IT-Security in Industrial Automation by Josef Waclaw, CEO Infotecs GmbH

IT-Security in Industrial Automation

Josef Waclaw, CEO Infotecs GmbH

INDUSTRIAL CONTROL

SYSTEMS

2

Cyber Attacks & Cyber Threats:

Underlying Premises

Global automation

Mass implementation of typical ICS

Internet used as communication channel

Integration of ICS with ERP and MES

Development of remote monitoring systems

Service business model come to industrial

Industry 4.0

IoT

Politics

3

4

Industry 4.0

“85% of responding

companies will have

implemented industry

4.0 technologies in

their key areas by

2020” (Source: PwC)

The capacity is used up

till Monday I must be at the

output in 2 hours I am filling the

pallet

Fill the pallet

Few on stock

Drill hole

overrange New product order:

500 pcs till Dec

Deliver 100 pcs in

2 days

Traffic jam ETA is

2 pm

New CNC program

installed on machine „X“

I perform the main-

tenance of machine „X“

Machine „X“ needs

maintenance

Quality Control Management

Storage Location

Technical Support Supplier

Engineering department

-

5

Industry and Cyber Security

“By 2020, the number of connected industrial devices will

triple”

“The underlying concept of Industry 4.0 is to connect

embedded systems and smart production facilities to generate

a digital convergence between industry, smart production

facilities to generate a digital convergence between industry,

business and internal functions and processes”

6

Cyber Attack Risks

Operational downtime

Product manipulation

Intellectual property

Product quality

Reputation

Revenue lost

7

Cyber Attack Examples

“The target for Dragonfly is the

intellectual property of

pharmaceutical organizations”,

September 2014

Target pharmaceutical

facilities

Remote access Trojan

Phishing software attachment

8

Cyber Attack Examples

Ukrainian power blackout

that affected 700k homes,

production plants in January

2016

Target Ukrainian electric

utilities MS Office

documents/Marcos SCADA

System Manipulation

Shutdown of power plant,

complex restart procedure

Source: The Telegraph

9

Cyber Attack Examples

Steal plant Germany:

Shutdown blast furnace

German nuclear plant:

Virus cyber attack

Hospital in Germany:

Virus attack “Locky”

Source: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Securitysituation/IT-Security-Situation-in-Germany-2015.pdf

10

Cyber Attack Examples

Source: Department of Homeland Security, 2015

Reported Cyber Incidents,

By Critical Infrastructure Sector

11

Cyber Attack Tools

Source: https://www.shodan.io/

Cyber Attacks & Cyber Threats:

Statistics

©2015, ОАО «ИнфоТеКС». 12

Incidents from August 2014 to August 2015

ICS-CERT, USA

Attack on Saudi Aramco

performed by the

“Cutting Sword of

Justice” terrorist group

to stop oil production

in Saudi Arabia

Vulnerability

Vendors Statistics

Массовое

внедрение

типовых АСУ

ТП

General Electric

(31 vulnerabilities)

Advantech

(51 vulnerabilities)

Schneider Electric

(96 vulnerabilities)

Siemens

(125 vulnerabilities)

Other vendor

combine to «Other»

020406080

100120140

Critical Medium LowVulnerability

Research from Positive Technologies, 2014

13

- Data Breaches

14 Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

- IoT Attacks

15

“In the future, intelligence services might use the

internet of things for identification, surveillance,

monitoring, location tracking, […] ”

James Clapper, director of US national intelligence

Source: https://www.theguardian.com/technology/2016/feb/09/internet-of-things-smart-home-devices-government-surveillance-james-clapper

16

ERP, MES

Enterprise resource planning systems

Manufacturing execution systems

Top level

of ICS

SCADA/HMI

Operator’s workstation

Control and monitoring centers

Controller

level

PLC

Smart device

Remote Terminal Unit (RTU)

Field

level

Sensor

Actuator

Industrial Control Systems Structure

17

Particularity of ICS

Operating conditions:

Temperatures

Vibration

Dust and damp-proof

equipment

Computational environment:

Limited computational resources

Proprietary software

Low-maintenance systems

High mean time between failures

Connections:

Industrial interfaces other than

Ethernet

Industrial protocols

Real-time

Equipment specifications:

Power supply other than 220V

Limited capacity

Limited space

Limited accessibility

INDUSTRIAL CONTROL SYSTEM

Complete, Multi-Layer Security for

Industrial Systems and the Extended Enterprise

Quality Management

Administration Logistics

Maintenance & Service

ViPNet Coordinator IG:

Typical Scenarios

19

Security integration to ICS with ERP and MES

OPC-Server

SCADA Server

ViPNet HW

ERP Server

Workstation

WorkstationHMI Station

PLC

PLC

PLC

ViPNet IG

ViPNet IG

ViPNet IG

Administrator

ViPNet HW

ViPNet Coordinator IG Application (with security)

20

ViPNet VPN

HMI computers

Administrator

Engineering

Workstation

Telemetry Server

ViPNet HW1000

Communication

Service Provider

ViPNet VPN

RS-485-IEC 60870-5-101

RS-485-IEC 60870-5-101

Multifunctional Power Meter

Protective relaying and automation

Digital relay Digital relay

Electricity metering

Electricity meter

RS-485

ViPNet

Coordinator IG

Industrial Telemetry System Transmission Substation

Distribution Substation

Media Converter

Ethernet / RS-485

©2015, ОАО «ИнфоТеКС».

21

ViPNet SIES: Application (with security)

Electricity meter

Electricity metering

ViPNet SIES Core ViPNet

SIES Core Digital relay Digital relay

Protective relaying and automation

RS-485-IEC 60870-5-103/Moduls

ViPNet

SIES

Server

HMI

Engineering

Workstation

RS-485-IEC 60870-5-101

RS-485-IEC 60870-5-101

Telemetry

Server

SCADA Server

ViPNet

SIES SM

Multifunctional Power Meter

Communication

Service Provider

3G Router

Industrial

Internet Switch

Media Converter

Ethernet / RS-485

ViPNet

SIES Pack

Infotecs GmbH

Josef Waclaw, CEO

Tel: +49 30 2064366-14

Email: josef.waclaw@infotecs.de

Web: www.infotecs.biz

22