cop data diodes

13
In-Progress Implementation In-Progress Implementation of Cyber Security of Cyber Security Requirements at DC Cook Requirements at DC Cook Amal Al-Katrib I&C COP – 2/13/12

Upload: amal-katrib

Post on 24-Oct-2014

151 views

Category:

Documents


1 download

TRANSCRIPT

Page 1: COP Data Diodes

In-Progress In-Progress Implementation of Cyber Implementation of Cyber Security Requirements at Security Requirements at

DC CookDC Cook

Amal Al-KatribI&C COP – 2/13/12

Page 2: COP Data Diodes

Overview

Cyber-Security Codes, Standards, and Regulatory Requirements

Previous Work

Scope of Current DC Cook Modification

Level 3 Level 2 Communication

Waterfall Data-Diode Architecture

Waterfall Proprietary Transfer Protocol Software Configuration

Page 3: COP Data Diodes

Cyber-Security Codes, Standards and Regulatory Requirements

• NRC Regulatory Guide 5.71 – “Cyber Security Programs for Nuclear Facilities”

• NRC Regulatory Guide 1.152 – “Criteria for Use of Computers In Safety Systems of Nuclear Power Plants”

• 10 CFR 73.54 – “Protection of Digital Computer and Communication Systems and Networks”

• NIST SP 800-53 – “Recommended Security Controls for Federal Information Systems”

• NIST SP 800-82 – “Guide to Industrial Control Systems Security”

Page 4: COP Data Diodes

Previous Work

• A previous DC Cook modification installed HP ProLiant DL360 (G6) servers in the Plant Process Computer Rooms (Defensive Levels 2, 3, and 4).

• Data-diodes were installed between (a) Level 4 (Control & Safety System Network) & Level 3 (Data Acquisition Network) and (b) Level 3 (Data Acquisition Network) and Level 2 (Local Area Network).

• No data was directed through those data-diodes as part of this design package. This task was reserved for subsequent modifications.

Page 5: COP Data Diodes

Scope of Current DC Cook Modification

• Redirect the outputs of RMS servers through a unidirectional firewall between Levels 4 and 3 networks.

• Remove existing Level 3 to Level 2 firewalls and install necessary hardware/software and cabling to complete the communications link through Level 3 and 2 data-diode networks.

• Redirect RDR and R-Time server communications through the Level 2 data network.

Page 6: COP Data Diodes

Scope of Current DC Cook Modification – Cont’d

• Install 1 Cisco Firewall in U1 PPC room between Level 4 and Level 3 network

• Relocate firewall between 2-RMS-ROUT-PPC and U2RCD212 PPC switch

• Install A/B switch in Unit 1 PPC room to redirect network traffic through Level 3 to Level 2 networks

• Install new workstation on both Unit 1 and Unit 2 PPC Programmer’s Console and provide Level 4 network connection to each workstation using RMS network switches

• Re-route RDR system network cables from Level 3 to Level 2 network

• Install 100BaseT cable between existing GPS clock in U2 PPC Computer Room and Data Diode Tx server in U1 PPC Computer Room

• Abandon in place 1 Fibronics from Rack 3 in Server Room #333

Page 7: COP Data Diodes

Scope of Current DC Cook Modification – Cont’d

• Remove 3 Fibronics from Communication Cabinet & 1 Fibronics from RDR cabinet in U1 PPC Computer Room

• Remove 2 DEC Bridge 90 units from I/O Cabinet in U1 PPC Computer Room

• Remove 2 PIX 515 Firewalls from Communication Cabinet in U1 PPC Computer Room

• Install 1 Cisco Level 2 Business LAN switch in the TSC Communication Room

Page 8: COP Data Diodes

BEFORE AFTER

Level 4

Level 3

Level 2

Data Diode

RMS Switch

Firewall

PPC Switch

Data Diode

RDR ServerSatellite Display System

Data Diode

Firewall

RMS Switch PPC Switch

RDR Server

Firewall

Satellite Display System

Other L2 Devices

Page 9: COP Data Diodes

Level 3 Level 2 Communication

• Per NRC RG 5.71, only one-way (unidirectional) data flow is allowed from Level 3 to Level 2 to qualify for an acceptable defensive architecture.

• This mod configures the data-diode setup (consisting of a transmitter and a receiver server) to ensure such unidirectional data flow.

• This task is achieved through a Waterfall data-diode architecture.

Page 10: COP Data Diodes

Waterfall Data-Diode Architecture

Multi-layered architecture consisting of a transmit/receive software agent that resides on transmitter/receiver servers

Basic components of a Waterfall One-Way Architecture:

1) Waterfall TX Software Agent

2) Waterfall TX Appliance (i.e. Transmitter Server)

3) Waterfall RX Appliance (i.e. Receiver Server)

4) Waterfall RX Software Agent

5) Single Fiber Optic Cable

Transmitter Server

Receiver Server

Fiber Optic Cable

L3 L2Unidirectional Data Flow

Page 11: COP Data Diodes

Waterfall Data-Diode Architecture – Cont’d

Benefits of the Waterfall Architecture:

• Provides high-speed, real-time, and reliable data transfer

• Eliminates the ability to initiate communications between assets at different security levels

• Eliminates bi-directional data flow between assets at different security levels

• Data only flows from 1 level to other levels through a device or devices that enforce security policy between each level

• Eliminates applications, services, and protocols not necessary to support the design-basis function of the contained assets

• Effective protection against external cyber attacks

Page 12: COP Data Diodes

Waterfall Proprietary Transfer Protocol Software Configuration

Software Function

Waterfall for EthernetMulticast

Allows for multicast communication from the PPCs to RDR.

Waterfall for RemotePrinter

Allows for TCP communication from print queues to business LAN PrintWizard software and PPCs to R*TIME links.

Waterfall for Syslog Provides logging of Level 3 Cisco Network Switches and monitoring of data on Level 2 devices.

Waterfall for SMTP Allows email notification of Level 3 device failures.

Waterfall for SNMP Listens to SNMP traffic in the Level 4 and Level 3 networks and captures SNMP traps according to predefined rules set by IT. The software unidirectionaly streams the SNMP traps through the Level 3 to Level 2 data diode network to a Network Management System on the Level 2 network to monitor the status of critical assets and receive alerts following failures.

Waterfall for FTP Allows for file transfers of MIDAS, Chemistry & PPC Data to Level 2 servers including RMS Server CNP523 and R*TIME Server CNP524.

Waterfall for UDP Transfers UDP packets from the Level 3 to Level 2 network. This is required for R*TIME Relay PSS Software to communicate to the Level 2 R*Time plant system server.

Waterfall for TCP Transfers TCP packets from the Level 3 to Level 2 network. This is required for the replication of RadServ and Containment Cooling data on the Level 2 network.

Waterfall for NTP Provides network time synchronization through the Level 3 to Level 2 data diodes.

Page 13: COP Data Diodes

Questions / Comments

Amal K. [email protected]