Army Engineer Association Cyber Panel

Moderator: COL Ron Dabbieri,U.S. Army Corps of Engineers, Retired

3 August 2017

Cyber Panel Distinguished MembersBy Order of March

Deke Smith: “The Father of CADD/BIM Standards” - formerly Chief Architect, Installation &Environment, Office of the Deputy Undersecretary of Defense (Installations and Environment); until recently Executive Director, Building Seismic Safety Council and buildingSMART alliance, National Institute of Building Sciences. - Latest development in BIM/SmartBuilding/SCADA Technology and vulnerable & mitigation techniques.

Stephen Brewster, CISSP, CISM, CISA, Johnson Controls Cybersecurity Manager - Federal Systems Building Technologies & Solutions - Enabling BIM/SmartBuilding/SCADA, Fire Detection Control and Intrusion Detection Systems to operate as securely as possible within the current Industrial Controls Systems threat landscape. Product Developers Perspective.

Joel Langill (AECOM Director, ICS Cybersecurity ) – Give the Construction Industry perspective on integrating BIM/SmartBuilding/SCADA, Intrusion Detection Systems and Fire Detection Control Systems into design and construction, especially MILCON. Also, challenges in integrating these systems into a project. Construction Industry/GCs Perspective.

Greg Garcia (USACE CIO) – Batting clean-up with USACE views/guidance on integrating BIM/SmartBuilding/SCADA, Intrusion Detection Systems and Fire Detection Control Systems in USACE projects. USACE/Government Perspective.

Information SecurityThe Facility Managers Role

Dana Kennish “Deke” Smith, FAIA

DKS Information Consulting, LLC

Article Co-Authored

March/April 2016

Largely based on ISO/IEC 27001:2013

Agenda

•The Case for Developing an Infrastructure Operations Center

•Using modern Information Tools – Building Information Modeling

• IT Security and Information Security

•Understanding Vulnerability and Mitigating Risk

Agenda

•The Case for Developing an Infrastructure Operations Center

•Using modern Information Tools – Building Information Modeling

• IT Security and Information Security

•Understanding Vulnerability and Mitigating Risk

ARL Case Study: World-Class Vision

• Voice Communications

• Video Communications

• Radio, Wireless, and Satellite Communications

• Data Communications

• Desktop Computer Support

• Visual Production (Graphics and Pubs)

• Records and Document Management

• Library and Knowledge Management

• Management and Business Applications

• Information Technology Management

• Information Plans and Policies

• Facilities and Space

• People – Trained and Productive

• Information Assurance

Supporting Army Research

Through a World-Class

Infrastructure

Vision for a World-

Class

TechnologicalInfrastructure

Summary

Supporting Army

Research with a World-

Class Infrastructure

Technology to Win

Dr. Radha 1938 - 2015

ARL Case Study: Information Operations Center

Now• Network monitored from

central facility

• Servers and Applications

by end of Sep 02

• Already 28 potential

major outages averted

• Problems seen as they

occur – documented actions taken

Then

• Minimal monitoring

• Passive Management

Vision• Anticipating and correcting

most problems – Pro Active

• Information Fusion Center

Quarterly Accountability

Progress Report

GIS

BIM

Logical/Physical Model

42 VTC Sites

NOC

News Feeds

Information Operations Center – Situational Awareness 24x7x365

Closets

SCADA(Supervisory Control And

Data Acquisition)

Agenda

•The Case for Developing an Infrastructure Operations Center

•Using modern Information Tools – Building Information Modeling

• IT Security and Information Security

•Understanding Vulnerability and Mitigating Risk

Linking TCO to BIM – Taking Advantage of “I”

A Building Information Model (BIM) is a digital representation of physical and functional characteristics of a facility. As such it serves as a shared knowledge resource for information about a facility forming a reliable basis for decisions during its life-cycle from inception onward.

buildingSMART data Dictionary

Linking TCO to BIM – Taking Advantage of “I”

BIM Project Information(COBie, Metadata, LCie)

Geometry w/GUID’s

SCADA

1. Federated Models make up a project BIM

2. Common geometry supports life cycle

3. Common data about the facility links to BIM

4. Common dictionary tools support all project BIM’s

Agenda

•The Case for Developing an Infrastructure Operations Center

•Using modern Information Tools – Building Information Modeling

• IT Security and Information Security

•Understanding Vulnerability and Mitigating Risk

Industrial Control

Industrial Control

21 Steps to Improve Cyber Security of SCADA Network1. Identify all connections to SCADA networks.

2. Disconnect unnecessary connections to the SCADA network

3. Evaluate and strengthen the security of any remaining connections to the SCADA network

4. Harden SCADA networks by removing or disabling unnecessary services

5. Do not rely on proprietary protocols to protect your system

6. Implement the security features provided by device and system vendors

7. Establish strong controls over any medium that is used as a backdoor into the SCADA network

8. Implement internal and external intrusion detection systems and establish 24-hour-a-day incident monitoring

9. Perform technical audits of SCADA devices and networks, and any other connected networks, to identify security concerns

10. Conduct physical security surveys and assess all remote sites connected to the SCADA network to evaluate their security

11. Establish SCADA “Red Teams” to identify and evaluate possible attack scenarios

12. Clearly define cyber security roles, responsibilities, and authorities for managers, system administrators, and users

13. Document network architecture and identify systems that serve critical functions or contain sensitive information that require additional levels of protection

14. Establish a rigorous, ongoing risk management process

15. Establish a network protection strategy based on the principle of defense-in-depth

16. Clearly identify cyber security requirements

17. Establish effective configuration management processes

18. Conduct routine self-assessments

19. Establish system backups and disaster recovery plans

20. Senior organizational leadership should establish expectations for cyber security performance and hold individuals accountable for their performance

21. Establish policies and conduct training to minimize the likelihood that organizational personnel will inadvertently disclose sensitive information regarding SCADA system design, operations, or security controls

21 Steps to Improve Cyber Security of SCADA Network1. Identify all connections to SCADA networks.

2. Disconnect unnecessary connections to the SCADA network

3. Evaluate and strengthen the security of any remaining connections to the SCADA network

4. Harden SCADA networks by removing or disabling unnecessary services

5. Do not rely on proprietary protocols to protect your system

6. Implement the security features provided by device and system vendors

7. Establish strong controls over any medium that is used as a backdoor into the SCADA network

8. Implement internal and external intrusion detection systems and establish 24-hour-a-day incident monitoring

9. Perform technical audits of SCADA devices and networks, and any other connected networks, to identify security concerns

10. Conduct physical security surveys and assess all remote sites connected to the SCADA network to evaluate their security

11. Establish SCADA “Red Teams” to identify and evaluate possible attack scenarios

12. Clearly define cyber security roles, responsibilities, and authorities for managers, system administrators, and users

13. Document network architecture and identify systems that serve critical functions or contain sensitive information that require additional levels of protection

14. Establish a rigorous, ongoing risk management process

15. Establish a network protection strategy based on the principle of defense-in-depth

16. Clearly identify cyber security requirements

17. Establish effective configuration management processes

18. Conduct routine self-assessments

19. Establish system backups and disaster recovery plans

20. Senior organizational leadership should establish expectations for cyber security performance and hold individuals accountable for their performance

21. Establish policies and conduct training to minimize the likelihood that organizational personnel will inadvertently disclose sensitive information regarding SCADA system design, operations, or security controls

UFC

UFC

Agenda

•The Case for Developing an Infrastructure Operations Center

•Using modern Information Tools – Building Information Modeling

• IT Security and Information Security

•Understanding Vulnerability and Mitigating Risk

99% Solution

Seven levels of protection1. Logical – Something you know “ Password/PIN” – and don’t write down

2. Metadata – Everything you do in a session is recorded and cannot be erased

3. Geospatial – Are you connecting from a recognized or pre-authorized location

4. Unique Pass Codes – Single use codes or SecureID

5. Physical – CAC, Government issued Identification card

6. Biometric – Finger print, hand, iris, retina scan, facial or voice recognition or a combination

7. AI – Are you doing what you should be doing, are authorized to be doing or are following patterns – based on ATM/Credit Card systems

Clouds Can Be Safe

• Encrypt at rest on local equipment

• Encrypt in transmission

• Encrypt remote storage

• Know where the servers are located and that they are secure

• Partition sensitive information

• Do not consolidate information in one location

• Keep Keys Secure

• Do not reinvent IT

• Trust but verify

Thank You

Additional Questions? please contact me:

Deke Smithdeke@dksic.net(703) 481-9573