Embed Size (px)
Citation preview
Assessing How Operators Are Leveraging the Business Network to Grant Access to the Process Control Network
Cesar Felizzola and Stephen Crayner
Agenda
• Current Challenges • Mitigation Approaches
o Network Functionality & Segregation o Data Access vs. System Access o User Management o Work Processes
• Resource Needs & Administration • 3rd Party Access • Conclusions • Questions
2
Current Challenges
What we are trying to solve…
1. Providing data to users without creating system vulnerabilities
2. Managing system access for different roles/functions, securely
3. Maintaining system health and security long-term
4. Implementing access policies and work procedures consistently companywide
3
Mitigation Approaches
4
Data Flow (Optimizer Example)
5
LEVEL 4 – Business Network ZoneLEVEL 3.5 – Plant DMZ
Business NetworkDMZ Network – Plant Level
Plant Historian
InfoServer Process
EngineerProcess EngineerSales &
Purchasing
ADMIN BUILDINGCONTROL PCM
Supervisory Fiber Network (RING)
EngineerView
2 5 6
9 10
4
EngineerView
3
GR+AppServer
+ DI
GR+AppServer
+ DI+ Collector
for Plant Historian
EngineerView2
OPTServer
MODEL DATA
MODEL RESULTS
FSGateway
MV, CV, DV
Objects
MODELRESULTS
Manual Data Entry FormCommercial
Values
COMMERCIALVALUES
COMMERCIALVALUES
What If ModelingInterface
BOUNDS and LOCKDATA FROM HMI
PROCESS DATA
SUGGESTEDSETPOINTS
8
What If InterfaceOver RDP (1 session)
1
EngineerView2
Control BuildingSwitch
7
Engineer View3
Admin BuildingSwitch
Network Functionality & Segregation Business Network
§ Provides access company wide available systems and files (company directory, project files, commercial info)
Demilitarized Zone Network (DMZ) § Securely hosts data management and support systems accessible to external
networks (info server, historians) Process Control Network (PCN)
§ Dedicated to supervisory applications in charge of process control (DCS, PLC, BMS, SCADA)
Control System Network § Dedicated to controllers, field data automated decision making and execution (Field I/
O, DCS CPU, PLC, etc) Safety Network
§ Network connected to safety critical & emergency systems (SIS,BMS) Maintenance Network
§ Network connected to supplemental systems for configuration and troubleshooting (Gas Chromatographs, PLC, etc)
Segregation § Firewalls & Single Point of Entry
6
System Architecture
7
System Criticality
8
Informational Systems • Information and file transfer – Corporate operation • Workaround procedures are available
Operational Systems • Significant systems with low risk controls • Critical operations can continue for a period of time without system
Company Critical Systems • Automation systems critical to the operation and profitability of the
company
Infrastructure Critical Systems • Automation systems if incapacitated/destroyed would have a
debilitating impact on national security or public health/safety
-
+
Data Access vs. System Access
9
• Data Access § Access to system, process, and historical data
• System Access § Access to system file structure, programs, and desktop
Access only provided on a Data Access basis through read only methods
System Architecture
10
User Management
1. Multiple levels of approval required prior to granting access a. Uniform access requirements & forms
2. User added to local firewall policies by automation security a. 1st level of authentication
3. System administrators create unique credentials for user a. 2nd level of authentication
4. Password complexity requirements and reset timing enforced
11
System Management Accountability
• Automation System Owner § Individual in management position responsible for the
system and approving access
• Automation System Custodian § Proficient individual responsible for the support and
maintenance of the system(s)
• Automation System Users § Qualified personnel responsible for system
administration and custodian support contact
12
Users & Auditing
13
USERS AUDITING
• Automation System Owner and Custodian responsible for quarterly account reviews to validate:
1. Users are actively employed by the company
2. A user’s role still requires access to Automation Systems
• Action plan put together for all discrepancies
• Discrepancies resolved in a timely manner
• Data for: § Engineering § Environmental § Management § Operations § Commercial
Limiting Access
14
PROS CONS 1. Reduces system vulnerabilities 2. Simplifies system auditing 3. Ensures all personnel with
access are qualified 4. Multiple levels of checks and
balances 5. Creates “paper trail” for initial
access and future changes 6. Properly defines roles and
responsibilities 7. Creates accountability and
tracking 8. Enforces company wide
consistency
1. Increases time to gain access 2. Complicates work processes 3. Discourages full compliance 4. Increases training time 5. Increases system administration
needs
Work Processes
• Policies and Procedures
• User Auditing/Validation
• Follows Management of Change (MOC)
• Physical Access Restrictions (keypads, badge access)
• Removable Media Restrictions (CD, USB)
• Microsoft OS patches and antivirus updates
15
Resource Needs & Administration
What is required to maintain our systems? • Corporate automation group to review and update policies and
forms as needed
• Trained personnel to maintain and support the systems
• Automation security to build and support network segregation
• Approval personnel adhering to policies and work practices
• Periodic auditing of systems to ensure compliance
16
3rd Party Access
17
• Poses unknown system security risks
• Corporate policy to minimize 3rd party system access
• Non-Disclosure Agreement (NDA) required between 2 companies
• Validation of 3rd party IT systems/policies performed to ensure minimum security requirements are met
• Sometimes systems and work practices requiring DCP approval prior to 3rd party access are put in place
Conclusions
• A very real concern
• Changes the way DCP operates
• Balance between methodology and automation systems DCP installs
• Integrated operations and system visualization are increasing remote access needs
• Challenging task!
18
Questions?
19
