Securing Industrial Control Systems

Similar documents
Industrial Defender ASM. for Automation Systems Management

ABB Ability Cyber Security Services Protection against cyber threats takes ability

Statement for the Record

Digital Wind Cyber Security from GE Renewable Energy

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

Addressing Cyber Threats in Power Generation and Distribution

Critical Infrastructure Protection for the Energy Industries. Building Identity Into the Network

NW NATURAL CYBER SECURITY 2016.JUNE.16

Continuous protection to reduce risk and maintain production availability

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Industrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets

Introducing the 9202-ETS MTL Tofino industrial Ethernet security appliance

Security Standards for Electric Market Participants

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Why you should adopt the NIST Cybersecurity Framework

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

SANS SCADA and Process Control Europe Rome 2011

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cybersecurity Overview

Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

THE TRIPWIRE NERC SOLUTION SUITE

Cyber Security of Industrial Control Systems (ICSs)

Cybersecurity for the Electric Grid

Functional. Safety and. Cyber Security. Pete Brown Safety & Security Officer PI-UK

Cybersecurity Training

In the wrong hands it s an open invitation

Keys to a more secure data environment

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

Cyber Security. June 2015

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

Using ANSI/ISA-99 Standards to Improve Control System Security

Understanding Holistic Effects of Cyber Events on Critical Infrastructure

Defending Our Digital Density.

IC32E - Pre-Instructional Survey

WHITE PAPER. Vericlave The Kemuri Water Company Hack

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

Carbon Black PCI Compliance Mapping Checklist

Protecting productivity with Industrial Security Services

Heavy Vehicle Cyber Security Bulletin

External Supplier Control Obligations. Cyber Security

Cybersecurity Vulnerabilities and Process Frameworks for Oil and Gas

IT SECURITY FOR NONPROFITS

ForeScout ControlFabric TM Architecture

Control Systems Cyber Security Awareness

Ensuring Your Plant is Secure Tim Johnson, Cyber Security Consultant

Firewalls (IDS and IPS) MIS 5214 Week 6

DHS Cybersecurity: Services for State and Local Officials. February 2017

2017 Annual Meeting of Members and Board of Directors Meeting

An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist

BILLING CODE P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission. [Docket No. RM ] Cyber Systems in Control Centers

Written Statement of. Timothy J. Scott Chief Security Officer The Dow Chemical Company

Cyber security - why and how

SIEM: Five Requirements that Solve the Bigger Business Issues

NIST Cybersecurity Framework Protect / Maintenance and Protective Technology

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

The Office of Infrastructure Protection

Cyber Resilience. Think18. Felicity March IBM Corporation

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

University of Pittsburgh Security Assessment Questionnaire (v1.7)

SECURING THE SUPPLY CHAIN

Cybersecurity and Hospitals: A Board Perspective

Indegy. Industrial Cyber Security. Matt Petrauskas Regional Director.

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

Industrial control system (ICS) security

Industry Best Practices for Securing Critical Infrastructure

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

ALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation

Cyber Security Panel Discussion Gary Hayes, SVP & CIO Technology Operations. Arkansas Joint Committee on Energy March 16, 2016

Trends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk

Cyber Security Solutions Mitigating risk and enhancing plant reliability

IPM Secure Hardening Guidelines

Medical Device Cybersecurity: FDA Perspective

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

locuz.com SOC Services

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Energy Assurance Energy Assurance and Interdependency Workshop Fairmont Hotel, Washington D.C. December 2 3, 2013

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

INSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

Risk Management in the Energy Sector: Evolving Cybersecurity Risks & Strategies

Cyber Security Stress Test SUMMARY REPORT

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Cyber Security Requirements for Supply Chain. June 17, 2015

Technical White Paper ICS CYBER SECURITY. Protecting Industrial Control Systems: An Integrated Approach

ANATOMY OF AN ATTACK!

Cybersecurity Auditing in an Unsecure World

EPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS

Connectivity 101 for Remote Monitoring Systems

Transcription:

L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting and challenging environment. There are real threats to cybersecurity by external threat actors as well as both unintentional and malicious security breaches caused by insiders. Management must act to protect mission-critical assets, customers and employees. However, management is torn under pressure to improve financial performance. This is driving companies to improve efficiencies through tighter integration of security and operations, both within the facility and supply chain partners, thus ending the days of isolated control networks. Companies can protect their control system and infrastructure assets while increasing operational effectiveness. Since isolation seems to be impossible in today s world, how do companies protect their control systems and critical assets while improving efficiencies? 1 id.lockheedmartin.com 2014 Lockheed Martin Industrial Defender, Inc.

Introduction Critical infrastructure industries such as electrical power, oil & gas, chemical, and transportation face a daunting and challenging environment. On the one hand, there are real threats to cybersecurity by external threat actors, as well as both unintentional and malicious security breaches caused by insiders. Management must act to protect mission-critical assets, customers and employees, but pressure to improve financial performance is driving companies to improve efficiencies through tighter integration of security and operations, both within the facility and supply chain partners. How do companies deal with these two seemingly conflicting needs? Is it possible to go back to the past when industrial control systems (ICS) were isolated, making them immune to cyber attacks? In May 2011, Sean McGurk, then National Cybersecurity and Communications Integration Center Director at the Department of Homeland Security, testified that during vulnerability assessments for critical infrastructure owners and operators, the agency has always discovered connections between the enterprise network and the operations network: In our experience in conducting hundreds of vulnerability assessments in the private sector, in no case have we ever found the operations network, the SCADA system or energy management system separated from the enterprise network. On average, we see 11 direct connections between those networks. In some extreme ases, we have identified up to 250 connections between the actual producing network and the enterprise network. 1 Since isolation seems to be impossible in today s world, how do companies protect their control systems and critical assets while improving efficiencies? The first step is to understand a facility s vulnerabilities. For example, a major industrial company learned there were over 500 entry points to the corporate LAN and two thirds of their process control networks were thereby connected to the outside world. As sobering as this is, cyber intruders may not be the greatest threat. Malicious insiders armed with specialized knowledge and privileged access is capable of doing great harm. Faced with both external and internal threats, what steps are necessary to protect critical industrial control systems and still allow them to serve real-time information to knowledge workers, and not be a burden on either the systems or the operators? The risks of making the wrong decision are high. Consider the ramifications of two trains heading toward each other on the same track due to software hacked by a disgruntled employee; the cost of a chemical plant spilling hazardous material because a worm disables part of a control system; the result of a widespread power outage due to a coordinated cyberattack on multiple power plants. 1 Testimony before the House of Representatives Oversight Committee Subcommittee on National Security, Homeland Defense, and Foreign Operations, May 25, 2011, http://www.gpo.gov/fdsys/pkg/chrg-112hhrg70676/html/chrg-112hhrg70676.htm 2 id.lockheedmartin.com 2014 Lockheed Martin Industrial Defender, Inc.

Protect Industrial Networks Industrial control systems utilize the same computers and communication technologies as the corporate network but also have unique equipment and operating constraints. It will take the compilation of control system expertise and cybersecurity knowledge to properly secure these systems. While many think IT should be responsible for cybersecurity needs and consult with colleagues accountable for the control systems to find vendors that understand both domains, a 2011 survey showed there was no one group that was specifically responsible for cybersecurity in control systems.. Lockheed Martin recommends the following best practices for cybersecurity within critical infrastructure companies: Maintain a database of all your assets that includes their configurations, software inventories, and patches to quickly identify vulnerabilities when they become known Monitor all events occurring within your control system, all the way down to the control system devices including HMIs, PLCs, RTUs, and IEDs. Choose a single industry or sector specific framework to build your security program around, including 2 : NIST Cybersecurity Framework: for all Critical Infrastructure sectors International Society of Automation ISA99: for all Control Systems NERC CIP: for North American Electric Utilities American Petroleum Institute 1164: For Oil & Gas sector Backup system configurations to ensure safe, timely recovery from a successful cyberattack Leverage technologies that have been certified and validated by your control system vendors Based on these practices, senior IT and management executives should consider the following blueprint when providing optimal security solutions: 1. Strengthen the defenses of existing systems by conducting a vulnerability assessment and adding intrusion detection and real-time security event monitoring software built for ICS environments 2. Implement zones and network segmentation to isolate the control network while supporting secure transfer of realtime information to corporate users and systems. To be effective, network architectures must be highly resistant to internal and external threats. 3. Deploy critical systems like SCADA or DCS on operating systems that are specifically designed to provide a high degree of protection and integrity. Steps one and two can be applied to existing industrial networks to bolster their defenses, while the third step is most appropriate for new systems or a major upgrade. To avoid introducing new vulnerabilities, all three approaches should be based on a platform that is, itself, extremely secure. To achieve such a high level of security, it s necessary to look at the capabilities of the computer operating system, and when using commercial-off-the-shelf software be sure to always follow the vendors system hardening guidelines. 2 Examples are provided for reference and do not represent an exhaustive list 3 id.lockheedmartin.com 2014 Lockheed Martin Industrial Defender, Inc.

Real-time Security Management The process and utilities industries routinely use real-time computer systems to monitor the health and safety of their operations. But the health and security of these computer networks remains invisible. What if we could watch for or monitor security incidents in the same way a SCADA system monitors flow rates and alerts an operator to a dangerous condition? Security management systems (see Figure 1.) are available for this purpose. They consist of a perimeter protection that is installed on existing computers, and automated data collection that fits within the low-bandwidth requirements of control systems. The protection appliance is a Unified Threat Management (UTM) device that provides firewall and other security capabilities such as antivirus filtering and intrusion prevention. 4 id.lockheedmartin.com 2014 Lockheed Martin Industrial Defender, Inc.

Automated data collection should report on asset health, changes in security log files and control application status. This information is sent to an appliance where it is stored in a real-time database. From there, alarm limits can be set, alerts generated, incident reports created and trends displayed. The security console also runs network intrusion detection software and has the ability to monitor network equipment like switches, routers and firewalls via the Simple Network Management Protocol (SNMP). An old truism states that a person can t control what isn t measured, and this applies to security as well. Security event management systems give organizations a better view of vulnerabilities by aggregating information generated by firewalls, intrusion detection systems, switches and other network devices. In the industrial environment, information from industrial assets and application programs needs to be added, ensuring the availability and performance of critical systems. Without monitoring events, companies are flying blind and have no idea what their vulnerabilities are or even if they are under attack until it s too late. In particular, control systems can benefit from this approach because some IT practices such as password lockout, frequent patch updates and periodic virus scanning don t translate well into the plant environment, since they compromise the safety and integrity of the operation. Installing event monitoring software at key facilities provides many benefits including: 1. A central view of industrial control systems, their applications and computers providing an overview of the current security status. 2. Perimeter protection of mission critical control systems. 3. Key information including software inventory, patch version, and operating system to reduce or mitigate future security risks. 4. Satisfying emerging government, insurance and industry requirements concerning cybersecurity. Conclusion Heightened cybersecurity concerns are causing companies, particularly those that operate critical infrastructure and process manufacturing facilities, to re-examine their networks from a cybersecurity perspective. For over a decade, companies have implemented Lockheed Martin s Industrial Defender Solutions in mission-critical applications keeping power plants running and transportation companies moving at peak efficiency, as well as ensuring that water, gas and electricity are delivered to our homes reliably. Now, with the introduction of the Industrial Defender ASM, Lockheed Martin is the first company to address control system security concerns while improving operational effectiveness and providing a significant return on investment. 5 Industrial Defender Solutions 16 Chestnut Street, Suite 300 Foxborough, MA, USA, 02035 Phone: +1-508-718-6700 info@industrialdefender.com id.lockheedmartin.com 2014 Lockheed Martin Industrial Defender, Inc.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback