Technologies 1 CyberSecurity. Proprietary Information Of Energy 2013 Facilities System Integration...
-
Upload
francis-mcnulty -
Category
Documents
-
view
221 -
download
0
Transcript of Technologies 1 CyberSecurity. Proprietary Information Of Energy 2013 Facilities System Integration...
Proprietary Information Of Energy 2013
Facilities System Integration for Optimized Energy, Safety, and Comfort
It’s Not Just Temperature Controls Anymore!
CyberSecurity 101
Basics on securing your data
Gary Seifert PE
Business Development, OSIsoftMark McCoy
Federal Solutions ArchitectOSIsoft, LLC
Proprietary Information Of Energy 2013
Overview:
• Industrial Control Systems (ICS): Essential for control and mission, but susceptible.
• Cyber Threats: How power generation systems (prime, standby, and alternate generation plants) can be compromised by cyber-attacks
• COTS (Commercial off the Shelf) products that are available to protect the generation systems
• Potential opportunities, even in the shadow of federal budget limits and sequestration
Proprietary Information Of Energy 2013
Power Systems• Energy Surety and Sustainability - key drivers• DSB 2008 Summer Study identified the linkage
between generation and energy surety • Presidential Executive Order – “Improving
Critical Infrastructure Cybersecurity”• Conventional and renewable energy important• All power systems have Industrial Control
Systems (ICS)• But, are power system ICS Secure?
Proprietary Information Of Energy 2013
Federal Requirements• Federal Information Security Management Act
(FISMA)• Connectivity IAW with DoD Information Assurance
Certification and Acceptance Program (DIACAP) • Network Worthiness of Information Technology• And …… Every facility will have specific requirements
and specific certification processes to comply with• But – Do not fall in the trap of allowing the
certification to become the goal, rather than the true goal – “Secure usable ICS critical infrastructure”.
Proprietary Information Of Energy 2013
Industrial Control Systems – ICS• Distributed Control System (DCS) and Process Control Systems (PCS):
– A group of computers and/or smart field devices networked together to monitor and control industrial processes with direct feedback control.
– Control systems operate in near real time and is used in critical sectors such as Power Generation, Oil & Gas Refining, Water Treatment, Chemical, etc.
– May consist of BMI, PLC’s, stand alone power electronics controllers, microgrid controllers, Substation Automation systems,
• Supervisory Control and Data Acquisition (SCADA) system: – Normally applied to a systems connected to devices over a larger area
including multiple buildings or even many miles away. – Operative word is Supervisory used in critical sectors such as Electrical
Transmission & Distribution, Oil & Gas Pipelines, Water/Sewer, and Transportation.
Proprietary Information Of Energy 2013
Power System ICS Footprint– Generator Control Systems– SmartGrid Control and Automation Systems– Utility Monitoring and Control Systems– Supervisory Control and Data Acquisition (SCADA)
Systems– Transmission and Distribution– Fuel management Systems– Power Quality and UPS Systems– Renewable Energy Control Systems– And More…….
Proprietary Information Of Energy 2013
Cyber Threat Sources• National Governments• Terrorists• Industrial Spies and Organized Crime Groups• Hacktivists • Hackers Note - We no longer have days after infection to respond, current trends are minutes after infection to propagate!
Proprietary Information Of Energy 2013
Why Me?
“in a recent presentation (October 2012), Panetta noted that the simple Shamoon worm was the most sophisticated attack seen in the business sector, and that on the same day it also struck Rasgas, Qatar’s natural gas firm”http://bits.blogs.nytimes.com/2012/10/12/daily-report-panetta-warns-of-threat-of-cyberattack-on-u-s/
• Most people believe it will happen to others
• Classic threats– Insiders– Disgruntled employees– Disgruntled contractor– Active agencies– Competitors– Organized crime– Others
Proprietary Information Of Energy 2013
It’s Real
“We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyber attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet.“
Tom Donahue, the CIA's top cybersecurity analyst
Quote taken from SANS NewsBites January 18, 2008
Stuxnet Worm Targets PCS PLC system 2010, Duqu, Flame, Shamoon, and Gauss follow
The first worm specifically targeting control systems.http://www.us-cert.gov/control_systems/pdf/ICSA-10-201-01B%20-%20USB%20Malware%20Targeting%20Siemens%20Control%20Software%20-%20Update%20B.pdfhttp://abcnews.go.com/Business/wireStory?id=11316203http://www.infoworld.com/d/security-central/second-variant-stuxnet-worm-strikes-944http://www.scadahacker.com/vulndb/ics-vuln-ref-list.htmlhttp://www.informationweek.com/security/attacks/saudi-aramco-restores-network-after-sham/240006278http://www.net-security.org/malware_news.php?id=2215
Proprietary Information Of Energy 2013
What Can We Do?• System Assessment (Know your ICS Perimeter)• Restrict Logical Access to the ICS network
o Develop Defense in Depth methodology• Restrict Physical Access to ICS Networks and Devices• Protect ICS Devices from Exploitation• Address functionality During Adverse Conditions• Address Restoration after the Incident is Over
NIST 800-82 is a good starting pointBecause many Legacy ICS systems are not secure, your systems will end up with a crunchy tough exterior containing your chewy ICS systems.
Proprietary Information Of Energy 2013
Resources
Australia Department of Defense has issued specific guidelines for ICS ProtectionTheir top 4 Mitigations that prevent 85+% of all intrusions.• http://www.dsd.gov.au/publications/csocprotect/Top_4_Mitigations.pdf?&verNov12Their summary report• http://www.dsd.gov.au/infosec/top35mitigationstrategies.htm
NIST Guidelines (Future Cyber Framework and Risk Framework guidelines to follow)• http://csrc.nist.gov/publications/nistpubs/800-82/SP800-82-final.pdf• http://csrc.nist.gov/cyberframework/nist-initial-analysis-of-rfi-responses.pdfDHS ICS recommended Guidelines• http://ics-cert.us-cert.gov/content/recommended-practices• http://
ics-cert.us-cert.gov/sites/default/files/recommended_practices/Defense_in_Depth_Oct09.pdf
TBD – NIST ICS Cyber Framework
Proprietary Information Of Energy 2013
Commercial off the Shelf Solutions • Network security: Firewalls, DMZ implementations, whitelisted connections,
whitelisting applications, etc• Secure Internet services• Using systems that have gone through third part audits, such as the INL
process • Upgrading legacy ICS systems • Upgrading Operating systems and developing systems that can be patched• Packet inspection (where possible)• Secure ICS Planning and design services• Third Party audits
Proprietary Information Of Energy 2013
Potential opportunities, even in the shadow of federal budget limits and
sequestration
Proprietary Information Of Energy 2013
Summary• Control Systems permeate our environment.• All control systems are at risk.• Awareness is KEY!• Know your risk, manage your risk!• It is ok to take baby steps!• It is not ok to wait to take the first step, small or large!• There are solutions, seek them out and apply them!
Proprietary Information Of Energy 2013
So, are SCADA’s Vulnerable?At first review, maybe this looks OK!
ApplicationUNIX OS Platform
Procurement AppNovell Platform
Financial AppNT OS Platform
Internet
SCADA
Firewall
Proprietary Information Of Energy 2013
ApplicationUNIX OS Platform
Procurement AppNovell Platform
Financial AppNT OS Platform
Internet
SCADA
Firewall
Security: à Physical Access à Password Control
After a little more review…..
Proprietary Information Of Energy 2013
Direct connection of SCADA to business system is a
concern
ApplicationUNIX OS Platform
Procurement AppNovell Platform
Financial AppNT OS Platform
FTP, Telnet, ...
RemoteAccess
Internet
SCADA
Firewall
And a little deeper review…
Proprietary Information Of Energy 2013
Even with another Firewall Back Doors are Still Open
ApplicationUNIX OS Platform
Procurement AppNovell Platform
Financial AppNT OS Platform
FTP, Telnet, ...
RemoteAccess
Internet
SCADA
Other RemoteAccess, Relays,
IEDs, etc.
NewFirewall
Firewall
After more reviewVulnerable? Yes!
Proprietary Information Of Energy 2013
SCADA LAN
ApplicationsServer
DMZ LAN
Corporate LAN
HistorianServer
WebDatabase
Server
DeveloperWorkstation
OperatorWorkstation
DatabaseServer
CorporateWorkstation
RTU
Switch
Switch
Switch
DMZFirewall
DMZFirewall
InternetFirewall
RemoteWorkstation
InternetFirewall
Radio
Modem
Modem
FEPServer
RTU
RTU
INTERNET
ICCPServer
ICCPServer
Operator Workstation Compromised Full SCADA Control
Proprietary Information Of Energy 2013
Man-in-the-Middle AttackSCADA/EMS Server Operator’s Console
Attacker’s Computer
Proprietary Information Of Energy 2013
Control NetworkDMZ
Corporate Domain
Control/PLC Devices
ProtectedDomain
OS ApplicationsData Collector
TCP545054575459
Web Apps
Best PracticesDMZ with Two Firewalls
Proprietary Information Of Energy 2013
Control Network
EnforcementZone
Corporate Domain
Control/PLC Devices
ProtectedDomain
OS ApplicationsData Collector
Web Apps
Best PracticesData Diode
Proprietary Information Of Energy 2013
Questions?
[email protected](208) 521-8385
[email protected](540) 209-6086
Proprietary Information Of Energy 2013
COTS (Commercial off the Shelf) Products that are available to protect power generation and distribution systems
Proprietary Information Of Energy 2013
Smart Distribution
• Network Protectors• Protective Relays• Power Distribution• Substation Automation
Solutions for both above-ground and vault applications to help utilities provide a more reliable, and safer, power distribution network
• Market Leadership in NA Power Distribution markets• Extensive Utility offering at Generation facilities• Turnkey substation automation capabilities via EESS
• Market Leadership in NA Power Distribution markets• Extensive Utility offering at Generation facilities• Turnkey substation automation capabilities via EESS
Proprietary Information Of Energy 2013
Smart Buildings
• Metering and Communications• Lighting Control Systems• Variable Speed Drives• Power Quality Solutions
Not only energy-saving products, but also products that aid in localized power control and monitoring, situational awareness
• Broad metering, lighting control, VFD and PQ offerings• Complete facility energy offering including demand response,
RCx, audits, turnkey installations
• Broad metering, lighting control, VFD and PQ offerings• Complete facility energy offering including demand response,
RCx, audits, turnkey installations
Proprietary Information Of Energy 2013
Smart Factories
• Metering, Relays, Communications• Variable Speed Drives• Power Distribution• Control and Automation• Energy Services
Control, automation and power distribution products and services designed to help factories optimize operations and energy use
• Market leading Power Distribution, Power Quality and Control offerings.
• Complete facility energy offering including demand response, RCx, audits, turnkey installations
• Market leading Power Distribution, Power Quality and Control offerings.
• Complete facility energy offering including demand response, RCx, audits, turnkey installations
Proprietary Information Of Energy 2013
Recommended Practice Network Design
Reference: US-CERT “Recommended Best Practice: Defense in Depth”http://csrp.inl.gov/Recommended_Practices.html
Proprietary Information Of Energy 2013
Agenda
Stuxnet -
BGP attack (2010) -15% of internet traffic routed to China“Among traffic rerouted via China was that destined for ... the US Senate, the
Office of the Secretary of Defence, Nasa and the Commerce Department.”
Project Aurora
Proprietary Information Of Energy 2013
• Architectures• Whitelisting• Upgrade software• Upgrade OS• Least Priveleges
Proprietary Information Of Energy 2013
• Anti-virus used to help 10 years ago, but hackers write code faster than antivirus companies can protect. Essentially blacklisting. Still good. Didn’t help Stuxnet.
• Operation Red October