIGHT RESTS WITH ISA. DRAR 10 Are all residual risks at or below tolerable risk No DRAR 11 Apply additional cyber security countermeasures Updated list of countermeasures Yes 612 DRAR 12 Document and communicate results Detailed risk assessment report

The determination of requirements for additional risk reduction 15 IEC 62443-3-2 Example table for mapping Cyber Risk Reduction Factor to Target Security Level

Description of information on the security & compensating measures taken to reduce / remove the threats 16 The counter measures to address a specific risk will be different depending on the system. For example, different Authentication rules will apply for controllers and HMI etc. Counter measures must be documented along with the procedure / guidance for using them. IEC 62443 approach similar to IEC 61508 identified control measures that can be used to demonstrate risk is reduced broken down by requirements IEC 62443-3-3.

Consideration of vulnerabilities and threats at all of the lifecycle phases 17 ISA TR84.00.09 Management Process - Identifies additional requirements for Cyber security, including: Clause 5 - Management of FS Inventory of vulnerabilities, risk assessment, security of operation, host protection, patch upgrade management, confidentiality of cyber security information; Clause 8 Additional requirements for security protection, potential threats taken from IEC 62443 guidance; Clause 9 To include security counter measures and compensating measures for when it is not possible to implement security counter measures in the SIS; Clause 10 SRS should have a section dedicated to counter measures specifically considering that the counter measures do not degrade SIS performance such as response time or field devices; Clause 11 & 12 Additional requirements for when full independence and segregation is not feasible based on air gap, integrated zone hierarchy, firewalls & vendor to supply security concepts that cover the SIS lifecycle; Clause 14 and 15 consideration of mechanical integrity and ongoing cyber security; Clause 16 - Ongoing cyber security, such protection during back up and restoration, patches and upgrades, remote access, bypasses and checking of tools. Clause 17 & 18 Modifications to the SIS related security counter measures should follow the MOC programme and an impact analysis carried out to include access control, authorisation and reasons for access, virus checking and control

Cyber Security - Competency and Training for C&I Engineers 18 It is critical that C&I Engineers acquire the skill set to be able to communicate and work along side Cyber Security Specialists. ISA Europe has introduced the ISA Industrial Cyber security Certificate Program this provides practical hands training using IACS network hardware, firewalls, switches and Rockwell & Siemens PLCs to work on. The training is tiered to ISA/IEC 62443: ISA/IEC 62443 Cyber security Fundamentals Specialist ISA/IEC 62443Cyber security Risk Assessment Specialist ISA/IEC 62443 Cyber security Design Specialist ISA/IEC 62443 Cyber security Maintenance Specialist TÜV Rhienland are also developing a Cyber Security scheme for C&I and FS Eng that will be introduced in early 2018

Additional Guidance (UK HSE) 19 Compliance with OG-0086 will contribute towards a suitable demonstration of compliance with UK H&S legislation and as part of the cyber security ALARP demonstration for the facility. OG-0086 Cyber Security for IACS identifies BS EN 61511 as the recognised good practice (RGP). The reference is related to 2 nd Edition Clause 8.2.4 requirements for a Security Risk Assessment (SRA). Both OG-0086 & IEC 61511 reference IEC 62443 as the applicable international standard as well as ISA-TR84.00.09-2013 Security Countermeasures Related to SIS as the relevant standards for IACS SRA and implementation.

20 OG-0086 Framework Process for the management of Cyber Security for IACS

Framework for Cyber Security 21 The OG-0086 approach is similar to the US NIST 800 Cyber security Framework of: The UK HSE guiding principles are: Protect, detect and respond - It is important to be able to detect possible attacks and respond in an appropriate and timely manner in order to minimise the impacts. Defence in depth. No single security countermeasure provides absolute protection as new threats and vulnerabilities can be identified at any time. To reduce these risks, implementing multiple protection measures in series avoids single point failures. Technical, procedural and managerial protection measures. Technology is insufficient on its own to provide robust levels of protection

22 IEC 61511 2 nd Edition introduces the requirement for SRA. UK HSE have produced guidance aligned to IEC 62443 and ISA-TR84.00.09 SRA Risk Matrix should be based on a subset of the Seveso RM to facilitate ALARP demonstration. Asset Register can be based on BOM, I/O Schedule,Instrument List for SIS. CSMS Gap Analysis required to help reduce systematic failures through procedures. EC&I Cyber security competence is increasing, but still a large gap between process & IT.

23 Thank you for listening Any questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback