Protection Levels, an holistic approach based on...
Transcript of Protection Levels, an holistic approach based on...
Protection Levels, an holisticapproach based on IEC62443
siemens.tld/keywordUnrestricted © Siemens AG 2017
Unrestricted © Siemens AG 20172017-03-22 VDE Tagung Funktionale Sicherheit und IT-Sicherheit 2017 Dr. Kobes PD TI ATPage 2
Thread through the presentation
IEC 62443 is about technology, process, people1
Protection Levels address installations in operation2
PLs combine Maturity Levels and Security Levels3
PLs are clustered in Security control classes (SCC) and Views4
Protection Levels support in every phase of the IACS lifecycle5
Product suppliers use PLs in an Holistic Security Concept (HSC)6
Unrestricted © Siemens AG 2017
Security is about technology, processes and people
Page 3
A holistic security protection concept has to include technology, processes and people
VDE Tagung Funktionale Sicherheit und IT-Sicherheit 2017 Dr. Kobes PD TI AT2017-03-22
Competency
Policies and procedures Functional security measures
Unrestricted © Siemens AG 2017
IEC 62443 addresses all stakeholders for a holistic protection concept
2017-03-22Page 4 VDE Tagung Funktionale Sicherheit und IT-Sicherheit 2017 Dr. Kobes PD TI AT
On site / site specific
Off site
operates and maintains
Product Supplier
Asset Owner
Service Provider
Operational policies and procedures
Automation solution
Maintenance policies and procedures
designs and deploysSystem Integrator
Parts of IEC62443
2-43-2
2-1
2-42-3
3-3
4-13-3
4-2
develops products
Industrial Automation and Control System(IACS)
Control functions Safety relatedfunctions
Complementaryfunctions
Unrestricted © Siemens AG 20172017-03-22 VDE Tagung Funktionale Sicherheit und IT-Sicherheit 2017 Dr. Kobes PD TI ATPage 5
Thread through the presentation
IEC 62443 is about technology, process, people1
Protection Levels address installations in operation2
PLs combine Maturity Levels and Security Levels3
PLs are clustered in Security control classes (SCC) and Views4
Protection Levels support in every phase of the IACS lifecycle5
Product suppliers use PLs in an Holistic Security Concept (HSC)6
Unrestricted © Siemens AG 2017
Onsite / project specific
A holistic security concept is context dependent
2017-03-22 VDE Tagung Funktionale Sicherheit und IT-Sicherheit 2017 Dr. Kobes PD TI ATPage 6
Offsite / project independent
ProtectionLevels
CapabilityLevels
How is the solution operated and maintained?How has the automation solution been deployed?
What is technically implemented inthe automation solution?
How have the products been developed?Which capabilities offered by a service provider?
What are the security functionalities ofthe products?
Unrestricted © Siemens AG 2017
Offsite / project independent
Onsite / project specific
A holistic security concept is context dependent
2017-03-22 VDE Tagung Funktionale Sicherheit und IT-Sicherheit 2017 Dr. Kobes PD TI ATPage 7
ProtectionLevels
CapabilityLevels
Policies and procedures• Operational, Maintenance, Integration
Functional security capabilitiesof the Automation Solution
Product Development processService provider capabilities
Functional security capabilitiesof the products
2-1 2-4
3-3
4-1
3-3 4-2
2-4
Asset Owner, System Integrator
Product Supplier, Service Provider
Unrestricted © Siemens AG 20172017-03-22 VDE Tagung Funktionale Sicherheit und IT-Sicherheit 2017 Dr. Kobes PD TI ATPage 8
Thread through the presentation
IEC 62443 is about technology, process, people1
Protection Levels address installations in operation2
PLs combine Maturity Levels and Security Levels3
PLs are clustered in Security control classes (SCC) and Views4
Protection Levels support in every phase of the IACS lifecycle5
Product suppliers use PLs in an Holistic Security Concept (HSC)6
Unrestricted © Siemens AG 2017
Protection Levels are evaluated with Security Levels and Maturity Levels
Page 9 VDE Tagung Funktionale Sicherheit und IT-Sicherheit 2017 Dr. Kobes PD TI AT2017-03-22
Protection Levels is a methodology to evaluate the protection of plants in operation
Protection Levels is a combined evaluation of Security and Maturity LevelsMaturity Levels include competence of people
On site / site specific
3-3
Functional security capabilitiesof the Automation Solution
2-1 2-4
Policies and procedures• Operational• Maintenance• Integration
ProtectionLevels
Competence
Unrestricted © Siemens AG 2017
Processes are assessed differently to functional capabilities
2017-03-22Page 10
Onsite / site specific
VDE Tagung Funktionale Sicherheit und IT-Sicherheit 2017 Dr. Kobes PD TI AT
IEC 62443-2-1
IEC 62443-2-4
IEC 62443-3-3
Related policies and proceduresMaturity Levels
ML 1 - ML 4
Functional capabilities of theAutomation SolutionSecurity Levels
SL 1 - SL 4
Unrestricted © Siemens AG 2017
Protection Level (PL)
Protection Levels are the key criteria and cover security functionalitiesand processes
VDE Tagung Funktionale Sicherheit und IT-Sicherheit 2017 Dr. Kobes PD TI AT
Mat
urity
Leve
l 4
3
2
1
2 3 41
Security Level
PL 2
PL 3
PL 4
PL 1
• Based on IEC 62443-2-4and IEC 62443-2-1 / ISO 27001
• Maturity Level 1 - 4
Security process Security functions• Based on IEC 62443-3-3• Security Level 1-4
2017-03-22Page 11
Unrestricted © Siemens AG 20172017-03-22 VDE Tagung Funktionale Sicherheit und IT-Sicherheit 2017 Dr. Kobes PD TI ATPage 12
Thread through the presentation
IEC 62443 is about technology, process, people1
Protection Levels address installations in operation2
PLs combine Maturity Levels and Security Levels3
PLs are clustered in Security control classes (SCC) and Views4
Protection Levels support in every phase of the IACS lifecycle5
Product suppliers use PLs in an Holistic Security Concept (HSC)6
Unrestricted © Siemens AG 2017
Protection Levels bridges two worlds
Page 13
Role based access
Network segmentation
Wireless
Firewalls
Authenticator management
Remote access
Event management
Insurance fees
Protection of the plant
Level 1
NON EXPERT
Asset OwnerInsurance companyGovernmental body
Complex, multidimensionalEasy to handle, easy to communicate
IEC 62443-2-1
IEC 62443-3-3
IEC 62443-2-4
IEC 62443-2-3
IEC 62443-4-1
IEC 62443-4-2
Audit trail
Patch management
Back-up / restore
Level 2Level 3
Level 4
Certification Dashboard
Easy to handle
Data encryption
ProtectionLevels
Data integrity
Governmental acts
Unrestricted © Siemens AG 2017
SCCs and Views have have different granularity
Page 14
Security Control Classes (SCCs)Views
Complex, multidimensionalEasy to handle, easy to communicate
Unrestricted © Siemens AG 2017
Protection Levels are assessedin Security Control Classes (SCC) and Views
2017-03-22Page 15
Onsite / site specific
IEC 62443-2-1
IEC 62443-2-4
IEC 62443-3-3
SCC / View
Technicalcapabilities
of theAutomation
Solution
Relatedpolicies andprocedures
SCC / View
Technicalcapabilities
of theAutomation
Solution
Relatedpolicies andprocedures
VDE Tagung Funktionale Sicherheit und IT-Sicherheit 2017 Dr. Kobes PD TI AT
Unrestricted © Siemens AG 2017
Methodology to evaluate Protection Levels
2017-03-22Page 16 VDE Tagung Funktionale Sicherheit und IT-Sicherheit 2017 Dr. Kobes PD TI AT
2. Calculate PL
Can be automated by a tool
1. Evaluate fulfillment of Requirements
Answer fulfillment of each requirement mappedto the SCC or View
IEC 62443-2-1
IEC 62443-2-4
Requirement 1
Requirement n
Yes / ML X, X=1,2,3,4NoN/A
Yes / ML X, X=1,2,3,4NoN/A
Requirement 1
Requirement n
Yes / ML X, X=1,2,3,4NoN/A
Yes / ML X, X=1,2,3,4NoN/A
ML
IEC 62443-3-3
Requirement 1SL X, X=1,2,3,4
Requirement nSL X, X=1,2,3,4
YesNoN/A
YesNoN/A
SL
Unrestricted © Siemens AG 2017
Views and SCCs have different use cases
Page 17
NON EXPERT
Asset OwnerInsurance companyGovernmental body
• Level of protection of a plant in operation• How secure is my IACS • Level of risk reduction provided by a
security control class• How effective is a given security
control class in a specific application
Unrestricted © Siemens AG 2017
ISA-99 WG3 TG3 proposed SCCs
Page 18
System integrity
Security monitoring
17. Backup / restore / archive16. Malware protection15. Protection of data14. System availability and intended functionality13.Event and incident management12. Authorization and access control11. Identification and authentication10. Portable devices and media9. Secure wireless access8. Secure remote access7. Secure physical access6. System segmentation
management (qualification and installation)5. Patch management (qualification and installation)4. Change management3. Inventory management (hardware and software)2. Security assessments and reviews1. Security related organization and policies
Accountmanagement
System partitioning
Configuration andchange management
Organizationalsupport
Identify
Detect
Protect
Respond
Recover
Securephysical access
Organize security
SecureSolution design
SecureSolution operations
SecureSolution maintenance
Security Control Classes (SCC)Views
Unrestricted © Siemens AG 20172017-03-22 VDE Tagung Funktionale Sicherheit und IT-Sicherheit 2017 Dr. Kobes PD TI ATPage 19
Thread through the presentation
IEC 62443 is about technology, process, people1
Protection Levels address installations in operation2
PLs combine Maturity Levels and Security Levels3
PLs are clustered in Security control classes (SCC) and Views4
Protection Levels support in every phase of the IACS lifecycle5
Product suppliers use PLs in an Holistic Security Concept (HSC)6
Unrestricted © Siemens AG 2017
Use of protection levels in the specification phase
Page 20
IACS life cycle
Asset Owner Asset Owner(Service provider)
SystemIntegrator
Asset Owner
Operation / MaintenanceSpecification Integration / Commissioning Decommissioning
Automation solutionProject application
Configuration, User ManagementSecurity measures and settings
Automation solutionSecurity measures and settings
Operational policies andprocedures
Securitytargets Automation solution
Decommissioningpolicies andprocedures
Definition of Security Targets
Unrestricted © Siemens AG 2017
IACS life cycle
Asset Owner Asset Owner(Service provider)
SystemIntegrator
Asset Owner
Operation / MaintenanceSpecification Integration / Commissioning Decommissioning
Automation solutionProject application
Configuration, User ManagementSecurity measures and settings
Automation solutionSecurity measures and settings
Operational policies andprocedures
Securitytargets Automation solution
Decommissioningpolicies andprocedures
Use of protection levels in the integration / commissioning phase
Page 21
Development of a protection concept
Good enough?
Unrestricted © Siemens AG 2017
IACS life cycle
Asset Owner Asset Owner(Service provider)
SystemIntegrator
Asset Owner
Operation / MaintenanceSpecification Integration / Commissioning Decommissioning
Automation solutionProject application
Configuration, User ManagementSecurity measures and settings
Automation solutionSecurity measures and settings
Operational policies andprocedures
Securitytargets Automation solution
Decommissioningpolicies andprocedures
Use of protection levels in the operation / maintenance phase
Page 22
Evaluation / demonstration of security posture Re-assessment of protection concept
Still OK? OK
Unrestricted © Siemens AG 20172017-03-22 VDE Tagung Funktionale Sicherheit und IT-Sicherheit 2017 Dr. Kobes PD TI ATPage 23
Thread through the presentation
IEC 62443 is about technology, process, people1
Protection Levels address installations in operation2
PLs combine Maturity Levels and Security Levels3
PLs are clustered in Security control classes (SCC) and Views4
Protection Levels support in every phase of the IACS lifecycle5
Product suppliers use PLs in an Holistic Security Concept (HSC)6
Unrestricted © Siemens AG 2017
Holistic Security Concept takes security on the next level -A holistic approach for IT and OT
VDE Tagung Funktionale Sicherheit und IT-Sicherheit 2017 Dr. Kobes PD TI AT
“What in my businessdo I need to protect?”Identification of the critical business assets is acore component of the concept
“Which level of security do I need?”Security level drives requirements, in alignmentwith IEC 62443, to protect against attacks
“How do I protect the specific assets?”Standards based security solutions are applied toprotect and monitor the critical assets
Handleincidents
Improveprocess
Securityfeatures
EnhanceAwareness
IT -Infrastructure
HSC answers key questions for securityin business HSC addresses 5 levers including the IT
2017-03-22Page 24
Unrestricted © Siemens AG 2017
IEC 62443 addresses all stakeholders for a holistic protection concept
2017-03-22Page 25 VDE Tagung Funktionale Sicherheit und IT-Sicherheit 2017 Dr. Kobes PD TI AT
On site / site specific
Off site
operates and maintains
Product Supplier
Asset Owner
Service Provider
Operational policies and procedures
Automation solution
Maintenance policies and procedures
designs and deploysSystem Integrator
Parts of IEC62443
2-43-2
2-1
2-42-3
3-3
4-13-3
4-2
develops products
Industrial Automation and Control System(IACS)
Control functions Safety relatedfunctions
Complementaryfunctions
Unrestricted © Siemens AG 2017
Holistic Security Concept enhances trust in products
2017-03-22Page 26 VDE Tagung Funktionale Sicherheit und IT-Sicherheit 2017 Dr. Kobes PD TI AT
Protect your productivity!
Holistic Security Concept
Secure development environment
Secure production environment
• Best-in-class products• The software we developed isexactly what is in your product!
Secure development process
Cutting-edge security functions
PCS 7PLM proc. of DF and PD
TRUSTTRUST
Unrestricted © Siemens AG 2017
Thank you!
Dr. Pierre Kobes
Product and Solution Security OfficerPD TI AT
E-mail:[email protected]
2017-03-22Page 27
siemens.com/industrialsecurity
VDE Tagung Funktionale Sicherheit und IT-Sicherheit 2017 Dr. Kobes PD TI AT