1 / 25

Cyber Security for Utilities

Cyber Security for Utilities. Authentication and Encryption for SCADA Communications Channels and Maintenance Ports. Agenda. Mykotronx introduction Cyber security for utilities Mykotronx security solutions Working together. Who We Are. NASDAQ (RNBO) since 1987, $128M revenue in 2002

romney
Télécharger la présentation

Cyber Security for Utilities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Security for Utilities Authentication and Encryption for SCADA Communications Channels and Maintenance Ports

  2. Agenda • Mykotronx introduction • Cyber security for utilities • Mykotronx security solutions • Working together

  3. Who We Are • NASDAQ (RNBO) since 1987, $128M revenue in 2002 • Top 10 Global Security Provider: • 75% for high assurance T1 & satellite link encryption • 66% in secure Web acceleration (IDC) • 55% market share in software security • 55% in USB token segment (IDC) • 480 employees in U.S., U.K., France, Netherlands, China, Taiwan, Singapore, Australia, India, Japan, Mexico and Brazil (24/7 worldwide technical support in Los Angeles, London, and Singapore) • The two organizations within Rainbow Technologies, Inc. are:

  4. Solutions Overview

  5. 9001 “Best SSL Accelerator” Awards and Recognition • More NSA certified security products than any other company • Product awards • Secure Computing: “Pick of 2001” award for iKey • Communications News Editors Choice • VBPJ Readers Choice Award: Best Security Solution • Network Computing 2001 Editors Choice Award • Network Computing 2001 Well-Connected Award • Network World 2000 Blue Ribbon Award for CS600 • AeA 2001 High-Tech Award for CS HSM • AeA 2000 High-Tech Award CS600 • Organizational Quality and Experience • ISO 9001 certified • FIPS, Common Criteria, NIAP, CCEP evaluated and endorsed

  6. Example of Our Product(s) in Action • Fortezza Plus • Key Management • Encryption • Rated to Top Secret

  7. Cyber security for utilities

  8. We presume you…. • Understand the threat • CIAO findings – July 1997 • AGA/GTI specifications – 1998, completion: 2003 • Sandia National Labs – red team assessment – July 2002 • DIA Threat Assessments – August 2002 (ongoing) • Are following national policies formulation activity • Cyberspace strategy – February 2003 • Physical strategy – February 2003 • Government & Industry recommended practices – ongoing • Will participate in Department of Homeland Security initiatives • Incident reporting • Support to first responders • You have a cyber-security policy for your operations • If not we will provide a template

  9. The issue today is “How to” • Ensure proper “access control” to your resources • Protect against weak access control • Protect against insider threats • Protect against nation state threats • Eliminate “clear text” from the communications wire • Protect against eavesdropping • Protect against replay, spoofing, etc. • Provide an “effective” secure solution • Protect high-value assets • Non-intrusive • Acceptable performance (latency) • Affordable, acceptable total cost of ownership (TCO) • Ensure a “migration path” to future systems • “Comply” with government and association standards

  10. Maintenance Access Configurations Clustered Independent

  11. Mykotronx’ SAM – your first step Secure Authentication Module • Bump-in-the-wire design • Transparent security for existing maintenance dial-up lines • No change to existing hardware • No change to existing communications infrastructure • No change to modem phone numbers or phone lines • Will require a new dialup program at the client computer • Two-factor authentication token for operators • Digitally Signed Challenge/Response • SAM provides strong access control and audit trail

  12. Secure Authentication Module • Security standards • FIPS 140-2 Level 2 • Public Key Authentication • Two-factor tokens • Signed access audit trail • Communication ports • 2 RJ11 phone ports • Phone line • Field device’s modem • Internal modem to accept and authenticate originating call • Internal relay and Ring Generator to wake-up field device’s modem • Power • Derived from the phone line • Environmental • IEEE 1613 (planned)

  13. Two-factor authentication • iKey USB Authentication Tokens • Personal, portable, secure • Digital Signatures & Shared Secret • No reader required • Two-factor authentication • Something you have – the iKey • Something you know – the PIN • Access control examples • Local: SEAM, SAM, workstations • Remote: browser, dialup

  14. Maintenance Access Configurations Clustered Independent

  15. AGA 12-1 SCADA Configurations Point to point Cascaded Multi-drop or Multi-point

  16. Mykotronx’ SEAM – next step Secure Encryption and Authentication Module • Bump-in-the-wire design • Transparent security for existing SCADA systems • No change to existing SCADA hardware • No change to existing communications infrastructure • No change to existing SCADA protocols • Supports bit and byte oriented protocols • Two modes: link encryptor and protocol-aware • “Modem command” pass-through • SEAM provides strong authentication, audit trail, and encryption

  17. SEAM Substation Device • Security standards • FIPS 140-2 Level 2 • AES Encryption • Public Key Authentication • Two-factor tokens • Signed audit trail • Communication ports • 2 Serial ports • SCADA Field device • Communications channel • 2 USB ports • Local management • User authentication token • 2 Ethernet ports (version 2) • Distributed management • Field communications • Power • External +5 to 48VDC • Environmental • IEEE 1613 (planned)

  18. SEAM Control Center Device • Rack mount chassis • 19” chassis, 6U front panel • Security standards • FIPS 140-2 Level 2 • AES Encryption • Public Key Authentication • Two-factor tokens • Signed audit trail • Communication ports • Up to 16 blades • 2 Serial ports per blade • SCADA Master/FEP • Communications channel • Hot-swappable blades • 2 USB ports • Local management • User authentication token • Ethernet ports • Administration • Future communications (2)

  19. AGA 12-1 SCADA Configurations Point to point Cascaded Multi-drop or Multi-point

  20. SEAM, SAM & iKey Management • Life cycle management • CKTO Management Unit • Centralized Configuration, Key, Token & Operator Management • Automated in-band, on-the-fly refresh • Browser-based operator interface • Signed audit trails • Security • FIPS 140-2 Level 3 certification • Public Key Cryptography for operator authentication • AES for confidentiality • Two factor authentication tokens required for operators • Future functionality • Upgradeable firmware/software • Intrusion Detection System

  21. Management Configuration SEAM SEAM CKTO Management SAM

  22. Wrap-up

  23. Why is Mykotronx here? • Our mission is protecting information • Extensive relationships with government agencies - intelligence, defense and civilian • Introduced to the utility need by government agencies • Active members of multiple utility standards organizations • Extensive commercial customers, including utilities • Our expertise is appropriate for the need • High-assurance & high-performance cryptography • User authentication • Confidentiality • Communications – Dialup, T1, Satellite, Internet, Voice, Video • Experienced in Vulnerability, Threat & Risk Assessments, Security Policy, Business Continuity and Disaster Recovery planning

  24. The security solutions • Strong cryptography for SCADA and maintenance communications • Public Key Cryptography-based • Robust trust relationships methodology for SEAM/SAM and operators • Two-factor authentication tokens for operators • AES-based, AGA 12-1 • Life cycle management • Device configuration, keys, two-factor tokens • In-band real-time SEAM/SAM management • Browser-based operator and token management • Intrusion Detection System (future) • Protect your investment • Migration path from legacy channels to Ethernet-based channels

  25. Points of Contact Mykotronx, Inc. 357 Van Ness Way, Suite 200 Torrance, CA 90501 Phone: (310) 533-8100 Fax: (310) 533-0527 STU III: (310) 533-0738 [Secret] (310) 787-2799 [Top Secret] Home page: http://www.mykotronx.com Brad Beutlich Paul Blomgren, CISSP Director, Commercial System’s Security Architect Business Development Business Development Phone (310) 533-8100 x6285 Phone: (310) 533-8100 x6254 E-mail: bbeutlich@mykotronx.com E-mail: pblomgren@mykotronx.com

More Related