Defense In Depth

Sven Grone – Critical Controls Solutions Consultant

Presenting on behalf of

Glen Bounds Global Modernization Consultant

Are you prepared to be next?

Invensys Cyber Security

Agenda

• Cyber Security Defined

• Industrial Network Overview

• Industrial Network Security Challenges

• Defense In Depth Solutions

• Industry Leading Network Security Solutions

• Best of Breed System Security & Monitoring Solutions

• Security Focused Implementations

Slide 4

Cyber Security Defined

•The ability to control and preventunauthorized external or internalaccess to critical infrastructuresystems

– Why it’s important

• Increases (plant) safety

• Reduces down time

• Compliance to internal &country-specific regulations

• Protection of intellectualproperty

Slide 5

ICS/SCADA vulnerabilities have increasedmore than 600% since 2010!

Cyber-Espionage malware program stealssensitive documents from government for 5YEARS before being discovered!

Power company targeted by approximately10,000 cyber attacks per month!

Software Defined Radio (SDR) wirelesshack targets proprietary SCADA wirelesstechnology.

NSS Labs Vulnerability Report - 2013

Slide 6

Why Care?

CLIENTS

THREATS

INVENSYS

Mitigate business interruptionManage business risk

More frequentMore hostile

Vulnerabilities in offeringsProtect against legal action

Still......• Never happened to our company• Our networks are isolated• Not my Responsibility• Don’t see the benefit• Additional security hinders process• Does not increase revenue• There are more important issues...Sound familiar?

Slide 7

Evolution of Threats• Nature of threats diversifying

– Targeted - destructive

– Stealth - data gathering & IP theft

– Time delayed

– Hardware control vs. software corruption

– Communities of hackers (e.g. Anonymous)

• Motivation changing– State sponsored espionage

– Politically driven

– Corporate competition

– Disgruntled employees

– Criminal

• Not just external (malicious) attack– Unintentional introduction (USB, contactor Laptop)

– Covert hardware vulnerabilities

– Obsolete operating system vulnerabilities

• Threats evolving at pace of technology!

Slide 8

Priorities for Cyber Security

Availability

Traditional IT

Availability

Automation

There is a need to strike a balance between competing goals. The rightquestion is “What’s the appropriate amount of security?”

Slide 9

Industrial Network Overview

Slide 10

Industrial Network SecurityChallenges

• Increased Complexity and Connectivity• Corporate Access, Remote Access

Wireless, PCs, TCP/IP

• Evolving Threat Landscape

• Advanced Persistent Threat Attacks (APT)

• Stuxnet, Duqu, Flame, Gauss, Shamoon, ???

• Malware (Drive-by Exploits)

• Cloud-based Solutions

• Insider Threat

• Social Engineering

Slide 11

Defense In Depth Solutions• Industry Leading Network Security Solutions

• Juniper, Enterasys, Cisco, Ultra Electronics

• Best of Breed System Security and Monitoring Solutions

• McAfee, Symantec, Orion Solarwinds, Enterasys NETSIGHT

• Established Software & Hardware Vendors

• Microsoft, Dell, HP

• Experienced and Certified Security Consultants with 3rd partycertified credentials - CISSP, CCIE, Network+, Security+, ITIL

Slide 12

Industry Leading Network SecuritySolutions

• Juniper SRX and SSG Firewalls with Integrated IPS

Enterasys & Cisco Switches providing Edge to Core and Industrialconnectivity

Ultra Electronics Industrial Grade Wireless

Slide 13

Best of Breed System Security &Monitoring Solutions

• McAfee - Endpoint Security Solutions

• Symantec - Backup Solutions

NETSIGHT and Solarwinds - Monitoring Solutions

Slide 14

Security Focused Implementations

• Networking technologyutilized to create logicalsegmentation andredundant connectivity

• Custom Active Directory SecurityConfigurations which include robustlevels of System Lockdown and Auditing

Slide 15

Consulting Service Offerings• Vendor Independent Vulnerability Assessments

• On-Site Network Assessment, Design, Implementation

• Network / System Audit, Hardening, Security Evaluations

• Information Security Program Development / Training

• Change Control and Disaster Recovery Process Design / Review

• Incident / Emergency Response

Slide 16

Review (Overlay Security Solutions)

Slide 17

Security-Enhanced Solutions

Microsoft Patch Management

• Individual assessments and manual updates

Host Endpoint Protection

• Host Intrusion Prevention

• Anti Virus / Anti Spyware

• BIOS Lockdown

Host Backup

• Disaster recovery

• System restoration

Vulnerability Assessments

• System hardening / audit

Local Security Policies

• Access Control

• Account Management

• User Rights Assignments

Microsoft Windows Active Directory

• Centralized system management

• Individual User logons

• Group-based security policies

Microsoft Patch Management

• Centralized distribution

Centralized Endpoint Protection

• Host Intrusion Prevention

• Anti Virus / Anti Spyware

• Device Management (DLP)

Centralized Backup

• Disaster recovery

• System restoration

Network Segmentation

• Network-based AV / AS

• Network-based IPS

• Strict access policies

Centralized monitoring

• System Management

• System Statistics

• System Availability

• Alerting and reporting

IsolatedSystems

NetworkedSystems

Slide 18

Zoned Network SegregationDMZ Edge

Switch

Demilitarized Zone

Secure NetworkGateway + IPS

Any System that requiresaccess to the IT Networkand Zones

Slide 19

Plant / Enterprise Control

– Pi to Pi

– Alarms Management

– Data Historian

– WSUS

– ePO

Slide 20

1. Designing and building a secure operating

environment is priority #1 at Invensys

2. All products designed with security in mind to comply

with Industry and Corporate Standards

3. Dedicated ICST personnel assigned to each Security

Project

• Backed up by secondary team members

• Proven / certified expertise

• Domain knowledge

• Immediate response

“Safety and Cyber Security are job one at Invensys”Mike Caliel - President & CEO Invensys Operations Management

Slide 21

The Top 5 Cyber Security Questions

Questions for CEOs

How is our executive leadership informed about the current level and businessimpact of cyber risks to our company?

What is the current level and business impact of cyber risks to our company? Whatis our plan to address identified risks?

How does our cyber security program apply industry standards and best practices?

How many and what types of cyber incidents do we detect in a normal week? Whatis the threshold for notifying our executive leadership?

How comprehensive is our cyber incident response plan? How often is it tested?

Slide 22

Wrap Up!

1. Cyber threats are a reality – not if, but when

2. Types of threats are evolving, access vectors expanding - simpleisolation not adequate defense

3. Risk depends on many factors and needs to assessed, withappropriate protection put in place

4. Threats are evolving at the pace of technology – system hardwareand software currency and management is key

5. Defense in Depth strategy is the bare minimum needed toestablish a base for Cyber Security

6. Additional security layers are needed (hardware, software, people,practices)

7. Cyber security is a journey not a destination – has to be managedover lifecycle of asset

Slide 24

© Invensys 00/00/00

THANK YOUTHANK YOU

sven.grone@invensys.com

Critical Controls Solutions Consultant

Sven Grone