© 2010 Invensys. All Rights Reserved. The names, logos, and taglines identifying the products and services of Invensys are proprietary marks of Invensys or its subsidiaries. All third party trademarks and service marks are the proprietary marks of their respective owners.

© Invensys 00/00/00 Invensys proprietary & confidential Slide 2

Virtually Protected: Virtualization and ICS

SANS European Community SCADA & Process Control Summit 2012

Presented by Brian Endres, MCSE, MCP+I, PFA, VTSP

Brian.Endres@invensys.com

Principal Network Analyst - Invensys

Virtually Protected: Virtualization and ICS

Background

1. Virtualization Phases

2. Software Defined Hardware – CPU, Security, Data Center

3. Examples of various Pro’s and Cons

Slide 3

Virtually Protected: Virtualization and ICS

• Virtualization provides a software abstraction of the hardware. This allows us to use software in place of hardware and have the software emulate the hardware.

• Adding the virtual infrastructure increases the “surface area”.

• This means more area to attack or even fail, but it also means many more solutions for ICS deployments.

• More and more software is replacing hardware.

Slide 4

Two Virtualization Phases (what’s the 3rd?)

Host Virtualization

• Server Consolidation

• Portability and low MTTR.

• Reduced Cost

Enterprise Virtualization

• High Availability

• Load Balancing

• Fault Tolerance

• Disaster Recovery

• Data Center Automation

• Shared Storage

Virtualization motivators for IT

Cost reduction 1. •Consolidation of Machines

•Energy Reduction

•Life cycle extension

Management 2. •Upgrades of HW

•Central Management

•Fast Deployment

•Corporate standard libraries

Support 3. •Virtual Desktops

•Fast Deployment

•Backup Procedure more effective

Virtualization motivators for Operations Business Continuity 1.

•High Availability

•Disaster Recovery

•Fault Tolerance

•Clear backup policies

Operational Cost 2. •Footprint reduction

•Higher return on capital investment

•MTTR (Mean-Time-to-Repair) reduction

Support 3. •Thin Clients plant floor, no moving parts

• IT maintained

Common Barriers For Virtualization

Mitigations: Virtualization can work without a SAN

Performance – don’t over-commit resources

Source: VMWARE

Over-commitment of resources • Example: Server with 2 x 6 cores = 12 cores total.

• Add 5 VMs, 4 vCPU each (20 total cores). If each VM runs 100%

CPU, what happens?

Slide 9

Collapsing the Data Center

• The data center is collapsing and getting denser due to virtualization.

• The cloud era, which is the 3rd phase, is also changing corporate data

centers.

• This means that there is lots of data moving thru the virtual

infrastructure.

• However, ICS deployments are typically more static and physical.

Slide 10

Virtualization - The Software Defined Datacenter

• The future for IT

– The network and security layers are now becoming virtualized.

– Complex Multi-Network applications including security services can be

deployed in minutes including firewalls and security appliances.

– From Virtual Server -> to Virtual Application -> to Virtual Data Center

– But, it’s a hybrid world – we have both Physical and Virtual devices

Slide 11

Software Defined Datacenter – Defense in Depth in Depth

– Typical Defense in Depth

– SCADA and Process deployments can leverage virtual security per

application, then per production line, and then per plant.

Slide 13

VMware

Slide 14

VMware

Slide 15

VMware

Slide 16

VMware

Example: Virtual Application model (vApp)

• This provides security per application

• Application machines have specific firewalls, isolation, and

monitoring.

• Where the Castle has its perimeter wall, this is an interior wall

around just the application.

Slide 17

Example: Application model (vApp)

Slide 18

Example: Application model (vApp)

Slide 19

Example: Application model (vApp)

Slide 20

Slide 21

VMware

Virtualization Security Methodologies

• Hypervisor Introspection (Agentless security)

• Example: VMware vShield Endpoint:

http://www.vmware.com/files/pdf/products/vcns/VMware-

Integrated-Partner-Solutions-Networking-Security.pdf

Slide 22

Behavior based security trends

• Traditional security has focused on securing the perimeter

• Virtualization allows more internal activity to be analyzed

• The coming trend is for greater tools that monitor for good and bad

behavior within the virtual data center

Slide 23

Virtual Data Center Density Risks

• Increasing the computing density increases the risk of failures due to

more shared hardware components throughout the data center.

• Mitigate this concentration risk by using high-quality and resilient

hardware or using Disaster Recovery and/or Business Continuity

solutions.

• The more density in the workloads, the greater the resiliency and

redundancy of the physical hardware or system is required.

Slide 24

Concentration Risks – RAID5/SATA

• Dual parity is a minimum requirement with today’s larger SATA

drives, but we still see lots of RAID5 SATA deployments.

• SATA drives are commonly specified with an unrecoverable read error

rate (URE) of 10^14. Which means that once every 200 million

sectors (12TB), the disk will not be able to read a sector.

• You have a 62% chance of data loss due to an uncorrectable read

error on a 7 drive (2 TB each) RAID 5 with one failed disk, assuming

a 10^14 read error rate and ~23 billion sectors in 12 TB

Slide 25

Virtualization Extends Perimeter

• Virtualization creates a software boundary rather than physical

boundary.

• The data center edge can inadvertently expand beyond the secure

server room walls.

• This has advantages of reducing improving agility but also broadens

the attack surface area.

• Examples: Console access. Can someone watch you type?

Slide 26

Can physical firewalls or security appliances be

virtualized or do they need to stay physical?

• This was a common question a few years ago.

• Virtualized firewalls are one of the key components of a Software

Defined Datacenter.

• This means much more pervasive security appliances.

Slide 27

Segmented/Isolated Management layer?

• Is your Virtualization management layer sharing the same network as

your plant?

• Does your management layer have access to the internet?

Slide 28

VM Escape

• Virtual machine escape is an exploit in which the attacker runs code

on a VM that allows an operating system running within it to break

out and interact directly with the hypervisor or other co-resident

virtual machines

• Concern for public cloud vendors with multi-tenant deployments

• Mitigation: Avoid co-residency, CPU pinning

• On-premise private cloud deployments have more control

Slide 29

Closing

• If we can build security into smaller and more manageable units, we

can then manage security better as a whole.

• Yes, virtualization adds more complexity, but it also allows us to

simplify our security in the process, through software.

• It allows ICS systems to better define their application requirements

and have virtualization provide it.

Slide 30