Introduction to ICS Security

Similar documents
Critical Infrastructure Risk Assessment

Firewalls (IDS and IPS) MIS 5214 Week 6

Cyber Resilience Solution for Smart Buildings

System Wide Awareness Training. your cyber vulnerabilities. your critical control systems

TARGET, PROTECT. your cyber vulnerabilities

Network Architectural Design for Cybersecurity in a Virtual World

Industrial Network Trends & Technologies

Cyber Security. June 2015

Securing Industrial Control Systems

Risk Assessments, Continuous Monitoring & Intrusion Detection, Incident Response

Detection and Analysis of Threats to the Energy Sector (DATES)

Functional. Safety and. Cyber Security. Pete Brown Safety & Security Officer PI-UK

Connectivity 101 for Remote Monitoring Systems

Cybersecurity for IoT to Nuclear

Centralized Control System Architecture

An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

SCADA System Specification. Vantage Pipeline Project # May 2013

TOMORROW Starts Here Cisco and/or its affiliates. All rights reserved. 1

Who Goes There? Access Control in Water/Wastewater Siemens AG All Rights Reserved. siemens.com/ruggedcom

Just How Vulnerable is Your Safety System?

PROTECTING MANUFACTURING and UTILITIES Industrial Control Systems

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Minewide Convergence of Control and Information

Industrial Control Systems Providing Advanced Threat Detection

The Claroty Difference

T49 - Integration of Power Protection Devices on IEC Protocol to the Automation Control System

Security protection to industrial control system based on Defense-in-Depth strategy

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

INDUSTRIAL CONTROL SYSTEMS & COMPUTER PROCESS CONTROL

Challenges of Multivendor Systems in Implementation of IIoT-ready PLCs. ISA/Honeywell Webinar 10 November 2016

UCOS User-Configurable Open System

LATEST/ADVANCED COMMUNICATION PROTOCOLS USED IN SCADA SYSTEMS

Industrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets

A. Carcano, I. Nai Fovino, M. Masera, A. Trombetta European Commission Joint Research Centre Critis 2008, Rome, October 15, 2008

Understanding Holistic Effects of Cyber Events on Critical Infrastructure

Automation Services and Solutions

Practical SCADA Cyber Security Lifecycle Steps

ICS/SCADA Cybersecurity and IT Cybersecurity: Comparing Apples and Oranges

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

Cyber, An Evolving Ecosystem: Creating The Road For Tomorrows Smart Cities

T14 - Network, Storage and Virtualization Technologies for Industrial Automation. Copyright 2012 Rockwell Automation, Inc. All rights reserved.

INDUSTRIAL NETWORK RESILIENCE. Davide Crispino Salvatore Brandonisio

STANDARD ELECTRIC UNIVERSITY

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

RKNEAL Verve Security Center Supports Effective, Efficient Cybersecurity Management

CyberP3i Course Module Series

SANS SCADA and Process Control Europe Rome 2011

Critical Infrastructure Protection for the Energy Industries. Building Identity Into the Network

Job Sheet 1 The SCADA System Network

Understanding Device Level Connection Topologies

IE156: ICS410: ICS/SCADA Security Essentials

AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID

Veilige industriële netwerk oplossingen in de praktijk. Jaap Westeneng Endress+Hauser

Manufacturing security: Bridging the gap between IT and OT

IEC A cybersecurity standard approaching the Rail IoT

WHITE PAPER. Vericlave The Kemuri Water Company Hack

Industrial Defender ASM. for Automation Systems Management

Control System Security SCADA/DCS. By Chaiyakorn Apiwathanokul,, CISSP Chief Security Officer PTT ICT Solutions Company Limited

RIPE RIPE-17. Table of Contents. The Langner Group. Washington Hamburg Munich

IC32E - Pre-Instructional Survey

Intelligent Buildings and Cybersecurity

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

SCADA Security - how to safely audit and protect Industrial Control Systems?

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Innovation policy for Industry 4.0

How can I use ISA/IEC (Formally ISA 99) to minimize risk? Standards Certification Education & Training Publishing Conferences & Exhibits

Server/ Engineering Station. Filed Instrument. Filed Instrument. Filed Instrument. Switches. Fig1: Scheme for micro PLC to Master PLC Interface

Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

Legacy-Compliant Data Authentication for Industrial Control System Traffic

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Addressing Cyber Threats in Power Generation and Distribution

INFORMATION ASSURANCE DIRECTORATE

Using ANSI/ISA-99 Standards to Improve Control System Security

Digitalization Risk or opportunity?»

K12 Cybersecurity Roadmap

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

ARC VIEW. Leveraging New Automation Approaches Across the Plant Lifecycle. Keywords. Summary. By Larry O Brien

SCADA Security at. City of Guelph Water Services

Cyber Security of Industrial Control Systems and Potential Impacts on Nuclear Power Plants

A Strategic Approach to Industrial CyberSecurity. Kaspersky Industrial CyberSecurity

The Connected Water Plant. Immediate Value. Long-Term Flexibility.

Securing the Network: Understanding CIA, Segmentation, and Zero Trust. Jacek Szamrej VP of Cybersecurity SEDC

Cyber Security for Process Control Systems ABB's view

Industrial Ethernet August 2013 Market Intelligence Report

Trend Micro Cybersecurity Reference Architecture for Operational Technology

Industry Standards Utilities Engineering Technician

Building Automation & Control System Vulnerabilities

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Picture. Scott Ziegenfus CEM, CLEP, CDSM, GGP, GPCP, LEED AP Manager, Government and Industry Relations Hubbell Lighting, Inc.

2013 Cisco and/or its affiliates. All rights reserved. 1

National Cybersecurity Center of Excellence

POWER-ONE ITALY, 5 TH JUNE 2018 Cloud, Big Data & Cyber Security. Business, Opportunities and Risks

IoT & SCADA Cyber Security Services

Maintaining Efficiency using Your Building Controls and Automation

Expanding Cyber Security Management for Critical Infrastructure

Industrial 2-port RS422/485 Modbus Gateway IMG-120T

Industry Best Practices for Securing Critical Infrastructure

Transcription:

Introduction to ICS Security Design. Build. Protect. Presented by Jack D. Oden, June 1, 2018 ISSA Mid-Atlantic Information Security Conference, Rockville, MD Copyright 2018 Parsons Federal

2018 Critical Infrastructure Risk Assessment Design. Build. Protect. While the results of this survey reveal alarming statistics, organizations should use these findings as an opportunity to implement meaningful change to make a quantum leap in national and economic security. OT/IT Cybersecurity Convergence: Survey of Industrial Control Systems Professionals

Key survey findings include the following: 66% of respondents indicate their organizations are adding more connected IIoT devices to industrial control systems in the OT environment. 78% of respondents indicate they are not highly involved in industrial control system cybersecurity. Thousands of networked devices installed in critical infrastructure facilities are improving operating efficiency but increasing cyber risk, said Carey Smith, president of Parsons Federal. The perfect storm has already formed, with more connected devices in the industrial controls environment creating numerous points of access for increasingly sophisticated attacks. This survey puts a spotlight on the fact that converged OT and IT solutions are lagging behind the converged threat. The bolt-on, software-based, IT-centric model is not a plug-and-play solution to the OT cyber threat. 3

End Point Protection in IT Workstations and Servers 4

IT Place of Work 5

End Point Protection in ICS Controllers Valves and Meters 6

ICS Place of Work 7

Connection between IT and ICS Computer Room AC and Power Distribution, Control, and Backup 8

Agenda What is ICS? Other, Related Terms Components Brief History Stakeholders Major Security Challenges Other Challenges What Do You Do Now? References 9

What is ICS? A Definition One of many, many terms that seem the same to some folks, but very different to others Combination of control components the system E.g., electrical, mechanical, hydraulic, pneumatic Act together to achieve an industrial objective the process E.g., manufacturing, transportation of matter or energy, environmental conditioning Based on specified output or performance the control May be fully or partially automated, the latter with a human in the loop Open, closed, or manual Crucial to the operation of critical infrastructure But, found in most operations in some form or another, such as building automation, security, and power management 10

What is ICS? The Purdue Enterprise Reference Model* * ISA-95 11

What is ICS? The Purdue Model In Operation De-Militarized Zone (DMZ) Customer Web Services Web facing e-mail DNS Level* 5: Corporate management and external connection File/Print/Apps Directory Business DB E-Mail Enterprise Zone De-Militarized Zone (DMZ) SIEM Correlator Patch DMZ Level 4: Control system front end and IT network Historian Mirror Historian Business Zone De-Militarized Zone (DMZ) SIEM Aggregator Patch Deployment Historian DMZ Level 3: Field point of connection Level 2: Field control system connected via Internet Protocol (IP) HMI Directory Alarm Server Historian HMI HMI Engineering Engineering Operations Zone Level 1: Field control system connected via non- Internet Protocol (IP) Control Device Zone Level 0: Sensors and actuators * Also called Tiers Instrumentation Zone Safety Instrumented Systems

Other, Related Terms SCADA supervisory control and data acquisition, various EMCS energy management (or monitoring) control system, could be power or HVAC BMS building management (control) system, HVAC, lighting DCS distributed control system, usually electricity production and distribution IT and OT information and operational technology IoT Internet of Things, also IIoT, industrial IoT, could be a light bulb, or a wireless component of a much more complicated control system PIT platform IT, mostly defense force projection platforms, control over weapons systems, for example There may be more of which you are aware 13

Components IT (with a mix of OT) Routers and switches (OSI layer 2 and 3), some industrial grade Firewalls and one-way taps (data diodes) Servers for Active Directory, DNS, historian, log data Human Machine Interface (HMI) Workstations for operator, and Engineering Workstations for process engineer, programmer, and field technician (usually laptops) Operating systems Windows and Unix Programming Language many high-order languages, as well as database languages Protocols TCP, IP, UDP, and others OT (at this level, little or no IT) Controllers - batch, discrete, drive, continuous, safety o PLC programmable logic controller o RTU remote terminal unit IED (no bang, just control) intelligent electronic device Communication gateways Sensors and actuators Operating systems QNX, VxWorks, Windows Embedded Compact, Embedded Linux Programming Language ladder logic, function block, structured text, and others Protocols ModBus, DNP3, ProfiBus, Ethernet/IP (industrial Prototcol), and others 14

Brief History Physical Systems you are in a maze of twisty pipes Local Controllers electronic systems that receive information from sensors, display status, and permit an on-site technician to change settings that change activity using actuators Remote Analog Controllers extended the local controllers via dedicated communications to centralized stations Digital Networks addition of proprietary and industry protocols over standard circuits, such as RS 232, 422, and 485, yes, they re still used The Internet and intranets replacement of the digital networks with Ethernet and application of TCP and IP A Plethora of IT/OT Systems just too many to name 15

Stakeholders Those who care, or should Producers of power, treated water, HVAC Users of the services, especially major users, i.e., data centers CIO CISO COO 16

Major Security Challenges End points are different, workstations versus controllers Internet Insider Threat Single Points of Failure Lack of Backup Failure to Look at Root Cause Attackers have the edge, don t they always? 17

Other Challenges Executive Buy-in Funding Training and Awareness Lack of Understanding of the Network Lack of Concern for Functional Side Mixed Bag of Components, HW, SW, Old and New Tech Inability to Patch in Many Cases Lack of effective security tools - IT Tools Can Be Dangerous in OT Some cause ICS failure, such as NMAP, Vulnerability Scans Some are ineffective, such as traffic analysis from an IT point of view Lack of Security in Protocols ModBus, 18

What Do You Do Now? Get Informed educate yourself Know your Network educate yourself How OT Fits in IT educate your engineers and cyber folks How IT Fits in OT educate your cyber folks and engineers There will be plenty more to do later, but for you now, well, you get the idea 19

References National Institute for Standards and Technology (NIST) Special Publication (SP) 800-82 Revision 2 Committee for National Security Systems Instruction (CNSSI) 1253, Security Control Overlays for Industrial Control Systems ANSI/ISA-95 Enterprise-Control System Integration 20

Questions? Thank you!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback