ICS Security Architecture Where Worlds Collide SecureWorld September 22, 2011

Similar documents
Instrumentation and Control

handbook 30 Questions to Ask Before Becoming an Independent Business Owner

Brief to the. Senate Standing Committee on Social Affairs, Science and Technology. Dr. Eliot A. Phillipson President and CEO

TLP127 TLP127. Programmable Controllers DC Output Module Telecommunication. Pin Configurations (top view)

The Blockchain Ethical Design Framework

Technology Evaluation. David A. Berg Queen s University Kingston, ON November 28, 2017

Expectations for Intelligent Computing

Horizon 2020 Towards a Common Strategic Framework for EU Research and Innovation Funding

Interoperable systems that are trusted and secure

Canadian Technology Accreditation Criteria (CTAC) INSTRUMENTATION ENGINEERING TECHNOLOGY - TECHNOLOGIST Technology Accreditation Canada (TAC)

SUSTAINABILITY MATERIALITY OVERVIEW

CEOCFO Magazine. Pat Patterson, CPT President and Founder. Agilis Consulting Group, LLC

SUCCESSFULLY IMPLEMENTING TRANSFORMATIONAL TECHNOLOGY IN HOSPITALS AND HEALTH SYSTEMS

Standard Development Timeline

Since it s the new year, let s discuss how to make this year your best business year ever

(Circuits Subject to Requirements R1 R5) Generator Owner with load-responsive phase protection systems as described in

Seeking Obsolescence Tolerant Replacement C&I Solutions for the Nuclear Industry

Cultural Shift: Innovation is a Process

Protection of Privacy Policy

In association with. A Finance Perspective on Storage Investments. Getting past No with your CFO

MOTOBRIDGE IP Interoperable Solution

Hire a Pro. Do you know Red Adair?

Converging Information and Technologies. By George M Belich

Business Insights Driven By Predictive Analytics Start With Sensors

EHR Optimization: Why Is Meaningful Use So Difficult?

TLP3341 TLP Applications. 2. General. 3. Features. 4. Packaging and Pin Configuration Rev.3.0

COLLABORATION PROTOCOL BY AND BETWEEN THE CITY OF CAPE TOWN AND THE CAPE HIGHER EDUCATION CONSORTIUM

Business Models Summary 12/12/2017 1

TLC ENGINE. Our complete Digital Change Management platform. Training. Testing. Certification. Compliance. Communication

Real-Time Spectrum Management for Wireless Networks

17.181/ SUSTAINABLE DEVELOPMENT Theory and Policy

The Technology Economics of the Mainframe, Part 3: New Metrics and Insights for a Mobile World

Score grid for SBO projects with a societal finality version January 2018

The work under the Environment under Review subprogramme focuses on strengthening the interface between science, policy and governance by bridging

M. Kevin McEvoy. Oceaneering International, Inc. President & CEO. December 2, 2014 New York, NY. Safe Harbor Statement

Improving Emergency Response and Human- Robotic Performance

DON T LET WORDS GET IN THE WAY

TLP191B TLP191B. Telecommunication Programmable Controllers MOS Gate Driver MOS FET Gate Driver. TOSHIBA Photocoupler GaAlAs IRED & Photo-Diode Array

Welcome to this IBM podcast, Create Stable and. High Quality Software Creating Software That's Flexible and

Must the Librarian Be Underdog?

So many wireless technologies Which is the right one for my application?

Draft Plan of Action Chair's Text Status 3 May 2008

50 Tough Interview Questions (Revised 2003)

The Key to the Internet-of-Things: Conquering Complexity One Step at a Time

Technology Transfer: An Integrated Culture-Friendly Approach

Logic Solver for Tank Overfill Protection

Interview with Brian Hamilton '90, Co-founder and CEO of Sageworks

Phone # s: or

Process controls in food processing

Essential requirements for a spectrum monitoring system for developing countries

ECC ALL ABOUT OUR ORGANISATION The Electronic Communications Committee

INTERNATIONAL ATOMIC ENERGY AGENCY 58TH GENERAL CONFERENCE (22 26 September 2014)

County of Richmond Dependable IDAS Solution Meets Current & Future Communication Needs

IB Interview Guide: How to Walk Through Your Resume or CV as an Undergrad or Recent Grad

in the New Zealand Curriculum

Spectrum for "5G" where is the problem? Jens Zander Scientific Director, KTH The Royal Institute of Technology, Stockholm, Sweden

Instrumentation and Control

Why execution is everything in modern Australian infrastructure projects

Interview Guidance for Hiring Managers. Page 1 of 14

Objectives, characteristics and functional requirements of wide-area sensor and/or actuator network (WASN) systems

1.INTRODUCTION: Scientific and Technological Revolutions and Global Industry 1890s- 2010s

THE EM LEAD LABORATORY: PROVIDING THE RESOURCES AND FRAMEWORK FOR COMPLEXWIDE ENVIRONMENTAL CLEANUP-STEWARDSHIP ACTIVITIES

OASIS. Application Software for Spectrum Monitoring and Interference Analysis

Distributed Systems Programming (F21DS1) Formal Methods for Distributed Systems

SHA532 Transcripts. Transcript: Forecasting Accuracy. Transcript: Meet The Booking Curve

Compendium Overview. By John Hagel and John Seely Brown

Masao Mukaidono Emeritus Professor, Meiji University

WHITE PAPER FACILITY FOCUS: GMP Facility Modernization. By: David M. Marks, P.E.

INTRODUCTION TO OVERALL EQUIPMENT EFFECTIVENESS

Lights Out The Electricity Crisis, the Global Economy, and What it Means to You

Rainmaking Through Networking

Fast Track to Innovation A 3 Million Opportunity

Kordia Submission on Preparing for 5G in New Zealand. 8 May 2018

NERA Innovation Cluster Workshop Miranda Taylor, November 2016

MANAGING PEOPLE, NOT JUST R&D: FIVE COMPANIES EXPERIENCES

GA A23983 AN ADVANCED COLLABORATIVE ENVIRONMENT TO ENHANCE MAGNETIC FUSION RESEARCH

MEP Coordination. Ir. Dr. Sam C. M. Hui Faculty of Science and Technology

HAZARD ANALYSIS CRITICAL CONTROL POINT

How to Structure (and Land!) Profitable Retainer Agreements Summary Handout

Engineering and Design

Flexible Solutions for Business Owners

Negotiating Strategies for Women on Their Way to the Top. April 2015

NAS Real-Time Monitoring of Offshore Oil and Gas Operations Committee Todd Durkee Director of Deepwater Drilling & Completions

The Advancement of Simulator Models

TGPL Compliance Forum Hosted by the Association of Latvian Commercial Banks Riga, Latvia June 14 th 15 th 2018

REPORT ON THE INTERNATIONAL CONFERENCE MEMORY OF THE WORLD IN THE DIGITAL AGE: DIGITIZATION AND PRESERVATION OUTLINE

DISPOSITION POLICY. This Policy was approved by the Board of Trustees on March 14, 2017.

Indiana State University Job Growth Report

Stanford CS Commencement Alex Aiken 6/17/18

JOB DESCRIPTION. Coachella Valley Water District October 12, DEPARTMENT: Facilities and Maintenance REPORTING RELATIONSHIP:

TLP281, TLP281-4 TLP281,TLP281-4 PROGRAMMABLE CONTROLLERS AC/DC-INPUT MODULE PC CARD MODEM(PCMCIA) Pin Configuration (top view)

The work underway across the business is beginning to take effect

TLP3924 TELECOMMUNICATION PROGRAMMABLE CONTROLLERS MOSFET GATE DRIVER. Features. Pin Configuration (top view)

The entry-level job seeker's guide to salary negotiation

ONR Strategy 2015 to 2020

Leni Gas and Oil plc. Corporate Summary, July London (AIM): LGO 1

Textron Reports Third Quarter 2018 Results; Narrows Full-Year EPS and Cash Guidance

Operational Intelligence to Deliver Smart Solutions. Copyright 2015 OSIsoft, LLC

Transition PPT Template. J.P. Morgan. June 2015 V 3.0. Energy Equity Conference June 27, 2017

Current Systems. 1 of 6

Transcription:

ICS Security Architecture Where Worlds Collide SecureWorld September 22, 2011 Dr. Fred Cohen President - CEO is a 501(c)3 non-profit educational and research institution. We do not discriminate

Outline Introduction ICS vs. Enterprise technology Integration of Enterprise and ICS Security Architecture Implications Summary / Conclusions / Discussion is a 501(c)3 non-profit educational and research institution. We do not discriminate

My Background Background in Control Systems and Security First control system designed and implemented in 1975 First security system designed and implemented in 1974 B.S. E.E. / M.S. Information Science / Ph.D. E.E. But a career focus in information protection 1983 Computer Viruses 1992 Critical infrastructure protection (power, water, gas, etc.) 1996 Deception for protection (Deception ToolKit) 1998 Studies for PCCIP (power, water, gas, oil, comms,...) 1999 Digital forensics tools (ForensiX) 2000 Bootable secure Linux (White Glove) 2002 Security Reference Architecture (Burton Group SRMS) 2006 (M.S. and Ph.D. programs) ISC2 National Security / M.S. Advanced Investigation / Ph.D. Digital Forensics Fellow Senior Member of the IEEE Honorary Ph.D. C.S. is a 501(c)3 non-profit educational and research institution. We do not discriminate

Thesis of this talk There is a culture clash between Industrial Enterprise Control Systems and Information Technology These technologies and systems are being connected Mismatches are occurring They are producing increasing negative consequences Most of the consequences are in the ICS side Point solutions will be expensive, slow, and painful The solution lies in better strategy and architecture is a 501(c)3 non-profit educational and research institution. We do not discriminate

Outline Introduction ICS vs. Enterprise technology Integration of Enterprise and ICS Security Architecture Implications Summary / Conclusions / Discussion is a 501(c)3 non-profit educational and research institution. We do not discriminate

The culture clash Enterprise IT Fundamentally based on sharing with limits Industrial Control Systems Fundamentally separation High tolerance for failures they happen every day Low Little Real-time consequence for less than real-time Delays cause increasing loss with time Driven largely by financial and technology leadership Typically highly user-centric, with users demanding services Life based on tolerance for failures P < 0.00001/y absolutely critical Delays over threshold cause physical destruction of plant Driven largely by engineering and operations leadership Typically no users, only operator oversight Life cycles 5-50 years cycles 1-5 years is a 501(c)3 non-profit educational and research institution. We do not discriminate

What goes where? Enterprise IT User ICS - control, act, sense Supervisory Control and Data Acquisition (SCADA), Programmable Logic Controllers (PLC), and distributed control systems (DCS) interface devices Desktop, laptop, pad, phone Most databases Most network infrastructure Power, Most user services Mail, Web, Documents, Slides, Spreadsheets, etc. water, gas, etc. Manufacturing floor, chemical, pharmaceutical, etc. plants Medical devices, Avionics Somewhere in the middle Real-time trading and transaction systems Telecommunications systems Many enterprises have substantial mixes is a 501(c)3 non-profit educational and research institution. We do not discriminate

Typical ICS architecture (SCADA) view is a 501(c)3 non-profit educational and research institution. We do not discriminate

Typical IT architecture view is a 501(c)3 non-profit educational and research institution. We do not discriminate

Outline Introduction ICS vs. Enterprise technology Integration of Enterprise and ICS Security Architecture Implications Summary / Conclusions / Discussion is a 501(c)3 non-profit educational and research institution. We do not discriminate

A typical integration approach Connect a router/switch in the enterprise to a router/switch in the ICS environment Optionally add firewall(s) Replace ICS links with IP is a 501(c)3 non-profit educational and research institution. We do not discriminate

What could possibly go wrong? The separation assumption of ICS leads to: Weaknesses never exposed to outsiders in ICS become exposed Interference problems lead to performance deviations Remote control potential leads to unauthorized accesses Authentication requirement changes lead to control loss... Differences in tolerance for failures leads to: IT infrastructure instantly has 6 9's of reliability requirement No change control windows for IT changes w/out ICS approval All IT personnel must meet ICS security clearance requirements Priority controls in networks must be changed for ICS above all... Real-time requirements and consequence curves lead to: Leadership differences lead to: Differences in support needs leads to: Life cycle differences lead to: is a 501(c)3 non-profit educational and research institution. We do not discriminate

What could possibly go wrong? The separation assumption of ICS leads to: Differences in tolerance for failures leads to: Real-time requirements and consequence curves lead to: Unanticipated failure modes production outages or worse Authentication Encryption Best process interdependencies outages or worse fails to meet ICS real-time needs outages or worse effort delivery of IP fails, must be changed to real-time... Leadership differences lead to: Escalation Equities of issues to CIO/CFO and COO and it rolls downhill result in food fights / power struggles etc. Whoever wins, someone loses - hopefully not the enterprise Management structures likely to change to matrixed... Differences in support needs leads to: Life cycle differences lead to: is a 501(c)3 non-profit educational and research institution. We do not discriminate

What could possibly go wrong? The separation assumption of ICS leads to: Differences in tolerance for failures leads to: Real-time requirements and consequence curves lead to: Leadership differences lead to: Differences in support needs leads to: IT change controls fail and must be enhanced for higher surety Changed Work IT patching approach required to deal with ICS limitations flow systems must be updated and protected for ICS needs support has to include legacy for 20+ years... Life cycle differences lead to: IT updates restricted and ICS costs increase to deal with changes Assumptions ICS made in IT must be revisited for ICS environments environments have to go through constant re-certifications Legacy systems and mechanisms must be retained... is a 501(c)3 non-profit educational and research institution. We do not discriminate

And then... Watch the news stories come in... is a 501(c)3 non-profit educational and research institution. We do not discriminate

But there are good reasons to integrate ICS and IT will integrate Because there is a good business case to be made Cost savings by shared infrastructure Cost savings by remote administration and management Business efficiency through better status and progress information Just-in-time cost savings / higher customer satisfaction Engineering and research benefit from remote access and information Because it is mandated by regulatory regimens Power providers must provide real-time information on status The market in (name the commodity) requires situation awareness for all Real-time information on nuclear status delivered to the NRC some day? Because it is trendy? People follow trends because that's how people are Don't you want your nuclear facility controlled from the beach? The operators can work from home at night and on weekends!!! is a 501(c)3 non-profit educational and research institution. We do not discriminate

Outline Introduction ICS vs. Enterprise technology Integration of Enterprise and ICS Security Architecture Implications Summary / Conclusions / Discussion Integrated Protection Architecture is a 501(c)3 non-profit educational and research institution. We do not discriminate

The bigger strategic challenge The Problem Security decisions are haphazard, unstructured, and baseless Just like security decisions for enterprises in general No accepted, consistent, and meaningful decision process No sound scientific basis for what we do No serious measurement programs in place Community consensus around well known poor decisions that won't work The Solution Build structured architectural decisions with defined (sound?) basis Create a consistent, acceptable, meaningful decision process Integrate that process across enterprise IT and ICS environments Part of the solution already exists Security reference architecture has developed over the last 10 years Oriented largely toward enterprise information protection Consolidates variations from across many enterprises into a framework is a 501(c)3 non-profit educational and research institution. We do not discriminate

Reference Architecture Framework What the business is about Understanding the reason for everything we do Top-level guidance Duties to protect Risk management What to protect how well Executive security management Controlling activities and people / processes who / that do them Control Architecture Technical Architecture Engineering and implementation Operations, maintenance, and disposition Fred Cohen 2011-08-10 & Associates is a 501(c)3 non-profit educational and research institution. We do not discriminate

Reference Architecture Framework What the business is about Top-level guidance Risk management Executive security management Control Architecture Structural decisions about how things will work Technical Architecture Translating how things work into how to do things Engineering and implementation Translating how to do it in to mechanisms that do it Operations, maintenance, and disposition Doing the things than need to get done End-of-life, Fred Cohen 2011-08-10 recycling, and reuse & Associates is a 501(c)3 non-profit educational and research institution. We do not discriminate

Reference architecture Not a single architecture a class of related architectural decisions Not design, implementation, or engineering structuring Structured decisions of kind not amount We cannot really tune security like a resistor Architectural solutions need to last unaltered for many years Finite alternatives available why select each? For a set of seemingly pertinent decisions Identify alternatives Determine Codify decision points in tables / if-then-else / other forms Identify Create rational basis for choosing between them the underlying assumptions / rational decisions surrounding those rational as well is a 501(c)3 non-profit educational and research institution. We do not discriminate

Example decision: connect PLCs to networks What are my options? PLC Option A: No special protection is used for the PLC. Option B: Use a restricted access network zone for the PLC. PLC Option PLC C: Use encrypted communications for the PLC. PLC Option D: Use a custom FSM wrapper for the PLC input. Option E: Do not connect the PLC to the network. PLC Option F: Use a digital diode to exfiltrate PLC data. PLC is a 501(c)3 non-profit educational and research institution. We do not discriminate

How do I decide between the alternatives? Decision criteria Consequence Low Medium High Restricted zone available? Yes/No Encryption of failure fast enough? Yes/No Communication FSM requirement? Yes/No interference? Yes/No is a 501(c)3 non-profit educational and research institution. We do not discriminate

The basis for the decisions If encryption is too slow to allow for controls to be effective THEN you cannot encrypt and have effective controls THUS don't use encryption in this case IF you don't have a Restricted zone (whatever that is) THEN you cannot connect the PLC to a restricted zone THUS don't use a restricted zone in this case IF risk is low (defined elsewhere) THEN there is no rational for providing added protection THUS don't waste time and money on it Specific bases should be defined for each situation and customized to the specific environment as appropriate. WE don't have a Restricted zone THUS we cannot use a restricted zone is a 501(c)3 non-profit educational and research institution. We do not discriminate

We build from there Build up the necessary underlying decisions for these decisions What are the consequence levels and how are they defined? Who make what decisions about them and when? How do we implement zones or do we? Etc. Build out the architecture to meet the range of needs How do we connect a SCADA to the outside / ICS network? How do we determine who can access what? How do we control changes on PLCs, SCADAs, DCSs? How do we connect to remote systems? Etc. Cover more situations How are power systems different from manufacturing systems? How are they the same? What can we leverage? How? is a 501(c)3 non-profit educational and research institution. We do not discriminate

Outline Introduction ICS vs. Enterprise technology Integration of Enterprise and ICS Security Architecture Implications Summary / Conclusions / Discussion is a 501(c)3 non-profit educational and research institution. We do not discriminate

Summing up... There is a culture clash between IT and ICS They The are being integrated wisely or otherwise likely anticipated outcomes are not pretty This is unfolding on a variety of planes Management Technical Business Regulatory An approach to resolving it is with reference architecture Find commonalities and differences Understand the varying needs and where they can be met Some will be met together and to mutual benefit Others will be met separately and to mutual benefit Codify decisions in a meaningful and justified framework Understand and deal with interdependencies in the framework This is not the only approach But has proven cost effective because of an economy of scale. No enterprise can realistically do it on their own is a 501(c)3 non-profit educational and research institution. We do not discriminate

Thank You Discussion? Questions? http://calsci.org/ - calsci at calsci.org http://fredcohen.net/ - fc at fredcohen.net http://all.net/ - fc at all.net is a 501(c)3 non-profit educational and research institution. We do not discriminate

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback