Safety System against Cyber AttackAddressing safety and security concerns

Fabio Beda

Confidential Property of Schneider Electric

Legal Disclaimer

• Copyright © Schneider Electric 2017

• The information contained herein is the property of Schneider Electric and any other use or disclosure of

such information is prohibited.

• This report shall not be reproduced, copied or used in whole or in part without prior written approval of

Schneider Electric.

• All rights reserved.

• The names, logos, and taglines identifying the products and services of Schneider Electric are proprietary

marks of Schneider Electric or its subsidiaries.

• All third party trademarks and service marks are the proprietary marks of their respective owners.

• Not for distribution.

• All dates are currently scheduled dates and are subject to change.

Page 2Confidential Property of Schneider Electric |

What is a Safety Instrumented System (SIS)?

Formal Definition:

SIS – “Instrumented System used to implement one or more safety

instrumented functions (SIF). A SIS is composed of any combination

of sensor(s), logic solver(s), and final element(s).”

[IEC61511 / ISA 84.01]

Informal Definition:

Instrumented Control System that detects “out of control” conditions

and automatically returns the process to a safe state

“Last Line Of Defence”

(Not basic process control system (BPCS)

Page 4Confidential Property of Schneider Electric |

Know the risks - Incidents that define Process Safety

Evolving Standards

2003 2010 20161996 1997

ISA SP84

Safety Lifecycle, Quantitative Approach

IEC61508

Safety Lifecycle, Quantitative and Qualitative Approach

IEC61508

2nd Edition

ANSI/ISA 84.01 = IEC61511

Functional Safety, SIS for the Process industry

(Except for Grandfather Clause)

IEC61511

2nd Edition

Nothing is more important than safety to the process control industry. Standards continue to

evolve as the industry continues to learn and improve.

Where would I need a SIS?

ESD Emergency ShutDown System

F&G Fire and Gas System

BMS/BPS Burner Management System/Burner Protection System

HIPPS High Integrity Pressure Protection System

TMC Turbo Machinery Control System

Emergency Shutdown Fire and Gas High Integrity Pressure Protection Burner Management

Boiler protection Pipeline protection Turbomachinery

control

Know the risks

Page 7Confidential Property of Schneider Electric |

Process

Safety

(IEC61511)

Cyber

Security

(IEC62443)

Digital

Events

Outside

the fence

Process

Events

Inside

the fence

Protect

Man from the machine

Protect

Machine from man

Know the risks

Page 8Confidential Property of Schneider Electric |

Process

Safety

(IEC61511)

Process

Events

Inside

the fence

Protect

Man from the machine

• Safety per IEC 61508

• Freedom from unacceptable risk of harm (to

people, equipment, environment) from the

Equipment Under Control

• Risk is probabilistic : Process hazards Risk

Reduction Factor SIL

• SIL is a function of dangerous undetected

failure rate & Proof test interval

– This is an inherent property of the Safety Logic

Solver

Know the risks

Page 9Confidential Property of Schneider Electric |

Cyber

Security

(IEC62443)

Digital

Events

Outside

the fence

Protect

Machine from man

• Security per IEC 62443

• Freedom from risk of incident

• Incident = event in which a particular threat

exploits a vulnerability

• is the ease of exploiting a vulnerability that

causes or can cause deterioration of function

of the system i.e. includes the attacker’s

property

• includes compromise of availability, integrity,

confidentiality / stealing

• Thus includes business and operation risk

Security Profiles

GS EP INS 135 – Clause 5.1

Security Level Definition

(IEC62443)

SL 1 Casual or coincidental violation

SL 2Intentional violation using simple means with low resources, generic skills

and low motivation

SL 3Intentional violation using sophisticated means with moderate resources,

IACS specific skills and moderate motivation

SL 4Intentional violation using sophisticated means with extended resources,

IACS specific skills and high motivation

Page 10Confidential Property of Schneider Electric |

Safety

Integrity

Level

Safety Probability of

failure on

demand

SIL 1 90% to 99% 1% to 10%

SIL 2 99 to 99.9% 0.1% to 1%

SIL 3 99.9% to 99.99% 0.01% to 0.1%

SIL 4 >99.99%0.001% to

0.01%

Most stringent

Cyber Security Safety

Page 11Confidential Property of Schneider Electric |

Cyber Security Risk Assessment

Page 12Confidential Property of Schneider Electric |

Industrial Information System (SII)

Measure

Control Protect

Operate Engineer Maintain

Enterprise Information System (SIE)

Resource

PlanningScheduling Finance

Maintenance

Management

Asset

Management

Environment,

Health, Safety

Incident

Management

Work

Authorization

Performance

and ReportingI

T

O

T

Risk Assessment

Risk Assessment

• Difficult to identify ICSS assets and assess vulnerabilities

• Challenge to determine the impact or consequence

• Difficult to estimate the likelihood or frequency

Expertise

Expertise

The current threat landscape

Page 13Confidential Property of Schneider Electric |

Cybersecurity landscape

Page 14Confidential Property of Schneider Electric |

ICS cybersecurity marketMillion

$USD

Source: ARC estimates

0

5,000

10,000

2014 2015 2016 2017 2018 2019 2020

Hardware Software Services

50,000

150,000

250,000

350,000

450,000

550,000

2012 2013 2014 2015 2016 2017

Over 500,000 new

malware per day

AV-Test.org Jan 2017

• NSA hacking tools stolen – Vault7

• Equifax – 143 million affected

• UBER – 50 million affected

• Critical industrial system attacks:

o Petya – 2,000 companies

(2017 Food & beverage)

o Wannacry - 150 countries

(2017 Medical & manufacturing)

• Food & beverage, energy, manufacturing:

o 2017 Cadbury factory

o 2017 Saint Gobain

o 2015 & 2016 Ukraine power grid

Recent industrial cyber incidents:

New malware created

Cybersecurity Market growth at 12.8% CAGR and Services at 15.7% CAGR

Today’s biggest threat vector

Page 15Confidential Property of Schneider Electric |

Page 16Confidential Property of Schneider Electric |

Perimeter security?

Physical security?

Layer 1 security?

Endpoint security?

Encryption?

Remote access?

Gaining the security edgeWhere should we focus our efforts?

Strategic Attack aimed at disrupting industrial

activities for:

- Monetary

- Competitive

- Espionage

- political or social gain

- or even as result of personal grievance

Page 17Confidential Property of Schneider Electric |

Gaining the security edgeWhere should we focus our efforts?

Cybersecurity Services & Solutions

Confidential Property of Schneider Electric

Connected Products

Edge Control

Apps, Analytics & Services

EcoStruxure

Platform

En

dto

En

d

Cyb

ers

ecu

rity

Clo

ud

an

d/o

r

On

Pre

mis

e

GridBuilding Data Center Industry

GRIDDATA CENTER PLANT MACHINEBUILDING POWER

EcoStruxure: 3 Innovation Layers, 4 End Markets, 6 Architectures

Page 4Confidential Property of Schneider Electric |

Policy and

Procedure

Physical

Network(s)

Application(s)

Host

Peer to Peer

Device SIS Logic Solver

Interconnectivity between safety

devices

Engineering, maintenance and

operator workstations

Cabinets, key switches,

physical access

Defence in Depth

Software Application:

engineering, operator,

maintenance, data analytics.

SIS to non safety systems

(DCS, HMI, Comms servers

etc.)

Standards, Compliance,

Best practices

Training and AwarenessPage 20Confidential Property of Schneider Electric |

Differentiation:

• Depth in IT

• Depth in OT

• Flexible solutions

• Custom design

Defense in depth:

• People

• Process

• Technology

Cybersecurity solutionsSecuring the operational lifecycle

Policy & Procedure

Asset Inventory

Gap Analysis

Risk & Threat

Compliance

Defense in Depth

Secure Architecture

Asset Management

Policy & Procedure

Security Assurance

Level

Policy & Procedure

Hardware & Software

System Hardening

Solution Integration

Knowledge Transfer

System Upgrades

Security Patches

Awareness &

Training

Incident Response

Penetration Testing

TrainSecurity

Awareness

Security

EngineerSecurity

Administrator

Advanced

Expert

People

Technology

Process

Assess Design Implement Monitor Maintain

Firewall Security

Device Mgmt.

Unified Threat Mgmt.

NIPS Device

Security Mgmt.

SIEM Security

Device Mgmt.

Page 22Confidential Property of Schneider Electric |

International standards compliance

Page 23Confidential Property of Schneider Electric |

Thank You

Find us at Desk 11