Prezentacja programu PowerPoint...x SCADA - Supervisory Control and Data Acquisition x DCS -...
Transcript of Prezentacja programu PowerPoint...x SCADA - Supervisory Control and Data Acquisition x DCS -...
© 1991 − 2017, CLICO.eu
SCADA Security - how to safely audit and protect Industrial Control Systems?
Mariusz Stawowski, Ph.D.
CISSP, CEH
Technical Director, CLICO
© 1991 − 2017, CLICO.eu © 1991 − 2017, CLICO.eu
CLICO Competence Center
• +35 security and networking experts
• Biggest Security VAD (IDG)
• Security audits, ATC, PS, etc.
• Operating in Central and Eastern Europe:
• POLAND: Kraków HQ
• ROMANIA: Bucharest
• BULGARIA: Sofia
• CROATIA: Zagreb
• SLOVENIA: Ljubljana
• SERBIA: Belgrade
• HUNGARY: Budapest
© 1991 − 2017, CLICO.eu
• SCADA Server with a set of tools for programming and monitoring industrial drivers (including the Historian database)
• PLC - a set of industrial network controllers (eg ProfiNet network controller, ProfiNet islands, logic input and output logic)
• Managed industrial switch with the ability to connect security devices for testing (firewalls, IPS, NBA)
• Security testing station (Rapid7 Nexpose, Metasploit)
SCADA Security Laboratory
© 1991 − 2017, CLICO.eu
Control devices PLC - Programmable Logic Controller PAC - Programmable Automation Controller RTU - Remote Terminal Unit
Industrial machinery and equipment
ICS - Industrial Control System = IACS - Industrial Automation and Control System
Advanced analytics and data storage MES – Manufacturing Execution System APC - Advanced Process Control Data Historian
Visualization, supervision and control SCADA - Supervisory Control and Data Acquisition DCS - Distributive Control System HMI - Human Machine Interface
OT - Operational Technology
Windows, Linux, etc.
SSH / Remote Access, etc.
Web
Databases
SQL-I, XSS
Exploits
Misuse
Malware
© 1991 − 2017, CLICO.eu © 1991 − 2017, CLICO.eu
Example functions of SCADA:
• Visualization, Alarming, Data acquisition
• Centralization and distribution of information
• Complete reporting, etc.
Example functions of MES:
• Process management, quality management
• Resource allocation, labor management
• Product tracking, performance analysis, etc.
More information:
http://www.getcontrolmaestro.com/controlmaestro-en.html
https://www.workwisellc.com/erp-software/what-is-mes/
Why OT connects to „evil" IT
Benefits: improves planning, reduces costs, improves quality, etc.
© 1991 − 2017, CLICO.eu © 1991 − 2017, CLICO.eu
1. We do not use SCADA
We are safe!
2. OT is not connected to Internet
We are safe!
What we learn from the OT staff?
© 1991 − 2017, CLICO.eu
Control devices (PLC, PAC, RTU, etc.)
Visualization, supervision and
control (SCADA, DCS, HMI, etc.)
Advanced analytics and data storage (MES, APC,
Historian, etc.)
WAN
LAN
LAN Internet
VPN
Cameras, IP phones, many
more
OT Maintenance
• How do you manage OT systems? What tools do you use?
• Can OT Maintenace staff connect remotly to OT systems?
• Can "some people" in HQ see how OT works?
© 1991 − 2017, CLICO.eu © 1991 − 2017, CLICO.eu
• Penetration tests are risky!
Only test environment
• Industry standards and security recommendations issued by recognized organizations:
o International Society of Automation (ISA)
o US National Institute of Standards and Technology (NIST)
o UK Centre for the Protection of National Infrastructure (CPNI)
o US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
o US Department of Homeland Security
o SANS Institute
o US Department of Energy
oOthers
How to safely audit Industrial Control Systems?
© 1991 − 2017, CLICO.eu
ANSI/ISA-62443-3-3 (99.03.03)-2013, "Security for industrial automation and control systems", ISA 2013
© 1991 − 2017, CLICO.eu
„Secure
Architecture Design”
– ICS-CERT
Source: https://ics-cert.us-cert.gov/Secure-Architecture-Design
© 1991 − 2017, CLICO.eu
„Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies” - US Department of Homeland Security
Source: https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
© 1991 − 2017, CLICO.eu
„Secure Architecture for Industrial Control Systems”
- SANS Institute
Source: https://www.sans.org/reading-room/whitepapers/ICS/secure-architecture-industrial-control-systems-36327
© 1991 − 2017, CLICO.eu
„Secure Data Transfer Guidance for Industrial Control and SCADA Systems”
- US Department of Energy
Source: http://www.pnnl.gov/main/publications/external/technical_reports/PNNL-20776.pdf
© 1991 − 2017, CLICO.eu
Windows, Linux, etc.
SSH / Remote Access, etc.
Web
Databases
SQL-I, XSS
Exploits
Misuse
Malware
How to protect SCADA/ICS ?
Control devices PLC - Programmable Logic Controller PAC - Programmable Automation Controller RTU - Remote Terminal Unit
Industrial machinery and equipment
ICS - Industrial Control System = IACS - Industrial Automation and Control System
Advanced analytics and data storage MES – Manufacturing Execution System APC - Advanced Process Control Data Historian
Visualization, supervision and control SCADA - Supervisory Control and Data Acquisition DCS - Distributive Control System HMI - Human Machine Interface
OT - Operational Technology
© 1991 − 2017, CLICO.eu
Control devices (PLC, PAC, RTU, etc.)
Visualization, supervision and
control (SCADA, DCS, HMI, etc.)
Advanced analytics and data storage (MES, APC,
Historian, etc.)
WAN
LAN
LAN Internet
VPN
Cameras, IP phones, many
more
OT Maintenance
Industrial/Enterprise DMZ
CLICO colaborates with:
• FW, VPN & IPS • Anti-Malware (Sandbox) • Incident Detection, etc.
© 1991 − 2017, CLICO.eu
Control devices (PLC, PAC, RTU, etc.)
Visualization, supervision and
control (SCADA, DCS, HMI, etc.)
Advanced analytics and data storage (MES, APC,
Historian, etc.)
WAN
LAN
LAN Internet
VPN
Cameras, IP phones, many
more
OT Maintenance
Industrial/Enterprise DMZ
Privileged Access
Security
CLICO colaborates with:
© 1991 − 2017, CLICO.eu
• Many attack vectors (exploits, SQL-I, privilege misuse, etc.)
• Problems installing security patches in production systems
Intruders
Malicious admins and users
Malware
Web Application
Firewall Database
Firewall
Sensitive Data
Maintaining Web & Database security is difficult
© 1991 − 2017, CLICO.eu
Control devices (PLC, PAC, RTU, etc.)
Visualization, supervision and
control (SCADA, DCS, HMI, etc.)
Advanced analytics and data storage (MES, APC,
Historian, etc.)
WAN
LAN
LAN Internet
VPN
Cameras, IP phones, many
more
OT Maintenance
Industrial/Enterprise DMZ
Privileged Access
Security
CLICO colaborates with:
Web & Database Security
© 1991 − 2017, CLICO.eu © 1991 − 2017, CLICO.eu
• SecureSphere Web Application Firewall
• SecureSphere Database Firewall
• SecureSphere Database Activity Monitoring
• User Rights Management for Databases
• Camouflage - Data Masking
• CounterBreach - User Behavior Analytics for
incidents detection
Imperva Web & Database Security
© 1991 − 2017, CLICO.eu
When? Where? Who?
Complete Audit Trail
What? How?
Imperva Web & Database Security Full auditing and visibility into data usage
© 1991 − 2017, CLICO.eu © 1991 − 2017, CLICO.eu
• „Myths" about SCADA/ICS security
• Safe auditing of SCADA/ICS security
• Real and (unfortunately) effective techniques of breaking into SCADA/ICS
• Standards and guidelines issued by recognized world organizations
• Security technologies to enhance the security of SCADA/ICS
Summary
Privileged Access
Security
Web Security
Database Security
Industrial/ Enterprise DMZ • FW, VPN & IPS • Anti-Malware (Sandbox) • Incident Detection, etc.
Other Safeguards
Defense in depth