Upload
donhan
View
227
Download
0
Embed Size (px)
Citation preview
PRESENTATION OF SERVICES, 2018
Svein Henry Hag en, Glob a l Prod uct Manag er
Cyber Securit y ServicesLife Cycle Manag em ent
—Guiding Principles
April 6, 2018 Slide 2
Reality
Process
Balance
Cyber security is all about risk management
There is no such thing as 100% or absolute security
Cyber security is not destination but an evolving target – it is not a product but a process
Cyber security is about finding the right balance – it impacts usability and increases cost
PUBLIC
There are no Silver bullets…
A def init ion in t he cont ext of power and aut omat ion t echno log yCyber Securit y
Ap ril 6, 20 18 Slid e 3
Measures t aken t o p ro t ect a com p ut er o r com p ut er sys t em (on t he Int e rne t ) ag a ins t unaut horized acces s o r a t t ack.*
Measures taken to protect the reliability, integrity, and availability of power and automation technologies against unauthorized access or attack
Tradit ional Power and aut omat ion t echnology
* Merriam -Web s t er d ict ionary d efinit ion
PUBLIC
Cyber Security in Power and Automation
April 6, 2018 * Merriam-Webster’s dictionarySlide 4
Why is Cyber Security an Issue?
Modern automation, protection, and control systems are highly specialized IT systems
• Leverage commercial off the shelf IT components
• Use standardized, IP-based communication protocols
• Are distributed and highly interconnected
• Use mobile devices and storage media
• Based on software (> 50% of the ABB offering is software-related)
• Increased attack surface as compared to legacy, isolated systems
• Communication with external (non-OT) systems
• Attacks from/over the IT world
Power and Automation Today Cyber Security Issues
PUBLIC
..if not - cos t o f Cyb er Crim eCyber Securit y
Ap ril 6, 20 18 Slid e 5
Eva lua t ed t he cyb er s ecurit y resp onses o f 2,182 int e rviews from 254 com p anies in s even count ries - Aus t ra lia , France , Germ any, It a ly, Jap an, Unit ed King d om and t he Unit ed St a t es where som e of t he b us ines s was ; Ind us t ria l/ m anufact uring , Financia l, Energ y, Hea lt hcare , Com m unica t ion, Transp ort a t ion and Technology. • $2.4 m illion averag e cos t o f m a lware a t t ack sp end and t he t op
cos t t o com p anies• 50 d ays averag e t im e t o reso lve a m a licious ins id ers a t t ack• 23 d ays average t im e t o reso lve a ransom ware a t t ack
Global st udy
Source : Ponem on Ins t it ut e – 20 17 COST OF CYBER CRIME STUDY
..if not -> t yp ica l find ing sCyber Securit y
Ap ril 6, 20 18 Slid e 6
– Cyb er crim es cont inue t o ris e fo r o rg aniza t ions– Cyb er crim e cos t varies b y o rg aniza t iona l s ize– All ind us t ries fa ll vict im t o cyb ercrim e , b ut t o d iffe rent d eg rees– The m os t cos t ly cyb er crim es a re t hos e caus ed b y m alicious ins id ers , d enia l o f s e rvices and web -b as ed a t t acks– Cyb er a t t acks can g e t cos t ly if no t res o lved q uickly– Bus ines s d is rup t ion rep res ent s t he hig hes t ext e rna l cos t , fo llowed b y t he cos t s as s ocia t ed wit h info rm at ion los s– Dep loym ent o f s ecurit y int e llig ence s ys t em s m akes a d iffe rence
PUBLIC
—
April 6, 2018 Slide 7
This is not “fake news”…
Attacks are real and have an actual safety, health, environmental, and financial impact
PUBLIC
Cyber Security in Power and Automation
April 6, 2018 Slid e 8
Cyber Securit y Services wit h lif ecycle management
– Safe op era t ions from ABB Collab ora t ion Cent er– Increased up t im e – avo id ing shut d owns / ensure
m ore s t ab le op era t ion – 10 yea rs exp erience wit h op era t o r p a rt nership – Com p liance wit h int e rna t iona l bes t p ract ices
• ISA/ IEC 62443
Benefit s
ABB is actively participating in establishing best practices as part of international industry standards
PUBLIC
Service quadrantCyber Securit y Lif e Cycle Management
Ap ril 6, 20 18 Slid e 9
Service port f olioCyb er Securit y Benchm ark
Cyb er Securit y Fing erp rint
Cyb er Securit y As s es s m ent
Securit y Pa t ch Manag em ent
Malware Pro t ect ion Manag em ent
Us er & Acces s Manag em ent
Backup and Recovery Manag em ent
Net work Securit y Manag em ent
Cyb er Securit y Monit o ring
Sys t em Securit y Manag em ent
Cyb er Securit y Maint enance
Cyb er Securit y Ris k As s es s m ent
Com p liance Manag em ent
PUBLIC
Complet e life cycle o f p ro t ect ionHow can ABB help our cust omers?
Ap ril 6, 20 18• * Current ly b e ing d evelop ed• ** Planned t o b e d eve lop edSlid e 10
Prot ect
Know where t o f ix
First ident if ying what needs t o be prot ect ed
Perform Benchm arks , Fing erp rint s o r as s es s m ent s
Know how and what t o f ix
Implement securit y solut ions f or prot ect ion
Our cyb er s ecurit y s e rvice p ort fo lio p ro t ect s your s ys t em from int rus ion
Abilit y t o det ect
Monit or t o not if y breaches and vulnerabilit ies
Cont inuous s ecurit y m onit oring t o p red ict unwant ed Incid ent s
Ident if y Det ect Respond Recover
Abilit y t o help
Respond t o help if compromised
We can offe r on d em and incid ent res p ons e and s ched uled m aint enance
Abilit y t o rest orat ion
Proper backup and recovery
Ens ures t ha t you have a m aint a ined b ackup s ys t em wit h recovery fea t ures
We will d e liver cyb er s ecurit y s ervices acros s ABB’s s cop e of sup p ly AND acros s our cus t om ers ’ flee t
Diagnose Design & Implement Sust ain
..how can we prot ect our syst ems? ->Mult i-p has e ap p roachCyber Securit y Lif e Cycle Management
Ap ril 6, 20 18 Slid e 11
Im p lem entDiag nos e Sus t a in
Cyb er Securit y Lifecycle Manag em ent is es t ab lished t o m aint a in inform at ion s ecurit y fo r crit ica l p roces s cont ro l sys t em s .
Purp ose : Com p ly t o int e rna t iona l s t and ard s (p rim arily IEC62443) and ABB exp erience
Why: Prevent unaut horized acces s , use , d is rup t ion or m od ifica t ions t ha t can lead s t o d es t ruct ion of t he cont ro l sys t em
What : Have d efined s ervices t o sup p ort op era t ors t o m aint a in hig h leve ls o f cyb er s ecurit y in t he ir d a ily rout ines
PUBLIC
Det ermine cyber securit y st at usCyber Securit y Lif e Cycle Management
Ap ril 6, 20 18 Slid e 12
Diag nos e
Collect ion inform at ion ford efined cyb er KPIs
Det erm ine s t a t us and com p ly itwit h int e rna t iona l s t and ard s , cus t om er p olicy andreq uirem ent s and ABB exp erience
This p hase is recom m end ed forcus t om er sys t em s in op era t ions
• Dat a
• Collect
• St ore
• View
• Analyze
• Int erp re t
• Rep ort
PUBLIC
Fill t he gaps ident if ied in t he diagnose phaseCyber Securit y Lif e Cycle Management
Ap ril 6, 20 18 Slid e 13
Im p lem ent
Cyb er Securit y Guid e lines 10 0 - Securit y Po licy 10 1 - Securit y Des ig n Sp ecifica t ion 10 2 - Ant ivirus Soft ware 10 3 - Pa t ch Manag em ent 10 4 - Secure Default Set t ing s & Hard ening 10 5 - Acces s & Account Manag em ent 10 6 - Backup & Recovery 10 7 - Plant Net work Top o logy 10 8 - Secure Rem ot e Acces s 10 9 - Sys t em Connect ivit y 110 - Securit y Monit o ring & Diag nos t ics
PUBLIC
Im p lem ent a t ion of s ecurit y so lut ions
Securit y up d a t e o f sys t em s
Prep ara t ion fo r lifecycle m aint enance
Maint ain performance improvement sCyber Securit y Lif e Cycle Management
Ap ril 6, 20 18 Slid e 14
Sus t a in
Service ag reem ent s a re t a ilo red t o fit cus t om er need s . They can includ e everyt hing from securit y m onit o ring wit h incid ent resp onse t o s ched ule m aint enance
OGC Care
Site service desk
Shared work
processes
Integrated roles
Scheduled services
PUBLIC
Summary – Mult ip has e ap p roachCyber Securit y Lif e Cycle Management
Ap ril 6, 20 18 Slid e 15
DiagnoseMeasure p erfo rm ance g apForecas t b enefit sDeliver act ion p lan
ImplementFix p erfo rm ance g apIm p lem ent s e rvicesDefine m onit o r p lan
Sust ainSecurit y m onit o ringSched uled m a int enance Incid ent resp onse
Service
Increased Performance
DiagnoseMeas ure p erform ance g apForecas t b enefit sDeliver act ion p lan
1
ImplementFix p erform ance g ap
Im p lem ent s ervicesDefine m onit or p lan
2
SustainManag e p erform ance g apSched uled m a int enance
3PUBLIC
April 6, 2018 Slid e 16
Des crip t ion o f s ervices
DiagnoseCyber Securit y Fingerprint & Benchmark
Ap ril 6, 20 18 Slid e 17
Provid es a com p rehens ive view of your s it e ’s cyb er s ecurit y s t a t us . Id ent ifies s t reng t hs and weaknes ses fo r d efend ing ag a ins t an a t t ack wit hin your p lant ’s cont ro l sys t em s . Red uces p o t ent ia l fo r sys t em and p lant d is rup t ions . Increases p lant and com m unit y p ro t ect ion. Sup p lies a so lid found a t ion from which t o b uild a sus t a inab le cyb er s ecurit y s t ra t eg y.
Overview
PUBLIC
DiagnoseCyber Securit y Assessment
Ap ril 6, 20 18 Slid e 18
In-d ep t h survey t o ob t a in d e t a iled info rm a t ion ab out – t he sys t em infra s t ruct ure– t he e ffect ivenes s and s t a t us o f exis t ing cyb er s ecurit y
m easures– Policies & Proced uresThe a s ses sm ent is ca rried out b y ABB in close coop era t ion wit h t he cus t om er and wit hin a clea rly d efined s cop e o f work.Collect ed d a t a is com p ared ag a ins t ind us t ry b es t p ract ices and s t and a rd s t o d e t ect weaknes ses wit hin your sys t em ’s d efense .Pinp o int s a reas t ha t req uire act ion t o he lp p ro t ect your sys t em b y ensuring it has m ult ip le layers o f s ecurit y.Prop oses a so lut ion t ha t will m a int a in t he sys t em 's cyb er s ecurit y a t b es t -p ract ice leve ls
Overview
PUBLIC
ImplementSecurit y Pat ch Management
Ap ril 6, 20 18 Slid e 19
Mod ern op era t ing sys t em s and em b edded soft ware o ft en need t o b e p a t ched t o d efend aga ins t em erg ing t hrea t s . Efficient p a t ch m anag em ent is an es sent ia l p a rt o f any s ecurit y p o licy, b ut one t ha t is o ft en neg lect ed .
This s e rvice includes im p lem ent a t ion o f m anag em ent sys t em s t ha t hand le s ecurit y up d a t es fo r t hird p a rt y so ft ware (e .g . Microsoft o r Ad ob e p rod uct s ). Service can include :– Pa t ch q ua lifica t ion– Pa t ch d e livery (online o r o ffline)– Pa t ch d ep loym ent
Overview
PUBLIC
ImplementMalware Prot ect ion Management
Ap ril 6, 20 18 Slid e 20
A com m on t hrea t t o cont ro l sys t em s is t he infect ion wit h m a lware , o ft en g eneric m a lware circula t ing on t he Int e rne t b ut a lso t a rg e t m a lware fo r cont ro l sys t em s . Com m on ant i-virus so lut ions a re a p a rt o f t he s ecurit y a rchit ect ure recom m ended b y ABB.ABB exp ert s s ecure your p ower and aut om at ion sys t em s wit h ind us t ry-s t andard m a lware and int rus ion p ro t ect ion so lut ions , like ant i-virus p ro t ect ion. This s e rvice includ es im p lem ent a t ion o f m anag em ent sys t em s t ha t hand le m a lware p ro t ect ion.Service can include :– AV s ig na t ure up d a t es q ua lifica t ion– AV s ig na t ure up d a t es d e livery (online)– AV s ig na t ure up d a t es d ep loym ent
Overview
PUBLIC
ImplementBackup and Recovery Management
Ap ril 6, 20 18 Slid e 21
If t he wors t d oes hap p en, and cyb er-a t t ack o r na t ura l d is a s t e r s t rikes , t hen ABB’s b ackup and em erg ency resp onse s e rvices enab le a rap id recovery t o norm a l op era t ions .This s e rvice includes im p lem ent a t ion o f m anag em ent sys t em s t ha t hand le b ackup and res t o re .ABB’s b ack-up so lut ions ensure t he int eg rit y, and ava ilab ilit y, o f crit ica l d a t a and t he sys t em , no m a t t e r wha t hap p ens t o t he o rig ina l.
Overview
PUBLIC
ImplementNet work Securit y Management
Ap ril 6, 20 18 Slid e 22
Firewa lls p ro t ect t he p erim et er o f a ne t work ag a ins t out s id er int rus ion.
ABB’s m anag ed firewa ll s e rvice ensures your p erim et er p ro t ect ion is act ive ly m onit o red and m a int a ined .
Seg reg a t ed ne t works a llows fo r an eas ie r enforcem ent o f t he p rincip le o f lea s t p rivilege on a ne t work com m unica t ion leve l. Also , it is crucia l t o cont a in p o t ent ia l incid ent s t o a d efined sub sys t em and t o p revent a s ing le b reach o f s ecurit y t o sp read t hroug hout t he ent ire sys t em and int o o t her sys t em s .
A well-des igned s ecurit y p o licy will s ep a ra t e t he ne t work int o d is t inct , cont ro lled zones , p ro t ect ed b y int e rna l firewa lls t o ensure t ha t a com p rom ised s e rver d oesn’t m ean com p rom is ing t he ent ire ne t work.
Overview
PUBLIC
ImplementUser & Access Management
Ap ril 6, 20 18 Slid e 23
Im p lem ent ing user account s and acces s rig ht s is t he recom m ended m echanism t o enforce t he p rincip le o f lea s t p rivilege on t he user leve l. Defining user acces s rig ht s and user p o licies , a re a ll im p ort ant m easures .
Typ ica l user d efinit ions t o b e im p lem ent ed a re account s o f t he p roces s cont ro l sys t em , d em ilit a rized zone and fo r rem ot e work.
This s e rvice g ives t he cus t om er p eace o f m ind t ha t users o f t he sys t em a lways have t he ap p roved and re levant acces s rig ht s .
Overview
PUBLIC
Sust ainCyber Securit y Monit oring
Ap ril 6, 20 18 Slid e 24
Id ent ifies , cla s s ifies and he lp s p rio rit ize op p ort unit ies t o im p rove t he s ecurit y o f your cont ro l sys t em b y com p aring d a t a co llect ed ag a ins t ind us t ry b es t p ract ices and s t and a rd s t o d e t ect s ecurit y vulnerab ilit ies .
Feat ures:– Aut om at ic, non-invas ive d a t a g a t hering
– Proact ive ana lys is o f KPIs t o d e t ect p os s ib le s ecurit y weaknes ses
– On-d em and ana lys is
– On-s it e o r rem ot e acces s fo r s it e p ersonne l and ABB exp ert s
– Config urab le a le rt s (loca lly and e -m a il)
Overview
PUBLIC
Sust ain Syst em Securit y Management
Ap ril 6, 20 18 * Und er d eve lop m entSlid e 25
Monit o r and p ro t ect your OT (Op era t iona l Technology) ne t works from ad vanced cyb er s ecurit y t hrea t s from a s ecurit y op era t ion cent e r.
Feat ures:– 24/ 7 s ecurit y m onit o ring and ana lys is o f s ecurit y event s
– Manag ed IDS p la t fo rm
– On-d em and securit y ana lys is and rep ort ing
– Incid ent resp onse
– Threa t Int e lligence *
– Asse t Manag em ent *
Overview
PUBLIC
Sust ainCyber Securit y Maint enance
Ap ril 6, 20 18 Slid e 26
ABB exp ert s s ecure your p ower and aut om at ion sys t em s .
Perfo rm reg ula r m a int enance t o keep your sys t em up d a t ed fo r b es t p os s ib le p ro t ect ion.
– Up d a t e t he sys t em wit h s ecurit y p a t ches– Maint a in you ant ivirus so lut ion– Make sure t he b ackup so lut ion is working – Maint a in your firewa lls and swit ches– Make sure your sys t em users have t he rig ht acces s p rivileges
Overview
PUBLIC
Consult ingCyber Securit y Risk Assessment
Ap ril 6, 20 18 Slid e 27
This s e rvice cont a ins an IEC 62443 b ased p roces s fo r p erfo rm ing a s ecurit y risk a s ses sm ent s . The a s ses sm ent sha ll im p rove t he s ecurit y o f t he p rod uct s and sys t em s , p erfo rm a t hrea t s / risks b ased s ecurit y s t a t us eva lua t ion and a p lan fo r p rio rit izing t he t hrea t s / risks fo r t he cont ro l sys t em .
Risk a s ses sm ent id ent ifies and q ua lit a t ive ly a s ses ses risk an o rg aniza t ion is exp osed t o
Securit y a s ses sm ent checks com p liance wit h g iven req uirem ent s , e .g . from int e rna l, na t iona l o r int e rna t iona l s t and a rd s o r reg ula t ions
Overview
Ris k
PUBLIC
Consult ingCompliance Management
Ap ril 6, 20 18 Slid e 28
Wit h t his s e rvice , a com p liance review of a cont ro l sys t em is p erfo rm ed in accord ance wit h t he IEC 62443-3-3 Sys t em Securit y Req uirem ent s and Securit y Leve ls s t and a rd . This p a rt o f t he IEC 62443 s e ries sp ecifies t he req uirem ent s fo r t he s ecurit y cap ab ilit ies o f an Ind us t ria l Aut om at ion and Cont ro l Sys t em (IACS) a s a whole .
Review Eva lua t e whet her t he a s se t owner’s t a rg e t s ecurit y leve l (SL-T) req uirem ent s have b een m et b y t he Ind us t ria l Aut om at ion and Cont ro l Sys t em (IACS) so lut ion, Id ent ifies s ecurit y g ap s , Defines a s ecurit y road m ap t o reso lve is sues .
Overview
Com p liance
PUBLIC
Cyber securit y is included in..Cyber Securit y Lif e Cycle Management
Ap ril 6, 20 18 Slid e 29
– Des ig n– Im p lem ent a t ion– Verifica t ion– Release– Sup p ort
– Des ig n– Eng ineering– FAT– Com m iss ioning– SAT
– Op era t ion– Maint enance– Review– Up g rade
Cyber Securit y f rom t he beginning t o t he end
Product Lif ecycle Project Lif ecycle Plant Lif ecycle Service Lif ecycle
OGC Care
Site service desk
Shared work
processes
Integrated roles
Scheduled services
PUBLIC
Value proposit ionCyber Securit y Lif e Cycle Management
Ap ril 6, 20 18 Slid e 30
Customer’s peace of mind Safet y and int egrit y
• Enhances risk m it ig a t ion ag a ins t a cyb er s ecurit y a t t ack
• Im p roves sys t em ava ilab ilit y• Increases p lant p ro t ect ion• Im p roves p rod uct ion and eq uipm ent up t im e • Help s ensure com p liance wit h int e rna t iona l s t and a rd s
and cus t om er’s int e rna l s ecurit y p o licy
PUBLIC
Services d elivered from a Glob a l Service o rg aniza t ionABB Abilit y Collaborat ive Operat ions
Ap ril 6, 20 18 Slid e 31
PUBLIC
Global Core Compet ency cent er for cyber securit yABB Abilit y Collaborat ive Operat ions
Ap ril 6, 20 18 Slid e 32
Service port f olio
Cyb er Securit y Benchm ark
Cyb er Securit y Fing erp rint
Cyb er Securit y As s es s m ent
Securit y Pa t ch Manag em ent
Malware Pro t ect ion Manag em ent
Us er and Acces s Manag em ent
Backup and Recovery Manag em ent
Net work Securit y Manag em ent
Cyb er Securit y Monit o ring
Sys t em Securit y Manag em ent
Cyb er Securit y Maint enance
Securit y Ris k As s es s m ent
PUBLIC
Secure and ef fect ive access t o t he syst ems t hrough remot e workABB Abilit y Collaborat ive Operat ions
Ap ril 6, 20 18 Slid e 33
ABB Collab ora t ion Cent re 's wit h rem ot e m onit o ring & op era t ion room s .
PUBLIC
Why ABB? One vendor! One Solut ion st ack t oday and for t he fut ure !Cyber Securit y Lif e Cycle Management
Ap ril 6, 20 18 Slid e 34
Diagnose Implement Sustain
Protect and D
efend
ABB is active in establishing best practices as part of international industry standards like ISA/IEC 62443.
Design Install and configureThreat intelligence and
Training
Assess system health System deliveryScheduled maintenance and
Incident response
Benchmark & Fingerprint Fix performance gapsSecurity monitoring and
remote support
PUBLIC
TopologyCyber Securit y Lif e Cycle Management
Ap ril 6, 20 18 Slid e 35
PUBLIC
Cont act info rm a t ionCyber Securit y Lif e Cycle Management
Ap ril 6, 20 18 Slid e 36
Sup p ort :ABB Cont act Cent er – Norway
Phone: +47 22 87 20 0 0
E-m ail: cont act .cent e r@no .ab b .com