abb process automation lifecycle services, patrik boo · pdf file ·...
Post on 15-Mar-2018
218 Views
Preview:
TRANSCRIPT
Cyber SecuritySecure systems, protect production
ABB Process Automation Lifecycle Services, Patrik Boo
© ABB GroupOctober 29, 2013 | Slide 1
Cyber SecurityWhat is cyber security?
© ABB GroupOctober 29, 2013 | Slide 3
Hacking Malicious software Unauthorized use
“Measures taken to protect a computer or computer system(as on the Internet) against unauthorized access or attack”
Merriam-Webster’s dictionary
© ABB GroupOctober 29, 2013 | Slide 4
Cyber Security in industrial control systemsStuxnet: the game changer
Stuxnet was the first malware targeting industrial control systems
Bill Would Have Businesses Foot Cost Of CyberwarCongress would task businesses with increasing cyber security
© ABB GroupOctober 29, 2013 | Slide 5
Cyber SecurityEnterprise IT vs. Industrial Control Systems
© ABB GroupOctober 29, 2013 | Slide 6
AvailabilityIntegrity
Confidentiality
Enterprise IT Industrial Control Systems
ConfidentialityIntegrity
Availability
Enterprise IT Industrial Control Systems
Primary risk impact Information disclosure, financial Safety, health, environment, financial
Availability 95 – 99%(accept. downtime/year: 18.25 - 3.65 days)
99.9 – 99.999%(accept. downtime/year: 8.76 hrs – 5.25 minutes)
Typical SystemLifetime
3-5 years 15-30 years
Problem response Reboot, patching/upgrade Fault tolerance, online repair
Cyber Security
Information Systems Security is a good starting point, but approaches andtechnologies need to be applied with care
Why traditional approaches don’t work
© ABB GroupOctober 29, 2013 | Slide 7
Action ConsequenceLock out accounts after three badpassword tries
Operator has no control over process for 10minutes
Install patches as soon as they arereleased and reboot
A control system reboot means shutting down thewhole plant, and it might take days to geteverything running again
Frequently update antivirus scanengine and virus definitions
False positives might have fatal consequences
Use of crypto functions to protectdata in transit
Real time constraints cannot be met due to limitedresources on embedded devices
Use of firewalls and intrusiondetection systems
Do you speak IEC 60870-5-104, IEC 61850, OPC,HART, ProfiNet, Modbus...
Use of intrusion prevention systems One false positive might have fatal consequences
Cyber SecurityVulnerability disclosure growth by year
© ABB GroupOctober 29, 2013 | Slide 8
0
2000
4000
6000
8000
10000
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
Source: IBM X-Force®
1 new vulnerability every hour, every day.
Cyber SecuritySecurity cost
© ABB GroupOctober 29, 2013 | Slide 9
Cost of security
Probable cost of asecurity breach
Cos
t
Security Level
Optimal security for minimum cost
§ The cost of security measures should be balancedagainst the achieved risk reduction
§ Risk = (probability of successful attack) x (potential consequences)
“We will bankrupt ourselves in the vain search for absolute security”- Dwight Eisenhower
Cyber SecurityThe airgap myth
§ The one that believe that the system is isolated will not beable to implement the best defense.
© ABB ABOctober 29, 2013 | Slide 10
Procedures and ProtocolsShamoon
§ Destroyed 30.000+ computers.
§ Insider
§ "Not a single drop of oil was lost.“CEO Khalid Al-Falih
§ "In our experience in conductinghundreds of vulnerabilityassessments in the private sector,in no case have we ever found theoperations network, the SCADAsystem or energy managementsystem separated from theenterprise network.On average, we see 11 directconnections between thosenetworks.”Source: Sean McGurk, The Subcommittee onNational Security, Homeland Defense, andForeign Operations May 25, 2011 hearing.
© ABB GroupOctober 29, 2013 | Slide 11
Cyber SecurityIf it’s worth having it’s worth stealing
© ABB GroupOctober 29, 2013 | Slide 12
§ Source Code
§ Diagrams, Plans andBlueprints
§ Design documents andMetrics data
§ Mechanisms forinfrastructureimprovements
§ Certificates andCredentials
Source: MSI Microsolved Inc.
Benefits:
§ Consistent – sameeverywhere
§ High and even quality
§ Repeatable
§ Based on bestpracticies
• Data
• Collect
• Store
• View
• Analyze
• Interpret
• Report
Cyber SecurityFingerprint - Service with a defined scope
© ABB GroupOctober 29, 2013 | Slide 13
© ABB GroupOctober 29, 2013 | Slide 14
SystemPerform
ancePotential
Time
ManagePerformance
Gap
Diagnose Implement Sustain
ABB Cyber Security OptimizationDiagnose, implement and sustain performance
Cyber Security Fingerprint
§ Provides a comprehensive view of your site’s cybersecurity status
§ Identifies strengths and weaknesses for defending againstan attack within your plant’s control systems
§ Reduces potential for system and plant disruptions
§ Increases plant and community protection
§ Supplies a solid foundation from which to build asustainable cyber security strategy
What does the Fingerprint do?
© ABB GroupOctober 29, 2013 | Slide 15
It does NOT make the system completely secure.
© ABB GroupOctober 29, 2013 | Slide 16
Cyber Security FingerprintSecurity in depth
Antivirus SolutionsSecurity UpdatesAccount ManagementComputer PoliciesFirewalls and ArchitectureProcedures and PoliciesPhysical Security
Cyber SecurityScope and completeness of standards
© ABB GroupOctober 29, 2013 | Slide 17
EnergyIndustrial AutomationIT
Design Details
Completeness
ISA 99*
NIST 800-53
IEC 62351
NER
CC
IP
Operator Manufacturer
ISO 27K
TechnicalAspects
Details of
Operations
Relevance
for ManufacturersCPNI
IEEE P 1686
* Since the closing of the ESCoRTS project, ISA decided to relabel the ISA 99 standard toISA 62443 to make the alignment with the IEC 62443 series more explicit and obvious.
© ABB GroupOctober 29, 2013 | Slide 18
Cyber Security FingerprintKey Performance Indicators
Cyber Security FingerprintSpecialiced tools + interview
© ABB GroupOctober 29, 2013 | Slide 21
Cyber Security FingerprintReport with recommendations and action plan
© ABB GroupOctober 29, 2013 | Slide 22
Cyber Security FingerprintRecommendations
§ After raw data is collected with the security logger, it’scompared to the Control System Master Profile todetermine where recommendations are needed.
§ If the customer’s data shows the setting to be belowstandard, the description and recommendation areincluded in the report.
© ABB GroupOctober 29, 2013 | Slide 23
Setting Description RecommendationMinimumpassword age
There should be a predetermined amount of days apassword must be used before the user is allowed tochange it. The number of days can vary between 1and 998 days, or the user can input 0 to change thepassword immediately. If a user does not set aminimum password age, he or she can usepasswords repeatedly.
Set the minimum password agevalue greater than or equal to oneday.
Cyber Security FingerprintReport: Risk Profile
© ABB GroupOctober 29, 2013 | Slide 24
While the Fingerprint is an indicator of your security status at a given time, anysystem, no matter how many precautions are taken, can be compromised.
High risk Low risk
Cyber Security FingerprintControl System Architecture - what to protect
© ABB GroupOctober 29, 2013 | Slide 25
Cyber Security FingerprintSuccess Stories
© ABB GroupOctober 29, 2013 | Slide 27
Cyber Security FingerprintServicePort - Cyber Security Channel
© ABB Group INTERNAL USE ONLY
Cyber Security Fingerprintwww.abb.com
© ABB GroupOctober 29, 2013 | Slide 29
§9A
KK
1054
08A
9402
© ABB GroupOctober 29, 2013 | Slide 30
• Security in the Product Development Process:Requirements, Design, Implementation, Verification
Secure byDesign
• Default installation and usage with minimal attack surface• Built in functions for Defense in Depth
Secure byDefault
• Support for Secure Project and Plant Lifecycle• Validation of 3rd party software and solutions
Secure inDeployment
• Correct information to those who need to knowCommunication
Security for System 800xA for all phasesThe SD3 + C Security Framework
Cyber Security FingerprintPilot results
© ABB Group | Slide ‹#›
Org
aniz
atio
nP
erso
nnel
Acc
ess
Con
trol
Adm
inis
tratio
nM
aint
enan
ceC
ompl
ianc
eP
hysi
cals
ecur
ityP
olic
yen
forc
emen
tP
assw
ords
Use
racc
ount
sA
uditi
ngR
ecov
ery
cons
ole
Inte
ract
ive
logo
nS
yste
man
dde
vice
sN
etw
ork
acce
ssN
etw
ork
secu
rity
Sys
tem
cryp
togr
aphy
Ope
ratin
gS
yste
mS
ecur
ityU
pdat
esO
pen
ports
Ser
vice
sS
hare
sFi
rew
all
Ant
iviru
sS
tartu
pIte
ms
Inst
alle
dap
plic
atio
ns
Cyber SecurityRemote access
© ABB GroupOctober 29, 2013 | Slide 33
Support Center
Internet
Service Center
Virtual Support Engineer
top related