Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
CYBERSECURITY ISSUES FOR THE CRITICAL INFORMATION
INFRASTRUCTURE IN THE OIL AND GAS INDUSTRY
Dmitry GusevDeputy Director General, Infotecs JSC
Joint meeting of the IBC “Information and Communication” Working Committee and Russian Federation Chamber of Commerce and Industry30 of March 2018, Moscow, Russia Federation
©2017 Infotecs JSC
ABOUT USInfotecs JSC (Information Technologies and Communication Systems)
Founded in 1989. Since 1991, registered among the first Russian joint-stock companies. 26 years of experience in the development of cryptographic and network data protection tools.
A major player in the Russian market of Network security solutions: more than 1 million client software licenses and more than 70,000 server products (software, appliances) sold
A secretary company of TC 26 (Technical Committee for Standardization “Cryptography and Security Mechanisms”)
• 800+ Employees
• 50+ Products
• 9 Offices
• 4 Subsidiares
• 200+ Partners
ViPNet
Crypto routers / VPN
Firewalls/IDS
HIDS
Threat IntelligenceEmbedded Crypto Modules / SDKs
PKI and Applied Cryptography
VIPNET PRODUCTS PORTFOLIO
Certification
EducatuionResearches of information
security
Standardization
©2017 Infotecs JSC
ICS Cyber Attacks Statistics
©Mocana Corp.
©2017 Infotecs JSC
PROGRESS VS. SECURITY Mass implementation of typical
ICS
Using the Internet as a universal data transport
Integration of ICS with ERP andMES
Poor updates of ICS
Rapid development of remote monitoring and control systems
New global concepts and visions: Industry 4.0, IIoT, Digital Factory, PLM
Service models in industry(Industry Cloud, SECaaS)
Even one
incident on
critical
infrastructure
are
enough
©2017 Infotecs JSC
SAFETY & CONTROL CONVERGENCE!
Digital systems under the cyberattacks
2017: Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure
© Kaspersky Lab.
©2017 Infotecs JSC
REGULATORY FRAMEWORK IN RUSSIA / ICS SECURITY: STEP BY STEP
ГОСТ
ФСБФСТЭК
Отраслевые требования
PRESIDENT/GOVERNMENT
Decree of the President of the Russian Federation No. 683 of December 31, 2015 "On the National Security Strategy of the Russian Federation“
"The Doctrine of Information Security of the Russian Federation", 12/05/2016
Authorized Bodies(Federal Security Service, Federal Service for Technical and Export Control)
FSTEC Order No. 31 of March 14, 2014 «On Approval of Requirements for Providing Information Protection in Automated Control Systems»
"Requirements for firewalls," FSTEC, 2016 (inc. industrial FW).
«The concept of the state system for detecting, preventing and eliminating the consequences of computer attacks on the information resources of the Russian Federation», December 12, 2014, FSS
No.256-FL "On the safety of fuel and energy facilities“
Draft federal law "On the Security of the Critical Information Infrastructure of the Russian Federation" of December 2016.
FEDERAL LAW
©2017 Infotecs JSC
RUSSIAN NATIONAL TECHNICAL COMMITTEE FOR STANDARDIZATION
«CRYPTOGRAPHY AND SECURITY MECHANISMS» (TC 26)[ISO/IEC JTC1/SC27]
Sub-Committee 1
State secret cryptography
Sub-Committee 3
Cryptography for payment systems (National Card
Payment System)
Sub-Committee 2
Cryptography for sensitive information for government
organization
Sub-Committee 4
Mass cryptography, blockchains and IoT/IIoT
TC 26
www.tc26.ru
Cryptography for ICS
©2017 Infotecs JSC
APPLIED CRYPTOGRAPHY FOR ICS
Data and command protection
• Integrity
• Confidentiality
• Replay attack protection
• Authenticity
• Legal relevance
Personnel authorization and authentication
• Multifactor authentication
• Secret sharing
©2017 Infotecs JSC
ALL ABOUT PRIORITY
Confidentiality
Integrity
Availability
Enterprise
solutions
ICS
solutions
Availability
Integrity
Confidentiality
External (overlay)
tools
Built-in (embedded)
tools
Two ways to protect ICS
©2017 Infotecs JSC
VIPNET INDUSTRIAL/ENTERPRISE SECURITY GATEWAY MODELS
[WITH GOST CRYPTO]
55 Mbit/s
100 Mbit/s
1 Gbit/s
2,7 Gbit/s
5,5 Gbit/sHW100
HW1000
HW2000
HW50
HW5000
ViPNet Coordinator IG1010 Mbit/s
Quazar™ 10Gbit/s DWDM cryptomodules
©2017 Infotecs JSC
VIPNET SIES CORE: FIELD LEVEL CRYPTOGRAPHY
• Hardware appliance intended to integration in | with protected device
• Provides basic cryptographic operations in order to implement security scenarios as a simple crypto API
• Protected Keys management and storage
• Passive mode connection to the protected device via UART,
SPI, USB, I2C technical interfaces
• Designed as a miniPCIe module
• Industrial design and power supply: -40…+750C, 4 …17 V DC,
0.7 W (at 5 V)
or
• A set of software crypto libraries for integration, Windows/Linux and x86, ARM, MIPS architectures (Baikal)
Har
dw
are
Soft
war
e
CRISP (Cryptographic Industrial Security Protocol) – sessionlessprotocol for data transfer protectionin ICS/IIoT
©2017 Infotecs JSC
OPC UA Server
РВС
RS-485
Сервера ввода-вывода
…
OPC UA Server
SCADA Server ViPNet SIES
Server
АРМ АРМ
Крановый узел
КАМ200-80
Спутник
GSM
Телемеханика
Крановый узел
КАМ200-80
Спутник
GSM
ViPNet SIES Core
Cyber protection of the gas pipeline control system
©2017 Infotecs JSC
Project of Russian ecosystem of trusted platform
Thank you foryour attention!