Industrial Security Standard IEC62443: Security Functions...
Transcript of Industrial Security Standard IEC62443: Security Functions...
Unrestricted © Siemens AG 2017 siemens.com/innovation
Industrial Security Standard IEC62443:
Security Functions for Industrial Control
Systems Dr. Rainer Falk
Unrestricted © Siemens AG 2017
June 2017 Page 2 Corporate Technology
Our industrial society confesses a growing demand for IT-Security
IT Security trends are determined by drivers such as
• Industry infrastructures changes (Digitalization)
• More networked embedded systems
• Increasing device-to-device communication
• Need to manage intellectual property
And
• Increasing international organized crime
• Privacy
• Compliance enforcement
• Cyber war fare
• Cloud/Virtualization
• PDAs, Smart Mobiles
• Social Networks / data mining concepts
• ….
Unrestricted © Siemens AG 2017
June 2017 Page 3 Corporate Technology
The threat level is rising –
Attackers are targeting critical infrastructures
Evolution of attacker motives, vulnerabilities and exploits
Hacking against physical assets Politics and Critical
Infrastructure
Cybercrime and Financial
Interests The Age of Computerworms
Code Red Slammer Blaster Zeus SpyEye Rustock Aurora Nitro Stuxnet
"Hacking for fun" "Hacking for money" "Hacking for political and
economic gains" States Criminals
Hobbyists Organized Criminals Hacktivists
State sponsored Actors Terrorists Activists
Backdoors Worms
Anti-Virus
Hackers
BlackHat Viruses
Responsible Disclosure
Credit Card Fraud
Botnets Banker Trojans
Phishing SPAM Adware
WebSite Hacking
Anonymous SCADA
RSA Breach DigiNotar
APT
Targeted Attacks
Sony Hack
Cyberwar
Hacking against
critical infrastructure
Identity theft
# of published exploits
# of new malware samples
# of published vulnerabilities
2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
Data
sourc
es:
IBM
X-F
orc
e T
rend a
nd R
isk R
eport
H
P C
yber
Ris
k R
eport
S
ym
ante
c Inte
llig
ence R
eport
Major loss of privacy
"Gläserner Bürger im Netz"
Ransomware
Unrestricted © Siemens AG 2017
June 2017 Page 4 Corporate Technology
Office world versus industrial systems - Protection targets for security
Lifetime 3-5 years Lifetime up to 20 years and more
Industrial Systems :
Protection of Production resources
Office IT :
Protection of IT-Infrastructure
Unrestricted © Siemens AG 2017
June 2017 Page 5 Corporate Technology
The CIA pyramid is turned upside down in
industrial automation and control systems
Availability
Pri
ori
ty
Integrity
Confidentiality
Confidentiality
Integrity
Availability
Industrial Automation and Control
Systems
Office IT Systems
Unrestricted © Siemens AG 2017
June 2017 Page 6 Corporate Technology
Industrial systems and office world have
different management & operational characteristics
Regular / scheduled
Medium, delays accepted
Scheduled and mandated
High (for IT Service Centers)
Common / widely used
3-5 years
Slow / restricted by regulation
Very high
Increasing
Very much varying
Uncommon, hard to deploy, white listing
Up to 20 years
Delays accepted Can be critical
IT- Infrastructure Production resources, incl. logistics
Application of patches
Availability requirement
Security testing / audit
Physical Security
Anti-virus
Component Lifetime
Real time requirement
Protection target for security
Office IT Industrial Systems
Unrestricted © Siemens AG 2017
June 2017 Page 7 Corporate Technology
Security-by-Design is different from Safety-by-Design
Technical System
Safety
Prevention of threats to humans and
environment caused by technical systems
Humans / Environment Humans / Environment
IT Security
Prevention of consequences
of threats to a system (intentionally) caused by
humans and/or environment
Technical System
Unrestricted © Siemens AG 2017
June 2017 Page 8 Corporate Technology
Caught between regulation, requirements, and standards
Product
Supplier
System
Integrator
Asset
Owner
designs and
deploys
operates and
maintains
develops and
supports
Design + hand over / maintain
a secure solution
Capabilities, documentation,
secure development, support
Secure operation, policies,
requirements
• ISO 27001/19
• IEC 62443-2-1
• NERC-CIP
• IEC 62443-2-4
• DIN VDE V0831-104
• BDEW WP
• IEC 62443-3-3
• IEC 62443-4-2
• BDEW WP
Solution design and deployment plays an essential role in designing compliant solutions
Unrestricted © Siemens AG 2017
June 2017 Page 9 Corporate Technology
Component System Policies and procedures General
1-1 Terminology, concepts and
models
1-2 Master glossary of terms and
abbreviations
3-3 System security requirements
and security assurance levels
3-2 Security assurance levels for
zones and conduits
3-1 Security technologies for IACS
2-3 Patch management in the IACS
environment
2-2 Operating an IACS security
program
2-1 Establishing an IACS security
program
1-3 System security compliance
metrics
4-2 Technical security requirements
for IACS products
4-1 Product development
requirements
IEC 62443 (ISA-99)
Definitions
Metrics
Requirements to the security
organization and processes of the
plant owner and suppliers
Requirements to a secure system Requirements to secure system
components
2-4 Certification of IACS supplier
security policies
IEC 62443 Covers Security Management, System, and
Component Level for Industrial Automation Control Systems (IACS)
Unrestricted © Siemens AG 2017
June 2017 Page 10 Corporate Technology
IACS, automation solution, control system
IACS environment / project specific
Independent of IACS environment
develops control systems
designs and deploys
operates and maintains
is the base for
Control System
as a combination of components
Host devices
Network components Applications
Embedded devices
4-1 3-3
4-2 develops components
Product
Supplier
System
Integrator
Asset Owner
Service Provider
Industrial Automation and Control System
(IACS)
+ 2-4
3-2
2-1
2-4
Operational policies and procedures
Automation solution Basic Process
Control System (BPCS)
Safety Instrumented System (SIS)
Complementary Hardware and
Software
Maintenance policies and procedures
2-3
3-3
Unrestricted © Siemens AG 2017
June 2017 Page 11 Corporate Technology
IEC 62443-3-3 and 3-2 have to be addressed by both the System Integrator
and Product Supplier.
IACS environment / project specific
Independent of IACS environment
develops control systems
designs and deploys
operates and maintains
Control System
4-1
3-3
4-2 develops components
Product
Supplier
System
Integrator
Asset Owner
Service Provider
Industrial Automation and Control System
(IACS)
2-4
2-1
2-4 2-3
Design + hand over / maintain
a secure solution
Secure operation, policies, requirements
Capabilities, documentation, secure
development, support
3-2
3-3
Unrestricted © Siemens AG 2017
June 2017 Page 12 Corporate Technology
Security levels provide for protection against different attack levels
Zones and Conduits
The targeted security level is determined by a threat and risk analysis
Zone Enterprise
Network
Zone Plant
Zone
Diagnosis
Conduit
Zone Control
SL4 Protection against intentional violation using sophisticated means,
extended resources, IACS specific skills, high motivation
SL3 Protection against intentional violation using sophisticated means,
moderate resources, IACS specific skills, moderate motivation
SL2 Protection against intentional violation using simple means,
low resources, generic skills, low motivation
SL1 Protection against casual or coincidental violation
Unrestricted © Siemens AG 2017
June 2017 Page 13 Corporate Technology
Security Standard IEC 62443-3.3 defines security requirements for industrial
control systems
FR 1 – Identification and authentication control
FR 2 – Use control
FR 3 – System integrity
FR 4 – Data confidentiality
FR 5 – Restricted data flow
FR 6 – Timely response to events
FR 7 – Resource availability
7 Foundational Requirements
3
3
3
1
2
1
3
Example Security Vector:
SL-x=(3,3,3,1,2,1,3)
Unrestricted © Siemens AG 2017
June 2017 Page 14 Corporate Technology
Example: System requirements (SR) and requirement extensions (RE) for
foundational requirement FR1 “Identification and authentication control”
Unrestricted © Siemens AG 2017
June 2017 Page 15 Corporate Technology
Prevention and reaction are still needed
Security will remain moving target. There will be no final I4.0 security solution without a need for further measures.
Security for the digital model
Security for the physical instance, its digital twin and their interactions must take place in a concerted way.
Adaptive security architectures
Agile security profiles have to be adaptable in a dynamic way.
Fast configuration must include security.
More integrated security within applications
• …rather than just within the network (layers)
• Application based end-to-end security must be possible
Security within Industry 4.0:
Security by design & security by default
Unrestricted © Siemens AG 2017
June 2017 Page 16 Corporate Technology
Security has to be suitable for the addressed environment
Since security is not just a technical
solution, which can be incorporated
transparently, we need to consider how
humans can get along with this issue.
This needs, especially for automation
environments, actions for:
• awareness trainings
• help people to understand security
measures and processes
• provide user friendly interfaces and
processes
Awareness and Acceptance
Unrestricted © Siemens AG 2017
June 2017 Page 17 Corporate Technology
Dr. Rainer Falk
Principal Key Expert
Siemens AG
Corporate Technology
CT RDA ITS
Otto-Hahn-Ring 6
D-81739 Munich
Germany
Internet
siemens.com/corporate-technology