Survivability and Recovery of Process Control Systems · 5. 6 Hand Scan. Right Elbow 7. Left Elbow...
Transcript of Survivability and Recovery of Process Control Systems · 5. 6 Hand Scan. Right Elbow 7. Left Elbow...
11
NACIONon-obtrusive Authentication of Critical
Infrastructure Operators
Sam Clements, Mark Hadley,
Tom Edgar, and Cliff Glantz
Pacific Northwest National Laboratory (PNNL)
March 2010
This material is based upon work supported by the U.S. Dept. of Homeland Security under Grant Award Number 2006-CS-001-
000001, under the auspices of the Institute for Information Infrastructure Protection (I3P) research program. The I3P is managed
by Dartmouth College. The views and conclusions contained in this document are those of the authors and should not be
interpreted as necessarily representing the official policies, either expressed or implied, of the U.S. Department of Homeland
Security, the I3P, or Dartmouth College.
The NACIO Team
Project Team Members
• Sam Clements
• Mark Hadley
• Thomas Edgar
Working out of PNNL’s main campus in Richland, Washington
2
3
What is Authentication?
“All information systems
must have a security
mechanism installed that
requires authentication prior
to file access.”
- API 1164
“…Responsible Entity shall
have a policy for managing the
use of such accounts [shared,
generic] that limits access to
only those with authorization,
[and] an audit trail of the
account use …”
- NERC CIP 7 R5.2.3
The process of verifying a user’s identity and
authorization to access a network or its resources.
- NIST 800-53
- NRC RG-5.71
What is Required for Authentication?
• For IT systems we often require:
– Something you know (e.g.; password)
– Something you have (e.g.; security
token, mag. card)
– Something you are (e.g., fingerprints)
4
Control System Authentication Issues
• Authentication restrictions cannot be allowed to:
– impede operator control
– negatively impact control system operation
– negatively impact process/facility critical events
• Immediate access and control are required when
needed – delays cannot be tolerated!
• A forgotten or mistyped password cannot be
allowed to lock up a control system’s human
machine interface!
• So how can authentication be done?
• How much is too much?
5
6
Hand Scan
6
Right Elbow
7
Left Elbow
8
Foot
9
Tongue
10
Finishing up with a Butt Scan
11Thanks to Monsters vs. Aliens (DreamWorks®) and Sam Clements for these images!
Now that’s way too much!
Example Authentication Approach:
NRC Regulatory Guidance
RG 5.71:“Cyber Security Programs for Nuclear Facilities” (11/09)
Requires the following:
• uniquely identify each user
• verify the identity of each user
• disable a user identifier after a predetermined time
period of inactivity
• change and refresh authenticators periodically
• only appropriate officials can issue a user identifier
• ensure that a user identifier is issued to the intended party
12
NRC Authentication (cont)
If a control system cannot support all user
authentication requirements, all of the following
must be implemented:
• physically restrict access to the control
system
• ensure only security qualified and
credentialed individuals have access to
control systems
• monitor and record access to the control
system in a timely manner
• use auditing/validation measures to detect
unauthorized access and modifications to the
control system
13
14
The NACIO Approach
Security Camera
Network Sensor
Control System Network
Operator
Console Network Traffic
Authenticator
PictureBadge + RFID
NACIO InterfacePhysical Access
Control Database
Alert: Critical System Command
15
NACIO Advantages and Security Impact
• NACIO’s Advantages
– Triggers only on critical commands and alarms on a defined
subset of these commands
– Avoids an inundation of data
– Records:
• Network traffic
• Badge info
• Image of operator
– Supports post-incident investigation
• NACIO’s Impact: Reduces Insider Threat
– impression that your activities are being monitored and you
can’t get away without your actions being revealed
– establishes a much higher threshold for malicious acts
16
NACIO Uses COTS Technologies
• Components
– “IDS”
– Cameras
– Badge with RFID
• Advantages
– Readily Available Components
– Fast to Market Bridging the Gap
17
NACIO Wrap-Up
• Does not impact operations
• Helps meet or exceed current standards and
guidance for control system authentication
• Provides an innovative integration of COTS
technologies
• Undergoing testing and refinement at PNNL
• We are seeking partners for technology transfer
Questions?
• For more information, contact one of the following PNNL
NASIO team members:
– Sam Clements
[email protected]; 509-375-3945
– Mark Hadley
[email protected]; 509-375-2298
Your presenter has been Cliff Glantz; [email protected]; 509-375-2166
18