Safdar Akhtar, Cyber Director Sema Tutucu, Ops Leader 27 September CYBER SECURITY PROGRAM: Policies to Controls

Similar documents
Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

K12 Cybersecurity Roadmap

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

IC32E - Pre-Instructional Survey

INDUSTRIAL CYBER SECURITY

Just How Vulnerable is Your Safety System?

Designing and Building a Cybersecurity Program

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

Cyber security - why and how

Practical SCADA Cyber Security Lifecycle Steps

Cisco Secure Ops Solution

ICS Security Monitoring

Cybersecurity Training

Protecting productivity with Industrial Security Services

Reinvent Your 2013 Security Management Strategy

Education Network Security

External Supplier Control Obligations. Cyber Security

ACM Retreat - Today s Topics:

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Internet of Things. The Digital Oilfield: Security in SCADA and Process Control. Mahyar Khosravi

The Common Controls Framework BY ADOBE

RIPE RIPE-17. Table of Contents. The Langner Group. Washington Hamburg Munich

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Department of Management Services REQUEST FOR INFORMATION

THE POWER OF TECH-SAVVY BOARDS:

Industrial Defender ASM. for Automation Systems Management

HONEYWELL INDUSTRIAL CYBER SECURITY

Lindström Tomas Cyber security from ABB System 800xA PA-SE-XA

AUTHORITY FOR ELECTRICITY REGULATION

An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist

IoT & SCADA Cyber Security Services

CCISO Blueprint v1. EC-Council

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

ISE North America Leadership Summit and Awards

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Cyber Protections: First Step, Risk Assessment

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

T22 - Industrial Control System Security

COMPUTER SECURITY DESIGN METHODOLOGY FOR NUCLEAR FACILITY & PHYSICAL PROTECTION SYSTEMS

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Proactive Approach to Cyber Security

THE TRIPWIRE NERC SOLUTION SUITE

Cybersecurity Auditing in an Unsecure World

Cyber Security for Process Control Systems ABB's view

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Nebraska CERT Conference

REAL-WORLD STRATEGIES FOR MEDICAL DEVICE SECURITY

Ensuring Your Plant is Secure Tim Johnson, Cyber Security Consultant

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Training for the cyber professionals of tomorrow

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

SANS SCADA and Process Control Europe Rome 2011

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

Standard CIP Cyber Security Systems Security Management

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

Industrial Security Co-Sourcing: Shifting from CapEx to OpEx Presented by Vinicius Strey Manufacturing in America 03/22-23/2017

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

Comprehensive Mitigation

Automated Firewall Change Management Securing change management workflow to ensure continuous compliance and reduce risk

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

Gujarat Forensic Sciences University

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

Secure Access & SWIFT Customer Security Controls Framework

Defense in Depth Security in the Enterprise

CIT 480: Securing Computer Systems. Putting It All Together

CYBERSECURITY MATURITY ASSESSMENT

Transforming Security from Defense in Depth to Comprehensive Security Assurance

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

Combating Today s Cyber Threats Inside Look at McAfee s Security

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

Carbon Black PCI Compliance Mapping Checklist

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Standard CIP 007 4a Cyber Security Systems Security Management

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

ABB Ability Cyber Security Services Protection against cyber threats takes ability

Managed Security Services - Endpoint Managed Security on Cloud

Standard Development Timeline

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Continuous protection to reduce risk and maintain production availability

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

ISO27001 Preparing your business with Snare

locuz.com SOC Services

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Cybersecurity Overview

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

Transcription:

Safdar Akhtar, Cyber Director Sema Tutucu, Ops Leader 27 September 2017 CYBER SECURITY PROGRAM: Policies to Controls

Can You Answer These Questions? 1 What s my company s exposure to the latest industrial cyber threat? Are my plants compliant with our corporate cyber security directive? >50% of Board of Directors are not satisfied with Leaderships Cyber Issue Management Are there non-sanctioned devices, like USBs, that have been added to plant process control networks? What happens if I have a malware outbreak in my control network? Production impact? Operations staff SOP?

Agenda 2 Industrial Cybersecurity Overview Where to Start Honeywell Vision Assessment & Remediation - Examples Brownfield Vs. Greenfield Cybersecurity Project Phases Q & A

Industrial Cyber Security 3 Industrial Cyber Security is the body of practices, processes and technologies designed to defend process control networks, systems, computers, programs and data from attack, damage, disruption, unauthorized access or misuse - Protecting against external and internal threats - Detecting, Responding and Recovering from cyber attacks and incidents Safeguarding availability, safety and reliability and managing risk - Keeping plants running smoothly without disruption - IT cyber security, in contrast, focuses more on protecting information than physical assets, operations and people Requires deep understanding of process control networks, operations, information technology and cyber security

No Silver Bullet 4 Process - Management System - Through policies and procedures Patch Management Secure Remote Access Anti-virus Backup and Restore Change Management Perimeter Security - Periodic Audits People Weakest link - Training and Awareness - Professional Skills & Qualification - Motivation Technology - Installed and maintained If any part fails you are at risk

Where to Start 5 Cybersecurity Management System (CSMS) in Place (Best) - Unacceptable Risk Require Mitigation Cybersecurity Assessment Identified the Gaps (Better) - Critical & High Priority Gaps Need to be Fixed Mandatory Compliance Requirements (Good) - Non-Compliance Items Need a Fix Facing Technical Issues Functional or Security (OK) - Need a Solution Adhoc Approach (Bad) - Likeness, Following the trend etc. Wrong Impression of Cybersecurity (Worst) - Air-gap, Misconfigured Cybersecurity Solutions etc. Don t know Start with Cybersecurity Assessment - Aim for a roadmap with CSMS as an ultimate goal

Honeywell Industrial Cyber Security Vision Assess assets against industry standards, regulatory requirements and best practices - Provides roadmap to eliminate exposed risk Remediate addresses issues identified in the Assess phase with a customdesigned Industrial Cybersecurity Program - Multi-layered secure defense-in-depth network design - System hardening - Compliance and governance development - Security awareness program Manage focus is on preserving and enhancing the investment made in security, by applying services and training - Workflow Implementation - Anti-virus and Patch Management - Network Perimeter Management - Change Management Program Assure focuses on program monitoring to assure its functioning as designed - Reporting, Verification, Analytics etc. 6

Cybersecurity Assessment 7 Planning Phase - Assessment Team - Assessment Scope & Goals - List of Attack Vectors - Assessment Plan Data Collection Phase - Vulnerability Scan - Configuration Data - Document Collection - Interview Key Personnel Analysis Phase - Evaluation of Vulnerabilities, Patches, Malwares - Attack Surface Analysis - Password Auditing - Log Management Auditing - Network Access Auditing - Evaluation of Network Architecture - Evaluation of Authorized Software and Network Traffic - Configuration Reviews - Policy & Procedure Reviews - Risk Profiling - Risk Mitigation Outcome Execution Gap, Design Gap, Technology Gap Reporting Phase - Detailed Report - Executive Summary Report - Audit Report against ISA 99 - Presentation / Workshop

Risk Summary Example 8 A B C D E F G Plants Security Control Categories Site Location Type SP PE SA NA AC SM SP PE SA NA AC SM Security Policies and Procedures Physical and Environmental Security Security Architecture Network Architecture Cyber Access Control Cyber Security Management High Medium Low The capability of the threat is significant, and compensating controls to reduce the probability of vulnerability exploitation are insufficient The capability of the threat is medium, and implemented compensating controls lessen the probability of vulnerability exploitation. The capability of the threat is limited, and compensating controls are in place that effectively reduces the probability of vulnerability exploitation.

Risk Summary Example Cont d 9

Remediation - Example 10 No. Recommended Solution Priority Phase 1 1 Multi-layered Secure Defense-in-Depth Network Design High 2 Secure Next-Gen Firewall with IPS / Industrial Firewalls High 3 Centralized Antivirus & Patch Management System High 4 Security Hardening High 5 Application White Listing Solution High Phase 2 6 Backup & Restore Medium 7 Centralized Network Monitoring Solution Medium 8 USB Protection Solution Medium 9 Cybersecurity Risk Manager Medium Phase 3 10 Security Information and Event Management (SIEM) Solution Low 11 Secure Remote Access, Monitoring & Alerting Low 12 Policies & Procedures Development Low

Phase 0 Cybersecurity Overlooked 11 Does not comply with Cybersecurity Standards

Phase 0 Cont d 12 Cybersecurity was never a priority Flat Network - All devices connected on same level Missing Network Segregation - Zones & Conduits ISA99/IEC62433 Recommended Practice - Levels as per ISA95 Perdue Model - Might have levels but without proper segregation & access control Some miss-configured cybersecurity controls Gap identification - Assessment

Phase 1 Complying with Standards 13 Physical Zones & Segmentation Comply with Cybersecurity Standards

Phase 1 Network/System Segregation 14

Phase 1 Cont d 15 Segregation as per international standards (ISA99/IEC 62443) All Obsolete devices replaced All Systems moved to their proper levels Level 4 Introduced Business Connectivity - Level 4 Corporate Segregation Separation of Duties Level 3.5 DMZ Introduced Data to/from Business Level 3 Introduced Operations Management Level 2.5 Introduced If Required - In case of multiple FTE communities - Virtualization Segregation at Level 2

Phase 2 Cybersecurity Begun 16

BladeCenter CIS CO SYST S RPS STAT DUPLX SPEED SM1 MODE PoE SM1 1 3 5 72 94 11 6 813 10 1512 1719 1421 16 23 1820 Catalyst 24 22Serie spoe-24 2960 MT 1 2 31X 4 5 611X 13X SM223X 1 2 2X OVER POWER ETHERNET 12X 14X 24X 1 I/O 3 2 MT MT MT MT MT I/O 4 MT 1 2 3 4 5 6 MT SM2 BladeCenter CIS CO SYST S RPS STAT DUPLX SPEED SM1 MODE PoE SM1 1 3 5 72 94 11 6 813 10 1512 1719 1421 16 23 1820 Catalyst 24 22Serie spoe-24 2960 MT 1 2 31X 4 5 611X 13X SM223X 1 2 2X OVER POWER ETHERNET 12X 14X 24X 1 I/O 3 2 MT MT MT MT MT I/O 4 MT 1 2 3 4 5 6 MT SM2 C3KX-NM-10G NETWORK MODULE G1 G2/TE1 G3 G4/TE2 C3KX-NM-10G NETWORK MODULE G1 G2/TE1 G3 G4/TE2 C3KX-NM-10G C3KX-NM-10G NETWORK MODULE G1 G2/TE1 G3 G4/TE2 NETWORK MODULE G1 G2/TE1 G3 G4/TE2 Phase 2 Cont d Tap Located between Level 3 & Border firewall to capture ingress & egress traffic from Level 3 Aggregator Located at Level 3 to provide filtered traffic to RM, SIEM & other Tools Tap Located between Level 3 and Level 2.5 to capture ingress & egress traffic from Level 2.5 Tap Located between Level 2 and Level 2.5 to capture ingress & egress traffic from Level 2 Tap Located between 3 rd party & Level 2 to capture ingress & egress traffic from Third Party Systems Level 4 Level 3.5 DMZ Level 3 Level 2.5 Level 2 Level 1 Domain Controller Domain Controller ESF Router Blade Server L 2.5 Router Primary PHD Server Blade Server Firewall Enterprise Switch Experion Server ESC ESF ACE Experion EST Server TAP TAP TAP Firewall NAS EAS NAS ESVT Terminal Server HSRP Router Safety Manager Qualified Cisco Switches Patch Mgmt Server 3 RD Party App Subsystem Interface VM Client L2.5 Router Secondary Terminal Server Anti Virus Server vcenter Server Relay Server Domain Controller PHD Shadow Server Risk Manager/ Palo Alto Service Node Aggregator Firewall TAP PLC Comm flow L4 to L4 Limited L3.5 to L3.5 L3 to L3 L2 to L2 L1 to L1 Limited L2.5 to L2.5 L2.5 to L3 Very Limited L3.5 to L4 Very Limited L3 to L3.5 No Direct communications between L4 & L3 or L2 Limited Very Limited L2 to L3 L2 to L1 No communications between L1 & L3 or L4 17

Phase 2 Cont d 18 Various Cybersecurity Solutions Introduced - Defense In Depth - Defense In Breadth IPS Introduced on PCN Level 3.5 DMZ Next Generation Firewalls Honeywell Secure Media exchange (SMX) Introduced Honeywell Managed Services Introduced (AV, AWL, Patch, Monitoring etc.) Honeywell Risk Manager Introduced Security Information and Event Management (SIEM) Introduced Network Management System (NMS) Introduced 2 nd Domain Controller Introduced (Domain Redundancy) Central Management Station Introduced Passive IPS Sensors Introduced System & Network Hardening done as per CIS Standards Network taps introduced Nextnine or Data-Diode between PCN DMZ and IT/Corporate can be introduced

Phase 3 Procedural Controls 19 Policy & Procedures - Risk Management - Change Management - Patch Management - Malware Protection - Account Management - Backup and Restore - Asset Management - Portable Media - Logging & Monitoring - Etc. Incident Response & Management Plan Operational Manuals Security Awareness & Training Technical Controls Physical Controls Information Security Procedural Controls

Cybersecurity Never Sleeps 20 Cybersecurity is a Process Not One Time Solution/Project

Brownfield Vs. Greenfield 21 ICS Lifecycle - Design, Build, Operation and Decommissioning Bolting on Cybersecurity on Live ICS - Difficult & Costly - Less Effective Build-in and maintain Cybersecurity from an early stage - More Effective - Less Costly - Business Enabler

Cybersecurity Project Phases 22 Project Award Project Initiation/Kickoff (Remote / Head Office / On-Site) - Project Organizational Chart - Communication Protocol Identification - Roles & Responsibilities - Scope of Work Discussion - Project Schedule - Site Survey Snapshot of Current Situation Brief Site Survey Report Project Design Phase - Project Bill of Material (BOM) Preparation Submission Approval - Cyber Security System Architecture Preparation Submission Approval - Network Cabinet & PD Drawing Preparation Submission Approval

Cybersecurity Project Phases Cont d 23 - Functional Design Specification (FDS) Preparation Submission Approval - Detailed Design Specification (DDS) Preparation Submission Approval - BOM Procurement Factory Acceptance Phase - Factory Acceptance Test (FAT) Procedure Preparation Submission Approval - FAT Configuration - Pre-FAT and FAT Execution - Punch Point Resolution & Signoff - Equipment Shipment to Site Site Execution Phase - Site Acceptance Test (SAT) Procedure Preparation Submission Approval - Devices, Cabinets etc. Installation & Configuration - Pre-SAT and SAT Execution - Punch Point Resolution & Signoff

Cybersecurity Project Phases Cont d 24 Knowledge Transfer / Training Phase - First line maintenance and training manuals - Training as per agreed scope As-Built Document - Updated DDS Submission Approval Project Monthly Progress Report Project Closeout Meeting

Conclusion 25

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback