Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

Similar documents
IC32E - Pre-Instructional Survey

Are Your People and Systems Protected?

ANATOMY OF AN ATTACK!

Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

Introducing the 9202-ETS MTL Tofino industrial Ethernet security appliance

HikCentral V1.3 for Windows Hardening Guide

Expanding Cyber Security Management for Critical Infrastructure

Cybersecurity. Good Practices Guide. HA Issue 1 July 2017

HikCentral V.1.1.x for Windows Hardening Guide

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

How Can I Reduce Vulnerability to Cyber Attacks? V2.2

Education Network Security

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

LESSONS LEARNED IN SMART GRID CYBER SECURITY

An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist

Industrial Security Getting Started

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

T22 - Industrial Control System Security

Digital Wind Cyber Security from GE Renewable Energy

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Protecting productivity with Industrial Security Services

Best Practices in ICS Security for System Operators

Cyber security for digital substations. IEC Europe Conference 2017

Continuous protection to reduce risk and maintain production availability

Just How Vulnerable is Your Safety System?

10 FOCUS AREAS FOR BREACH PREVENTION

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Cyber security - why and how

SANS SCADA and Process Control Europe Rome 2011

Functional. Safety and. Cyber Security. Pete Brown Safety & Security Officer PI-UK

Industrial Security Co-Sourcing: Shifting from CapEx to OpEx Presented by Vinicius Strey Manufacturing in America 03/22-23/2017

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group

Information Security Controls Policy

Industrial Defender ASM. for Automation Systems Management

K12 Cybersecurity Roadmap

SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

IEC A cybersecurity standard approaching the Rail IoT

Cyber Security Solutions for Industrial Controls

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Total Security Management PCI DSS Compliance Guide

Plant Security Services Protecting productivity in the digital era October

IE156: ICS410: ICS/SCADA Security Essentials

Beyond the F.U.D. How to start securing your DCS network today.

Secure Industrial Automation Remote Access Connectivity. Using ewon and Talk2M Pro solutions

Firewalls (IDS and IPS) MIS 5214 Week 6

Security Standards for Electric Market Participants

You knew the job was dangerous when you took it! Defending against CS malware

WHITE PAPER. Vericlave The Kemuri Water Company Hack

CISNTWK-440. Chapter 5 Network Defenses

SECURITY PRACTICES OVERVIEW

Securing Access to Network Devices

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Secure Access & SWIFT Customer Security Controls Framework

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

QuickBooks Online Security White Paper July 2017

Fortinet Recommended Security Best Practices. V1.2 February

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

Submitted on behalf of the DOE National SCADA Test Bed. Jeff Dagle, PE Pacific Northwest National Laboratory (509)

Security Issues and Best Practices for Water Facilities

Security Solutions. Overview. Business Needs

Interactive Remote Access FERC Remote Access Study Compliance Workshop October 27, Eric Weston Compliance Auditor Cyber Security.

Operational Guidelines for Industrial Security

NERC-CIP CAN-0024: Securing Critical Cyber Assets with Data Diodes

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Safdar Akhtar, Cyber Director Sema Tutucu, Ops Leader 27 September CYBER SECURITY PROGRAM: Policies to Controls

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

Google Cloud Platform: Customer Responsibility Matrix. December 2018

NETWORK THREATS DEMAN

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Google Cloud Platform: Customer Responsibility Matrix. April 2017

NEN The Education Network

Industrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets

Cybersecurity Training

Security analysis and assessment of threats in European signalling systems?

Using ANSI/ISA-99 Standards to Improve Control System Security

RIPE RIPE-17. Table of Contents. The Langner Group. Washington Hamburg Munich

i-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS

Who Goes There? Access Control in Water/Wastewater Siemens AG All Rights Reserved. siemens.com/ruggedcom

Trends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk

EVALUATING HOW AN OPERATOR HAS EFFECTIVELY IMPLEMENTED CYBER- SECURITY POLICIES TO MANAGE AND ADMINISTER THE SYSTEM. Wurldtech Security Technologies

A practical guide to IT security

WHITE PAPER. PCI and PA DSS Compliance with LogRhythm

Defense in Depth Security in the Enterprise

Cloud Computing Lectures. Cloud Security

5. Execute the attack and obtain unauthorized access to the system.

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

Methods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment

How can I use ISA/IEC (Formally ISA 99) to minimize risk? Standards Certification Education & Training Publishing Conferences & Exhibits

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Addressing Cyber Threats in Power Generation and Distribution

Transcription:

Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic overloads can effect a control system. Accidental miss configuration or well intentioned but unauthorized control system changes. Directed attacks by internal or external threats. Increasing the security of the assets also increases the integrity of the production system. 2 1

Why Now? The rapidly changing world of technology makes computer systems more vulnerable to a cyber attack. Increase in attacks on general IT systems and directed attacks on companies results in an increase in threats to control systems. Open systems have proven to be desirable and effective but expose a control system to greater risks. Government and Companies are responding with cyber security standards for control systems. Awareness that control systems contain valuable data, can effect business and are vulnerable has increased the focus. Dedicated attacks increasing for Industrial companies. Researcher focus on control systems is increasing awareness and providing tools. 3 Security Security implementation is a solution and not a product People, Policies, Architectures, Products Security requires a multilayer or Defense in Depth (DiD) approach Security Plan, Network Separation, Perimeter protection, Network Segmentation, Device Hardening, Monitoring & Update Vendor s responsibilities Design products & solutions with security features Ensure they enable customers to comply with security standards Provide recommendations and methodologies to guide implementation End User s responsibilities Define security procedures (organizational security) Mandate responsible people (personal security) Ensure compliance with security standards 4 2

How to Secure a System Policies and Procedures, Staff Training, Secure Architecture Protect the perimeter Routers, Firewalls, VPN Segment the network DMZ between Trusted Zones Segments within Trusted Zones Protect the computers AntiVirus, White-listing, Access control Harden the controllers / devices Device security, External protection Monitor and React Logs, traffic monitoring, alarms Act on unauthorized events 5 Security is a risk evaluation Customers and vendors should both handle security based on risk Evaluate the risks, take actions on the risks above a defined level. Both systems and products can be evaluated for risk and should be. Risks on a product can be mitigated by another component of the system Risk = Threat x Vulnerability x Consequence Threat, a person or event with the potential to cause a loss. Vulnerability, a weakness that can be exploited by an adversary or an accident. Consequence, the amount of loss or damage that can be expected from a successful attack. Mitigation - Something that is done to reduce the risk, Normally reducing the vulnerability or raising the skills needed to exploit it 6 3

Address the highest risks first The highest risk for cyber security is the most exposed systems. IT Systems Remote access systems PC Systems SCADA Systems 7 largest cyber security issues from Industrial Defender (number 1 company in Industrial cyber security) Inadequate security staffing / training Insecure perimeter firewalls Insufficient patching of PCs and software Inadequate separation on corporate and plant networks Weak Passwords Unnecessary 3 rd party products Inadequate documentation 7 How to Manage a Secure System Keep the computers protected A/V protection Appl. White-listing Administer access control Monitor Device Hardening Device settings External devices Monitor traffic, log users, log events, and trap alarms Act when unauthorized events occur Patch! Patch! Patch! IT DMZ OT 8 4

Schneider Electric s Recommendation The Defence in Depth Approach (DiD) 6 key steps: 1. Security Plan 2 3 5 2. Network Separation 3. Perimeter Protection 4 4. Network Segmentation 5 5. Device Hardening 6. Monitoring & Update 9 Defense-in-Depth Step #1: Security Plan Define: Roles and responsibilities. Allowed activities, actions and processes. Consequences of non-compliance. Full network assessment: Communication paths. Audit of all devices. Security settings. Network drawings. Vulnerability assessment: Potential threats. Consequences. Risk assessment and mitigation. Assessment and Design Service Connexium Network Manager Product Alerts 10 5

Defence in Depth Step #2: Network Separation Separate the Industrial Automation & Control System from the outside world Create a buffer network (DMZ) between the IACS network and the rest of the world, using routers and firewalls Block inbound traffic to the IACS except through the DMZ firewall Limit outbound traffic to essential and authorized traffic only DMZ host for servers Vijeo Historian mirror Web servers Authentication server Remote access server Anti-virus server Connexium Eagle 20 ETG Routers Hirschmann Routers, Mach, Mice 11 Defence in Depth Step #3: Perimeter Protection Protect the Industrial Automation & Control System perimeter using a firewall Validate packets and protocols Manage authorization of certain data packets Restrict IP address or user access via authorization and authentication Protect critical parts of the process with additional firewalls within the IACS Connexium Eagle Connexium Tofino ETG Gateways Secure remote accesses Use the VPN technology of routers and firewalls Use the latest authentication and authorization technologies. They re evolving fast. 12 6

Defence in Depth Step #4: Network Segmentation and Zones Create Security Zones Limit and monitor access between zones. Limits the effect of a security issue, alerts when an issue occurs. Use managed switches Limit access to network packets. Precisely segment the network using VLANs Limit rates of multicast and broadcast messages to protect from DoS type attacks Limit physical connections using port security ConneXium Switches Connexium Tofino Firewall 13 Defence in Depth Step #5: Device Hardening On all devices Replace default passwords with strong passwords Shut off unused ports, communication services and hardware interfaces Set up broadcast limiter functions Use multicast message filtering Avoid generating requests faster than system can handle On PCs and HMI terminals Forbid or seriously control the use of any external memory On Unity Pro and Vijeo Citect Set up all security features: passwords, user profiles, operator action logging On ConneXium switches Restrict access on ports to assigned addresses only On remote I/Os Restrict access to authorized PACs only Vijeo Citect PCs Vijeo Historian PCs Unity Pro PACs Magelis HMI terminals ConneXium switches Modicon STB I/O islands Altivar speed drives Any I/O or instrument on fieldbus 14 7

Defence in Depth Step #6: Monitor and Update Monitor, Manage and Protect service 24/7 remote security monitoring Configuration monitoring Reporting for Audit Compliance Network and Host Intrusion Detection systems Monitor Authentication traps. Unauthorized login attempts. Unusual activity. Windows Event Viewer. Network load. Device log files. Monitor, Manage, Protect Service Citect Log Files Unity Pro log files PLC Event Viewers PLC Diagnostics and access lists 15 Defense in Depth Why? Every mitigation mentioned has a weakness, method to break through Eg IP address spoofing An attack can be launched from behind the devices Internal attacker Capture of a device already in the system 6 key steps: 1. Security Plan 2. Network Separation 3. Perimeter Protection 4. Network Segmentation 5. Device Hardening 6. Monitoring & Update 16 8

Schneider Electric s Security Solution Information for Customers Web portal for guidance, vulnerabilities and information Secure products New products developed to Industrial security standards. Legacy products protected using pre configured security appliances. Secure Network Infrastructure. Security Certification Lab Secure reference architectures Secure PlantStruxure architectures validated by leading security experts. Assessment and Design Services Assessment Service allowing security to be applied where it is needed most. Design Service customizing the secure PlantStruxure architecture creating a unique solution for each customer. Monitoring Services Tools and services to continually monitor a plant configuration and operation to ensure security and production is maintained. 17 Cyber Security Web Presence http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page White Papers Product Vulnerability data Vulnerability list for all products Mitigation recommendations Patches and Firmware updates Secure Vulnerability reporting Cyber Security news stories Product releases and updates Industry News RSS feed for vulnerability and news 18 9

Secure Products New products developed to Industry security standards Achilles certified for robustness, ISA Secure certified for complete security. Legacy Products Protected using industry leading Connexium Tofino application firewalls. Low cost, Industrially rated. Deep packet inspection for read only access or fixed variable access Secure Network Infrastructure Connexium range of secure network infrastructure products. Includes Schneider Connexium Eagle and Tofino firewalls. Security certification Center 19 Secure Reference Architectures How can I Reduce Vulnerability to Cyber Attacks. Guidelines on Industrial Control System Security. Risk Assessment, Security Planning, Recommended Architectures, Methods of Attack. Secure PlantStruxure architectures incorporating key security features Network Separation and server locations Perimeter Protections product and settings Network Segmentation and security zones recommendations with data flows identified. Device Hardening and Monitoring recommendations for PlantStruxure devices. 20 10

Design and Assessment Service Identify vulnerabilities in a customers system Quantify the risks to the system based on threats and identified vulnerabilities Make recommendations on Architecture Product hardening Training Processes Partnership with Wurldtech and SiS Leaders in security assessments Strong player in security standards 21 Monitor, Manage, Protect Monitoring and Management of Control System Devices, Protocols, Communications, User Accounts, Product/Firmware Versions, Device Settings. Host Intrusion Detection Network Intrusion Detection Protection of Control System Boundary and Security Zone Firewalls Application White listing Compliance audit and change management Partnership with Industrial Defender Number 1 in Smart Grid security (Pike Research) Hardware and service offer 22 11

Summary Cyber Security is becoming critical for control systems. IT-based lessons, methods, and tools apply with adaptation. A Defense-in-Depth approach is the best approach: Mitigates risk. Improves system reliability. Schneider Electric offers Information Assessment and Design Services Secure Products Recommended Architectures Monitor, Manage and Protect Services 23 Schneider Electric PlantStruxure NOW! PRESENTER & SESSION NOW! 24 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback