cyber security and power industry - wec finland...secure the network (using ipsec and ssl/tls...
TRANSCRIPT
Imagination at work
Cyber Security and Power Industry Lionel Mazzella Solutions Architect Europe
GE Power Digital
January 2017
GE Proprietary Information—Class III (Confidential) Export Controlled—U.S. Government approval is required prior to export from the U.S., re-export from a third country, or release to a foreign national wherever located.
Imagination at work
Cyber Security and Today’s Context
More and More Connected Devices
152M
Cars connect to the IoT
6 fold increase
26B
Internet of Things
connected devices
+1B
Growth in the installed
Base of Smart Meters
7.3B
Smartphones and
PCs connected
By 2020
+$300B
Incremental Revenue mostly in Services
$1.9T Forecasted Economic Value-Add Across Sectors
Source: Gartner - The Internet of Things, Worldwide, 2013
Cyber Attacks on Critical Infrastructure
67%
of companies with critical
infrastructure suffered at least one
attack in the past 12 months1
78%
expect a successful exploit of their
ICS/SCADA systems within the next
two years1
66%
of companies are not ready to
address security issues for OT3
1: Critical Infrastructure: Security Preparedness and Maturity (July 2014), Unisys and Ponemon
2: Verizon Data Breach Investigations Report 2015, Verizon
3: 2015 Global Megatrends in Cybersecurity, Raytheon and Ponemon
4: Bayar, T. (2014, Oct. 14). Cybersecurity in the power sector. Power Engineering International
5: 2014 ICS-CERT Statistics for Energy and Water
38%
91% of Power Generation
organisations have
experienced a Cyber Attack4
of reported attacks are
against Power & Water5
61 Countries2 across 79,790 security incidents2 In 2015
1. Source: Ernst & Young 2. Source: Industrial Internet Report for 2015, GE and Accenture
Cyber Attacks in Power Industry
64% Power leaders believe their security strategy not
aligned with today’s risk
environment1
31% Power leaders named security as one of the top
concerns in the use of data
and analytics2
> 90% Power leaders say growth only achieved through
enhanced management of
risk with strategic adoption
of technology
Clear Action Is Needed
225K people lost power in the Ukraine from cyber attack
(December 2015)
The Stuxnet worm, targeting SCADA and PLCs systems, caused
fast-spinning of almost 1/5 of
Iran’s nuclear centrifuges
The Stakes Are High
On average, breaches go
undetected for 229 days
84% of cyber attacks target application software
400% increase in “disclosed” ICS attacks between
2010 and 2012
Top Exposure Categories
Source: GE Cyber Health Checks for Power Customers, Q1 2016, NAM, MEA, APAC
GE Cyber Security Health Check
Q1 2016
15 Power Sites
North America, Middle East and Asia
Report Summary
At least one system with a vulnerable OS 96%
At least one “dual-homed” systems (circumventing firewall) 96%
At least one system with an expired end-point solution 92%
User access practices that do not align to industry best practices 88%
At least one system where malware has been detected 8%
Effective Cyber Security Monitoring 0%
Longest duration since administrator password changed 12 years
Cyber Attack Recovery Timeline
Source: Beneath the surface of a cyberattack, Deloitte (2016)
!
Imagination at work
GE’s Cyber Security for Power Industry
Seven Steps for Effective ICS Defense In Fiscal Year (FY) 2015, 295 incidents were reported to ICS-CERT, and many more went unreported or undetected.
If system owners had implemented the seven strategies below, 98% of incidents ICS-CERT responded to in FY 2014 and FY 2015 would have been prevented. The remaining 2% could have been identified with increased monitoring and a robust incident response.
Implement Application
Whitelisting – 38%
Ensure Proper Configuration/Patch Management – 29%
Implement Secure Remote Access – 1%
Monitor and Respond – 2%
Reduce your Attack Surface
Area – 17%
Manage Authentication – 4%
Build a Defendable Environment – 9%
Edge Analytics
Predix Edge
End-to-End Security
Predix™Cloud: GE’s IIoT Solution
Enterprise Systems
Edge/Connectivity Things/Assets Users The Predix Cloud
Cloud Foundry
Assets Analytics Data Security
Data Infrastructure
Digital Twin
Operations
Applications
Cloud
IT/OT
GE’s Cyber Security Solution to protect both IT/OT and the Predix Cloud
!
!
!
!
!
!
!
!
Imagination at work
IT/OT Cyber Security
IT Security is about Data
OT Security is about Critical Assets
Risk and Safety People Environment Equipment
Uptime Quality and Performance
Reducing Exposure to Cyber Risks
GE’s Cyber Security Defense Strategy
Maturity
Tactical, random with limited visibility
Directed, preventative, and organised
Measure Attack
Surface and Risk
Defend
and Respond
Responsive, Managed,
and Comprehensive
Proactive, measureable, continuous improvement
Health Check Patch Updates
Personnel Training
Intrusion Detection Whitelist Blacklist
Event Monitoring Anomaly Detection Adaptive Protection
Ris
k
Low
H
igh
High Low
Stage 1: Baseline Stage 2: Defend Stage 3: Prevent
Best Practices
Patch Management
Antivirus
User Training
Whitelisting
Access control
Ports/Services
Physical access
GE’s Solution Mapping to CIS Critical Security Controls Solution Component
ID Control Description Pa
tch
Av
aila
bili
ty
Re
po
rtin
g
Vu
lne
rab
ility
R
ep
ort
ing
Inv
en
tory
A
wa
ren
ess
Sy
ste
m
Ba
selin
ing
Po
rts
an
d
Se
rvic
es
Au
dit
ing
Pu
rpo
se B
uilt
H
MI
Sy
ste
m
Ha
rde
nin
g
Ne
xt G
en
era
tio
n
An
ti-M
alw
are
Ap
plic
ati
on
V
irtu
alis
ati
on
Ap
plic
ati
on
C
on
tain
ers
De
fau
lt C
on
fig
ura
tio
n
Ma
na
ge
me
nt
Co
nfi
gu
rati
on
P
ers
iste
nc
e
Co
nfi
gu
rati
on
C
om
pa
riso
n
Se
cu
re U
ser
Po
licie
s
Ma
na
ge
d
Au
the
nti
ca
tio
n
Use
r P
olic
y
En
forc
em
en
t
Log
A
gg
reg
ati
on
Se
cu
re R
em
ote
A
cc
ess
Ne
two
rk
Mic
ro-S
eg
me
nta
tio
n
Wo
rklo
ad
Is
ola
tio
n
HM
I /
Ho
st B
ac
ku
p
an
d R
ec
ov
ery
Ad
dit
ion
al
do
cu
me
nta
tio
n,
Tra
inin
g &
Ed
uc
ati
on
1 Inventory of Authorized & Unauthorized Devices X X X
2 Inventory of Authorized & Unauthorized Software X X X X X X
3 Secure End-User Devices X X X X X X X X X X X
4 Continuous Vulnerability Assessment/Remediation X X
5 Controlled Use of Administrative Privileges X X X X
6 Maintenance, Monitoring &Analysis of Audit Logs X
7 E-mail and Web Browser Protections X
8 Malware Defense X
9 Control of Network Ports, Protocols & Services X X X
10 Data Recovery Capability X
11 Secure Configuration of Network Devices X X
12 Boundary Defense X
13 Data Protection X
14 Controlled Access Based on Need to Know X
15 Wireless Access Control
16 Account Monitoring and Control X
17 Security Skills Assessment & Appropriate Training X
18 Application Software Security
19 Incident Response and Management
20 Penetration Tests and Red Team Exercises
Not supported in Baseline Security Centre
Imagination at work
Cloud Cyber Security
Predix™ Cloud: Industrial-Grade Security
The 4 Pillars of Trust
Establish end-to-end security through a comprehensive security strategy that combines security certifications, hardware, software, expertise and best practices.
Predix™ Cloud: Industrial-Grade Security
Secure and Certify Operational
Infrastructure
Governance and certification are essential
components of an Industrial Internet platform that
deals with sensitive information.
The Predix Cloud is built on a common infrastructure
governance model based on:
• ISO 27001/2 • NIST 800-53
• FIPS 140-2
Predix enables support for more than 60 regulatory
and compliance frameworks, including:
• CSA/CCM 3.01
• SOC 2 Type 1 and Type 2
• HIPAA (protects)
• FedRAMP
• Export Controls/ITAR
Bring Operational Availability
and Governance with ‘IT’
Platform hardening at every layer and connection to
remove unnecessary services, applications, and
network protocols, as well as configured OS user
authentication and resource controls.
Automated and manual controls are deployed to
identify and patch system vulnerabilities.
Provides unified and clean run-time environments
for customer workloads.
Developed to comply with:
• ISO27002/01
• SSAE16 SOC 2
• Industry best practices
Predix™ Cloud: Industrial-Grade Security
Protect OT/IT in an
App Factory Delivery Model
Complete “DevOpsSec” (Development Operations-
Security) process for all apps and microservices.
Static and dynamic automated testing help keeping
new code as clean as possible.
Survey of new microservices arriving into the
development area to detect any abnormal or suspicious behaviour.
Possibility of malware making its way into the run-
time environment greatly reduced.
Establish User-Based World
For Industrial Apps
Continuous monitoring at every layer, with data loss
protection and malware detection from the external
networks all the way through to the application or
microservice.
Creation of a “heat-map” dashboard for the Predix
Security Operations team to protect customers served by Predix.
Guidance for the shared responsibility of the user
organisation to implement controls at the
application and data layers.
Additional capabilities include:
• Full Security Operations Centre (SOC) and tooling
• Automated isolation and monitoring of incidents
• App-to-app behavioural evaluation
• Chain of custody for data communities
Predix™ Cloud Infrastructure Security The table below lists additional security in place to protect the Predix infrastructure.
Isolated customer
environments
Enable multi-tenancy to ensure that a customer’s business environment and data are hidden from others as
needed to ensure privacy.
OS security Harden and maintain base OS images for provisioned virtual machines based on Predix hardening standards
and related guidelines developed to comply with ISO27002/01 and SSAE16 SOC 2 standards and industry
best practices.
Hardware security Architect and securely deploy hardware for the infrastructure based on Predix hardening standards and
related guidelines developed to comply with ISO27002/01 and SSAE16 SOC 2 standards and industry best
practices.
Secured storage Provide encrypted block and object storage with associated services.
Secured data in transit within
the cloud network
Secure the network (using IPSec and SSL/TLS protocols) based on controls defined in Predix hardening
standards and related guidelines.
Federated identity management
Use tools that leverage the existing identity stores and remove the burden of identity management.
Secure single sign-on (SSO) services for access Predix.
Vulnerability and patch
management
Test and update software and hardware based on security advisories and regular vendor patch releases
utilising proper change management procedures.
Monitoring and logging Actively search for network intrusion, malicious activities, and compliance policy violations that are a threat to
the infrastructure; communicate and remediate any incidents.
Rigorous risk assessments
against the cloud infrastructure
Perform penetration testing and compliance scanning to detect any vulnerabilities and compliance violations
and quickly remediate them; perform assessments against security controls and procedures.
Cyber Security for Industry
Assets Data
People
A complete Cyber Security Solution for the Industry has to cover Assets, Data and People
Thanks for listening