The LOGIIC The LOGIIC ConsortiumConsortium

Zachary Tudor, CISSP, CISM, CCPProgram DirectorSRI International

Presentation OutlinePresentation Outline

• About LOGIIC

• LOGIIC Projects

o Correlation Project

o SIS Project

o Host Protection Project

• Summary

2

PresenterPresenter

3

Zach Tudor is a Program Director in the Computer Science Laboratory at SRI International, supporting operational and R&D cyber security programs including the DHS Cyber Security Research and Development Center (CSRDC). For CSRDC he provides technical support, subject matter expertise, and project management for projects including LOGIIC and the Industrial Control System Joint Working Group (ICSJWG) R&D working group. Prior to his work at SRI, he led a team of cyber security engineers and analysts directly supporting the Control Systems Security Program (CSSP) at DHS.

LOGIIC Value LOGIIC Value Proposition Proposition (Need and (Need and

Approach)Approach)

• In 2004, Chevron and DHS S&T identified a need for a framework to enable collaborative, pre-competitive cybersecurity R&D in the Oil and Gas sector

• The approach selected was to establish a government/private partnership, leveraging national laboratories, the research community, security technology providers, and automation vendors.

LOGIIC Value LOGIIC Value Proposition Proposition (Benefits and (Benefits and

Alternatives)Alternatives)• Benefits to O&G include accelerated security improvements in

critical networks:o 5:1 ROI on R&D investmento Access to leading R&D, facilities for technology integration, test,

and evaluationo Unified voice to vendors.

• DHS S&T benefits from a proactive, cooperative engagement with industry to promote security in critical infrastructure systems

• Security technology providers have an opportunity to evaluate solutions in what may be for them new market environments

• Vendors have access to leading technology and new market opportunities

• LOGIIC differs from other O&G associations and consortia in its unique ability to fund RDT&E and enable cooperation among stakeholder communities

The LOGIIC Model ofThe LOGIIC Model of

Government & Industry Government & Industry

PartnershipPartnership Linking the Oil and Gas Industry to Improve Cyber

Security

• LOGIIC is an ongoing collaboration of oil and natural gas companies and the U.S. Department of Homeland Security, Science and Technology Directorate.

• LOGIIC facilitates cooperative research, development, testing, and evaluation procedures to improve cybersecurity in petroleum industry digital control systems.

• LOGIIC undertakes collaborative research and development projects to improve the level of cybersecurity

• LOGIIC promotes the interests of the sector while maintaining impartiality, the independence of the participants, and vendor neutrality

LOGIIC Broke New Ground in LOGIIC Broke New Ground in Consortium Governance for Consortium Governance for

Collaborative R&DCollaborative R&D• The Automation Federation (AF) serves as the LOGIIC

host organization o Members approved a participation agreement with AFo Each project is covered by a Project Addendum to this agreement

• Member companies contribute financially and technically, provide personnel who meet regularly to define projects of common interest, and provide staff to serve on the LOGIIC Executive Committee.

• Current members of LOGIIC include BP, Chevron, Shell, Total, and other large oil and gas companies that operate significant global energy infrastructure.

• The U.S. Department of Homeland Security, Science and Technology Directorate has contracted with the scientific research organization SRI International to provide scientific and technical guidance as well as project management for LOGIIC.

LOGIIC Model Adds Major Value LOGIIC Model Adds Major Value

to the Oil & Gas Industryto the Oil & Gas Industry• Industry gains access to Government-funded

experts and labs they would otherwise not have easy access to.

• Participant commitment is key. This kind of partnership is not a spectator sport – the first LOGIIC project was a success because time and resources were invested and people were committed to doing great work.

• The LOGIIC Correlation Project resulted in a real and validated solution, not just a paper product.o Chevron Pipeline deployed the solution with some of these benefits:

• Monitor events in real-time instead of weekly• Reduce investigation time for events by at least 85%• Provide forensic evidence

o Many vendors are now developing their products; some are already available in the market.

LOGIIC: A Win for AllLOGIIC: A Win for All• Government wins:

o Contributing to security of the critical infrastructure networks of the nationo Cooperative partnership with O&G sector

• Oil and gas industry wins:o Improvements to the protection of their networkso Proactive engagement with government o Leveraged ROI from modest R&D investmento Unified voice in defining system security requirementso Rationale for influencing vendor product offerings

• Vendor wins:o Access to cutting-edge researcho Vendors share ideas and build relationships with other IT security vendors,

control system vendors, research institutions and labs, and industry participants

o Access to new markets, future programs and opportunities

The LOGIIC Correlation The LOGIIC Correlation Project (2005-2006) Project (2005-2006)

• Industry contributedo Requirements and operational

expertiseo Project managemento Product vendor channels

• DHS S&T contributedo National Security Perspective on

threatso Access to long term security

researcho Independent researchers with

technical expertise o Testing facilities

The LOGIIC Correlation The LOGIIC Correlation

ProjectProject

• Opportunity: Reduce vulnerabilities of oil & gas process control environments by correlating and analyzing abnormal events to identify and prevent cyber security threats

• Approach: o Identify new types of

security sensors for process control networks

o Adapt a best-of-breed correlation engine to this environment

o Integrate in testbed and demonstrate

o Transfer technology to industry

BusinessNetwork

ProcessControlNetwork

LOGIICCorrelationEngine

ExternalEvents

AttackIndicationsandWarnings

LOGIIC SIS Project LOGIIC SIS Project

Security of Safety Instrumented Security of Safety Instrumented

SystemsSystems

• SIS objective: bring a process plant to a safe state when an excursion outside pre-established operating parameters occurs

• SIS increasingly integrate with process control systemso Traditional physical separation between control and safeguarding has

been reduced through integration of certain systems components of control systems and safeguarding systems

• Research Question: Is the technical integrity of our production facilities jeopardized because of Cybersecurity issues under SIS/BPCS integration? Challenges include:o Prevent false trips of SIS caused by corrupted SIS configuration or false

signals to SISo Ensure SIS activates when requiredo Prevent operator loss of view

SummarySummary

• LOGIIC is a model for government-industry technology integration, evaluation, and demonstration efforts to address critical infrastructure R&D needs

• LOGIIC enables its members to leverage the collective resources of the industry, government agencies, researchers, and subject matter experts for collaborative cyber-security projects

• LOGIIC successful first project produced an industry-adopted solution, and validated the collaboration

• The LOGIIC SIS project delivered its findings to vendors and standards bodies

• The LOGIIC Consortium is working on new projects and planning on future projects