Protection Levels, an holistic approach based on...

Protection Levels, an holisticapproach based on IEC62443

siemens.tld/keywordUnrestricted © Siemens AG 2017

Unrestricted © Siemens AG 20172017-03-22 VDE Tagung Funktionale Sicherheit und IT-Sicherheit 2017 Dr. Kobes PD TI AT

Thread through the presentation

IEC 62443 is about technology, process, people1

Protection Levels address installations in operation2

PLs combine Maturity Levels and Security Levels3

PLs are clustered in Security control classes (SCC) and Views4

Protection Levels support in every phase of the IACS lifecycle5

Product suppliers use PLs in an Holistic Security Concept (HSC)6

Unrestricted © Siemens AG 2017

Security is about technology, processes and people

A holistic security protection concept has to include technology, processes and people

VDE Tagung Funktionale Sicherheit und IT-Sicherheit 2017 Dr. Kobes PD TI AT2017-03-22

Competency

Policies and procedures Functional security measures


IEC 62443 addresses all stakeholders for a holistic protection concept

2017-03-22 VDE Tagung Funktionale Sicherheit und IT-Sicherheit 2017 Dr. Kobes PD TI AT

On site / site specific

Off site

operates and maintains

Product Supplier

Asset Owner

Service Provider

Operational policies and procedures

Automation solution

Maintenance policies and procedures

designs and deploysSystem Integrator

Parts of IEC62443

2-43-2

2-1

2-42-3

3-3

4-13-3

4-2

develops products

Industrial Automation and Control System(IACS)

Control functions Safety relatedfunctions

Complementaryfunctions


Onsite / project specific

A holistic security concept is context dependent


Offsite / project independent

ProtectionLevels

CapabilityLevels

How is the solution operated and maintained?How has the automation solution been deployed?

What is technically implemented inthe automation solution?

How have the products been developed?Which capabilities offered by a service provider?

What are the security functionalities ofthe products?


Offsite / project independent

Onsite / project specific

A holistic security concept is context dependent


ProtectionLevels

CapabilityLevels

Policies and procedures• Operational, Maintenance, Integration

Functional security capabilitiesof the Automation Solution

Product Development processService provider capabilities

Functional security capabilitiesof the products

2-1 2-4

3-3

4-1

3-3 4-2

2-4

Asset Owner, System Integrator

Product Supplier, Service Provider


Protection Levels are evaluated with Security Levels and Maturity Levels

VDE Tagung Funktionale Sicherheit und IT-Sicherheit 2017 Dr. Kobes PD TI AT2017-03-22

Protection Levels is a methodology to evaluate the protection of plants in operation

Protection Levels is a combined evaluation of Security and Maturity LevelsMaturity Levels include competence of people


3-3

Functional security capabilitiesof the Automation Solution

2-1 2-4

Policies and procedures• Operational• Maintenance• Integration

ProtectionLevels

Competence


Processes are assessed differently to functional capabilities

2017-03-22

Onsite / site specific

VDE Tagung Funktionale Sicherheit und IT-Sicherheit 2017 Dr. Kobes PD TI AT

IEC 62443-2-1

IEC 62443-2-4

IEC 62443-3-3

Related policies and proceduresMaturity Levels

ML 1 - ML 4

Functional capabilities of theAutomation SolutionSecurity Levels

SL 1 - SL 4


Protection Level (PL)

Protection Levels are the key criteria and cover security functionalitiesand processes


Mat

urity

Leve

l 4

3

2

1

2 3 41

Security Level

PL 2

PL 3

PL 4

PL 1

• Based on IEC 62443-2-4and IEC 62443-2-1 / ISO 27001

• Maturity Level 1 - 4

Security process Security functions• Based on IEC 62443-3-3• Security Level 1-4

2017-03-22


Protection Levels bridges two worlds

Role based access

Network segmentation

Wireless

Firewalls

Authenticator management

Remote access

Event management

Insurance fees

Protection of the plant

Level 1

NON EXPERT

Asset OwnerInsurance companyGovernmental body

Complex, multidimensionalEasy to handle, easy to communicate

IEC 62443-2-1

IEC 62443-3-3

IEC 62443-2-4

IEC 62443-2-3

IEC 62443-4-1

IEC 62443-4-2

Audit trail

Patch management

Back-up / restore

Level 2Level 3

Level 4

Certification Dashboard

Easy to handle

Data encryption

ProtectionLevels

Data integrity

Governmental acts


SCCs and Views have have different granularity

Security Control Classes (SCCs)Views

Complex, multidimensionalEasy to handle, easy to communicate


Protection Levels are assessedin Security Control Classes (SCC) and Views

2017-03-22

Onsite / site specific

IEC 62443-2-1

IEC 62443-2-4

IEC 62443-3-3

SCC / View

Technicalcapabilities

of theAutomation

Solution

Relatedpolicies andprocedures

SCC / View

Technicalcapabilities

of theAutomation

Solution

Relatedpolicies andprocedures



Methodology to evaluate Protection Levels


2. Calculate PL

Can be automated by a tool

1. Evaluate fulfillment of Requirements

Answer fulfillment of each requirement mappedto the SCC or View

IEC 62443-2-1

IEC 62443-2-4

Requirement 1

Requirement n

Yes / ML X, X=1,2,3,4NoN/A


Requirement 1

Requirement n



ML

IEC 62443-3-3

Requirement 1SL X, X=1,2,3,4

Requirement nSL X, X=1,2,3,4

YesNoN/A

YesNoN/A

SL


Views and SCCs have different use cases

NON EXPERT

Asset OwnerInsurance companyGovernmental body

• Level of protection of a plant in operation• How secure is my IACS • Level of risk reduction provided by a

security control class• How effective is a given security

control class in a specific application


ISA-99 WG3 TG3 proposed SCCs

System integrity

Security monitoring

17. Backup / restore / archive16. Malware protection15. Protection of data14. System availability and intended functionality13.Event and incident management12. Authorization and access control11. Identification and authentication10. Portable devices and media9. Secure wireless access8. Secure remote access7. Secure physical access6. System segmentation

management (qualification and installation)5. Patch management (qualification and installation)4. Change management3. Inventory management (hardware and software)2. Security assessments and reviews1. Security related organization and policies

Accountmanagement

System partitioning

Configuration andchange management

Organizationalsupport

Identify

Detect

Protect

Respond

Recover

Securephysical access

Organize security

SecureSolution design

SecureSolution operations

SecureSolution maintenance

Security Control Classes (SCC)Views


Use of protection levels in the specification phase

IACS life cycle

Asset Owner Asset Owner(Service provider)

SystemIntegrator

Asset Owner

Operation / MaintenanceSpecification Integration / Commissioning Decommissioning

Automation solutionProject application

Configuration, User ManagementSecurity measures and settings

Automation solutionSecurity measures and settings

Operational policies andprocedures

Securitytargets Automation solution

Decommissioningpolicies andprocedures

Definition of Security Targets


IACS life cycle


SystemIntegrator

Asset Owner








Use of protection levels in the integration / commissioning phase

Development of a protection concept

Good enough?


IACS life cycle


SystemIntegrator

Asset Owner








Use of protection levels in the operation / maintenance phase

Evaluation / demonstration of security posture Re-assessment of protection concept

Still OK? OK


Holistic Security Concept takes security on the next level -A holistic approach for IT and OT


“What in my businessdo I need to protect?”Identification of the critical business assets is acore component of the concept

“Which level of security do I need?”Security level drives requirements, in alignmentwith IEC 62443, to protect against attacks

“How do I protect the specific assets?”Standards based security solutions are applied toprotect and monitor the critical assets

Handleincidents

Improveprocess

Securityfeatures

EnhanceAwareness

IT -Infrastructure

HSC answers key questions for securityin business HSC addresses 5 levers including the IT

2017-03-22


IEC 62443 addresses all stakeholders for a holistic protection concept



Off site

operates and maintains

Product Supplier

Asset Owner

Service Provider

Operational policies and procedures

Automation solution

Maintenance policies and procedures

designs and deploysSystem Integrator

Parts of IEC62443

2-43-2

2-1

2-42-3

3-3

4-13-3

4-2

develops products

Industrial Automation and Control System(IACS)

Control functions Safety relatedfunctions

Complementaryfunctions


Holistic Security Concept enhances trust in products


Protect your productivity!

Holistic Security Concept

Secure development environment

Secure production environment

• Best-in-class products• The software we developed isexactly what is in your product!

Secure development process

Cutting-edge security functions

PCS 7PLM proc. of DF and PD

TRUSTTRUST


Thank you!

Dr. Pierre Kobes

Product and Solution Security OfficerPD TI AT

E-mail:[email protected]

2017-03-22

siemens.com/industrialsecurity


mailto:[email protected]

Protection Levels, an holistic approach based on...

Documents

Transcript of Protection Levels, an holistic approach based on...