1 / 27

Ten Steps To Secure Control Systems

Ten Steps To Secure Control Systems. APPA 2005 Conference Session: Securing SCADA Networks from Cyber Attacks Memphis, TN April 18, 2005 Jay Abshier, CBCP CISSP KEMA, Inc . jay.abshier@kema.com. Ten Steps To Secure Control Systems. Threats? Why take action?

donal
Télécharger la présentation

Ten Steps To Secure Control Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ten Steps To Secure Control Systems APPA 2005 Conference Session: Securing SCADA Networks from Cyber Attacks Memphis, TN April 18, 2005 Jay Abshier, CBCP CISSP KEMA, Inc. jay.abshier@kema.com

  2. Ten Steps To Secure Control Systems • Threats? • Why take action? • What Can You Do Now? -The Ten Steps • NERC Standards • Questions

  3. Threats – In Order of Decreasing Probability • Worms and Viruses • Internal – Acts of Omission • Internal – Acts of Commission • External – Acts of Commission

  4. Why Take Action? • If a vulnerability is exploited, in most cases the impact is a negative effect on the primary function of the control system – a failure. • A failure of one component of a system increases the probability of another component failure occurring or of becoming a critical factor. • Most catastrophic failures involve two or more components of a system. Frequently, one of the failed components is either a human action/inaction or the control system. • “Reliability @Risk: A New Paradigm for Assessing Reliability”, December 2004, The Electricity Journal

  5. Why Take Action? • Improved Reliability • Increased Safety

  6. Ten Steps To Secure Control Systems • Governance • Security Awareness & Training • Policies & Procedures • Change Management • Secure Architecture • Remote Access • Vulnerability & Risk Assessments • Incident Response • Configuration & Patch Management • Monitoring

  7. Ten Steps To Secure Control Systems • Governance • Security Awareness & Training • Policies & Procedures • Change Management • Secure Architecture • Remote Access • Vulnerability & Risk Assessments • Incident Response • Configuration & Patch Management • Monitoring Paper and Presentation discussing all ten available on request. Our Focus

  8. What Can You Do Now? • 5. Secure Architecture • Identify your critical assets. • Define the electronic perimeter for your control environment that includes those assets • Isolate the control environment using firewall(s) and DMZ(s). • No access by default. • All Communications terminate at the DMZ.

  9. Secure Architecture To Corporate Network Plant Information Network (PIN) Other Plant Information Servers Users Relational Database Real time Historian DMZ Firewall Terminal Server Web Server Database Plant Control Network (PCN) Application Server Historian Operator Displays

  10. What Can You Do Now? • 5. Secure Architecture (cont’d) • Don’t allow browsing of the internet from the control environment. • Don’t allow email into the control environment. • Sending email out will be ok. • Take steps to keep unauthorized devices out. • Avoid wireless

  11. What Can You Do Now? • 5. Secure Architecture • Wireless • WEP is useless • WPA • Good encryption. Device Authentication available. • Vulnerable to DOS attack. • Devices capable of WEP should be upgradeable to WPA with firmware upgrade. • Think of wireless as remote access.

  12. What Can You Do Now? • 5. Secure Architecture • Wireless • 802.11i is best solution, but requires new hardware if you already have wireless installed. • AES encryption, device authentication available, supposed to not be vulnerable to DOS attack. • Cisco calls 802.11i WPA2. • www.wi-fiplanet.com/tutorials

  13. What Can You Do Now? • 6. Remote Access • Should be severely restricted. • Try to never allow devices on the outside to become part of Control Network • DMZ Application Servers • Terminal Servers and Citrix are good choices for access.

  14. Remote Access To Corporate Network Plant Information Network (PIN) Other Plant Information Servers Users Relational Database Real time Historian DMZ Firewall Terminal Server Web Server Database Plant Control Network (PCN) Application Server Historian Operator Displays

  15. What Can You Do Now? • 6. Remote Access • VPNs • IPsec VPNs using 3DES or AES encryption are good choice if DMZ App servers and Terminal Servers not available. • Be Aware that the Client computer becomes part of the Control Environment. • Do not allow split tunneling. • Try to require anti-virus and personal firewalls. • Try to enforce patch levels on software.

  16. What Can You Do Now? • 6. Remote Access • Modems • Avoid auto answer dial in modems. • Dial back modems and encrypting modems are ok alternatives if modems are unavoidable.

  17. What Can You Do Now? • 7. Vulnerability and Risk Assessments • Vulnerability assessments try to identify all the known vulnerabilities in a device or architecture. • Risk assessments try to prioritize these vulnerabilities and assess the impact.

  18. What Can You Do Now? • 7. Vulnerability and Risk Assessments • Vulnerability assessments often involve scans, which can cause problems in the control environment. • Good probabilities for risk assessments are not available, but vulnerabilities can be prioritized using accurate relative probabilities for Threats.

  19. What Can You Do Now? • 7. Vulnerability and Risk Assessments • Risk assessments are a good way to involve the stakeholders in the process and get buy-in. • Risk can be calculated as: • Probability of Threat Occuring * Probability of Existing Controls Preventing Threat * Impact if Threat succeeds

  20. What Can You Do Now? • 7. Vulnerability and Risk Assessments • Use a good methodology • Which To Use? • For Systems, use one focused on assessing the risk that a vulnerability can be exploited by a threat.

  21. What Can You Do Now? • Bottom Line • Tool or tools will not keep you secure. No one can guarantee your system or network is “secure”. • Daily due diligence and comprehensive security program is only viable “solution”.

  22. NERC Permanent Standard • Jan 17 – Feb 17 Post Draft 2 and Comment period • Feb 2 Webcast on Draft 2 • Feb 18 – Apr 15 Resolve comments on Draft 2 and prepare Draft 3 • Apr 15 – May 31 Post Draft 3 and Comment period • June 1 – 30 Resolve comments on Draft 3 and prepare for Ballot • July 1 – 31 30 day posting prior to Ballot • Aug 1 – 30 2 rounds of Ballots • August 13 NERC 1200 expires • Sept 1 – 30 30 day posting prior to NERC Board adoption • October 1 NERC Board adopts standards • November 1 Standards become “Effective” • 1st Quarter 2006 Self Certification and Audit begins

  23. NERC Permanent Standard • CIP–002–1 Critical Cyber Assets • CIP–003–1 Security Management Controls • CIP–004–1 Personnel and Training • CIP–005–1 Electronic Security • CIP–006–1 Physical Security • CIP–007–1 Systems Security Management • CIP–008–1 Incident Reporting and Response Planning • CIP–009–1 Recovery Plans

  24. NERC Permanent Standard • What it covers • SCADA/Control Center • Power plant control systems • Many exceptions • Transmission substations • What it doesn’t • Many power plants • Distribution • Telecom • Requirement for understanding control systems

  25. Ten Steps To Secure Control Systems Questions? For more information: Jay Abshier, CBCP CISSP 713.240.4146 (mobile) 832.717.3072 (office) jay.abshier@kema.com

More Related