Industrial Security Reale Gefahren aus dem virtuellen Raum · Page 7 January 2015 Industrial Security, ... Sony Hack Zeus SpyEye Rustock ... system design IS* 08/2013 IS* 4Q14 ID*

Unrestricted / © Siemens AG 2015. All Rights Reserved. siemens.com/industrialsecurity

Industrial SecurityReale Gefahren aus dem virtuellen Raum

Helping to increase your resistance to attack

Unrestricted / © Siemens AG 2015. All Rights Reserved.January 2015Page 2 Industrial Security, Reale Gefahren aus dem virtuellen Raum

• The age of cyberattacks

• The concept of Defense-in-Depth

• The Siemens approach

• Awareness is Key

• Outlook: in future cybersecurity will be regulated

Industrial Security


Security TrendsGlobally we are seeing more network connections than ever before

Source: World Economic Forum, 50 Global Risks

Trends Impacting Security

• Cloud Computing approaches

• Increased use of Mobile Devices

• Wireless Technology

• Reduced Personnel Requirements

• Smart Grid

• The worldwide and remote access to remoteplants, remote machines and mobile applications

• The “Internet of Things”


Industrial SecurityThe corporate security chain is only as strong as its weakest link

Security Can Fail at Any of these Points

• Employee• Smartphone• Laptops• PC workstations• Network infrastructure• Mobile storage devices• Tablet PC• Computer center• Policies and guidelines• Printer• Production systems


Industrial SecurityWhy has industrial security become so important?

Main Trends Impacting the Vulnerability of Automation Plants

• Horizontal and vertical Integration at all network levels• Connection of automation networks with IT-Networks and Internet for remote

maintenance• Increased use of open standards and PC-based systems• Possible Threats increased due to these trends:

• Access violation through unauthorized persons• Espionage and manipulation of data• Damages and data loss caused by malware

• Several security incidents reveal the vulnerability of automation plants.


Industrial SecurityCyber vulnerabilities can affect your plant at many level

The Need to Act Because of Cyber SecurityVulnerabilities

• Loss of intellectual property, recipes,…• Sabotage of production plant• Plant downtime e.g. caused by virus and malware• Manipulation of data or of application software• Unauthorized use of system functions• Regulations and standards for industrial security

require conformance• Regulations:

FDA, NERC CIP, CFATS, CPNI, KRITIS• Standards:

ISA 99, IEC 62443


The Age ofComputerworms

Cybercrime andFinancial Interests

Politics andCritical Infrastructure

Cyberwarfare-Preparation

Threat analysisEvery three years new developments

CodeRed Slammer Blaster“Hacking for Fun”

Hobbyists

WormsBackdoorsAnti-Virus

HackersBlackHat

Viruses

Responsible Disclosure

Credit Card FraudBotnets Banker Trojans

PhishingAdware SPAM

WebSite Hacking

AnonymousSCADA

RSA BreachDigiNotar APT

Targeted AttacksSony Hack

Zeus SpyEye Rustock“Hacking for Money”

Organized Criminals

Aurora Nitro Stuxnet“Hacking for political and

economic gains”Hacktivists

State sponsored Actors

? ? ?“Development and spreadingof cyberwarface capabilities”

Multiple state- andnon-state actors

Underground exploit market

Systematic remote explorationand reconnaissance of criticalInfrastructures and vendors

Increasing sophistication, focusand brutality/impact of cyber methods

Introduction of malicious, sleepingfunctionality in critical products

?

Number of new malware signatures

Number of published exploitsNumber of published vulnerabilities

2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014


Top 10 threats







Industrial Security


IACS, automation solution, control system

IACS environment / project specific

Independent of IACS environment

Industrial Automation and Control System(IACS)

Operational and Maintenancepolicies and procedures

Product Supplier

SystemIntegrator

Asset Owner

develops

designs and deploys

operates

Control Systemas a combination of

Hostdevices

Networkcomponents ApplicationsEmbedded

devices

is the base for

+Automation solution

Basic Process Control System(BPCS)

Safety Instrumented System(SIS)


Actual structure of IEC / ISA-62443Main documents to be published

ComponentSystemPolicies and proceduresGeneral

1-1 Terminology, concepts andmodels

1-2 Master glossary of terms andabbreviations

1-3 System security compliancemetrics

IEC / ISA-62443

DefinitionsMetrics

Requirements to secure systemcomponents

Functional requirements Processes / procedures

Requirements placed on securityorganization and processes of the

plant owner and suppliers

Requirements to achieve asecure system

3-3 System security requirementsand security levels

3-1 Security technologies for IACS

2-3 Patch management in the IACSenvironment

4-2 Technical security requirementsfor IACS products

4-1 Product developmentrequirements

2-4 Requirements for IACS solutionsuppliers

3-2 Security risk assessment andsystem design

IS* 08/2013

IS* 4Q14

ID* 4Q13

ID* 4Q13

2-1 Requirements for an IACSsecurity management system

Ed.2.0Profile of

ISO 27001 / 27002

DC* 10/12DC* 2Q13

TR* 4Q14

IS* 2009 TR* 2009

*DC: Draft for Comment*CDV: Committee Draft for Vote

*IS: International Standard*TR: Technical Report

*ID: Initial Draft

DTS* 1Q14Rejected


Various parts of IEC / ISA-62443are addressing Defense in Depth

ComponentSystemPolicies and proceduresGeneral

IEC / ISA-62443Main partsof IEC 62443

‘Defense in Depth’ involves all stakeholders:Asset Owner, System Integrator, Product Supplier

2-4

3-2

2-1

2-4

3-3

4-2

4-1

Asset Owner

Operational and Maintenancespolicies and procedures

System Integrator

Policies and procedures

3-3Security capabilities of the

Automation Solution

Product Supplier

Development process

Security capabilities of the products







Product Supplier

SystemIntegrator

Asset Owner


Hostdevices


devices

is the base for




4-1

2-4

3-2

3-3

2-1

2-4

3-3

4-2

develops

designs and deploys

operates


Each stakeholder can create vulnerabilities

IACS environment



Product Supplier

SystemIntegrator

Asset Owner


Hostdevices


devices

base for




Hard coded passwords

Elevation of privileges

Default passwords notchanged

Temporary accounts notdeleted

Invalid accounts notdeleted

Non confidentialpasswords

Example: User Identification and Authentication

Passwords not renewedcan createweaknesses

can createweaknesses

can createweaknesses

develops

designs and deploys

operates







Industrial Security





Asset Owner Operational and Maintenancepolicies and procedures

+


Siemens is product and solution supplier

Product Supplier

SystemIntegrator

is the base for


Hostdevices


devices

Automation solutionBasic Process Control

System (BPCS)Complementary

Hardware and SoftwareSafety Instrumented

System (SIS)

develops

designs and deploys

operates


Industrial SecurityThe Defense in Depth Concept

Plant security§ Physical prevention of access to critical areas§ Establishing a Security Management Process

Network security§ Controlled interfaces between office and plant network

e.g. via firewalls§ Further segmentation of plant network

System integrity§ Antivirus and whitelisting software§ System hardening§ Maintenance and update processes§ User authentication for plant or machine operators§ Integrated access protection mechanisms in automation

components

Security solutions in an industrial context must take account of all protection layers


Industrial SecurityThe Siemens Approach

Siem

ens

Indu

stria

lSec

urity

appr

oach

The Siemens approach is based on five key points

The interfaces are subject to regulations -and are monitored accordingly.

PC-based systems must be protected.

Implementation of Security Management

The control level must be protected.

Communication must be monitored and canbe segmented.


Industrial SecurityThe Siemens Solution

Industrial Security Services Managed service andconsulting

Security Management Processes and policies

Products & SystemsSecure PCs,controllers andnetworks

§ Integral security in PCs andcontrollers

§ Security products fornetworking and communication

The Siemens solution reduces your risk with a well thought-out security concept


Step 2:

Implement

Planning, development andimplementation of a holistic

cyber security program

Step 3:

Continuous securityservices

Continuous security throughdetection and proactive

protection

Step-by-step approach for long-term protection of your industrial controlsystem (ICS)

• Vulnerability analysis• Gap analysis• Threat analysis• Risk analysis

• Global Threat Intelligence• Detection and resolution of

incidents• Fast adaptation to changing

threats

• Cyber security training• Development of security

strategies and procedures• Implementation of security

technology

Step 1:

Assess

Information about the securitystatus and development of a

security roadmap


Industrial SecurityThe Siemens solution for plant security

The interfaces are subject to regulations- and are monitored accordingly.

PC-based systems must be protected.



Communication must be monitored andcan be segmented.

Plant security


Industrial SecuritySecurity Management

Security Management is essential for a well thought-out security concept

Security Management Process

• Risk analysis with definition of mitigationmeasures

• Setting up of policies and coordination oforganizational measures

• Coordination of technical measures• Regular / event-based repetition of the risk

analysisTechnicalmeasures

Risk analysis

Validation &improvement

Policies,Organizational

measures

1

2

3

4


Industrial SecurityThe Siemens Solution for Network Security

Implementierung des Security-Managements

The interfaces are subject to regulations- and are monitored accordingly.


Network securityPC-based systems must be protected.

Communication must be monitored andcan be segmented.

System Integrity



Industrial SecuritySecurity Integrated is an essential component of a Defense in Depth concept

Plant security• Access blocked for unauthorized persons• Physical prevention of access to critical components

Network security• Controlled interfaces with SCALANCE firewalls• Further segmentation with Advanced CPs

System integrity• Know-how protection• Copy protection• Protection against manipulation• Access protection• Expanded access protection with CP 1543-1

Siemens products with Security Integrated provide security features such as integratedfirewall, VPN communication, access protection, protection against manipulation.


Industrial SecuritySIMATIC S7-1500 and the TIA Portal

Security Highlights

The SIMATIC S7-1500 and the TIA Portal provide several security features:• Increased Know-How Protection in STEP 7

Protection of intellectual property and effective investment:• Password protection against unauthorized opening of program blocks in STEP 7 and thus protection against

unauthorized copying of e.g. developed algorithms• Password protection against unauthorized evaluation of the program blocks with external programs

• from the STEP 7 project• from the data of the memory card• from program libraries

• Increased Copy ProtectionProtection against unauthorized reproduction of executable programs:• Binding of single blocks to the serial number of the memory card or PLC• Protection against unauthorized copying of program blocks with STEP 7• Protection against duplicating the project saved on the memory card


Industrial SecuritySIMATIC S7-1500 and the TIA Portal

Security Highlights

The SIMATIC S7-1500 and the TIA Portal provide several security features:• Increased Access Protection (Authentication)

Extensive protection against unauthorized project changes:• New degree of Protection Level 4 for PLC, complete lockdown (also HMI connections need password) *• Configurable levels of authorization (1-3 with own password)• For accessing over PLC and Communication Module interfaces• General blocking of project parameter changes via the built-in display

• Expanded Access ProtectionExtensive protection against unauthorized project changes:• Via Security CP1543-1 by means of integrated firewall and VPN communication

• Increased Protection against ManipulationProtection of communication against unauthorized manipulation for high plant availability:• Improved protection against manipulated communication by means of digital checksums when accessing controllers• Protection against network attacks such as intrude of faked / recorded network communication (replay attacks)• Protected password transfer for authentication• Detection of manipulated firmware updates by means of digital checksums

* Optimally supported by SIMATIC HMI products and SIMATIC NET OPC Server







Industrial Security


Security Awareness is a basic Element

Industrial Security must be addressed at different levels

Processes

Organization Technical Security

Standardization/Regulations

SecurityAwareness


… die 10 Top-Tipps der Informationssicherheit

1 Stufen Sie Informationen richtig ein, z.B. als “vertraulich”, und schützen Sie dieseentsprechend

2 Machen Sie Informationen nur denjenigen zugänglich, die diese wirklich benötigen

3 Geben Sie persönliche Passwörter, Zugangscodes oder Ihre PIN/PKI nicht weiter – auchnicht zu Vertretungszwecken

4 Speichern oder versenden Sie vertrauliche Informationen nur verschlüsselt. VerschlüsselnSie Ihre Kommunikation mit Externen

5 Nutzen Sie sichere Entsorgungswege für vertrauliche Informationen, z.B. spezielleContainer, Schredder

6 Führen Sie auf Reisen nur Informationen und Geräte mit, die Sie wirklich brauchen

7 Schützen Sie Informationen vor ungewollten Blicken und unerwünschten Zuhörern, im Büround in der Öffentlichkeit

8 Seien Sie stets vorsichtig und wachsam im Umgang mit dem Internet und mit E-Mails

9 Halten Sie Ihre PC- und Antivirus-Software stets auf dem aktuellen Stand

10 Verständigen Sie sofort Ihren InfoSec Advisor, wenn Sie unsicher sind oder Gefahrvermuten







Industrial Security


Security will be regulated


Assessment of cybersecurity requires an holistic approach

Cybersecurity protection of IACS

Asset OwnerAsset Owner has the appropriate

operational and maintenance policies and proceduresto operate in a secure fashion an automation solution

Automation solution fulfills the security functionalities requiredby the target protection level of the plant

Automationsolution

operates

Plant

controls

+

SL 1 Protection against casual or coincidental violation

SL 2 Protection against intentional violation using simple means with low resources, generic skills andlow motivation

Protection against intentional violation using sophisticated means with extended resources, IACSspecific skills and high motivation

Protection against intentional violation using sophisticated means with moderate resources, IACSspecific skills and moderate motivationSL 3

SL 4


Dr. Pierre Kobes

Product and Solution Security Officer

PD TI ATS TM 2

E-Mail: [email protected]

Thank you for your attention!

siemens.com/industrialsecurity


Industrial SecuritySupport & Service for Industrial Security

Information about Industrial Security

WWW: http://www.siemens.de/industrialsecurity

Email: [email protected]

Contact in Marketing Promotion Industrial Security

Oliver NarrEmail: [email protected]: +49 (911) 895-2442

Contact for Industrial Security Services

Stefan WoronkaEmail: [email protected]: +49 (721) 595-4500

http://www.siemens.de/industrialsecurity

mailto:[email protected]





SIMATIC System Presales Support Factory Automation


Phone: +49 (911) 895-4646

Contact in Security Product Management Factory Automation

Dirk GebertEmail: [email protected]: +49 (911) 895-2253

Contact for Motion Control

Sven HärtelEmail: [email protected]: +49 (9131) 98-3059






SIMATIC System Presales Support Process Automation


Phone: +49 (721) 595-7117

Contact in Security Product Management Process Automation

Jean-Luc GummersbachEmail: [email protected]: +49 (721) 595-8637





SIMATIC NET support for Network Security


Phone: +49 (911) 895-2905

Customer Support

WWW: http://support.automation.siemens.com

Phone: +49 (911) 895-7222


http://support.automation.siemens.com/


Industrial SecurityAny questions about Network Security??

Contact in Security Product Management Network Security

Franz KöbingerEmail: [email protected]: +49 (911) 895-4912

Contact in Business Development Network Security

Maximilian KorffEmail: [email protected]: +49 (911) 895-2839

Contact in Marketing Promotion Network Security

Christine GaidaE-Mail: [email protected]: +49 (911) 895-2111





Industrial SecuritySecurity Information

Siemens provides products and solutions with industrial security functions that support the secure operation of plants,solutions, machines, equipment and/or networks. They are important components in a holistic industrial security concept.With this in mind, Siemens’ products and solutions undergo continuous development. Siemens recommends strongly thatyou regularly check for product updates.

For the secure operation of Siemens products and solutions, it is necessary to take suitable preventive action (e.g. cellprotection concept) and integrate each component into a holistic, state-of-the-art industrial security concept. Third-partyproducts that may be in use should also be considered. For more information about industrial security, visithttp://www.siemens.com/industrialsecurity.

To stay informed about product updates as they occur, sign up for a product-specific newsletter. For more information, visithttp://support.automation.siemens.com.

http://www.siemens.com/industrialsecurity

http://support.automation.siemens.com/


Dr. Pierre Kobes

Product and Solution Security Officer

PD TI ATS TM 2

E-Mail: [email protected]

Thank you for your attention!

siemens.com/industrialsecurity

Documents

Industrial Security Reale Gefahren aus dem virtuellen Raum · Page 7 January 2015 Industrial Security, ... Sony Hack Zeus SpyEye Rustock ... system design IS* 08/2013 IS* 4Q14 ID*