2010 SCADA and Control Systems Security Summit · 2010 SCADA and Control Systems Security Summit...
Transcript of 2010 SCADA and Control Systems Security Summit · 2010 SCADA and Control Systems Security Summit...
Emerson Confidential
Lessons Learned: Applying Security to new and existing Ovation systems.
2010 SCADA and Control Systems Security Summit
3-30-2010
Emerson Confidential
$20.9 Billion in sales (2009)
NYSE: EMR Diversified global
manufacturer
and technology provider
Approximately 141,000
employees worldwide
Headquarters in
St. Louis, Mo.
EmersonCompany At-A-Glance
Manufacturing and/or sales presence in more than 150 countries
255 manufacturing locations, 165 outside the U.S.
No. 94 on 2009 FORTUNE 500 list of America’s largest corporations
Founded in 1890
Emerson Confidential
Emerson Installations Exceed 375,000 MW in North America
Duke Energy 91 systems
FPL 42 systems
TVA 40 systems
Constellation 30 systems
SCE 10 systems
Ameren 14 systemsCalpine 19 systems XCEL Energy 23 systemsAES 25 systems
Southern Company 40 systems
AEP 38 systems
WE Energies 20 systems
Dynegy 27 systems
PacifiCorp 20 systems
Sierra Pacific /Nevada 12 systems
Progress 19 systems
Allegheny Energy 19 systems
And Many More!
20 new US coal plants since 2006
Sandow
Iatan
Plum PointElm RoadUnits 1 & 2
Trimble County
Spruce
Comanche
Nebraska City
Dallman Unit 4
WhelanUnit 2
Southwest Unit 2
Turk
Dry Fork
Virginia City 1 & 2
Cliffside Unit 6
SandyCreek
Prairie State Units 1 & 2
Emerson Confidential
Emerson’s Security Solutions
Products
– Domain Controller/Security Builder
– Router/firewall
– Database backup & restore
– Alarm analysis tool
– Ovation Security Center
Services
– Patch validations
– Security assessment
– SureService Guardian
– SureService OSC Support
– Training
– Evergreen Upgrades
Emerson Confidential
PCI vs. NERC-CIP -More similarities than differences
Emerson Confidential
OSC and CIP-005
Emerson Confidential
OSC and CIP-007
Emerson Confidential
Ovation Security Center Vulnerability Scan & Patch
Management (VSPM)
Malware Prevention (MP)
Security Incident & Event Management (SIEM)
Router for Ovation connections
Sized for Growth!
Ovation
DCS 8
Ovation
DCS 1
VSPM
MPID
SIEM
Ovation Security
Center
Management
Console
Ovation Security
Center
Core Switch
Ovation
DCS 16
Ovation
DCS 1
Core Switch
VSPM
MPID
SIEM
Plant LAN
Firewall
Management
Console
Emerson Confidential
Vulnerability Scan & Patch Management
Agent-less asset discovery
Non-disruptive scanning
Rapid, accurate
vulnerability assessments
Agent-based patch/update
inventory and deployment
Patches validated by
Emerson for Ovation
Air gap solution
Scheduled or on-demand
asset and patch reports
Emerson Confidential
Available Standard Reports Compliance: Network-based
Executive Summary
Frequency Summary Classic
Frequency Count Detail
Job Configuration
Job Summary
Local Services
Long Term trending
Network Inventory
Ports and Banners
Scan Summary
Short term Trending
Simple Listing
Top 20
Vulnerability Detail
Vulnerability Set Configuration
Vulnerability View
Agent Configuration
Agent Inventory
Agent Patch Status
Agent-based Vulnerability
Compliance: Agent-based
Compliance: Composite Assessment
Compliance Inventory
Deployment History
Deployment Status
Job Remediation
Emerson Confidential
Malware Prevention
Protection against malicious attacks
– Viruses, spyware, root kits, Trojan horse, buffer-overflow, etc.
White-listing allowed applications
“Trusted Change” for adding and updating applications
Kernel-level enforcement and tamper-resistance
Improving productivity and overall system performance over lifetime of support EICAR & STINGER EXECUTION BLOCKED
Emerson Confidential
Security Incident & Event Management
Combine events from multiple data sources
Normalize into a standardized format
Correlate events in real time to determine security incident
Advanced analysis and reporting: automated and customized
Advanced forensics with terabytes of log storage
Logs retained for 90+ days
Emerson Confidential
Immediate Benefits
Increasing reliability without introducing vulnerability
Minimum configuration
Online installation without plant outage
Reducing human involvement
Data mining and reporting in OSC
Accessible at the enterprise level
Emerson Confidential
Integration Challenges
Configuration Management + Patching = Difficult!
Integrating multiple Malware Prevention products on one endpoint (Blacklist + Whitelist)
Steep learning curve for plant personnel
Customizing reports – not a one size fits all approach
Emerson Confidential
Future Work
Add Intrusion Detection and/or Passive Vulnerability Sniffing at Network Layer, not just HIDS/HIPS – Should understand SCADA Protocols
Ovation Application and OS Hardening –
– 3rd Party Certification(s) (CIS, INL)
Emerson Confidential
Questions?