NAVAL DISTRICT WASHINGTON SMARTSHORE CASE STUDY Jeff Johnson NDW CIO (N6) 1
Creating Cyber Secure Enterprise Control Systems Networks Agenda US Navy, NDW Industrial Controls overview The new cyber threat landscape - hacker trends, techniques and technologies Examine costs associated with ICS-focused attacks Common critical network vulnerabilities Holistic approach to cyber security The EICS capabilities Summary and conclusions 2
Strategic Drivers & Requirements (Public Laws, Executive Orders, DoD and DoN Mandates) DoD 8500 Series Risk Management Framework 2014 Secretary of the Army Army Operational Energy Policy 2013 Public Law 111-84 National Defense Authorization Act (NDAA) FY2010 Executive Order (EO) 13514 Federal Leadership in Environ., Energy, and Economic Performance 2009 DoD Instruction 4170.11 Installation Energy Management 2009 DoD Manual 3020.45 Volume I Defense Critical Infrastructure Program (DCIP): DoD Mission-Based Critical Asset Identification Process (CAIP) Public Law 110-140 Energy Independence and Security Act of 2007 EISA07 Executive Order (EO) 13423 Strengthening Federal Environmental, Energy, & Transportation Mgt. 2007 Unified Facilities Criteria (UFC) Sustainable Development 2007 Public Law 109-58 Energy Policy Act of 2005 EPAct05 Federal Federal Information Security Management Act 2002 2008 @SAME_HQ 4
Commander, Naval Installations Command Region Naval District Washington NDW Footprint* Joint Base Anacostia Bolling (DC) NAS Patuxent River (MD) NSA Annapolis (MD) NSA Bethesda (MD) NSA South Potomac (VA) NSA Washington (DC) 25,652 acres 3,129 buildings 2,822 non-building structures 1,029 utilities locations 10 runways Total Plant Replacement Value (PRV): $14B Operations & Maintenance Budget: $500M/yr Reimbursable Budget: $15M/yr 6 hangers 44 piers-wharfs 3 small arms training 21 small boats Geographically located in multiple states to address interstate utility regulatory issues @SAME_HQ 5
Navy, Naval District Washington (NDW) Establishing a secure critical infrastructure environment for efficient shore operations Smart Shore Program REQUIREMENTS Compliance with DoD and Federal mandates Efficiency savings through automation Optimization of plant operations and processes Safe & Reliable operations Share information between stakeholders Connect equipment over an IP network Utilize open & common protocols Effective Force protection and public safety Utility critical infrastructure protection CONCERNS Unauthorized external access to networks and systems Loss of command & control or data integrity Loss or degradation of system availability Malware infection manipulating operations Cyber-attack causing physical impact Reputation loss due to publicized vulnerabilities or attacks Intentional misuse of systems or control causing physical impacts Cyber security attacks impacting normal operations @SAME_HQ 6
Catastrophic Impacts of Cyber Attacks Project Aurora: INL cyber attack on a generator caused damaging vibration Sayano-Shushenskaya power station: Turbine vibration caused violent damage 8
Growing Industrial Threats 9
Costs Associated with ICS Attacks & Failures Sanyo-Shushenskaya RusHydro shares dropped 15% Business lost $523 million Target $61 million in expenses due to breach Potentially $1 billion in fraud fines Continued impact to reputation CEO & CIO fired Maroochy Water Service $200k on security-upgrades alone Loss of reputation New York blackout 2003 $800m loss from productivity $250m in perishable goods ~$36m an hour! Safety-issues (potential harm or death) National security concerns Lost productivity Lack of confidence by shareholders and customers C-level/Board-level replacement Ongoing reputational damage Regulatory fines Environmental damage Wider economic consequences from being critical infrastructure Increased stress & operational impact on staff Why endpoint security is important. 10
Who Launches Cyber Attacks You don t need to be a hacker to hack A World Full of Hackers Nation states Criminals Activists Employees Children! Admiral Michael Rogers, Director NSA & US Cyber Command Various Motivations Money Political protest Environmental activism Espionage Retaliation Job security Fun China along with one or two other countries have the capability to successfully launch a cyber-attack that could shut down the electric grid in parts of the United States. NSA Director testimony to Congress, Nov. 2014 Unintentional Disasters An attacker doesn t even know what they are doing to cause a huge impact 11
A Growing List of Uncovered Vulnerabilities 12
Vulnerabilities External Cyber Attacks ICS Network Industrial Process Infrastructure Automation Facility Monitoring Support Network Engineering Terminal Wireless HMI External Networks Application Data/Historian SCADA Mirrored Data s Report/Alarm Enterprise Networks Remote Access Authentication An outsider/insider gains access to an external system and uses it to impact a more critical ICS network
Vulnerabilities External Cyber Attacks Unauthorized Device Connections ICS Network Industrial Process Infrastructure Automation Facility Monitoring Support Network Engineering Terminal Wireless HMI External Networks Application Data/Historian SCADA Mirrored Data s Report/Alarm Enterprise Networks Remote Access Authentication An outsider/insider introduces their own device into the network making your internal network externally accessible, and directly exploitable by the attacker
Vulnerabilities External Cyber Attacks Unauthorized Device Connections ICS Network Industrial Process Infrastructure Automation Facility Monitoring Internal Host-based /Malware Attacks Support Network Engineering Terminal Wireless HMI External Networks Application Data/Historian SCADA Mirrored Data s Report/Alarm Enterprise Networks Authentication Remote Access Malware infects the control system and causes a dangerous or malicious action
Vulnerabilities External Cyber Attacks Unauthorized Device Connections Internal Host-based /Malware Attacks ICS Network Industrial Process Infrastructure Automation Facility Monitoring Zero-day Attacks Support Network Engineering Terminal Wireless HMI External Networks Application Data/Historian SCADA Mirrored Data s Report/Alarm Enterprise Networks Remote Access Authentication Targeted malware utilizes a zero-day vulnerability to cause a specifically designed impact to the ICS network & devices
DoD and Federal mandates are driving service-level smart energy initiatives US Navy, NDW Smart Shore Program is forging the way Broad deployment of smart meters using secure wireless networks Enterprise integration of building automation systems to reduce energy consumption - 500+ buildings across 10+ bases Information Assurance accreditation in place Implementing smart security for operational technology Accredited cyber security solution for industrial controls (EICS & AMI) Physical security via accredited perimeter security solution (VPMS & NACS) Achieving energy savings Summary Shore Operations Center (ShOC) is now actively monitoring and managing operational systems US Navy is considering expanding Smart Shore Navy-wide. 26