Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Cyber Security Fingerprint Secure systems, protect production
ABB Process Automation Lifecycle Services, Patrik Boo
© ABB Group September 24, 2012 | Slide 1
Cyber Security
Measures taken to protect a computer or computer system
(as on the Internet) against unauthorized access or attack*
What is cyber security?
© ABB Group
*Merriam-Webster’s dictionary
Cyber Security Security breaches
© ABB Group
Hacking Malicious software Unauthorized
access
© ABB Group September 24, 2012 | Slide 4
Cyber Security in industrial control systems Stuxnet: the game changer
Stuxnet was the first malware targeting industrial control systems
Bill Would Have Businesses Foot Cost Of Cyberwar Congress would task businesses with increasing cyber security
© ABB Group
Cyber Security Enterprise IT vs. Industrial Control Systems
© ABB Group September 24, 2012 | Slide 6
Availability Integrity
Confidentiality
Enterprise IT
Cyber Security Enterprise IT vs. Industrial Control Systems
© ABB Group September 24, 2012 | Slide 7
Availability Integrity
Confidentiality
Enterprise IT Industrial Control Systems
Confidentiality Integrity
Availability
Cyber Security Enterprise IT vs. Industrial Control Systems
© ABB Group September 24, 2012 | Slide 8
Enterprise IT Industrial Control Systems
Primary risk impact Information disclosure, financial Safety, health, environment, financial
Availability 95 – 99% (accept. downtime/year: 18.25 - 3.65 days)
99.9 – 99.999% (accept. downtime/year: 8.76 hrs – 5.25 minutes)
Typical System
Lifetime
3-5 years 15-30 years
Problem response Reboot, patching/upgrade Fault tolerance, online repair
Cyber Security Security cost
© ABB Group September 24, 2012 | Slide 9
The cost of security measures should be balanced
against the achieved risk reduction
Cyber Security Security cost
© ABB Group September 24, 2012 | Slide 10
The cost of security measures should be balanced
against the achieved risk reduction
Risk = (probability of successful attack) x (potential consequences)
Cyber Security Security cost
© ABB Group September 24, 2012 | Slide 11
Co
st
Security Level
The cost of security measures should be balanced
against the achieved risk reduction
Risk = (probability of successful attack) x (potential consequences)
Cyber Security Security cost
© ABB Group September 24, 2012 | Slide 12
Probable cost of a
security breach
Co
st
Security Level
The cost of security measures should be balanced
against the achieved risk reduction
Risk = (probability of successful attack) x (potential consequences)
Cyber Security Security cost
© ABB Group September 24, 2012 | Slide 13
Cost of security
Probable cost of a
security breach
Co
st
Security Level
The cost of security measures should be balanced
against the achieved risk reduction
Risk = (probability of successful attack) x (potential consequences)
Cyber Security Security cost
© ABB Group September 24, 2012 | Slide 14
Cost of security
Probable cost of a
security breach
Co
st
Security Level
Optimal security for minimum cost
The cost of security measures should be balanced
against the achieved risk reduction
Risk = (probability of successful attack) x (potential consequences)
Cyber Security Security cost
© ABB Group September 24, 2012 | Slide 15
The cost of security measures should be balanced
against the achieved risk reduction
Risk = (probability of successful attack) x (potential consequences)
According to a study by the Ponemon Institute,
the cross-industry average cost
of a cyber security breach
in 2011 was
$5.9 MUSD
Cyber Security Scope and completeness of standards
© ABB Group September 24, 2012 | Slide 16
Design Details
Completeness Operator Manufacturer
Technical
Aspects
Details of
Operations
Relevance
for Manufacturers
Cyber Security Scope and completeness of standards
© ABB Group September 24, 2012 | Slide 17
IT
Design Details
Completeness Operator Manufacturer
Technical
Aspects
Details of
Operations
Relevance
for Manufacturers
Cyber Security Scope and completeness of standards
© ABB Group September 24, 2012 | Slide 18
IT
Design Details
Completeness Operator Manufacturer
ISO 27K
Technical
Aspects
Details of
Operations
Relevance
for Manufacturers
Cyber Security Scope and completeness of standards
© ABB Group September 24, 2012 | Slide 19
IT
Design Details
Completeness
NIST 800-53
Operator Manufacturer
ISO 27K
Technical
Aspects
Details of
Operations
Relevance
for Manufacturers
Cyber Security Scope and completeness of standards
© ABB Group September 24, 2012 | Slide 20
Industrial Automation
IT
Design Details
Completeness
NIST 800-53
Operator Manufacturer
ISO 27K
Technical
Aspects
Details of
Operations
Relevance
for Manufacturers
Cyber Security Scope and completeness of standards
© ABB Group September 24, 2012 | Slide 21
Industrial Automation
IT
Design Details
Completeness
ISA 99*
NIST 800-53
Operator Manufacturer
ISO 27K
Technical
Aspects
Details of
Operations
Relevance
for Manufacturers
Cyber Security Scope and completeness of standards
© ABB Group September 24, 2012 | Slide 22
Industrial Automation
IT
Design Details
Completeness
ISA 99*
NIST 800-53
Operator Manufacturer
ISO 27K
Technical
Aspects
Details of
Operations
Relevance
for Manufacturers
* Since the closing of the ESCoRTS project, ISA decided to relabel the ISA 99 standard to
ISA 62443 to make the alignment with the IEC 62443 series more explicit and obvious.
Cyber Security Scope and completeness of standards
© ABB Group September 24, 2012 | Slide 23
Industrial Automation
IT
Design Details
Completeness
ISA 99*
NIST 800-53
Operator Manufacturer
ISO 27K
Technical
Aspects
Details of
Operations
Relevance
for Manufacturers CPNI
* Since the closing of the ESCoRTS project, ISA decided to relabel the ISA 99 standard to
ISA 62443 to make the alignment with the IEC 62443 series more explicit and obvious.
Cyber Security Scope and completeness of standards
© ABB Group September 24, 2012 | Slide 24
Energy
Industrial Automation
IT
Design Details
Completeness
ISA 99*
NIST 800-53
Operator Manufacturer
ISO 27K
Technical
Aspects
Details of
Operations
Relevance
for Manufacturers CPNI
* Since the closing of the ESCoRTS project, ISA decided to relabel the ISA 99 standard to
ISA 62443 to make the alignment with the IEC 62443 series more explicit and obvious.
Cyber Security Scope and completeness of standards
© ABB Group September 24, 2012 | Slide 25
Energy
Industrial Automation
IT
Design Details
Completeness
ISA 99*
NIST 800-53
Operator Manufacturer
ISO 27K
Technical
Aspects
Details of
Operations
Relevance
for Manufacturers CPNI
IEEE P 1686
* Since the closing of the ESCoRTS project, ISA decided to relabel the ISA 99 standard to
ISA 62443 to make the alignment with the IEC 62443 series more explicit and obvious.
Cyber Security Scope and completeness of standards
© ABB Group September 24, 2012 | Slide 26
Energy
Industrial Automation
IT
Design Details
Completeness
ISA 99*
NIST 800-53
IEC 62351
Operator Manufacturer
ISO 27K
Technical
Aspects
Details of
Operations
Relevance
for Manufacturers CPNI
IEEE P 1686
* Since the closing of the ESCoRTS project, ISA decided to relabel the ISA 99 standard to
ISA 62443 to make the alignment with the IEC 62443 series more explicit and obvious.
Cyber Security Scope and completeness of standards
© ABB Group September 24, 2012 | Slide 27
Energy
Industrial Automation
IT
Design Details
Completeness
ISA 99*
NIST 800-53
IEC 62351
NE
RC
CIP
Operator Manufacturer
ISO 27K
Technical
Aspects
Details of
Operations
Relevance
for Manufacturers CPNI
IEEE P 1686
* Since the closing of the ESCoRTS project, ISA decided to relabel the ISA 99 standard to
ISA 62443 to make the alignment with the IEC 62443 series more explicit and obvious.
© ABB Group
September 24, 2012 | Slide 28
Sys
tem
Pe
rform
an
ce
Po
ten
tial
Time
Manage
Performance
Gap
Diagnose Implement Sustain
ABB Cyber Security Optimization Diagnose, implement and sustain performance
Benefits:
Consistent – same
everywhere
High and even quality
Repeatable
Based on best
practicies
• Data
• Collect
• Store
• View
• Analyze
• Interpret
• Report
Cyber Security Fingerprint - Service with a defined scope
Mo
nth
|
Sli
© ABB Group
Cyber Security Fingerprint
Provides a comprehensive view of your site’s cyber
security status
Identifies strengths and weaknesses for defending against
an attack within your plant’s control systems
Reduces potential for system and plant disruptions
Increases plant and community protection
Supplies a solid foundation from which to build a
sustainable cyber security strategy
What does the Fingerprint do?
© ABB Group
Cyber Security Fingerprint
Provides a comprehensive view of your site’s cyber
security status
Identifies strengths and weaknesses for defending against
an attack within your plant’s control systems
Reduces potential for system and plant disruptions
Increases plant and community protection
Supplies a solid foundation from which to build a
sustainable cyber security strategy
What does the Fingerprint do?
© ABB Group
It does NOT make the system completely secure.
© ABB Group September 24, 2012 | Slide 32
Cyber Security Fingerprint Security in Depth
Antivirus Solutions
© ABB Group September 24, 2012 | Slide 33
Cyber Security Fingerprint Security in Depth
Antivirus Solutions
Security Updates
© ABB Group September 24, 2012 | Slide 34
Cyber Security Fingerprint Security in Depth
Antivirus Solutions
Security Updates
Account Management
© ABB Group September 24, 2012 | Slide 35
Cyber Security Fingerprint Security in Depth
Antivirus Solutions
Security Updates
Account Management
Computer Policies
© ABB Group September 24, 2012 | Slide 36
Cyber Security Fingerprint Security in Depth
Antivirus Solutions
Security Updates
Account Management
Computer Policies
Firewalls and Architecture
© ABB Group September 24, 2012 | Slide 37
Cyber Security Fingerprint Security in Depth
Antivirus Solutions
Security Updates
Account Management
Computer Policies
Firewalls and Architecture
Procedures and Policies
© ABB Group September 24, 2012 | Slide 38
Cyber Security Fingerprint Security in Depth
Antivirus Solutions
Security Updates
Account Management
Computer Policies
Firewalls and Architecture
Procedures and Policies
Physical Security
© ABB Group September 24, 2012 | Slide 39
Cyber Security Fingerprint Key Performance Indicators
Cyber Security Fingerprint Security Logger Data Collection Tool
No installation
No license
Only collect data
All collected data is encrypted
© ABB Group September 24, 2012 | Slide 40
Cyber Security Fingerprint Security Analyzer Tool
Browse all collected data
Generate report
The only tool that can read the encrypted file
Help during hardening
© ABB Group September 24, 2012 | Slide 41
Cyber Security Fingerprint Report with recommendations and action plan
© ABB Group
Cyber Security Fingerprint Report: Risk Profile
© ABB Group September 24, 2012 | Slide 43
While the Fingerprint is an indicator of your security status at a given time, any
system, no matter how many precautions are taken, can be compromised.
Cyber Security Fingerprint Report: Risk Profile
© ABB Group September 24, 2012 | Slide 44
While the Fingerprint is an indicator of your security status at a given time, any
system, no matter how many precautions are taken, can be compromised.
Cyber Security Fingerprint Report: Risk Profile
© ABB Group September 24, 2012 | Slide 45
While the Fingerprint is an indicator of your security status at a given time, any
system, no matter how many precautions are taken, can be compromised.
Cyber Security Fingerprint Summary of findings
If the customer’s data shows the setting to be below
standard, the description and recommendation are
included in the report.
© ABB Group September 24, 2012 | Slide 46
Setting Description Recommendation Minimum password age
There should be a predetermined amount of days a password must be used before the user is allowed to
change it. The number of days can vary between 1 and
998 days, or the user can input 0 to change the password immediately. If a user does not set a minimum password
age, he or she can use passwords repeatedly.
Set the minimum password age value greater than or equal to one day.
Cyber Security Fingerprint Schedule of activities
Analysis (off-site) Delivery (off-site)
Day 1 - 3
Project introduction
meeting
Set up data collection
software
Interview key plant
personnel
Check data and make
configurations
accordingly
Complete data collection
Day 4
Data Analysis
Day 5
Complete report
Expert review
Present findings and
recommended actions
Information Gathering
© ABB Group September 24, 2012 | Slide 48