Escolar Documentos
Profissional Documentos
Cultura Documentos
Sustain.Ability.
2
Industrial Control System Cyber Security
3
Cyber Security threat
landscape for ICSs
5
Business IT vs ICS systems
Information Technology
Control Systems (ICS)
SECURITY TOPIC (IT)
Very common: easily deployed Difficult to keep current due to risk
Antivirus and updated imposed to control process
Easily defined; enterprise wide Patches require exhaustive testing
Patch Management remote and qualification prior to installation
and automated on ICSs. Install lags release.
6
ICS challenges and security concerns
7
ICS challenges and security concerns
8
Some typical attack vectors of ICSs
9
Some current headlines
U.S. President Barack Obama is urging the Senate to pass the Cybersecurity Act
of 2012. He believes legislation will help the U.S. fight "the cyber threat to our
nation," which he calls "one of the most serious economic and national security
challenges we face."
July, 2012 - ZDNet
10
The Impact of STUXNET
Provided proof-of-concept and a blueprint for hackers
Exposed corporate executives, regulators and the public
to the potential dangers of cyber attacks on critical
infrastructure
Opened the floodgates for security researchers to
identify and exploit ICS vulnerabilities for financial gain
11
Project Basecamp
12
12
Cyber attacks on critical infrastructure
13
13
ICS Specific Vulnerabilities Reported
2001 - 2011
Slide 25 from the presentation Documenting the Lost Decade An Empirical Analysis of
publicly disclosed ICS vulnerabilities since 2001 by Sean McBride
14
14
Why have ICS systems become targets?
Community watchdogs
Hacktivists
Competitive advantage
15
Honeywells cyber security
initiatives
Defense in Depth
Cyber
Security at more than just the perimeter
Layered / High Security Network Architecture Electronic
Physical
18
Product development process
19
Incorporating Security into the Software
Development Lifecycle
Security
Security Response
Training Planning
and
Security Execution
Requirements
Security
Validation
Security Testing
Architecture
Design
20
20
Continuous security improvements
Short term improvement
Qualification of white listing component for Experion
Virtual Patching solution
Virtualization
22
Patch management lifecycle
Security research -
(e.g. ZDI, DVlabs)
ICS-CERT -
Not always a patch available -
Black hats -
Patch is not always tested in time -
Can we install? -
Often reboots required -
23
Server / station protection
Allow Known Good Block Known Bad Unknown
(Block All Else) (Allow All Else)
Execution Application
Application Resource Behavioral
Level Control
Control Shielding Containment
Gartner
24
Continuous security improvements
25
External security certifications
Wurldtech Achilles certification for C300, SM
Achilles practices certified ( WIB )
Honeywell committed to compliance with Achilles practices when it becomes an
approved IEC-62443 -2.4 standard
26
ISA99 / IEC 62443 Structure
Systems
Devices
27 27
Embedded Device Security Assurance Certification
Provides a common perspective on how threat
scenarios can be sufficiently covered
Documents the expected resistance of the system to
potential threat agents and threat scenarios
Clearly documents expected user measures versus
Integrated Threat Analysis inherent product protection measures
(ITA) Detects and Avoids systematic design faults
The vendors software development and maintenance
processes are audited
Software Development
Security Assurance (SDSA) Ensures the organization follows a robust, secure
software development process
28
28
Benefits of ISASecure Certification
Structured, auditable, repeatable approach to evaluating
the security of an ICS product and the development
practices of the manufacturer against an established
benchmark
End-user Supplier
Easy to specify Evaluated once
Build security requirement into Recognition for effort
RFP Build in security
Reduced time in FAT/SAT Product differentiator
Know security level out of the Reduce support costs
box
Enhance credibility
29
29
Honeywells Industrial IT Solutions
Compliance management
Full Whitelisting management and support Assure Remediate
Manage
31
Partnering with our customers
Documenting system security configuration
Includes risks that need external mitigations
Rapid qualification of security updates
Microsoft
Adobe
Network and security design services
Assessment services
ISA99 / CSET security audits / assessments
Services offering for system security management
Patch, virus protection, and data recovery management
Security perimeter management
Continued investment in building security skills
Design consultants, project and service engineers
32
Security Program Dashboard
33
Security from design to daily operation
Honeywell Process Solutions.
builds Security features into our standard products, and is continuously
evaluating and improving our security
36
Layers of Responsibility
End User
(Security management system)
System Integrator
(System engineering practices, Qualified Personnel)
Automation Supplier
(Software Development, Vendor Practices)
Automation Products
(Security features, Testing)
37
Vendor / automation supplier responsibilities
38
Integrator / installer responsibilities
39
Owner / operator responsibilities
Apply security fixes as soon as theyre qualified
Keep Anti Virus and related protection technologies current
Document security configuration, Policies & Procedures
Provide security Training for operators & Contractors
Control Access to the Control System
Harden the Components of the System apply defense in
depth
Constantly monitor the security of the system
Periodic full re-assessment of system security
Work closely with vendor and integrators to adopt to new
security threats and vulnerabilities
40
ICS Security responsibilities summary
Owner / operators have the ultimate responsibility for the
security and safety of their systems
ICS security must include technology, people, and
processes
ICS security spans the lifecycle of an automation system
requires a partnership between all stakeholders
41
responding to cyber attacks
against your ICS
43
Cyber Incident Response Plan
Create a cyber incident response plan
Priority is to isolate any suspect component, maintain safe
operation, and preserve forensics where possible
Operators must be trained on how to respond to a cyber incident
Appoint a cyber security focal point and watchdog with backup
Include all levels of defense in depth in creating response plan
44
Effective Security Plan
45
How can ICSs prepare for cyber attacks?
Do a security assessment of your site, remediate any
gaps identified, and repeat assessments periodically
46
How can ICSs prepare for cyber attacks?
Review your vendors security documentation
Network and Security Planning Guide
Domain and Workgroup Implementation Guide
47
Be prepared for cyber attacks
Integrate security into your culture at site
Questions?
49
49