Army Engineer Association Cyber Panel Moderator: … · Army Engineer Association Cyber Panel...
-
Upload
nguyendang -
Category
Documents
-
view
217 -
download
0
Transcript of Army Engineer Association Cyber Panel Moderator: … · Army Engineer Association Cyber Panel...
Army Engineer Association Cyber Panel
Moderator: COL Ron Dabbieri,U.S. Army Corps of Engineers, Retired
3 August 2017
Cyber Panel Distinguished MembersBy Order of March
Deke Smith: “The Father of CADD/BIM Standards” - formerly Chief Architect, Installation &Environment, Office of the Deputy Undersecretary of Defense (Installations and Environment); until recently Executive Director, Building Seismic Safety Council and buildingSMART alliance, National Institute of Building Sciences. - Latest development in BIM/SmartBuilding/SCADA Technology and vulnerable & mitigation techniques.
Stephen Brewster, CISSP, CISM, CISA, Johnson Controls Cybersecurity Manager - Federal Systems Building Technologies & Solutions - Enabling BIM/SmartBuilding/SCADA, Fire Detection Control and Intrusion Detection Systems to operate as securely as possible within the current Industrial Controls Systems threat landscape. Product Developers Perspective.
Joel Langill (AECOM Director, ICS Cybersecurity ) – Give the Construction Industry perspective on integrating BIM/SmartBuilding/SCADA, Intrusion Detection Systems and Fire Detection Control Systems into design and construction, especially MILCON. Also, challenges in integrating these systems into a project. Construction Industry/GCs Perspective.
Greg Garcia (USACE CIO) – Batting clean-up with USACE views/guidance on integrating BIM/SmartBuilding/SCADA, Intrusion Detection Systems and Fire Detection Control Systems in USACE projects. USACE/Government Perspective.
Information SecurityThe Facility Managers Role
Dana Kennish “Deke” Smith, FAIA
DKS Information Consulting, LLC
Article Co-Authored
March/April 2016
Largely based on ISO/IEC 27001:2013
Agenda
•The Case for Developing an Infrastructure Operations Center
•Using modern Information Tools – Building Information Modeling
• IT Security and Information Security
•Understanding Vulnerability and Mitigating Risk
Agenda
•The Case for Developing an Infrastructure Operations Center
•Using modern Information Tools – Building Information Modeling
• IT Security and Information Security
•Understanding Vulnerability and Mitigating Risk
ARL Case Study: World-Class Vision
• Voice Communications
• Video Communications
• Radio, Wireless, and Satellite Communications
• Data Communications
• Desktop Computer Support
• Visual Production (Graphics and Pubs)
• Records and Document Management
• Library and Knowledge Management
• Management and Business Applications
• Information Technology Management
• Information Plans and Policies
• Facilities and Space
• People – Trained and Productive
• Information Assurance
Supporting Army Research
Through a World-Class
Infrastructure
Vision for a World-
Class
TechnologicalInfrastructure
Summary
Supporting Army
Research with a World-
Class Infrastructure
Technology to Win
Dr. Radha 1938 - 2015
ARL Case Study: Information Operations Center
Now• Network monitored from
central facility
• Servers and Applications
by end of Sep 02
• Already 28 potential
major outages averted
• Problems seen as they
occur – documented actions taken
Then
• Minimal monitoring
• Passive Management
Vision• Anticipating and correcting
most problems – Pro Active
• Information Fusion Center
Quarterly Accountability
Progress Report
GIS
BIM
Logical/Physical Model
42 VTC Sites
NOC
News Feeds
Information Operations Center – Situational Awareness 24x7x365
Closets
SCADA(Supervisory Control And
Data Acquisition)
Agenda
•The Case for Developing an Infrastructure Operations Center
•Using modern Information Tools – Building Information Modeling
• IT Security and Information Security
•Understanding Vulnerability and Mitigating Risk
Linking TCO to BIM – Taking Advantage of “I”
A Building Information Model (BIM) is a digital representation of physical and functional characteristics of a facility. As such it serves as a shared knowledge resource for information about a facility forming a reliable basis for decisions during its life-cycle from inception onward.
buildingSMART data Dictionary
Linking TCO to BIM – Taking Advantage of “I”
BIM Project Information(COBie, Metadata, LCie)
Geometry w/GUID’s
SCADA
1. Federated Models make up a project BIM
2. Common geometry supports life cycle
3. Common data about the facility links to BIM
4. Common dictionary tools support all project BIM’s
Agenda
•The Case for Developing an Infrastructure Operations Center
•Using modern Information Tools – Building Information Modeling
• IT Security and Information Security
•Understanding Vulnerability and Mitigating Risk
Industrial Control
Industrial Control
21 Steps to Improve Cyber Security of SCADA Network1. Identify all connections to SCADA networks.
2. Disconnect unnecessary connections to the SCADA network
3. Evaluate and strengthen the security of any remaining connections to the SCADA network
4. Harden SCADA networks by removing or disabling unnecessary services
5. Do not rely on proprietary protocols to protect your system
6. Implement the security features provided by device and system vendors
7. Establish strong controls over any medium that is used as a backdoor into the SCADA network
8. Implement internal and external intrusion detection systems and establish 24-hour-a-day incident monitoring
9. Perform technical audits of SCADA devices and networks, and any other connected networks, to identify security concerns
10. Conduct physical security surveys and assess all remote sites connected to the SCADA network to evaluate their security
11. Establish SCADA “Red Teams” to identify and evaluate possible attack scenarios
12. Clearly define cyber security roles, responsibilities, and authorities for managers, system administrators, and users
13. Document network architecture and identify systems that serve critical functions or contain sensitive information that require additional levels of protection
14. Establish a rigorous, ongoing risk management process
15. Establish a network protection strategy based on the principle of defense-in-depth
16. Clearly identify cyber security requirements
17. Establish effective configuration management processes
18. Conduct routine self-assessments
19. Establish system backups and disaster recovery plans
20. Senior organizational leadership should establish expectations for cyber security performance and hold individuals accountable for their performance
21. Establish policies and conduct training to minimize the likelihood that organizational personnel will inadvertently disclose sensitive information regarding SCADA system design, operations, or security controls
21 Steps to Improve Cyber Security of SCADA Network1. Identify all connections to SCADA networks.
2. Disconnect unnecessary connections to the SCADA network
3. Evaluate and strengthen the security of any remaining connections to the SCADA network
4. Harden SCADA networks by removing or disabling unnecessary services
5. Do not rely on proprietary protocols to protect your system
6. Implement the security features provided by device and system vendors
7. Establish strong controls over any medium that is used as a backdoor into the SCADA network
8. Implement internal and external intrusion detection systems and establish 24-hour-a-day incident monitoring
9. Perform technical audits of SCADA devices and networks, and any other connected networks, to identify security concerns
10. Conduct physical security surveys and assess all remote sites connected to the SCADA network to evaluate their security
11. Establish SCADA “Red Teams” to identify and evaluate possible attack scenarios
12. Clearly define cyber security roles, responsibilities, and authorities for managers, system administrators, and users
13. Document network architecture and identify systems that serve critical functions or contain sensitive information that require additional levels of protection
14. Establish a rigorous, ongoing risk management process
15. Establish a network protection strategy based on the principle of defense-in-depth
16. Clearly identify cyber security requirements
17. Establish effective configuration management processes
18. Conduct routine self-assessments
19. Establish system backups and disaster recovery plans
20. Senior organizational leadership should establish expectations for cyber security performance and hold individuals accountable for their performance
21. Establish policies and conduct training to minimize the likelihood that organizational personnel will inadvertently disclose sensitive information regarding SCADA system design, operations, or security controls
UFC
UFC
Agenda
•The Case for Developing an Infrastructure Operations Center
•Using modern Information Tools – Building Information Modeling
• IT Security and Information Security
•Understanding Vulnerability and Mitigating Risk
99% Solution
Seven levels of protection1. Logical – Something you know “ Password/PIN” – and don’t write down
2. Metadata – Everything you do in a session is recorded and cannot be erased
3. Geospatial – Are you connecting from a recognized or pre-authorized location
4. Unique Pass Codes – Single use codes or SecureID
5. Physical – CAC, Government issued Identification card
6. Biometric – Finger print, hand, iris, retina scan, facial or voice recognition or a combination
7. AI – Are you doing what you should be doing, are authorized to be doing or are following patterns – based on ATM/Credit Card systems
Clouds Can Be Safe
• Encrypt at rest on local equipment
• Encrypt in transmission
• Encrypt remote storage
• Know where the servers are located and that they are secure
• Partition sensitive information
• Do not consolidate information in one location
• Keep Keys Secure
• Do not reinvent IT
• Trust but verify