federico tandeter - clkmedia.arpel2011.clk.com.uy/ciber/12.pdf · attack. cyber attackers are...

Nombre: Federico Tandeter

Cargo: Senior Manager de Seguridad

Teléfono: +54 9 11 3397 0364

Email: [email protected]

Nombre: Yeffry El Jammal

Cargo: Senior Manager de Consultoría

Teléfono: +54 9 11 5585 7098


Nombre: Pablo A. Vaquero

Cargo: Manager de Seguridad

Teléfono: +54 9 11 4022 9978


Copyright © 2016 Accenture. All rights reserved.

Los riesgos de las nuevas tecnologías de operación

inteligentesIndustrial Internet of Things (IIoT)


Introduction to Industrial Internet of Things (IIoT)


The IIoT is the 4th industrial revolution

Technology

Progress

Evolution of production

systems

Connectivity

Data Centers IT Standards

CPU Performance

Chip Miniaturization

Software Push

Internet Backbone

+Connected,

always-on, intelligent,

software & data powered

autonomous devices

Profound

changes

in the entire

industrial

ecosystem

=

Cyber Physical

Systems

(4th Industrial

Revolution)

Smart

Devices

The drivers for change in the 4th Industrial Revolution


Digital Industry 4.0 …. It’s complicated !


Where does IIoT fit in the broader technology landscape?Key insights

• Business pressures to increase revenue and decrease costs has led

to increased automation and remote management through internet

connectivity, but also exposes systems to the potential of cyber

attack. Cyber attackers are becoming more sophisticated and attacks

are increasing at incredible pace, 30% year over year compounded.

• The complex and often conflicting operational and security

requirements of the IT and OT domains mean that a new type of

thinking is required. There are many challenges to address before the

economic benefits of IT and OT convergence can be achieved.

• The long life of a typical ICS (20 year or more) denotes that many

were designed before the need for internet connectivity became a

compelling business driver, and so securing ‘brown field’

deployments from cyber attack can throw up many challenges.

• Many organizations are only now beginning to understand the

importance of security as an enabler for successful operations, but

are struggling with the complexities of IT/OT convergence, the

increasing need for regulatory compliance, and the safe operation if

IP connected OT.

Internet of Things

High level concept of a global network of “smart” physical objects of various

kinds (wearables, cars, smartphone, home appliances etc.), equipped with

connectivity, usually wireless, to networks such as the Internet for the

purpose of monitoring, data gathering and reporting, remote control etc.

Industrial Internet of Things

Subset of IoT specific to industry (as opposed to for example consumer

market), where networked devices range from anything like advanced field

sensors, GPS asset location, drones, traffic lights to all varieties of “smart”

hardware deployed in transportation, manufacturing, etc.

Industrial Control Systems

Segment of the market, focused on automation, computerized monitoring and

control of physical industrial processes like oil refining, offshore drilling and

production, pipeline management, power grid operations, mining, chemicals

production, robotized manufacturing, water treatment and more.

Critical Infrastructure

Critical infrastructure refers to processes, facilities, technologies, networks

and systems (including IIoT and ICS) that control and manage essential

services like utilities, transportation and specific industries like Resources and

Chemicals. Disruptions of critical infrastructure could result in catastrophic

loss of life, adverse economic effects and significant harm to public

confidence.

IoT

IIoT

ICS

CI


What does it consist of?

A combination of Information Technology (IT) and Operational Technology (OT) hardware and software assets, systems, and networks used to operate and supply power, gas, water, sewerage, transportation and communication networks

• IT systems are in place allowing machines to

exchange information directly with systems like

Enterprise Resources Planning (ERP), Customer

Relationship Management (CRM) systems, office-

based productivity tools and mobile computing

devices

• Industrial organizations have experienced an

exponential increase in quantity and quality of IT

systems

Information Technology

• OT is integrated hardware and software components

commonly used to operate machinery and physical

processes

• Information is actually used to identify a change of

state primarily in physical infrastructures

• If an engine is running too hot, OT regulates the

temperature to return it to a moderate state

• If a gas pipeline experiences pressure beyond its

operating parameters, OT can bring it back within

tolerance levels opening or closing a valve

Operational Technology

ICS

SCADA

Supervisory Control and Data Acquisition

(SCADA) generally refers to control systems that

span a large geographic area such as a gas pipeline,

power transmission system or water distribution

system.

Industrial control systems (ICS) is a subset of the

operational technology sector. It comprises systems

that are used to monitor and control industrial

processes (e.g. oil refinery cracking towers, power

consumption on electricity grids, etc.).

Both SCADA and ICS

terms are used

interchangeably but

the correct term to

use is ICS when

referring to industrial

automation of all

types.


IT Domain vs OT Domain

IT DomainOT Domain

Integrity ConfidentialityAvailability

Limited data capacity and computing power

Safety Operations is critical

High availability & integrity are vital with less stringent

confidentiality requirements

Critical operation and systems at edge of network with

human operators at the center

Essential equipment and operations remotely deployed

at edge of network

Slow response to threats – rapid patching might be

impossible due to outages

Long life resulting in legacy, unsupported infrastructure

High data capacity and computing power

Few safety critical operations

Confidentiality & integrity are vital while availability is

important

Critical operation and systems at centre of network.

Human users at edge

Essential equipment and operations concentrated

at centre of network

Rapid response to threats, patching and

reboots acceptable

Continuous equipment upgrade with short life cycles

The IT and OT domains have conflicting many operational requirements that need to be

understood to ensure effective and seamless security across both domains.


Connections are only going to increase…

Connected Worker Connected Network Connected Plant, Assets & Equipment

• How do you enable access to real-time data from enterprise IT systems to OT/ICS?

• What is the impact of intelligent devices at the edge?

• What is the impact when your backend systems are in the cloud?

• How do you manage wireless connectivity that is pervasive?

Sample of key questions …

http://www.google.co.uk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&docid=XaIXCElQUtpQIM&tbnid=1A1wzIJxB5YgJM:&ved=0CAUQjRw&url=http://www.iebmedia.com/ethernet.php?id=9563&parentid=74&themeid=255&showdetail=true&bb=true&ei=q5KRU_CyOKev0QXlxoFY&psig=AFQjCNFEOar8C-cJqUZhg21fNcr1SsJOXw&ust=1402135272470299

http://www.google.co.uk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&docid=XaIXCElQUtpQIM&tbnid=1A1wzIJxB5YgJM:&ved=0CAUQjRw&url=http://www.iebmedia.com/ethernet.php?id=9563&parentid=74&themeid=255&showdetail=true&bb=true&ei=q5KRU_CyOKev0QXlxoFY&psig=AFQjCNFEOar8C-cJqUZhg21fNcr1SsJOXw&ust=1402135272470299

http://www.google.co.uk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&docid=EfAU_NpK3LAC9M&tbnid=wkrKeuh19PYVsM:&ved=0CAUQjRw&url=http://machinetalk.etherios.com/thoughtleadership/the-anatomy-of-an-m2m-solution-hardware-the-first-step-to-connected-machines/&ei=UJiRU-HRBMm10wX474C4DQ&bvm=bv.68445247,d.d2k&psig=AFQjCNFd0D2HxsczmVRWtrFx4djGoxXS8Q&ust=1402136973392796

http://www.google.co.uk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&docid=EfAU_NpK3LAC9M&tbnid=wkrKeuh19PYVsM:&ved=0CAUQjRw&url=http://machinetalk.etherios.com/thoughtleadership/the-anatomy-of-an-m2m-solution-hardware-the-first-step-to-connected-machines/&ei=UJiRU-HRBMm10wX474C4DQ&bvm=bv.68445247,d.d2k&psig=AFQjCNFd0D2HxsczmVRWtrFx4djGoxXS8Q&ust=1402136973392796


IIoT Evolution


IIoT Security Challenges


Traditionally, data is usually stored in silos managed and owned by different parts of the organization. No insights available over virtual organization walls.

Data

Consumers

Data

Sources

Data Silos

Operations MaintenanceSupply Chain

Management

Research &

Development

Finance &

Controlling

Projects &

Engineering

Health &

Safety

Very often the department has

no direct access to this data.

Process Data

Historian

Data

Warehouse

Relational

Database

Content /

Document

Management

Unstructured

Data

ERP

MES /

DCS

Sensor

s

LIMS Business

Application

Business

Application

Business

Application

(Office)

Docs

Drawings

/ P&ID

Logs

Video Feeds

Images

Logs


Industrial Internet of Things (IIoT) bridges the different levels of information systems in the plant, across the organization and along the value chain….

ISA 95 Levels and Related Manufacturing Systems

Level 4

Level 1

Level 2

Level 3

Business & LogisticsPlanning

Manufacturing OperationsManagement (MOM)

Batch Control

DiscreteControl

ContinuousControl

Planning

Establish the basic plant schedule-production, material usage, goods receiving and products shipping. Determining inventory levels.

Time frame:month, weeks, days

Operation

Work flow / recipe control to produce the desired end products. Maintaining records and optimizing the production process.

Time frame: days, shifts, hours, minutes, seconds

Control

Monitoring, supervisory control and automated control of the production process.

Time frame: hours, minutes, seconds, sub seconds

Plant

Sensing the production process (sensors), manipulating the production process (actors).

Enterprise

Site

Area

Unit Unit Unit

Work

Cell

Work

Cell

Work

Cell

Activity View Organizational View System View

Business

Application

(e.g. ERP)

MOM Application

(e.g. MES/ APS)

Industrial

Automation

(e.g. PCS)

Dimensions

Between Devices (M2M)

Vertical

Horizontal

Level 4

Level 3

Level 2

Level 1

ERP

MES

Plant Control

Field Devices

Across Plants

Value Chain


…allowing to perform analytics in real time, enabling also the possibility of analytics-based process control


But as data flows through many configurations – end to end, many security questions will have to be answered..

Who has physical access?

How are vulnerabilities patched?

Has the data been manipulated?

Is sensor data being missed?

Can configuration and update mechanisms be used

to do harm?

What happens when systems fail safe?

Who has access to process data?

Are the reports showing the right data / analytics results?

Are our office / ERP systems being used to infiltrate?

How can I trust a system that is essentially available from

anywhere?

Is my channel back into my production being intercepted?


Attacks on critical infrastructure have already begun. How has the attack surface evolved?Prior to 2000, attackers largely needed physical access systems to cause damage. However, the introduction of new technology (e.g. – remote management via the internet) has eroded traditional defenses for critical infrastructure.

MAROOCHY SHIRE (sewage plant) exploited by contractor who used an external entity to access SCADA systems resulting in uncontrolled release of raw sewage into waterways

BLASTER worm shuts down Washington rail traffic for 1.5 days. SLAMMERworm causes failure of safety monitoring system at Davis-Besse nuclear power station in Ohio

AURORA experiment by the U.S. Department of Homeland Security destroys electrical power generator by exploiting vulnerabilities

DRAGONFLY malware delivered onto ICS through a targeted spear phishing campaign allowed attackers to monitor, disrupt/sabotage, and steal (Energy and Pharmaceutical industries)

TRAM CRASH caused by teen hacker who modified a TV remote control to hack tram system

SHAMOON malware infects 30,000 – 55,000 windows machines at Saudi Aramco causing severe disruption to its oil distribution process by shutting down its internal network for over a week

STUXNET worm destroys approximately 1000 uranium enrichment centrifuges in Natanz (Iran)Malicious Apps

Custom Virus Droppers

Sophisticated Social engineering

Trojans, Worms/ self replicating/distributing Malware

Malicious Web Sites/ virus droppers

First Denial of Service Attacks (Blaster, Slammer)

Cryptographic Extortion

Spyware (pre-attack information gathering)

Crude Social engineering (SPAM)

BLACK ENERGY malware causes wide-spread disruption of the Ukrainian electricity grid


ICS Systems are Exposed to the Internet


US industrial control systems attacked 295 times in 12 months. Manufacturing Sector led all others in 2015, followed by EnergyIndustries that ICS-CERT was called on to help.

In 2016 the Critical Manufacturing sector reported the most number of

incidents, mainly because of a wide-spread spear phishing campaign

targeting that industry. However network scanning attacks and

exploitation of weak authentication remain top attack vectors.

Data Source:https://ics-cert.us-cert.gov/sites/default/files/Monitors/ICS-CERT%20Monitor_Nov-Dec2015_S508C.pdf

Critical Manufact

uring33%

Energy16%

Transportation

Systems8%

Water8%

Unknown9%

Manipulation of View (MoV)

The operational view of equipment being controlled is

not correct resulting in operators issuing incorrect and

dangerous commands

Denial of View (DoV)

Temporary loss of view of remote equipment by the

centralized control room caused by an attack on the

supervisory components in the ICS, or through denial of

service attacks reducing the ability of operational data

and controls to flow through the system

Loss of View (LoV)

A situation where the operator is receiving no

operational updates from the remote processes and

equipment being controlled. Attacks on the operating

system running on the DCU in the control rooms causing

the HMI to fail resulting in system components going into

a fail safe state

Denial of Control (DoC)

A temporary inability to control ICS hardware or

operational processes (e.g. a DoC attack on PLCs could

be implemented by intercepting control messages and

replaying expected responses, while at the same time

causing the PLC to execute damaging operations)

Loss of Control (LoC)

A sustained inability to control or correct operational

behavior, potentially resulting in loss of service caused

by equipment failing or entering fail safe states. Attacks

can occur in clear sight of operators with the HMI

indicating that an attack is taking place, but with the

operators unable to take preventative action. LOC may

persist after an attack has completed, with requiring

technicians to physically reset/replace the equipment

Manipulation of Control (MoC)

When control logic is interfered with to override or ignore

legitimate operator commands. MoC could also be

caused by MITM attacks and used by the attacker to

interfere with or control operational processes or

equipment


Origins of the Security ProblemUnpatched SystemsSecurity updates are difficult to install on OT infrastructure. In many cases, it takes

considerable planning and coordination to bring down a system for patching Further,

automatic security updates are not an option as that would cause the systems to

restart or shutdown. restart or shut down.

Lack of Authentication FunctionalityA lot of the control processes are designed to accept and trust all control commands as

being genuine so that authentication of users and automated processes are often not

required.

Expanded Attack SurfaceOT systems are becoming increasingly less isolated from the IT network.

Connecting OT systems to the IT network exposes the OT systems to exploits

within the enterprise and the conflicting security operational demands within the IT

network.

Unsecured Protocols There is no authentication or encryption inherent in many of the industrial protocols.

Known vulnerabilities are publicly documented in ICS–CERT. Digital Bond has

published dozens of vulnerabilities against industrial protocols such as DNP3.

Off-the-Shelf OTMore and more companies have adopted commercial off the shelf (COTS) products

for standardization and to lower costs. The rapid development of these COTS

products often lead to inherent security weaknesses that were not factored into

the design.

Lack of Wireless SecurityPoorly configured and supported wireless sensor connections and access points can

result in attackers remotely accessing and connecting to the ICS network to gain control

of the systems.

Limited Compute PowerOT systems typically run on small processors with limited computing and storage

capabilities, which prevents most OT systems from installing security updates and

from performing other security functions such as authentication and encryption to

protect the network communications.

Legacy SystemsIn many OT environments, systems and devices that have life spans of more than 15

years are no longer supported by the vendors. While most OT systems were not

designed and built with security in mind, the inherent vulnerabilities continue to be a risk

in the existing systems.

Remote ConnectivityThe operational need for vendors and support staff to remotely connect to the OT

network has resulted in exposing the process control systems and network to the

Internet (SHODAN), and unauthorized access to the network when user accounts

are not kept up to date.

IT and OT IntegrationIncreasing pressure to improve efficiency and reduce operating overhead is forcing

companies to merge their IT and OT domains – leading to the increased possibility

of attackers being able to gain access to the OT domain by exploiting weaknesses

in the IT network.


Case Study Example: Ukraine Power Grid Hack

Ivano Frankivsk region of Western Ukraine

The Ukraine Blackout is the first confirmed hack to take down a power grid

Analysis has shown that it was a brilliant multi-stage attack combining sophisticated logistics and planning with an ability to craft devastating malware to cripple different devices used by each power company.

The control systems used in the Ukraine used what were thought to be well segmented networks policed by robust firewalls, but they were undermined by the lack of 2Factor Authentication to confirm the identities of workers connecting remotely, and the lack of deep packet inspection for messages crossing IT/OT domains

Power supplies were eventually restored by manual operation, and disruption to electricity supplies was limited between 1 – 6 hours.

However, it took more than two months for the operations and control centers to become fully operational again.


Case Study Example: Ukraine Power Grid HackCyber attackers targeted key IT personnel via Spear-phishing social engineering attacks

Targeted employees opened email attachment containing BlackEnergy3 malware, allowing it to install itself into the IT network







All Employees should attend

Security awareness training

Enterprise Network

Attackers

Employees


Case Study Example: Ukraine Power Grid HackAttackers exploited lack of multifactor authentication to impersonate remote access by employees over VPN to access IT systems remotely

Black Energy malware enables backdoor access to IT systems where attackers were able to identify connected assets, and steal employee credentials

VPN connections to critical

systems must be secured using

MFA to confirm employee and

device identity

Cyber attackers targeted key IT personnel via Spear-phishing social engineering attacks










Enterprise Network

Attackers

Employees

IT

OT







device identity









Kill Disk

installed

UPS outage

schedule

Critical Asset configuration information was modified by attackers without detection

• Attackers stole VPN credentials to reach the devices in the electrical distribution network

• Attackers remotely accessed UPS mechanisms for control centers to disable them –that when power was cut, the control centers would be without power

• Kill Disk malware was installed in operator consoles, resulting in them being ‘bricked’ after a reboot

Configuration changes to

critical systems should require

additional authentication, and

be logged in SIEM



Enterprise Network

Attackers

Employees

IT

OT







device identity



Cyber attackers implemented final phase of attack

• Attackers used remote access tools to take control of operator HMI and pull circuit breakers at substations. Malicious firmware was installed into serial-to-Ethernet converters at substations to sever comms to operator consoles.

• Telephone denial of Service attack was launched against call centers to prevent customers from reporting power outage and scale of attack

Protect Communication across

IT and OT domains by firewalls

(preferably through a buffer

network/DMZ) with rigorous

whitelisted rules relating to

message originators, content

and destination







Kill Disk

installed

UPS outage

schedule

Critical Asset configuration information was modified by attackers without detection

• Attackers stole VPN credentials to reach the devices in the electrical distribution network

• Attackers remotely accessed UPS mechanisms for control centers to disable them –that when power was cut, the control centers would be without power

• Kill Disk malware was installed in operator consoles, resulting in them being ‘bricked’ after a reboot

Configuration changes to

critical systems should require

additional authentication, and

be logged in SIEM



Enterprise Network

Attackers

Employees

IT

OT


Security Call to Action


Security needs to be integrated within the entire lifecycle of components and services across critical infrastructure

Devices/Sensors• Industrial standards compliant devices to

ensure interoperability and ease of

maintenance

• Device specific digital identities and validation

in ICS

Network/Communications

• Adoption of industrial communication standards for wireless sensor networks (WiHART or ISA100.11a) to

enable encryption of communications

• Use self healing/self-organizing wireless mesh technology to ensure high network availability

• Establish segmented subnets and DMZ to limit access to critical components

• Establish strong firewalls between IT and OT networks and subnets

Management

• High availability and resiliency designed into the system

• Automated failsafe operation and multiple redundancy

• Intrusion detection and monitoring

Control Systems

• Design redundancy into the process control

system so that each controlling component in

critical operations will operate autonomously,

and revert to a fail safe state under alarm

conditions if communications to the control

room is lost

• Protect all communications to DCU and PLC

using suitably strong encryption

• Detect unauthorized access to ICS components

(physical or logical)

• Detect unauthorized traffic on network by

monitoring firewall ports and traffic

Critical Challenges Addressed

• Operational security

• Operational availability

• Software patching

• Secure communications

• Access control

• Digital identities

• Data security & integrity


Apply traditional security methods and lessons learned for each technology layer of the IIoT ecosystem

Traditional methods of securing the industrial controls systems

(ICS) environment, the cloud, Enterprise IT, and mobile

devices are still relevant for IIoT.

Applying these known security measures with a new set of

security controls specific to IIoT will augment the overall

security posture across the IIoT ecosystem.

New advances in security technologies and practices specific

to IIoT will have to be explored, specifically on the topics of:

• Identity and Access Management

• Network Connectivity

• Security Analytics & Response

• Endpoint Security

IIoT

Security

Mobile Security

Operational

Monitoring

ICS Security

Cloud Security

Enterprise IT

Security


IT and OT domain convergence – Best PracticeThe IIoT cannot operate effectively if cyber attackers are able to cause disruption or outages in its IT or OT domains.

The Ukraine blackout of 2015 showed that it is possible for cyber attackers to exploit weaknesses in the defenses of one

domain to penetrate the other to cause outages. There are many steps that can be taken to make the IT and OT domains

more robust against cyber attack, and to limit the extent of any breaches.

IT Domain

Enterprise IT Systems Cloud

OT Domain

Layer 1 PLC

Layer 1 PLC

Layer 1 PLC

Layer 1 PLC

Smart Grid OT

Control Center

Layer 2 DCS

IT and OT domains separated by DMZ

buffer network. Strict access control,

whitelisted firewalls and rigorously

policed communications limited to only

what is absolutely required

DMZ

• Use SIEM to tog network traffic and events to allow forensic analysis of any attacks or faults detected

• Use rigorous anti-virus and intrusion detection mechanisms to detect suspicious activities

• Ensure software is upgraded with latest security patches

• Employ MDM, MCM or MAM policies for all approved mobile devices

• Enforce strict policies to eliminate easy to guess, well known and hardcoded passwords

• Use access control lists to restrict employee access rights to the minimum required to perform their roles

• Enforce separate and rigorous authentication for access to IIoT systems – and keep authorized employees to minimum required.

Best Practice

• Train employees to recognise and report attacks (e.g. social engineering)

• Implement intrusion detection and incident response strategies to detect and respond to cyber attacks in a timely manner

• Implement a DMZ ( buffer network) between IT and IIoT domains to restrict and authenticate all communication to expected and authorized traffic

• Prevent outside internet access for devices in the OT domain

• Prevent BYOD devices from connecting to or accessing information in the OT domain

• Ensure regular audit of all devices connected in eth IIoT domain, and deny access to any unknown or unexpected connected devices.

• Use self healing technologies in IIoT domain to eliminate single points of failure in communication and power distribution


Point Solutions Examples: Uni-directional gatewaysUnidirectional Gateways can replace firewalls in industrial and critical network environments with one-way communications. Unidirectional Gateway solutions come in pairs: the TX appliance contains a laser, and the RX appliance contains an optical receiver. The Gateway pair can transmit information out of an operations network, but is incapable of propagating any virus, DOS attack, human error or any information at all back into the protected network.

Operational values are collected from the OT domain by a dedicated server which uses the unidirectional gateway to send the values to a Replicating server in the IT domain where the data values are reconstituted The server-replication process is transparent to external users, and has no effect on the original operations servers. External users access and use the replica servers in the same way they would access and use the original operations servers, without changing working procedures


Point Solutions Examples: Bidirectional OT Security Gateways

The Binary Armor device is installed inline between PLCs, remote terminal units, intelligent electronic devices or

controllers and the WAN/LAN; and provides bi-directional security across all communication layers.

Features Network Security

• Segregates critical control networks

from WAN/LAN

• Blocks all ports and network traffic

except those explicit to ICS

• Firewall – IP Tables

• Network Syslog notifications

Advanced Message Engine

• Accounts for every byte in every

message

• White-listing of messages based on

operational system logic

• Dynamic “state based” rule sets

• Broad range of industry standard and

proprietary protocols supported

High Availability

• Carrier Grade Linux

• Hardware watchdog

failsafe circuit

How a Bidirectional OT Security GatewayWould Have Helpedon the UkrainePower Grid Hack

How Deployment of a Bidirectional OT Security Gateway Across the Ukrainian Power Grid Would Have Prevented this Attack from Causing Power Outages

• The gateway is installed at every substation between remote PLCs, RTUs and serial converters and the WAN/LAN networks

• Rule sets are configured to match operational logic, which preventsbreakers from being tripped under normal operation

• The gateway is monitoring every message and maintaining system statein real-time

• The gateway blocks messages from compromised HMI to open breakers because they do not comply with operational logic

• Although HMI would still be compromised, damage to critical assets & power outage is prevented

CorporateLAN or WAN

IEDs

Relays

Digital

Analog


Future Developments Examples


The rapid expansion of the IoT and the increasingly sophisticated automation that it enables means that Identity management must be extended to machines – but traditional mechanisms are built around human identity.

The concept of identity must evolve from human-based attributes to include machine based elements that can be authenticated by other machines,

especially in automated environments or closed-loop systems.

Without this ability, the IoT cannot scale quantitatively or qualitatively because attackers could duplicate, emulate or ’impersonate’ device identities to

compromise or disrupt the increasingly sophisticated automated systems that we are increasingly reliant upon.

Human identity authentication has always be based on at least

one of the following:

• Something you are:

for millions of years this has been the use of basic biometric information

– the ability to recognize somebody’s face or voice to establish their identity. Signatures were the first evolution of biometric

authentication, which now includes fingerprint and iris recognition.

• Something you have:

To be able to authenticate the identity of strangers, passports, driving licenses, Id Cards, letters of introduction, and smart cards

have been used.

• Something you know:

Passwords, pass phrases, Pin Code, swipe pattern.

These Identity attributes are key to human identity authentication – but they are not suitable for the machines; machines can be made

up of multiple replaceable components, and can only ‘know’ validate with certainty based on predefined logic or sharing of information


Traditional identifiers can be used for communication between connected devices, but are not immutable, and therefore susceptible to being manipulated, cloned or impersonated.Can we use conventional attributes to identify machines?

None of these attributes is secure against cyber attackers copying them to emulate or impersonate trusted hardware devices.

A new approach is required to ensure that M2M communication can be established in an automated, secure fashion.

IP Address: A logical address assigned to devices on a network that communicate using the Internet Protocol. Connected machines can

share or have multiple IP addresses, which are typically dynamically assigned. Numerous legacy and new IoT devices utilize domain-

specific protocols, and are not always IP compatible.

MAC Address: Media Access Control address is a unique identifier assigned to the network interface of a device. Each communication

interface has an associated MAC address. Machines may share communication interfaces, and so MAC cannot uniquely identify a

connected machine. MAC Addresses can also be spoofed or emulated.

UUID: Universal Unique Identifier is a 128 bit number used to identify entities, relying on a combination of components for uniqueness.

UUIDs are guaranteed to be ‘practically unique’ as opposed to unique but are susceptible to being spoofed or copied.

Device Serial Number: Manufacturer allocated number to identify a device. This number does not identify the smart components

contained within the device and may not be unique amongst manufacturers. Device Serial numbers can be copied and reproduced by

cyber attackers.


New technologies to ensure immutable machine identity

Chip and platform manufacturers are now

embedding the necessary components to

allow powerful and secure computations

to be performed securely by supporting

hardware.

Advanced chip architectures from ARM and

Intel now support secure boot, secure code

execution and encrypted memory –

unlocking the capability to perform the

computations required for secure

computation, key exchange and storage.

By combining the emerging capability to

prove immutable chip level identity with

centralized, scalable identity management,

Accenture is able to address the Identity

Management Requirements for the IoT of

today and the future.

Secure Code Execution

Secure Boot

Secure Data Storage

Automated Hardware

Encryption

Encrypted Stored

credentials

Chip Level Identifier

PKI, EPID and Blockchain are mathematically complex operations and require sufficient compute

power and memory to enable the required computations to be performed in a timely manner. Chip

manufacturers are now beginning to embrace the need for this by implementing hardware

architectures which support hardware encryption, secure execution and embedded chip identifiers:


Improved visibility across multiple domains to detect suspicious activity with cross-domain IT and OT analytics

OT Infrastructure

Full visibility across the converged IT/OT fabric

Security Analytics

Result output to

SIEM/Dashboard

Standardize

Filter

Aggregate

Correlation

Anomaly Detection

IT Infrastructure

Enterprise

Events/Alerts

Control Layer

Events/Alerts

Supervisory

Events/Alerts

IDS/IPS Alerts

Network events

IDS/IPS AlertsEnterprise Network

Supervisory System Mobile Operator

Historian server Application server

Sensor & Device

Events/AlertsSensors/ Actuators

ECHO (Event Correlation across Heterogeneous Operations)

is a cross-domain event analysis engine developed by Accenture

Tech Labs to detect complex threat vectors against the IIoT

networks and effectively correlate security incidents in both IT and

OT networks, processing events and alerts generated by various

security components to provide a clear view for analysis.

Integrated Event Detection & Correlation

• Monitor and detect complex events occurring across IT and OT domains

• Combine heterogeneous sensor data to provide an expanded view of

cross domain activity

• Conduct enhanced root cause analysis of complex events

Increased Accuracy

• Provide seamless processing from sensor data to complex events in

multi-site industrial internet infrastructure

• Provide agile gathering, processing and archiving of OT data

• Develop improved event detection models using a larger spectrum of

IT and OT data

Context Driven Mitigation Strategies

• Leverage contextual data from multiple and diverse sources in industrial

internet to enable fine grained security controls

• Easier to manage attack surface with improved visibility into the attack path

• Improved root cause analysis of complex multi-step attacks


Wrap Up


Main Takeaways - Challenges

Internet connected systems are vulnerable to attack 24/7 from anywhere in the world

The economic disruption caused by a successful attack on critical infrastructure and industrial environments means that controlling systems are the main target for attackers

The cost and complexity of industrial control systems used to operate critical infrastructure have extremely long lifespans meaning that the security mechanisms might not have been included or accounted for

The components used in critical infrastructure systems are often focused on a specific task or process and could have proprietary components that make integration with other components troublesome


Main Takeaways – RecommendationsThe Industrial Internet of Things has great promise, but the security challenges surrounding its implementation must be addressed before these systems become widely embraced.

Integrate measures to protect the availability and integrity of Industrial Control Systems right from the start of an IT-OT Integration project

Don’t rely on IT experts to understand the complexity of your OT world, and vice versa – Get yourself an expert partner that understands both worlds

Align to government regulations for critical infrastructure availability and security. Use secure industrial standard communication protocols

Security needs to be designed into the end-to-end solution – incorporating both IT and OT operations.

The long life of OT means that obsolescence and replacement of components must be factored into the design of the solution


Questions & Answers

federico tandeter - clkmedia.arpel2011.clk.com.uy/ciber/12.pdf · attack. cyber attackers are...

Documents