1 Cyber Security Defense-In-depth RICH KINAS ORLANDO UTILITIES COMMISSION COMPLIANCE SPRING WORKSHOP MAY 9-10, 2017
Overview 2 Defense-In-Depth Verses layered defense Verses Enhanced Security NERC Reliability Standards examples Classic implementation Blocking unwanted traffic Dealing with allowed traffic Graceful Degradation Defending against Dave
Defense-in-Depth vs- Layered Defense 3 Many references say they are the same thing multiple controls designed to slow down an attacker. Let s look at each one and an additional security enhancement technique Layered Defense Defense-in-Depth Enhanced Security
Layered Defense 4 Focused on protecting assets At a minimum two preventative controls and a Detective control Firewall [Traffic Monitor, IDS, IPS] Firewall Layered Defense can occur at any OSI layer Network layer Firewall (P), IPS (P), IDS (D), Operating System layer - Antivirus (D), Whitelisting (P) Application Layer - SQL Injection check (P), DB Views (P) Controls must be selected to meet performance criteria (P) Preventive Control, (D) Detective Control
Defense-in-Depth 5 Focused on protecting functions Provides opportunity for implementing graceful degradation More difficult to implement after-the-fact
Enhanced Security 6 Enhanced Security utilizing all or many of the builtin security controls of a given appliance or application. Firewalls Physical Security Microsoft VMware
Enhanced Security Firewalls 7 Utilizing Application Inspection tailoring to your environment Setting protocol timers to minimums for environment Implementing fully qualified domain name (FQDN) Access Control Lists (ACLs) requires advanced planning Implement Black-hole routing Implement Unicast Reverse Path Forwarding
Enhanced Physical Security 8 Physical Security Enhancements Video Surveillance Automatic location tracking Code of Conduct forms Multi-factor Internal physical separation, no one large PSP Badge in and out track and alarm on inside of PSP timers Implement Man-Traps
Enhanced Microsoft Security 9 Removal of unneeded Applications, network bindings, etc. Microsoft Windows Defender Microsoft Windows Firewall Implement Role based access To remove access: Change group, change password, disable account
NERC Reliability Standards CIP-006-6 R1 11 Two or more physical access controls (P) Monitor for unauthorized access (D) Check for patches every 35 days (P) Deter, detect or prevent malicious code Authenticate Access (P) Preventive Control, (D) Detective Control
NERC Reliability Standards TOP, TPL, EOP 12 Protect the functions performed by the TOP Monitoring and Controlling Voltage Maintaining stable system configuration Planning for contingencies Designed to buy time to address breach full capability maintained
Traditional Design 13 ESP Operators EMS
Defense-In-Depth 14 ESP Operators EMS
Things to consider: Attack Vectors 15 What about services we allow through the Firewall? Microsoft patching servers Firewall rules based on Domain Names Server (DNS) DNS Poisoning can result in tunnel through your firewall How to Defense-In-Depth across threat vectors Primary control (Firewall) is made ineffective via DNS poisoning Assume authorized access path is fully compromised Access Control List (ACL) allows Microsoft s DNS Windows Server Update Service (WSUS) server WSUS compromised
Defense-In-Depth Authorized Traffic 16 Firewalls implement access control, blocking unwanted access How do we control authorized access? Detection, Prevention and scanning technologies Requires deep packet inspection Must have controls at point of termination Any service running on a server What is the impact if service is unavailable Tailoring access based on system conditions Internet emergency stop button (System Operations call this conservative operations)
Graceful Degradation 17 Graceful degradation is the ability of a computer, machine, electronic system or network to maintain limited functionality even when a large portion of it has been destroyed or rendered inoperative. The purpose of graceful degradation is to prevent catastrophic failure. Utilizes Defense-in-Depth concept controlling breath of access.
Graceful Degradation Implementation 18 Initial design to meet functional requirements Add standard security controls (CIP controls) Assume each control can be breached or bypassed (one at a time) Redesign system to prevent total failure Micro segmentation Port Security Quality of Service (QoS) Black-Hole routing Many others depending on function being protected
Must know the functions you are trying to protect 19 Prioritize system operations functions State Estimator Contingency Analysis engine Calculating ACE if BA Monitoring system configuration, voltages and currents Are some RTUs more important that others?
Defense-In-Depth 20 ESP
Virtual Environment Considerations 21 Knowledge is power Combating Virtual Machine (VM) sprawl Virtual Machine Introspection (VMI) Software-defined data center software running on top of a Hypervisor providing abstracted access to resources
Virtual Environment Considerations 22 Placing Firewalls Physical World The Edge of Security or Trust Zones Within the physical machines or operating systems Virtual World The Edge of Security or Trust Zones Before each virtual NIC using introspective firewalls (Vpath) Within the virtual machines or operating systems
23
Defending Against Dave 24 Type of threat Script Kiddy, Nation State, Insider Dave Rogue employee with Admin wrights could cause havoc Ways to address Two factor authentication, something you: Something You Are Something You Know Something You Have Require two authentication factors from one individuals Consider Key Escrow for all Crypto Graphic deployments
Defending against Dave 25 Humans are a integral part of the functions we are trying to protect Administrators to the system Operators within the system Must have Quality and Analysis (QA) process for system and appliance builds Design review and approval of new systems Must fully understand what's going on under-the-covers
Defense-in-Depth 26 Much more than adding another Firewall! Thank you
Definitions: 27 Micro-segmentation is a security technology that breaks the data center into logical elements and manages them with high-level IT security policies. Port security is a layer two traffic control feature that configures individual switch ports to allow only a specified number of source MAC addresses ingressing the port. Quality of Service (QoS) is a feature that prioritizes network traffic for applications, Ethernet LAN ports, or specified MAC addresses to minimize the impact of resource starvation
28 Questions? Rich Kinas, Orlando Utilities Commission rkinas@ouc.com (407) 434-4261