Upload
gretchensimm
View
338
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Mocana webinar for Industrial and Smart Grid Industries
Citation preview
For Mocana Customer and Partner Use
Securing Industrial and Smart Grid Devices in a Connected
World
For Mocana Customer and Partner Use
Agenda
Mocana Overview
Recent Vulnerabilities & Value of Security
Key Concerns, Needs, & Challenges
1
2
3
Security Compliance & Best Practices
4
Introduction to Mocana Security Detail™
5
For Mocana Customer and Partner Use
Introducing Mocana
Offices San Francisco, CA Headquarters
Industry Smart Device Security So5ware and Services
Awards - World Economic Forum 2012 Tech Pioneer
- Gartner Cool Vendors List for 2012
- RedHerring Global Top 100 Private Co.
Major Products - Smart Device Security PlaKorm™ (SDSP): 24 Modules
- Mobile App ProtecRon™ (MAP)
Customers 200+ customers
Mul=ple Patents Filed and Granted
Target Segments - AutomoRve & AviaRon - Banking & Finance - Consumer Electronics - Datacom - Defense & Government - Industrial Automa=on - Smart Grid / AMI - Medical - Mobile Revenue 200%+ Growth YoY
Solid Investors - Intel / McAfee - Symantec - Shasta Ventures - Trident Capital
Target Market - Device Manufacturers - Service Providers - Enterprises
Primary Business Benefit Mocana insRlls confidence and trust for OEMs, service providers, consumers and enterprises by securing smart devices and the applicaRons and services they carry.
For Mocana Customer and Partner Use
Mocana Smart Device Security PlaKorm (SDSP)
Spans across Apps, Devices & Services
Deep IP with MulRple Patents Pending
Mocana Cryptography Deemed “Adequate”
by NSA
Decade of Embedded Security ExperRse
FIPS 140-‐2 CerRfied & Suite B Algorithms
Deployed Across 200+ OEMs, 300+
Designs, and Millions of Devices
Mocana: Deep Security Expertise & History
Recent Vulnerabilities & Value of Security
For Mocana Customer and Partner Use
Jun 2010
Sep 2011
Aug 2012
Oct 2011
Apr 2012
Recent Vulnerabilities in Smart Grid & Industrial
Sep 2012
VirusBlokAda first reported Stuxnet worm targeted Siemens PLCs
Rockwell Automa=on
PLC DoS aOack exposed
W32.Duqu is reported and found in across 11 countries
30,000 Saudi Aramco
Worksta=ons Compromised (Shamoon)
Wiper targets machines belonging to the Iranian Oil Ministry and the Na=onal Iranian Oil
Company
New Stuxnet / Flame Rela=ve Targets Middle East Banks
Private Key Vulnerabili=es for HTTPS/SSL
and SSH
OASyS SCADA project files stolen and malicious code installed on internal
systems Many SCADA systems should “consider
themselves hacked. It is only a maOer =me before you find out.” – Department of
Homeland Security (DHS)
For Mocana Customer and Partner Use
The Value of Security . . .
MeeRng Industry Compliance & Security Best PracRces
Increasing Worker Safety
Reducing Corporate Risk & ProtecRng Brand
Reducing In-‐Field Maintenance and Support Costs
Maintaining Product DifferenRaRon
For Mocana Customer and Partner Use
Key Concerns, Needs & Challenges
For Mocana Customer and Partner Use
Smart Grid Ecosystem Key Concerns
Utility Reduction in maintenance costs
(“rolling the truck”) Maintaining CIP-compliance
& passing NERC audits Providing consistent quality
& reliability of services
Consumption Reliable Service Consistent Costs
Privacy
Generation & Storage
Ability to securely update deployed devices in the
field Device-level functionality that supports CIP & NIST
compliancy
Substation Protection of infrastructure
from security threats Protection of general public
through deployment of proper safety measures
SCADA Smart Meter
For Mocana Customer and Partner Use
Smart Grid Security Needs
Scalable & Efficient Security Solutions optimized to execute within
diverse microcontrollers, processors and Operating Systems environments
Security solutions for highly resource
constrained environments, such as, low memory / CPU availability and battery
powered devices.
Data Encryption
Securing data-at-rest on all device types from HAN through Utility Headquarters
Authenticity Cryptographically authenticate devices to networks (HAN &
Utility) with keys and/or certificates
Cryptographically protect devices by not allowing unauthorized
software / firmware to execute
Secure Communications Secure data-in-motion
throughout entire ecosystem of connected devices & systems
SCADA Smart Meter
For Mocana Customer and Partner Use
Industrial Ecosystem Key Concerns
Photo Credit: Advantech Inc.
Plant / Factory Management Reducing costs
Reduce frequency of “rolling a truck” Increasing Worker Safety
Operations In-Field device management
Ability to securely update deployed devices in the field Preventative Maintenance
IT Security Team Protecting data-at-rest and data-
in-motion between devices, subsystems, and systems
Security compliance & best practices
OEMs Protecting IP
Maintaining brand
For Mocana Customer and Partner Use
Industrial Security Needs
Photo Credit: Advantech Inc.
Scalable & Efficient Security
Support scalable solutions optimized to execute within
diverse microcontrollers, processors and Operating
Systems environments
Data Encryption Securing data-at-rest on all device types from I/O
Modules to PLCs and HMIs
Authenticity Cryptographically authenticate
devices to networks and management systems
Cryptographically protect devices by not allowing unauthorized
software / firmware to execute
Secure Communications Secure data-in-motion
throughout entire ecosystem of connected
devices & systems
For Mocana Customer and Partner Use
Key Challenges with Smart Grid & Industrial Security
Budgets & Cost (Security is expected to be free)
Resource Constrained Devices (8 bit MCU, Memory, Battery, etc)
Lack of a real “standard” or “specification” – multiple best practices and guidelines
Large existing installed base, providing backwards compatibility
Aligning Operations Technology (OT) and Information Technology (IT) à (Operational Uptime vs. Network Security)
Fragmented Product Architectures – Multiple OS & CPUs à standardizing on a security platform difficult
For Mocana Customer and Partner Use
Security Compliance & Best PracRces
For Mocana Customer and Partner Use
Smart Grid & Industrial – Security Compliance & Best Practices
ISA99 - International Society of Automation (Industrial)
NIST 800-82 (Industrial)
NIST Inter-Agency Report (NISTIR) 7628 (Smart Grid)
NERC Critical Infrastructure Protection (CIP) (Smart Grid)
Security Profile for Advanced Metering Infrastructure
(NIST Cyber Security Coordination Task Group)
Zigbee Smart Energy 2.0 Profile (Industrial & Smart Grid)
For Mocana Customer and Partner Use
Smart Grid Security Compliance & Best Practices
Utility
Consumption
Generation & Storage
SCADA Smart Meter
Substation
Critical Infrastructure Protection (CIP)
NISTIR 7628
For Mocana Customer and Partner Use
NIST Inter-Agency Report 7628 (NISTIR 7628)
▶ Confidentiality – Privacy and confidentiality of the data being transferred between smart grid devices & systems
▶ Integrity – Source of data has not only been authenticated, but data has not been modified without authorization
▶ Authentication - Certificate Management using a trusted root with the Proper Use of Certificates, Revocation, and Expiration Dates
▶ Proper use of cryptography algorithms with FIPS 140-2 validated and Suite B algorithms recommended: - Encryption: AES-128 and AES-256
- Key Exchange: ECDH (NIST p-Curve 256 and 384 bit)
- Digital Signature: ECDSA (NIST p-Curve 256, 384, and 512 bit)
- Hashing: SHA-256, SHA-384, and SHA-512
- Symmetric Keys: AES-128, AES-192, and AES-256 with ECB, CBC, OFB, CFB, CTR, or XTS mode
- Asymmetric Keys: DSA, RSA, ECDSA (NIST p-Curve 256, 384, and 512 bit)
- Message Authentication: CMAC with AES-128, AES-192, or AES-256 in CMAC, CCM, GCM modes. HMAC with SHA-1, SHA-224, SHA-256, SHA-384, or SHA-512
Smart Grid – Security Compliance
For Mocana Customer and Partner Use
NERC Critical Infrastructure Protection (NERC / CIP)
▶ Secure Firmware / Software Updating
- Adding, modifying, replacing, or removing hardware or software
- Establish, document and implement a security patch management program for tracking, evaluating, testing, and installing applicable cyber security software patches for all assets
▶ Access Control
- Security processes shall use an access control model that denies access by default (specific access permissions must be specified)
▶ Authentication
- Where external access to assets (end points) has been enabled, there shall be technical controls to ensure authenticity of accessing party
Smart Grid – Security Compliance
For Mocana Customer and Partner Use
Industrial Security Compliance & Best Practices
Photo Credit: Advantech Inc.
ISA 99
NIST SP-800-82
For Mocana Customer and Partner Use
Security Compliance / Best Practices – Industrial Automation
ISA99 - International Society of Automation
▶ Device-to-Device authentication
▶ Password / Role-based Authentication
▶ Encryption using FIPS 140-2 Validated Cryptography, including Advanced Encryption Standard (AES), including AES-128, AES-192, or AES-256 algorithms
▶ Virtual Private Networks (VPNs) using Internet Protocol Security (IPsec), Secure Sockets Layer (SSL), or Secure Shell (SSH) secure communications protocols
▶ Includes non-device security, such as physical security, passwords, etc
For Mocana Customer and Partner Use
Smart Grid – Security Compliance
NIST 800-82 - National Institute of Standards and Technology
▶ Addressing security throughout the device lifecycle – design, deployment, & operations
▶ Enabling secure remote access through proper authentication
▶ Data-at-Rest and Data-in-Motion Encryption
▶ Securely updating devices with new firmware or patches
▶ Use of standards-based cryptography and protocols, such as FIPS 140-2 validated encryption, Internet Protocol Security (IPsec), Secure Sockets Layer (SSL), Secure Shell (SSH), and RADIUS
For Mocana Customer and Partner Use
Mocana Security Detail™
For Mocana Customer and Partner Use
Introducing Mocana’s Security Detail™ Program
Integrated package of software security, training, support, expertise, breach management services, and exclusive access to the security
community
With Security Detail™, Mocana becomes your security partner and expert – allowing OEMs to focus on product innovation & core R&D
For Mocana Customer and Partner Use
Performance & Design
Trusted & Highly Deployed
Expertise & Consultative
Approach
Tiny footprint—efficient code
High performance and scalability
Cross platform— OS & CPU Agnostic
Government Certifications (FIPS/Suite B)
Guaranteed GPL-free Cryptography
“No-shortcuts”
Focused on embedded security
High Quality Support
Code samples provided to make integration easy
Why Customers Choose Mocana
For Mocana Customer and Partner Use
Improved Cross Project Development Efficiencies
- Cross plaKorm—OS CPU AgnosRc Embedded Security Framework
- Tiny footprint—extremely efficient - Source Code Access & Easy to use APIs
Trusted Implementa=ons - Security Standards Interoperability and Government CerRficaRons
- Fielded by 200+ Global OEMs & 300+ designs
Core Context
Advantages of Open Source . . . Without the Drawbacks
- Limited Liability & IP IndemnificaRon - ExperRse & Support - Flexible Licensing -‐ Per project or “all you can eat” to provide maximum agility
Lower Total Cost of Ownership (Global R&D)
- Predictable Release Process - ReducRon in Support & ProducRon Issues
- Focus on Core AcRviRes – Reduce TTM
Value Proposition to Device OEMs
For Mocana Customer and Partner Use
Mocana Increases Return on Investment (ROI)*
Mocana Open Source
PorRng / IntegraRon / QA & TesRng Code
2 -‐3 Weeks 10 – 12 Weeks
Maintaining & SupporRng Code < 2 Weeks 8 – 10 Weeks
Ability to Retain Internal Security ExperRse
High to Very High Challenging to Impossible
IP IndemnificaRon
Limited Liability Exposure
ExperRse & Support via Phone / Email * Based on historical customer data over 8+yrs in business across 200+ customers . 20 weeks * $250k for fully burdened engineer = ~$100k
Mocana saves up to 20 weeks/project,
providing a 10x =me savings for Engineers
Up to ~$100k / project savings
Mocana Enables
OEMs To: Save money Reduce TTM
Focus on Core R&D
For Mocana Customer and Partner Use
▶ Industrial & Smart Grid security is evolving – OEMs need a trusted partner
▶ Security can be a value add – compliance to product differentiation to reducing corporate risk
▶ Mocana is Trusted and Fielded by 200+ major OEMs & 300+ designs
▶ Mocana helps save money, reduce TTM and allows you to focus on core R&D
▶ Mocana reduces development time, reduces production issues, and protects against Open Source IP concerns
Summary
For Mocana Customer and Partner Use
Tushar M. Patel
Director of Product Marketing
(415) 617-0055
https://mocana.com/sd/
Contact Us