Control System SecurityControl System Security of an update server for automating roll-out of both...

Control System SecurityControl System SecurityTechnology Update Meetings

February, 2011

© ABB Inc.February 27, 2012 | Slide 1

Cyber Security @ ABBy y @

@ ABB GroupFebruary 27, 2012 | slide 2

The foundation of Cyber SecurityWhat does it mean for ABB as an organizationWhat does it mean for ABB as an organization

Organizational priority at top management level

Global cross functional and long term initiative

“(Cyber) Security issues are here to stay” Joe Hogan, CEO ABB Group, ABB Automation and Power World, 2011

Global, cross-functional and long-term initiativeFormally established - it is not just a side taskStarts with improving operational readiness

ess

rchnt

nse

rity

ngmen

tor

t

nal ch

Aw

aren

e

Res

ear

Inci

den

Res

pon

IT S

ecur

Trai

nin

Man

agm

Supp

o

Exte

rnO

utre

a


Corporate foundation

Group Cyber Security CouncilOrganizationOrganization

Group Head of Cyber Security

Head of Cyber Security Head of Cyber Security Head of Cyber Security Head of Cyber Securityead o Cybe Secu ty

PS / PPead o Cybe Secu ty

PAead o Cybe Secu ty

DMead o Cybe Secu ty

LP

Cyber Security Manager

Power GenerationCyber Security Manager

Control Technologies


Substation Automation



Oil, Gas & Petrochemicals

g



Network Mgmt

y y g

Grid SystemsCyber Security Manager

Service


Global cyber security demandThe ABB perspectiveThe ABB perspective

High demand seen by ABB, requirements clear

Little demand seen by ABB, requirements unclear


Map does not reflect global players such as BP, ExxonMobil, Shell, Daimler

February 27, 2012

Product Lifecycle - VerificationABB’s device security assurance centerABB s device security assurance center

Achilles S t llit

Vulnerability Assessment

Flooding Mu8000

Satellite

Device Profiling

ABB proprietary

tools

Formally established centralized & independent testing facilityFormalized part of all device developmentFormalized part of all device development Assures well-defined, consistent approachUtilizes commercial, open-source and proprietary toolsIn 2010: > 120 tests performed


In 2010: > 120 tests performed

Customer SupportSecurity Patch ValidationSecurity Patch Validation

Start ABB CycleSecond Tuesday of the Month (Microsoft

patch release)

Publish relevance and test plan (~ 2

days)

3rd party releases patch (e.g. Adobe), will be tested in next

cycle.

3rd party releases patch (e.g. Oracle), will be tested in next

cycle

Publish validation

results (~14 d )


cycle.days)

Plant Lifecycle - MaintenanceVulnerability handling & Incident response

Minimize customer risk

Vulnerability handling & Incident response

InformationCollection

This requires Cultural change: Accept that vulnerabilities exist

Co

Collection

Triageg p

(having a vulnerability is acceptable, improperly handling them is not!)

Formal processes and policiesP i ti t th i ht ti

omm

unic

Investigation

Proper communication at the right time

ABB has established a formal process and vulnerability handling has top priority

cationResolution

vulnerability handling has top priority

To report a vulnerability: b it @ h bb

Release


[email protected]

Cyber Security for Industrial y yControl Systems


Why is cyber security an issue?

Isolateddevices

Point to pointinterfaces

Proprietarynetworks

StandardEthernet/IP-

based networks

Inter-connectedsystems

Distributedsystems

Modern automation, protection and control systems leverage commercial off the shelf IT components use standardized IP based communication protocolsuse standardized, IP based communication protocols are distributed and highly interconnected use mobile devices and storage media are highly specialized IT systems


What are the unique challenges?

Enterprise IT Industrial Control Enterprise IT Systems

Object under protection Information Physical process

Risk impact Information disclosure, financial loss

Safety, health, environment, financial

Main security Confidentiality Privacy Availability Privacyobjective Confidentiality, Privacy Availability, Privacy

Security focus Central Servers(fast CPU, lots of memory, …)

Distributed System(possibly limited resources)

95 99% 99 9 99 999%Availability requirements

95 – 99% (accept. downtime/year: 18.25 - 3.65 days)

99.9 – 99.999%(accept. downtime/year: 8.76 hrs –5.25 minutes)

System 3 – 10 Years 5 – 25 Years


Lifetime 3 10 Years 5 25 Years

Cyber Security vs. SafetySimilar but differentSimilar but different

Cyber Security = Safety Both require(d) a culture change Both are all about processes Both require training Both require top management support

Cyber Security ≠ Safety Safety is static and predictable (threats don’t change) Cyber Security is constantly changing (threats change) For Cyber Security the attacker evolves Safety solutions can be certified


Demand for Cyber SecurityBy industry and applicationsBy industry and applications

Customers1 Network Management (EMS, SCADA)

2 Process Automation (Oil & Gas)

4 Substation Automation

3 Power Generation DCS

21High demand

3Low demand

Standards &

4


VendorsStandards &

Regulations

How big is the risk?Potential consequencesPotential consequences

Blackout in North America (2003)Not a c ber attack•Not a cyber attack

•50 million people without power•Blackout lasted 2 days•At least11 people dead•Estimted costs 6 Billion US$•Estimted costs 6 Billion US$

Texas City Refinery Explosion (2005)•Not a cyber attack•Poor alarm management•Poor alarm management•15 people dead, 170 injured•Estimated costs exceed 500 Million US$

Stuxnet (2010)S u e ( 0 0)•Cyber attack•100’000+ hosts infected•Delayed nuclear program of Iran by 1 – 2 years•Estimated costs for Control System Vendor unclear


How big is the risk?

Stephen Cummings, director of the British government's Centre for the Protection of National InfrastructureNational Infrastructure,

“Cyberterrorism is a myth”

Denial Panic

Reality

Cyber incidents are real and cyber security for

Reality

industrial control systems must be taken seriously

but it is a challenge that can be met


NERC-CIP Compliancep


NERC – CIP Update What Version of NERC CIP?What Version of NERC CIP?

Version 4 of the CIP StandardsCurrent Plan:

Version 4 does NOT go into effect CIP-002-4 through CIP-009-4 do not become effective.

Version 3 to remain in effect until Version 5CIP 002 3 th h CIP 009 3 i i ff t d t ti d CIP-002-3 through CIP-009-3 remain in effect and are not retired until the effective date of the Version 5 CIP Cyber Security Standards under this implementation plan.

Version 5 of the CIP Standards of the Cyber SecurityVersion 5 of the CIP Standards of the Cyber Security Standards is currently posted on the NERC website.


NERC – CIP Update Transition – Version 5 is ComingTransition Version 5 is Coming

Implementation Plan for Version 5 of CIP Cyber Security StandardsImplementation Plan for Version 5 of CIP Cyber Security Standards


NERC – CIP Update NERC CIP NEW for Version 4 & 5

NERC-CIP Revision 4 – Bright Line replaces

NERC CIP NEW for Version 4 & 5

ambiguous approach Transmission lines operating at greater than 300-500

KV depending on their connectivityKV, depending on their connectivity,

Reactive power assets larger than 1000 MVAR,

Generation sites larger than 1500 MW in a single g ginterconnection,

Certain assets essential to Blackstart capabilities,

A t bl t t ti ll h d l d f 300MW Assets able to automatically shed load of 300MW or more, and

A number of types of Control Centers.


NERC – CIP Update New “Levels of Impact” to Bulk Electric System for V5New Levels of Impact to Bulk Electric System for V5

High Impact Large Control Centers

CIP-003 through 009+

Medium Impact Medium Impact Generation and Transmission

Other Control Centers

Similar to CIP-003 to 009 v4

All other BES Cyber SystemsSecurity Policy Security Policy

Security Awareness

Incident Response


Boundary Protection

NERC – CIP Update Needs & ChallengesNeeds & Challenges

Protecting plant systems against current & future security th tthreats

Demonstrating & maintaining compliance with NERC CIP standards

Managing operational reliability requirements

Implementing security consistently across the fleet

Managing security & compliance programs with existing Managing security & compliance programs with existing resources


ABB Foundational Solutions


Main Challenges for End Users

WHY to protect WHAT from WHOM and HOW

Assessment of existing systems

Making cyber security part of risk management process

Definition of security requirements for vendors & system integratorsDefinition of security requirements for vendors & system integrators

Operation and management of security architectureContinuous monitoring of the infrastructureR l l i f l filRegular analysis of log filesRegular reevaluation of security architecture Continuous threat modeling & risk managementDevelopment of IT-security policies and processesDevelopment of IT-security policies and processes

Training of employees

Evaluation and planning of “new” costs


Don’t fall for myths

Cyber security is only an issue for TCP/IP based systemssystems

Serial links are just as vulnerable Even isolated systems have entry points

(e.g. portable media)

Cyber attacks will not come from within the physical perimeter because a physical attack would be easier

C b tt k b h hi ti t d Cyber attack can be much more sophisticated Substation could be used as entry point into system Cyber attack can be “accidental”

Security of “isolated” systems Most systems are NOT really isolated Virtual connections always exists (e.g. portable media,


laptops)

ABB Foundation Security SolutionsUser Roles, Access Control and HardeningUser Roles, Access Control and Hardening

Establish hierarchy of Accounts (operator, tech, admin, etc)

Domain wide policy to enforce:

Password Requirements and Role Association

Define Remote Access Sec rit Define Remote Access Security

Operator Group Policy that restricts access to Desktop and Applications

Provide hardening services as applicable

Close un-necessary ports

Disable non essential services Disable non-essential services

Establish minimum required software components


ABB Foundation Security SolutionsPatch & Anti-Malware ManagementPatch & Anti Malware Management

Monthly distribution of patches on DVD

Optional service under ServiceGrid Software Support

On-site services to deploy and document patches

Installation of an update server for automating roll-out of both Windows Security Patches and Anti-Virus updates

Application Whitelisting


ABB Foundation Security SolutionsConfiguration Change ManagementConfiguration Change Management

Enable Security Event logging

Set-Up a maintenance back-up schedule

Audit Trail Feature logs specified events and includes time stamp when changes were made, which changes were p g , gmade, on which node the changes were made and who made the changes.

Installation of a security event log server for automating y g gcollection and reporting.


ABB Foundation Security SolutionsCompliance Documentation ServiceCompliance Documentation Service

ABB can work to develop custom documentation for i l i i NERC CIP C li Pinclusion in a NERC-CIP Compliance Program

Documents compile information from multiple sources and also include project specific instructions

Examples include:

Password change procedures

Back up and Restore procedures Back-up and Restore procedures

Detail of node software components

User Maintenance Instructions

Detailed reporting on Ports and Services


ABB Foundation Security SolutionsDisaster RecoveryDisaster Recovery

Disk Imaging and selective application Back Up/Restores iblare possible

Set-up scheduled back up routine

Can use Local or Network Access Storage (NAS) devicesg ( )

Comprehensive documentation developed for customer use in the event of performing a recovery.

On Line imaging software with Server Based storage array On-Line imaging software with Server Based storage array.

Server can be set-up as image backup testing bed


Industrial Defender Partnership


ABB - Industrial Defender Partnership

Unquestioned expert in securing the systems we build. That’s

our focus – delivering inherently secure systems for

industrial and power

Combined know-how

True integrationindustrial and power automation

g

Aligned technologies

Tested and verified solutions

Unified support

Efficient, effective and sustainable cyber securityLeader in developing platform- sustainable cyber security

solutionsp g p

agnostic technologies that monitor, manage and protect

automation systems – centrally, and across mixed For more information visit


environmentsFor more information visit

www.abb.com/cybersecurity & www.industrialdefender.com

Monitor – Manage – ProtectUnified approach to security & complianceUnified approach to security & compliance

• Monitor security & health activity in real-time

• Manage critical activity, including configurations, changes, policy and security events

• Protect against threats to vital automation systems

Enhancing operational excellence, sustaining it & li



security & compliancesecurity & compliance

MonitorReal-time monitoring across system infrastructure

Customer goals• Monitor across automation systems networks

Real time monitoring across system infrastructure

• Monitor across automation systems, networks and applications

• Identify & respond to events that threaten operational excellence, security and compliance

Industrial Defender capabilities• Collect the events that matter• Collect the events that matter • Real-time visibility into performance

degradation, operational and system health, critical changes and security events

Industrial Defender technology• Security event management (SEM)• Automation system agents


• Automation system agents• Network intrusion detection system (NIDS)

ManageManaging critical activity across the infrastructureManaging critical activity across the infrastructure

Customer goals• Reduce the manual effort of collection of• Reduce the manual effort of collection of

configuration, system status, security events and logs

• Enable and ongoing internal and external compliance posture

Industrial Defender capabilities• Collect the events that matter enabling• Collect the events that matter, enabling

monitoring, understanding and response• Analyze and report on activity to demonstrate

compliance with established policies

Industrial Defender technology• Compliance Manager• Automation system agents


• Automation system agents

ProtectDefend against threats to the automation infrastructureDefend against threats to the automation infrastructure

Customer goals• Implement a defense-in-depth layered• Implement a defense-in-depth, layered

security strategy

Industrial Defender capabilitiesp• Enforce policies to protect against rogue

applications• Establish hardened and segmented electronic

security perimeterssecurity perimeters• Enact secure access and authentication at

remote sites

Industrial Defender technology• Host intrusion prevention system (HIPS)• Automation system agents• Unified threat management (UTM)


• Unified threat management (UTM)• Secure remote access & authentication

Monitor – Manage – ProtectUnified approach to security & complianceUnified approach to security & compliance

• Monitor security & health activity in real-time

• Manage critical activity, including configurations, changes, policy and security events

• Protect against threats to vital automation systems




security & compliancesecurity & compliance

ABB & Industrial Defender


Security & Compliance ManagementFleet ManagementFleet ManagementStrategic approach for long-term sustainability & operational excellence

agem

ent

Flee

t Man Monitor, Manage

& Protect Services• Program Mgt.• Managed Svcs.

F

Technology• MMP

Solutions• SEM, CM,

HIPSHIPS

FoundationalServices


Industrial DefenderExperience across many automation environmentsp y

• Security performance monitoringo ABB 800xA, ABB Symphony/Harmony,

ABB Infi90, ABB Network Manager, ABB

• Operating systemso HP-UX PA-RISC & Itaniumo WinNT, W2K, XP, Win 7, W2003, W2008

FACTS and ABB SYS600C & MicroSCADA

o Automsoft RAPID Historiano Areva EMSo Emerson DeltaV and Emerson Ovation

o WinNT, W2K, XP, Win 7, W2003, W2008o Linuxo DEC Tru-64o Sun Solariso IBM AIX

o Emerson DeltaV and Emerson Ovationo Emerson/Westinghouse WDPFo GE XA / 21o Foxboro I/A Serieso Honeywell Experion

• Industrial ruleso DNP3o Modbus

ICCPy p

o Itron OpenWay Systemo Rockwell RSView, o Schneider Momentum, Quantumo Siemens PCS7

o ICCPo IEC o Siemens S7 Protocolo TCP/IP

o Yokogawa Centrum CS 3000


Conclusion


Conclusions

Cyber security for critical infrastructures must become a high priority item for all involved stakeholderspriority item for all involved stakeholders

Modern control systems bring new challenges in the form of increased connectivity and protection privacy of end user datauser data

Effective cyber security solutions require a joint effort by vendors, integrators, operating system providers, end users and governmentsusers and governments

Effective cyber security will require solutions that cover both legacy and new installations

Security is about risk management - perfect security is neither existent nor economically feasible


Contact informationQuestions, Comments, etc.Questions, Comments, etc.

[email protected]

www.abb.com/cybersecurity


Control System SecurityControl System Security of an update server for automating roll-out of both...

Documents

Transcript of Control System SecurityControl System Security of an update server for automating roll-out of both...