Embed Size (px)
Citation preview
Integrating Electronic Security into theControl Systems Environment:
differences IT vs. Control Systems
Enzo M. Tieghi – [email protected]
Security IT & Control System Security: where are we?
Some cases about industrial -infrastructure Cyber
incidents: In January, 2003, the SQL Slammer Worm penetrated a computer network at Ohio’s Davis-Besse nuclear power plant and disabled a safety monitoring system for nearly five hours; SQL Slammer Worm downed one utility’s critical SCADA network in US; another utility lost its Frame Relay Network used for communications; some petrochemical plants lost Human Machine Interfaces (HMIs) and data historians; a 911 call center was taken offline; Airline flights were delayed and cancelled
in 2001, a series of cyber attacks were conducted on a computerized waste water treatment system by a disgruntled contractor in Queensland, Australia. One of these attacks caused the diversion of millions of gallons of raw sewage into a local river and park. There were 46 intrusions before the perpetrator was arrested.
Some cases about industrial -infrastructure Cyber
incidents: In September, 2001, a teenager allegedly hacked into a computer server at the Port of Houston: the port’s web service, which contained crucial data for shipping pilots, mooring companies and support firms responsible for helping ships navigate in and out of the harbor, was left inaccessible
1997: Shutdown at traffic air control system tower at Worchester Regional Airport (MA) USA
Italy 2004: Sasser halts 40 PCs in production plant of leading pharmaceutical company (batches to rework, week-end spent to restart plants, reinstall and revalidate systems etc.)
Water distribution SCADA system in California attacked and down (2005)
… No official statistical source: database with 20-30
tracked incidents in 2002-2004 in California (USA) Database at BCIT (CA) in construction
The 3 security faces
Phisical Security (Perimeter):Guard on duty, gates, ports, etc.
Human factor Security (Organization):Security policySecurity proceduresAwareness and training
Cyber-Security (Technology):AntivirusAcces control, authentication, …Firewalls, …
Internet
Network Vulnerability: examples
Controller or PLC
Process Control Network(Proprietary or Ethernet)
HMIControl System Application Server
Ethernet
SAP
Corporate Network
MailServer
Browser Clients
Desktops
Plant Network
Historian
Web Server
MES
Firewall
Remote Access Server
MobileOperator
ResourceConstraints
Wireless AP
DisgruntledEmployee
Browser Malware
Email Viruses
IM Downloads
Protocol Vulnerabilities
VPN Penetration
VulnerabilityExploit
FirewallPenetration
Unauthorized Access
Vendor Diagnostics
POTSRemote Access
EMS/ Indirect System Penetration
ContractorHacking/Malware
Flat Networks
eSecurity in control systems: industrial and infrastructure
consideration about security (not only “Safety”)
11 items why Security in control systems (DCS, PLC, SCADA/HMI, plant networks, etc. )
is different from IT Security
BS7799 vs. ISA-99.00.01Comparison of
Objectives
Manufacturing and Control Systems
Traditional IT Systems
Priority
Availability Confidentiality
Integrity
Confidentiality
Integrity
Availability
ANSI/ISA-95 Functional Hierarchy
Level 4
Level 1
Level 2
Level 3
Business Planning & Logistics
Plant Production Scheduling,Operational Management, etc
Manufacturing Operations Management
Dispatching Production, Detailed ProductionScheduling, Reliability Assurance, ...
BatchControl
DiscreteControl
ContinuousControl
1 - Sensing the production process, manipulating the production process
2 - Monitoring, supervisory control and automated control of the production process
3 - Work flow / recipe control to produce the desired end products. Maintaining records and optimizing the production process.
Time FrameDays, Shifts, hours, minutes, seconds
4 - Establishing the basic plant schedule -production, material use, delivery, and shipping. Determining inventory levels.
Time FrameMonths, weeks, days
Level 0 0 - The actual production process
Level 4
Level 1
Level 2
Level 3
Business Planning & Logistics
Plant Production Scheduling,Operational Management, etc
Manufacturing Operations Management
Dispatching Production, Detailed ProductionScheduling, Reliability Assurance, ...
BatchControl
DiscreteControl
ContinuousControl
1 - Sensing the production process, manipulating the production process
2 - Monitoring, supervisory control and automated control of the production process
3 - Work flow / recipe control to produce the desired end products. Maintaining records and optimizing the production process.
Time FrameDays, Shifts, hours, minutes, seconds
4 - Establishing the basic plant schedule -production, material use, delivery, and shipping. Determining inventory levels.
Time FrameMonths, weeks, days
Level 0 0 - The actual production process
ANSI/ISA—TR99.00.02—2004
Art. 6.5Special Considerations for Manufacturing
and Control SystemsManufacturing and Control System electronic security plans and programs are consistent with, and build on, existing IT security experience, programs, and practices. However, there are critical operational differences between IT and Manufacturing and Control Systems that influence how specific measures should be applied. (……).
Why eSec is different - 1
Differing risk management goalsRirsk Definition: Human safety and fault
tolerance to prevent loss of life or endangerment of public health or confidence, loss of equipment, loss of intellectual property, or lost or damaged product.
Perché la Sicurezza è diversa? /2
Differing architecture security focus In a typical IT system, the primary focus of
security is protecting the information stored on the central server.
In manufacturing systems, the situation is reversed. Edge clients (e.g., PLC, operator station, or DCS controller) are typically more important than the central server.
Why eSec is different - 2
Perché la Sicurezza è diversa?/3
Differing availability requirements Many manufacturing processes are continuous in
nature. Unexpected outages of systems that control manufacturing processes are not acceptable. Exhaustive pre-deployment testing is essential to ensure high availability for the Manufacturing and Control System. In addition to unexpected outages, many control systems cannot be easily stopped and started without affecting production. In some cases, the products produced or equipment being used is more important than the information being relayed. The requirement for high availability, reliability, and maintainability reduces the effectiveness of IT strategies like rebooting.
Why eSec is different - 3
Perché la Sicurezza è diversa?/4
Unintended consequencesManufacturing and Control Systems can be
very complex in the way that they interact with physical processes. All security functions integrated into the process control system must be tested to prove that they do not introduce unacceptable vulnerabilities. Adding any physical or logical component to the system may reduce reliability of the control system, but the resulting reliability should be kept to acceptable levels.
Why eSec is different -4
Perché la Sicurezza è diversa?/5
Time critical responsesFor some systems, automated response time
or system response to human interaction is critical.
For example, emergency actions on regulatory process control systems should not be hampered by requiring password authentication and authorization.
Information flow must not be interrupted or compromised.
Why eSec is different- 5
Perché la Sicurezza è diversa?/6
Differing response time requirementsManufacturing and Control Systems are
generally time critical Delay is not acceptable for the delivery of
information, and high throughput is typically not essential.
Why eSec is different -6
Perché la Sicurezza è diversa?/7
System software Differing and “custom” operating systems and
applications may not tolerate typical IT practices.
Networks are often more complex and require a different level of expertise (e.g., control networks are typically managed by control engineers, not IT personnel).
Software and hardware applications are more difficult to upgrade in a control system network.
Many systems may not have desired features including encryption capabilities, error logging, and password protection.
Why eSec is different -7
Perché la Sicurezza è diversa?/8
Resource constraintsControl systems and their real time operating
systems are resource constrained systems that do not include typical IT security technologies.
There may not be available computing resources to retrofit these security technologies.
Why eSec is different -8
Perché la Sicurezza è diversa?/9
Information integrity In-bound information is highly essential to
the control system operation. It is important to take practical precautions
to eliminate malicious in-bound information in an effort to maintain control operation.
Why eSec is different -9
Perché la Sicurezza è diversa?/10
CommunicationsCommunication protocols and media
used by control systems environments are typically different from the generic IT environment, and may be proprietary.
Examples include radio telemetry using asynchronous serial protocols and proprietary communication networks.
Why eSec is different -10
Perché la Sicurezza è diversa?/11
Software UpdatesSecurity patches cannot always be
implemented on a timely basis because software changes need to be thoroughly tested by the vendor of the manufacturing control application and the end user of the application before being implemented
Change management control is necessary to maintain integrity of the control systems.
Why eSec is different - 11
Perché la Sicurezza è diversa?
These differences require careful assessment by Manufacturing and Control System experts working in conjunction with security and IT personnel.
This team of people should carefully evaluate the applicability of IT and specific Manufacturing and Control Systems electronic security features, including thorough testing before application, where necessary.
Why eSec is different: final
Network Segregation
“Rings of Defense” for Corporate and SCADA Networks – www.dyonyx.com
What to do: ad hoc methodology and tools
Industrial Security Assessment Industrial Security Vulnerability Tests Industrial Security Policy Industrial Incident Response Plans Business Continuity & Disaster Recovery
Plans Industrial Protection (Industrial IDS/IPS) Monitoring and Managed Services for
Industry Audit
Where Control Systems are?
Everywhere…Industrial but also InfrastructureProduction and Distribution: Water, Oil &
Gas, Power, etc.Traffic control: Railways, Highways,
Tunnels, Air, etc. Buildings: Airports, Hospitals, Schools,
Governament, Research Centers, Universities, Municipalities, etc.
TLCs
What’s moving…
“21 Steps to improve Cyber Security of SCADA Networks”(USA White House)
“Common vulnerabilities in critical infrastructure control systems”(U.S. Dept. Of Energy’s National Nuclear Security Administration)
Securing Process Control Systems - IT Security (European Commission)
Industrial security and international standards
•BS7799-ISO27000 Information security management systems – Specification with guidance for use•ISO/IEC 17799:2005 Information Technology – Code of practice for information security management •ANSI/ISA SP99 TR1 Security for Manufacturing and Control Systems•ANSI/ISA SP99 TR2 Integrating Electronic Security into Manufacturing and Control Systems Environment•ISO/IEC 15408 Common Criteria•NIST System Protection Profile for Industrial Control Systems (SPP-ICS)•CIDX Chemical Industry Data Exchange - Cibersecurity Vulnerability Assessment Methodology (VAM) Guidance•ISPE/GAMP4 – Good Automated Manufacturing Practices – App. O Guideline for Automated System Security•NERC standards •AGA standards
![Aritmética Elemental [Enzo R Gentile]](https://img.pdfslide.us/doc/110x75/55cf9904550346d0339b0fc8/aritmetica-elemental-enzo-r-gentile.jpg)
