ABB Process Automation Lifecycle Services, Patrik Boo ......Cyber Security Measures taken to protect...

Cyber Security Fingerprint Secure systems, protect production

ABB Process Automation Lifecycle Services, Patrik Boo

© ABB Group September 24, 2012 | Slide 1

Cyber Security

Measures taken to protect a computer or computer system

(as on the Internet) against unauthorized access or attack*

What is cyber security?

© ABB Group

*Merriam-Webster’s dictionary

Cyber Security Security breaches

© ABB Group

Hacking Malicious software Unauthorized

access


Cyber Security in industrial control systems Stuxnet: the game changer

Stuxnet was the first malware targeting industrial control systems

Bill Would Have Businesses Foot Cost Of Cyberwar Congress would task businesses with increasing cyber security

© ABB Group

Cyber Security Enterprise IT vs. Industrial Control Systems


Availability Integrity

Confidentiality

Enterprise IT



Availability Integrity

Confidentiality

Enterprise IT Industrial Control Systems

Confidentiality Integrity

Availability



Enterprise IT Industrial Control Systems

Primary risk impact Information disclosure, financial Safety, health, environment, financial

Availability 95 – 99% (accept. downtime/year: 18.25 - 3.65 days)

99.9 – 99.999% (accept. downtime/year: 8.76 hrs – 5.25 minutes)

Typical System

Lifetime

3-5 years 15-30 years

Problem response Reboot, patching/upgrade Fault tolerance, online repair

Cyber Security Security cost


The cost of security measures should be balanced

against the achieved risk reduction





Risk = (probability of successful attack) x (potential consequences)



Co

st

Security Level






Probable cost of a

security breach

Co

st

Security Level






Cost of security

Probable cost of a

security breach

Co

st

Security Level






Cost of security

Probable cost of a

security breach

Co

st

Security Level

Optimal security for minimum cost









According to a study by the Ponemon Institute,

the cross-industry average cost

of a cyber security breach

in 2011 was

$5.9 MUSD

Cyber Security Scope and completeness of standards


Design Details

Completeness Operator Manufacturer

Technical

Aspects

Details of

Operations

Relevance

for Manufacturers



IT

Design Details


Technical

Aspects

Details of

Operations

Relevance

for Manufacturers



IT

Design Details


ISO 27K

Technical

Aspects

Details of

Operations

Relevance

for Manufacturers



IT

Design Details

Completeness

NIST 800-53

Operator Manufacturer

ISO 27K

Technical

Aspects

Details of

Operations

Relevance

for Manufacturers



Industrial Automation

IT

Design Details

Completeness

NIST 800-53


ISO 27K

Technical

Aspects

Details of

Operations

Relevance

for Manufacturers




IT

Design Details

Completeness

ISA 99*

NIST 800-53


ISO 27K

Technical

Aspects

Details of

Operations

Relevance

for Manufacturers




IT

Design Details

Completeness

ISA 99*

NIST 800-53


ISO 27K

Technical

Aspects

Details of

Operations

Relevance

for Manufacturers

* Since the closing of the ESCoRTS project, ISA decided to relabel the ISA 99 standard to

ISA 62443 to make the alignment with the IEC 62443 series more explicit and obvious.




IT

Design Details

Completeness

ISA 99*

NIST 800-53


ISO 27K

Technical

Aspects

Details of

Operations

Relevance

for Manufacturers CPNI





Energy


IT

Design Details

Completeness

ISA 99*

NIST 800-53


ISO 27K

Technical

Aspects

Details of

Operations

Relevance






Energy


IT

Design Details

Completeness

ISA 99*

NIST 800-53


ISO 27K

Technical

Aspects

Details of

Operations

Relevance


IEEE P 1686





Energy


IT

Design Details

Completeness

ISA 99*

NIST 800-53

IEC 62351


ISO 27K

Technical

Aspects

Details of

Operations

Relevance


IEEE P 1686





Energy


IT

Design Details

Completeness

ISA 99*

NIST 800-53

IEC 62351

NE

RC

CIP


ISO 27K

Technical

Aspects

Details of

Operations

Relevance


IEEE P 1686



© ABB Group

September 24, 2012 | Slide 28

Sys

tem

Pe

rform

an

ce

Po

ten

tial

Time

Manage

Performance

Gap

Diagnose Implement Sustain

ABB Cyber Security Optimization Diagnose, implement and sustain performance

Benefits:

Consistent – same

everywhere

High and even quality

Repeatable

Based on best

practicies

• Data

• Collect

• Store

• View

• Analyze

• Interpret

• Report

Cyber Security Fingerprint - Service with a defined scope

Mo

nth

|

Sli

© ABB Group

Cyber Security Fingerprint

Provides a comprehensive view of your site’s cyber

security status

Identifies strengths and weaknesses for defending against

an attack within your plant’s control systems

Reduces potential for system and plant disruptions

Increases plant and community protection

Supplies a solid foundation from which to build a

sustainable cyber security strategy

What does the Fingerprint do?

© ABB Group

Cyber Security Fingerprint

Provides a comprehensive view of your site’s cyber

security status

Identifies strengths and weaknesses for defending against

an attack within your plant’s control systems

Reduces potential for system and plant disruptions

Increases plant and community protection

Supplies a solid foundation from which to build a

sustainable cyber security strategy

What does the Fingerprint do?

© ABB Group

It does NOT make the system completely secure.


Cyber Security Fingerprint Security in Depth

Antivirus Solutions



Antivirus Solutions

Security Updates



Antivirus Solutions

Security Updates

Account Management



Antivirus Solutions

Security Updates

Account Management

Computer Policies



Antivirus Solutions

Security Updates

Account Management

Computer Policies

Firewalls and Architecture



Antivirus Solutions

Security Updates

Account Management

Computer Policies


Procedures and Policies



Antivirus Solutions

Security Updates

Account Management

Computer Policies


Procedures and Policies

Physical Security


Cyber Security Fingerprint Key Performance Indicators

Cyber Security Fingerprint Security Logger Data Collection Tool

No installation

No license

Only collect data

All collected data is encrypted


Cyber Security Fingerprint Security Analyzer Tool

Browse all collected data

Generate report

The only tool that can read the encrypted file

Help during hardening


Cyber Security Fingerprint Report: Risk Profile


While the Fingerprint is an indicator of your security status at a given time, any

system, no matter how many precautions are taken, can be compromised.

Cyber Security Fingerprint Summary of findings

If the customer’s data shows the setting to be below

standard, the description and recommendation are

included in the report.


Setting Description Recommendation Minimum password age

There should be a predetermined amount of days a password must be used before the user is allowed to

change it. The number of days can vary between 1 and

998 days, or the user can input 0 to change the password immediately. If a user does not set a minimum password

age, he or she can use passwords repeatedly.

Set the minimum password age value greater than or equal to one day.

Cyber Security Fingerprint Schedule of activities

Analysis (off-site) Delivery (off-site)

Day 1 - 3

Project introduction

meeting

Set up data collection

software

Interview key plant

personnel

Check data and make

configurations

accordingly

Complete data collection

Day 4

Data Analysis

Day 5

Complete report

Expert review

Present findings and

recommended actions

Information Gathering

ABB Process Automation Lifecycle Services, Patrik Boo ......Cyber Security Measures taken to protect...

Documents

Transcript of ABB Process Automation Lifecycle Services, Patrik Boo ......Cyber Security Measures taken to protect...