Post on 19-Jul-2018
3BSE072454
Tomas Lindström Cyber Security Manager BU Control Technologies 2013-01-16
Cyber Security for System 800xAThe SD3+C framework
© ABB Group September 27/28, 2012 | Slide 3
Security – Not just a technical solution …
There is no single solution that is effective for all organizations and applications
Security is a continuous process, not a once and for all technology solution
Security begins and ends with human behavior
100% security is not feasible
AccessControl
Administration&
Maintenance
PhysicalSecurity
Organization Personnel
Compliance
Process Control Security
© ABB Group September 27/28, 2012 | Slide 4
Security is ultimately the user’s responsibility
Proper implementation, configuration, operation, and maintenance of security procedures and equipment is the responsibility of the user of the automation system
However …
Effective security solutions require the joint efforts of
User’s IT and Process Control organizations
Control System vendors
Teams for Commissioning and Maintenance
Vendor support needed in complete System Lifecycle
System Capabilities(from Product organization, main focus for this presentation)
SAT & Commissioning
Maintenance & Support
© ABB Group September 27/28, 2012 | Slide 5
Good Security PracticesImplement a Security Management System
Use standards e.g. as guidelines:IEC 27000, ISA/IEC62443 (ISA99)
Do a risk assessment
Develop a security policy and define clear organizational responsibilities
Select security countermeasures as an “risk insurance”:Balance Value for me Value for X Mitigation cost:
Who should use the system for what Protect the system Detect problems Manage system resource availability
Plan for incident response and disaster recovery
Audit security systems and procedures for compliance with the security policy
© ABB Group September 27/28, 2012 | Slide 6
Defense in depth
The coordinated use of multiple lines of prevention and detection measures to protect the integrity of a system
Examples Security policy and procedures Perimeter firewalls Network segregation with Security zones
Resources in the same zone: same minimum security levelAccess between zones only through secure conduits
Intrusion detection Host based firewalls Host hardening Malware protection User authentication and authorization Data encryption Secure application development …
Policies and Procedures
Physical Security
Perimeter DefensesNetwork Defenses
Host DefensesApplication Defenses
Data Defenses
© ABB Group September 27/28, 2012 | Slide 7
Security for System 800xAThe SD3 + C Security Framework
Security in the Product Development Process:Requirements, Design, Implementation, Verification
Default installation with minimal attack surface Defense in Depth Least privileges used
Product support for Secure Configuration, Operation, Maintenance
Support for system updating
Openly and responsibly communicate with users about detected security flaws:Implications, corrections and/or workarounds
Secure by Design
Secure by Default
Secure in Deployment
Communication
© ABB Group September 27/28, 2012 | Slide 8
Secure by DesignSecurity in the Product Development Process
Security integrated in the Quality Management System
Security check points at Project Gates
Threat modeling
On existing products Finding Vulnerabilities?
For new products Identifying Requirements
Secure coding guidelines
Design and code reviews with checklists with security checkpoints and tool support
Aligning with Microsoft’s SDL
Testing (next slide)
© ABB Group September 27/28, 2012 | Slide 9
Secure by DesignTesting in Product Development
Requirement verification by R&D
Functional and non functional
Security Testing in R&D Projects (more next slide)
1) by R&D
Some tools
Scope: Single products and the whole system
2) by Device Security Assurance Center
More tools
Scope: Devices
3rd party testing
Achilles Communications Certification by Wurldtech
MUSIC certification by Mu Dynamics
© ABB Group September 27/28, 2012 | Slide 10
Secure by DesignABB’s Device Security Assurance Center
Product independent center for Device Robustness Testing
Controllers, Communication Interfaces, Field Devices, …
Assisting R&D Projects e.g. Improving methods
State-of-the-art security testing tools (commercial and open source): Mu8000, Achilles Satellite Unit, Nessus,…
Multi-test method approach with defined policies
Profiling Tools to determine vulnerable services
Check for well-known flaws
Resource Starvation Testing (DoS attacks)
Robustness testing (protocol fuzzing)
Systematically subjecting the target to a set of invalid packets that violate the protocol’s specification
More than Achilles/MUSIC Certification!
© ABB Group September 27/28, 2012 | Slide 11
Secure by DefaultSecure Default settings out of the box
Automated installation with System Installer
Consistent and repeatable
Secure default settings and hardening
Unnecessary services disabled or not installed
Windows FirewallEnabled and Configured for used functions
Secure default settings for user privileges
Embedded OS with only needed features
© ABB Group September 27/28, 2012 | Slide 12
Secure by Default, Defense in DepthNetwork Defenses
Network Redundancy with Dual Separated Networks
Client-Server communication protected with IPSec
IPSec Configuration Tool in SV 5.1 Rev A
For installed systems with SV 5.1 or later
For new systems
Storm protection in Network Switches(Recommended 3rd party addition)
Redundancy withSeparated networks
IPSecprotection
© ABB Group September 27/28, 2012 | Slide 13
Secure by Default, Defense in DepthHost Defenses
Windows Firewall in Servers and Workstations
Network filter in Controllers and Communication Modules
Blocks unsupported traffic
Network Storm protection
RNRP’s Network Loop Protection in Servers and Workstations
System supervision
Controller self supervision
PNSM (PC Network and Software Monitoring)
Storm/Loop protection action: Disable affected network.Communication survives Network Loops/Storms Thanks to Architecture with Separated Networks!
© ABB Group September 27/28, 2012 | Slide 15
Secure by Default, Defense in Depth User Authentication and Access Control
Product features designed to meet regulatory requirements
User Authentication based on Windows
Active Directory or Workgroup
800xA Access Control
Based on User, Role, and Location
Set on Structure, Object and Attribute level
Special Authentication functions
Re-authentication, Double authentication
Log over
Audit trail of user actions
Digital signatures
© ABB Group September 27/28, 2012 | Slide 17
Secure in DeploymentProduct Organization Support overview
Primarily a task for Project/Support organizations.
Supported from product organization:
User manuals, guidelines and system functions
Recommendations for Secure Architectures
Backup/Restore solutions
Malware Protection solutions
Patch Management solutions
Security Event Management solutions
Asset Inventory/Management solutions
Product Support organization
© ABB Group September 27/28, 2012 | Slide 18
Secure in DeploymentSecure Architecture: Security Zones
Security Zones: Multiple Network layers
© ABB Group September 27/28, 2012 | Slide 24
Secure in DeploymentPatch Management, Security Updates
Validation of Microsoft security updates
All relevant updates are tested for compatibility
At least every month
Dedicated Security Test Labcovering all supported 800xA system versions
Result published typically within 3 – 7 days
Available through ABB Automation Sentinel
Other 3rd party SW (e.g. Adobe Reader)
Released from SW vendor without schedule
Verified with next Microsoft Security Update
© ABB Group September 27/28, 2012 | Slide 25
Secure in DeploymentPatch Management, Deployment solutions
800xA System Revisions
The System Update Tool
Microsoft Security Updates
The System 800xA Qualified Security Updates
for node by node deployment
Security Updates delivered from ABB
WSUS for centralized management(Recommended 3rd party additions)
© ABB Group September 27/28, 2012 | Slide 26
Secure in DeploymentMalware Protection solutions (Qualified 3rd party additions)
Accreditation of Anti-virus SW
McAfee VirusScan® Enterprise and Symantec Endpoint Protection
Configuration guidelines
Verified in system tests
Node based or centralized management
‘Daily’ verification of Definition files
Update production systems with 48h delay
Application Whitelisting
SE46: To be released with FP4 Q1 2013
Industrial Defender HIPS: Under testing
© ABB Group September 27/28, 2012 | Slide 31
CommunicationCyber security response, Reporting
Cyber security response system to handle security vulnerabilities and incidents (issues)
Customers and other stakeholders are encouraged to use the “Contact us” feature on ABB’s Cyber security webpage http://www.abb.com/cybersecurity to report any security issue
© ABB Group September 27/28, 2012 | Slide 32
CommunicationCyber security response, Issue handling
When reportingProvide contact information with short message (without details of the security issue)
ABB Cyber security response team Contacts the user to get details of the issue and
provide responses via a protected communication method.
Analyses the issue involving security and product experts and provides mitigation measures.
Product responsible provide final mitigation solution and/or product correction.
© ABB Group September 27/28, 2012 | Slide 33
CommunicationCyber security response, Vulnerability disclosure
When mitigation solution or product correction exists: Confidentially reported or internally found vulnerability Disclosure to ABB and customers
Publically announced vulnerability Public disclosure on www.abb.com and ICS-CERT
© ABB Group September 27/28, 2012 | Slide 34
CommunicationVulnerability disclosure for Customers
To all customers known to ABB regardless of maintenance contracts
Security BulletinSecurity related Product defect or problem not related to safetyMy Control System planned to be used
Safety ReportProduct defect or problem which has the potential to cause a loss of safety in the use of the product
Product AlertProduct defect that may result in, although not directly cause or create, a safety issue or a process misbehavior.
A security problem which is or may result in asafety problem will be announced as Safety Report or Product Alert
© ABB Group September 27/28, 2012 | Slide 35
CommunicationSecurity via ABB Automation Sentinel
Product Bulletins with Security Validation status
Microsoft Security Updates (monthly update)
Virus Definition files (after each update, almost daily)
3rd party SW (after each update)
E-mail notification service on updates
Product Updates
© ABB Group September 27/28, 2012 | Slide 37
What do I get from where? Solutions from ABB
System 800xA Covering your essential needs/The good start…
ABB Automation Sentinel Keeps you up to date
ABB’s Cyber Security Fingerprint Configuration compliance management service
E163 – Cyber Security for System 800xA Expert Workshop training
© ABB Group September 27/28, 2012 | Slide 38
What do I get from where? Solutions from ABB’s partners
Malware protection: AntiVirus Anti Virus Enterprise and ePO Server from McAfee Symantec Endpoint Protection
Malware protection: Application Whitelisting SE46 from Cryptzone (Q1 2013) …
Security Event Monitoring Industrial Defender Monitor …
Configuration compliance management (24*7) Industrial Defender Manage (Q1 2013) …
© ABB Group September 27/28, 2012 | Slide 39
SD3 + C for System 800xAFor current solutions and future improvements
Project gates, Threat modeling, Static Code analysis, Reviews, Testing
Automated installation Default settings and hardening Host defenses, Network defenses
Architecture recommendations Malware protection, Patch Management Centralized security monitoring
Cyber Security Response Vulnerability disclosure ABB Automation Sentinel
Secure by Design
Secure by Default
Secure in Deployment
Communication
© ABB Group September 27/28, 2012 | Slide 40