ABB Process Automation Lifecycle Services, Patrik Boo · PDF file ·...

Cyber SecuritySecure systems, protect production

ABB Process Automation Lifecycle Services, Patrik Boo

© ABB GroupOctober 29, 2013 | Slide 1

Cyber SecurityWhat is cyber security?


Hacking Malicious software Unauthorized use

“Measures taken to protect a computer or computer system(as on the Internet) against unauthorized access or attack”

Merriam-Webster’s dictionary


Cyber Security in industrial control systemsStuxnet: the game changer

Stuxnet was the first malware targeting industrial control systems

Bill Would Have Businesses Foot Cost Of CyberwarCongress would task businesses with increasing cyber security


Cyber SecurityEnterprise IT vs. Industrial Control Systems


AvailabilityIntegrity

Confidentiality

Enterprise IT Industrial Control Systems

ConfidentialityIntegrity

Availability

Enterprise IT Industrial Control Systems

Primary risk impact Information disclosure, financial Safety, health, environment, financial

Availability 95 – 99%(accept. downtime/year: 18.25 - 3.65 days)

99.9 – 99.999%(accept. downtime/year: 8.76 hrs – 5.25 minutes)

Typical SystemLifetime

3-5 years 15-30 years

Problem response Reboot, patching/upgrade Fault tolerance, online repair

Cyber Security

Information Systems Security is a good starting point, but approaches andtechnologies need to be applied with care

Why traditional approaches don’t work


Action ConsequenceLock out accounts after three badpassword tries

Operator has no control over process for 10minutes

Install patches as soon as they arereleased and reboot

A control system reboot means shutting down thewhole plant, and it might take days to geteverything running again

Frequently update antivirus scanengine and virus definitions

False positives might have fatal consequences

Use of crypto functions to protectdata in transit

Real time constraints cannot be met due to limitedresources on embedded devices

Use of firewalls and intrusiondetection systems

Do you speak IEC 60870-5-104, IEC 61850, OPC,HART, ProfiNet, Modbus...

Use of intrusion prevention systems One false positive might have fatal consequences

Cyber SecurityVulnerability disclosure growth by year


0

2000

4000

6000

8000

10000

1996

1997

1998

1999

2000

2001

2002

2003

2004

2005

2006

2007

2008

2009

2010

2011

2012

Source: IBM X-Force®

1 new vulnerability every hour, every day.

Cyber SecuritySecurity cost


Cost of security

Probable cost of asecurity breach

Cos

t

Security Level

Optimal security for minimum cost

§ The cost of security measures should be balancedagainst the achieved risk reduction

§ Risk = (probability of successful attack) x (potential consequences)

“We will bankrupt ourselves in the vain search for absolute security”- Dwight Eisenhower

Cyber SecurityThe airgap myth

§ The one that believe that the system is isolated will not beable to implement the best defense.

© ABB ABOctober 29, 2013 | Slide 10

Procedures and ProtocolsShamoon

§ Destroyed 30.000+ computers.

§ Insider

§ "Not a single drop of oil was lost.“CEO Khalid Al-Falih

§ "In our experience in conductinghundreds of vulnerabilityassessments in the private sector,in no case have we ever found theoperations network, the SCADAsystem or energy managementsystem separated from theenterprise network.On average, we see 11 directconnections between thosenetworks.”Source: Sean McGurk, The Subcommittee onNational Security, Homeland Defense, andForeign Operations May 25, 2011 hearing.


Cyber SecurityIf it’s worth having it’s worth stealing


§ Source Code

§ Diagrams, Plans andBlueprints

§ Design documents andMetrics data

§ Mechanisms forinfrastructureimprovements

§ Certificates andCredentials

Source: MSI Microsolved Inc.

Benefits:

§ Consistent – sameeverywhere

§ High and even quality

§ Repeatable

§ Based on bestpracticies

• Data

• Collect

• Store

• View

• Analyze

• Interpret

• Report

Cyber SecurityFingerprint - Service with a defined scope



SystemPerform

ancePotential

Time

ManagePerformance

Gap

Diagnose Implement Sustain

ABB Cyber Security OptimizationDiagnose, implement and sustain performance

Cyber Security Fingerprint

§ Provides a comprehensive view of your site’s cybersecurity status

§ Identifies strengths and weaknesses for defending againstan attack within your plant’s control systems

§ Reduces potential for system and plant disruptions

§ Increases plant and community protection

§ Supplies a solid foundation from which to build asustainable cyber security strategy

What does the Fingerprint do?


It does NOT make the system completely secure.


Cyber Security FingerprintSecurity in depth

Antivirus SolutionsSecurity UpdatesAccount ManagementComputer PoliciesFirewalls and ArchitectureProcedures and PoliciesPhysical Security

Cyber SecurityScope and completeness of standards


EnergyIndustrial AutomationIT

Design Details

Completeness

ISA 99*

NIST 800-53

IEC 62351

NER

CC

IP

Operator Manufacturer

ISO 27K

TechnicalAspects

Details of

Operations

Relevance

for ManufacturersCPNI

IEEE P 1686

* Since the closing of the ESCoRTS project, ISA decided to relabel the ISA 99 standard toISA 62443 to make the alignment with the IEC 62443 series more explicit and obvious.


Cyber Security FingerprintKey Performance Indicators

Cyber Security FingerprintSpecialiced tools + interview


Cyber Security FingerprintReport with recommendations and action plan


Cyber Security FingerprintRecommendations

§ After raw data is collected with the security logger, it’scompared to the Control System Master Profile todetermine where recommendations are needed.

§ If the customer’s data shows the setting to be belowstandard, the description and recommendation areincluded in the report.


Setting Description RecommendationMinimumpassword age

There should be a predetermined amount of days apassword must be used before the user is allowed tochange it. The number of days can vary between 1and 998 days, or the user can input 0 to change thepassword immediately. If a user does not set aminimum password age, he or she can usepasswords repeatedly.

Set the minimum password agevalue greater than or equal to oneday.

Cyber Security FingerprintReport: Risk Profile


While the Fingerprint is an indicator of your security status at a given time, anysystem, no matter how many precautions are taken, can be compromised.

High risk Low risk

Cyber Security FingerprintControl System Architecture - what to protect


Cyber Security FingerprintSuccess Stories


Cyber Security Fingerprintwww.abb.com


§9A

KK

1054

08A

9402

• Security in the Product Development Process:Requirements, Design, Implementation, Verification

Secure byDesign

• Default installation and usage with minimal attack surface• Built in functions for Defense in Depth

Secure byDefault

• Support for Secure Project and Plant Lifecycle• Validation of 3rd party software and solutions

Secure inDeployment

• Correct information to those who need to knowCommunication

Security for System 800xA for all phasesThe SD3 + C Security Framework

Cyber Security FingerprintPilot results

© ABB Group | Slide ‹#›

Org

aniz

atio

nP

erso

nnel

Acc

ess

Con

trol

Adm

inis

tratio

nM

aint

enan

ceC

ompl

ianc

eP

hysi

cals

ecur

ityP

olic

yen

forc

emen

tP

assw

ords

Use

racc

ount

sA

uditi

ngR

ecov

ery

cons

ole

Inte

ract

ive

logo

nS

yste

man

dde

vice

sN

etw

ork

acce

ssN

etw

ork

secu

rity

Sys

tem

cryp

togr

aphy

Ope

ratin

gS

yste

mS

ecur

ityU

pdat

esO

pen

ports

Ser

vice

sS

hare

sFi

rew

all

Ant

iviru

sS

tartu

pIte

ms

Inst

alle

dap

plic

atio

ns

Cyber SecurityRemote access


Support Center

Internet

Service Center

Virtual Support Engineer

http://www.abb.com/industries/db0003db004061/1667013796c5ae7d85257a9800562157.aspx

ABB Process Automation Lifecycle Services, Patrik Boo · PDF file ·...

Documents

Transcript of ABB Process Automation Lifecycle Services, Patrik Boo · PDF file ·...