greg jones, titan ict - redesigning system security based on the front end engineering and design of...
DESCRIPTION
Greg Jones, Senior ICT Consultant, Titan ICT delivered this presentation at the 2nd Annual Control Room Design & Operations Conference. This conference provided insights into streamlining operations, optimising efficiency & managing costs in your control room facilities, through effective design and operations. For more information, visit http://www.informa.com.au/controlroomdesign14TRANSCRIPT
![Page 1: Greg Jones, Titan ICT - Redesigning System Security based on the Front End Engineering and Design of a Control Room](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b6c18c4a7959d7268b45bf/html5/thumbnails/1.jpg)
REDESIGNING SYSTEM SECURITY OF A CONTROL ROOM
GREG JONES - SCADA AND DATA SYSTEMS ENGINEER
12 MARCH, 2014
![Page 2: Greg Jones, Titan ICT - Redesigning System Security based on the Front End Engineering and Design of a Control Room](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b6c18c4a7959d7268b45bf/html5/thumbnails/2.jpg)
Redesigning system security based on the front end engineering & design of a control room
![Page 3: Greg Jones, Titan ICT - Redesigning System Security based on the Front End Engineering and Design of a Control Room](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b6c18c4a7959d7268b45bf/html5/thumbnails/3.jpg)
Overview
Safety Moment → Introduction
→ Control systems data, access and technology business drivers
→ Effectiveness of patching and anti-virus
→ Going back to the old ways of segregation
→ Conclusion
![Page 4: Greg Jones, Titan ICT - Redesigning System Security based on the Front End Engineering and Design of a Control Room](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b6c18c4a7959d7268b45bf/html5/thumbnails/4.jpg)
Safety moment – threat of power loss to 2.1 million people → Integral Energy distributes electricity to 2.1 million people in NSW
→ Network Virus Attack (2009)
→ Business network infected by conficker worm
• Hackers able to issue commands to infected machines from the internet
• All desktops rebuilt by external security experts
→ Threats due to control systems being on the same network
• Loss of power to 2.1 million people
• Uncontrolled access to control system
→ Control System not vulnerable to Infection
• Generally unaffected as mostly on Unix
![Page 5: Greg Jones, Titan ICT - Redesigning System Security based on the Front End Engineering and Design of a Control Room](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b6c18c4a7959d7268b45bf/html5/thumbnails/5.jpg)
Data access for business intelligence
→ Big data provides competitive advantages • Regulatory requirements e.g. NGERS • Asset management • Worker empowerment (Kanban) • Remote screen view • Collaboration CWE
→ This is done by • Historian / database out • File transfer out
→ I3 – Intelligent, Instrumented and Interconnected
![Page 6: Greg Jones, Titan ICT - Redesigning System Security based on the Front End Engineering and Design of a Control Room](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b6c18c4a7959d7268b45bf/html5/thumbnails/6.jpg)
System access for management and support → Cost, schedule and worker empowerment
• Centralised management – CCR • Centralised support • Remote vendor support • Mobile operators
→ This requires: • 3rd Party WAN • Wireless networks • Internet access • File transfer in and out • 3rd party devices • Mobile devices
![Page 7: Greg Jones, Titan ICT - Redesigning System Security based on the Front End Engineering and Design of a Control Room](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b6c18c4a7959d7268b45bf/html5/thumbnails/7.jpg)
Technology – borderless networks → Cost, schedule and worker empowerment
→ Office network using • Cloud services (SaaS, PaaS, IaaS...) • BYOD (smart phone, laptop, tablet) • Use of portable media (USB, DVD ...)
→ Ubiquitous remote access
→ Office network meshed with the Internet and home networks
→ Social engineering (Facebook, Phishing ...)
→ Proliferation of malware / zero day exploits / hacking tools
→ Access to systems from anywhere
→ Office network is untrusted
![Page 8: Greg Jones, Titan ICT - Redesigning System Security based on the Front End Engineering and Design of a Control Room](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b6c18c4a7959d7268b45bf/html5/thumbnails/8.jpg)
Effectiveness of patching and anti-virus → Blacklisting philosophy → Office network
• System downtime and integrity • Test / dev cycle • Large number of users dependent on the system • Out of hours work and roll back • AV within 24 hours and patches monthly
→ Process control network • Safety is first priority • System downtime and integrity • Vendor guarantee required – patches / AV certified • Test / dev cycle • AV within a month and patching 3+ months
→ Inadequate patch speed to ensure protection → Always vulnerable to day zero threats
![Page 9: Greg Jones, Titan ICT - Redesigning System Security based on the Front End Engineering and Design of a Control Room](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b6c18c4a7959d7268b45bf/html5/thumbnails/9.jpg)
COTS systems and technology in the PCN
Cost, supportability and end of life issues force use of its COTS systems and services → Office network security requirements:
→ Process control network security requirements:
Confidentiality Medium high importance
Integrity High importance
Availability High lower importance
Regulatory Low importance
Availability Very high importance
Integrity Highest high importance
Confidentiality Medium low importance
Regulatory Medium low importance
![Page 10: Greg Jones, Titan ICT - Redesigning System Security based on the Front End Engineering and Design of a Control Room](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b6c18c4a7959d7268b45bf/html5/thumbnails/10.jpg)
Is it too much work? → Businesses and people only use solutions that are efficient and effective (mind the
gap) → Albert Einstein:
• “Intellectuals solve problems, geniuses prevent them.” → Technologies
• Data diodes / IP KVM • Thin clients • Application white listing • Timed access • Network segregation
→ Human firewall • Chronic unease - need to access / need to know
→ Design based on risk scenarios • CHAZOP
![Page 11: Greg Jones, Titan ICT - Redesigning System Security based on the Front End Engineering and Design of a Control Room](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b6c18c4a7959d7268b45bf/html5/thumbnails/11.jpg)
Exporting data securely to the business network → We can’t disconnect the PCN
→ Need data export for business intelligence
→ Can’t allow return traffic
→ Can’t be vulnerable to malware, hackers and human error
→ Use a data diode and export data
→ Replicate systems
→ Put PCN support systems on the PCN
Patc
h Ti
me
Crit
ical
ity
![Page 12: Greg Jones, Titan ICT - Redesigning System Security based on the Front End Engineering and Design of a Control Room](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b6c18c4a7959d7268b45bf/html5/thumbnails/12.jpg)
Clear accountabilities through physical boundaries
Patc
h Ti
me
Crit
ical
ity
→ Shared infrastructure makes ownership unclear
→ Support is compromised
→ Necessary changes are not implemented.
→ Management needs to be from a secure location (Management devices cannot have internet or email access)
→ Use dedicated management clients in the PCN
→ Keep PCN, PCN remote access and office network physically separate.
![Page 13: Greg Jones, Titan ICT - Redesigning System Security based on the Front End Engineering and Design of a Control Room](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b6c18c4a7959d7268b45bf/html5/thumbnails/13.jpg)
No internet access. Private WAN and dedicated clients for remote access
Patc
h Ti
me
Crit
ical
ity
→ Remote access is a necessity for timely and cost effective support
→ Requires inbound access
→ Internet access leaves you vulnerable
→ Only enabled upon request (just like the turning on and modems)
→ Use private WAN (MPLS)
→ Use dedicated PCN mobile devices that are not allowed to connect to the internet
→ In case of emergency use IP KVM connected to internet and host based firewall restrictions so the PCN is protected from malware
![Page 14: Greg Jones, Titan ICT - Redesigning System Security based on the Front End Engineering and Design of a Control Room](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b6c18c4a7959d7268b45bf/html5/thumbnails/14.jpg)
Network segregation and device hardening → WAN and wireless links cannot be fully trusted. → Need defence in depth → PCN nodes are an attack path → Uncontrolled portable media bring viruses and
carry data away → Operating systems on PCN clients are
vulnerable. → Encrypt 3rd party WAN and wireless links. → Introduce network segmentation of clients,
management, nodes, sites and PCD servers. → Use thin clients with all applications and systems
on servers → Disable USB’s and use network file transfer → Use an integrated security product suite
Patc
h Ti
me
Crit
ical
ity
![Page 15: Greg Jones, Titan ICT - Redesigning System Security based on the Front End Engineering and Design of a Control Room](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b6c18c4a7959d7268b45bf/html5/thumbnails/15.jpg)
Conclusions → Safety must be designed in
→ Changed security requirements
→ Be efficient and effective (mind the gap)
→ Cannot successfully defend with patching
→ Must use a different solution
• Technology
− Data diodes / thin clients
− Host and server segments
− Private remote access network with end to end security management
• Human firewall – need to access / need to know
• Design based on risk scenarios - CHAZOP
→ Ethos of white listing
![Page 16: Greg Jones, Titan ICT - Redesigning System Security based on the Front End Engineering and Design of a Control Room](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b6c18c4a7959d7268b45bf/html5/thumbnails/16.jpg)
Questions
![Page 17: Greg Jones, Titan ICT - Redesigning System Security based on the Front End Engineering and Design of a Control Room](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b6c18c4a7959d7268b45bf/html5/thumbnails/17.jpg)
Titan ICT Consultants
→ Australian-owned Engineering consultancy
→ Leading-edge tailored Integrated Technology and Business Solutions
→ Proven strategies and processes, and many years of project delivery experience
→ Vendor neutral meaning our recommendations are not influenced by any commercial arrangements - we find the best solution for our client’s needs
→ Dedicated project management office based on Prince2 and ISO:9001 accreditation
www.titanict.com.au
![Page 18: Greg Jones, Titan ICT - Redesigning System Security based on the Front End Engineering and Design of a Control Room](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b6c18c4a7959d7268b45bf/html5/thumbnails/18.jpg)
References
→ The delta between work capabilities and consumer capabilities is where "FUIT" happens. Luckily we're past that now!: BrianMadden, 24 Apr 2013, Jack Madden
→ Solving the SCADA/ICS Security Patch Problem: 27 Mar 2013, Tofino Security, Eric Byres
→ 13 ways through a firewall: What you don’t know can hurt you, Mar/Apr 2013, ISA, Andrew Ginter
→ Web-based SCADA Gathers More Fans: AutomationWorld, 5 Dec 2012, James R. Koelsch
→ SCADA Security In A Post-Stuxnet World: 6 Nov 2012, Dark Reading, Kelly Jackson Higgins
→ Maintaining Necessary Information Paths over Unidirectional Gateways: Oct 2011, Mohan Ramanathan & Andrew Ginter
→ Process Control Domain – Security Requirements for Vendors: Sep 2010, WIB