Download Project 9 - 2015: Real- Time Data transfer

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
Document related concepts

Distributed firewall wikipedia , lookup

Wireless security wikipedia , lookup

IEEE 1355 wikipedia , lookup

Computer security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Transcript 
Project 9:
Real Time Data Transfer
“Name of Presenter”
Presenter
Enter details about the
presenter here.
More details about
the presenter.
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
2
The LOGIIC Model of
Government and Industry Partnership
Linking the
Oil and Gas Industry
to Improve
Cyber Security
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
3
Project 9: Real Time Data Transfer
Background
Assessment Approach
Assessment Findings
Conclusion
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
4
Real Time Data Transfer (RTDT)
Background
Overview
• Focused on assessment and analysis
• Solutions provide data sets that
support decisions
• Evaluated different RTDT technologies
• Conducted assessments in an IACS laboratory
• Findings were published in a report
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
6
Objective
Evaluate
Solutions
Presently
Available
Corporate Domain
Level 4 IEC 62443
RTDT
SERVER
DeMilitarized Zone (DMZ)
Level 3.5 IEC 62443
RTDT
RELAY
Industrial Automation
and Control Systems (IA/CS)
Up to Level 3 IEC 62443
RTDT
BPCS
WS
Reference
Architecture
BPCS 1
BPCS 1
BPCS
WS
BPCS 2
BPCS
WS
BPCS
WS
BPCS 2
BPCS
EWS
IMS
Antivirus
Backup
Alarms
Historian
Server
Antivirus
Backup
Alarms
Historian
Server
BPCS 1 NETWORK
BPCS
EWS
IMS
BPCS 2 NETWORK
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
7
Purpose
RECOMMEND
EVALUATE
IMPROVE
STUDY
PREPARE
PROVIDE
FOUNDATIONS
© 2016 LOGIIC APPROVED
FOR PUBLIC
RELEASE —
— 88
© 2016 LOGIIC
CONFIDENTIAL
Surveys
• Identified available vendor technologies
• Surveyed Executive Committee members
• Used to define scope, use cases, and test
scenarios
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
9
Real Time Data Transfer (RTDT)
Assessment Approach
Methodology
THREAT
RISK
VULNERABILITY
CONSEQUENCE
Risk = Threat x Vulnerability x Consequence
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
11
Onsite Assessment
• Reconnaissance
TEST
PLAN
• Information Capture and
Data Retrieval Attempts
• Targeted Attacks
• Denial of Service (DoS)
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
12
Vendor Approach
Automation
Vendor Solutions
Third-Party
Solutions
Each assessment conducted as
an independent sub-project.
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
13
Test Approach
Insider and Outsider Threat
Scenarios using SME Methods
• Public and
customized exploits
• Custom payloads
• Specialized test
equipment
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
14
Pre-work Phase
• Connection of test equipment
• Network validation
• Reconnaissance
• Traffic capture
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
15
Test Scenarios
0
1
Packet Captures
0
2
Configuration of Servers
0
3
Configuration of Firewalls
0
4
Network Access Control
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
16
0
5
Man-in-the-Middle
0
6
Data Packet Replay
0
7
Application Authentication
0
8
Denial of Service
17
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
17
0
9
Default Account Configuration
1
0
Audit Logs
11
Applicable Existing Exploits
18
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
18
Test Tools
KALI
LINUX™
U
U
U
EXISTING
EXPLOITS
U
U
NESSUS®
NMAP
FORENSIC
ANALYSIS
u
U
ETTERCAP
CUSTOM
ATTACK
SCRIPTS
U
WIRESHARK®
U
REVERSE
ENGINEERING
TOOLS
U
ARP
SPOOFING
TOOLS
U
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
19
Analysis of Findings
TECHNICAL
OPERATIONAL
Research
Usability
Documentation
Ease of Setup
Assessment Tests
Maintenance
Requirements
Background Info
Observations
Functional Tests
Skillsets to
Maintain and Use
System
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
20
Real Time Data Transfer (RTDT)
Assessment Findings
Positive Security
Attributes
Automation
and Third-Party
Vendors
Solution
Footprint
Third-Party
Technology within
Automation
Vendor Solutions
Networking
Components
Encryption
Network and
Packet Handling
Layered
Security
Management
and
Maintenance
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
22
Positive Security Attributes
Correct
Encryption
Implementation
Packet Integrity
and Privacy
Patching
Disabling
Unnecessary
Ports and
Services
Securing
Data at Rest
Log File
Structure and
Protection
Removal of
Default Settings
Configuration
of Network
Devices
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
23
Automation and Third-Party Vendors
• Automation Vendors who offer full control
systems alongside RTDT solutions
• Third-Party Vendors who specialize in the
RTDT area and do not sell full control systems
Both vendor solutions use OPC UA, DA,
and DCOM protocol standards
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
24
Automation Vendor Solutions
• Designed primarily to interface with a
particular control system
• Larger footprint, more components, more
configurability
• Typically more hardware and networking
components
• Comprehensive “package” for asset owners
• Assured it will work with their control system
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
25
Third-Party Vendors
• Perform a single objective
• Significantly smaller and consisted only of
software
• No networking hardware is included in the
solution
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
26
Solution Footprint
THIRD-PARTY
VENDORS
AUTOMATION
VENDORS
Smaller footprint
Larger footprint
Smaller attack surface
Broader attack surface
Less threat vectors
Vendor maintenance ops
Requires protection
from surrounding
architecture
Accreditation is attractive,
but not necessarily
more secure
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
27
Third-Party Technology
within Automation Vendor Solutions
• Common
• Vulnerabilities may exist at various levels
• Unpatched third-party OPC components
• Components must be configured to
recommendations made by the third-party
vendor
• Asset owners need supply-chain assurance
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
28
Networking Components
• Often include networking hardware and
firewall configuration
• Components did not always provide the
required security or perform as anticipated
• Asset owner assurance
• Management and patch maintenance
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
29
Encryption
• When encryption is
available, correct
implementation is critical
• Significant assessment
findings focus on encryption
• All solutions assessed offered
some type of encryption
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
30
Encryption Algorithm
• Commensurate with industry best practices
• Vendors should clearly identify the
algorithm in use
• Asset owners assumptions
• Assessments identified algorithm
implementation discrepancies
• Independent validation and testing
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
31
Encryption Implementation
• Secure only when implemented correctly
• Key generation, handling, and storage details
• Hard-coded keys or confusion on how to
change a key creates risks
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
32
Understanding When and
Where Encryption Exists
Passwords
Data Paths
Server authentication
Q
Q
Q
Data at Rest
Storage locations (optional)
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
33
Network and Packet Handling
• Firewalls and switches do not necessarily
protect against MiTM attacks
• ARP spoofing may also be possible
• Packet integrity or privacy protected against
MiTM attacks and data alteration
• Use of a true DMZ (as defined by industry
guidelines)
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
34
Layered Security
Storage
- Commonly a SQL database
- Configured with access controls
Log Files
- Content and system information
- Access controls such as read-only restrictions
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
35
Default Settings
- Default accounts and passwords
- Permission levels
- Application settings
- Unnecessary ports and services disabled
Tag Security
- Configurable tag security
- Granular access controls
- Default settings
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
36
Management and Maintenance
Troubleshooting
No significant obstacles
Time Range
45 minutes to
10 hours
!
INSTALL
ATION
d
Elements
Hardware, software,
configuration, and network
H
P
User Interface
Provided for configuration
and management
5
u
Settings
Recommendations
to change defaults
Patches
Each handled differently
per vendor
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
37
Real Time Data Transfer (RTDT)
Conclusion
Solutions
• Functionality is effectively the same for
automation and third-party vendors
• Varied in size, structure, and integration
• Automation vendor solutions typically include
hardware, software, and networking
components
• Third-party vendors typically provided
software-only solutions
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
39
Technical Findings
• Larger footprints create an increased attack
surface
• Solutions with third-party components require
security at all layers
• Encryption to protect data in transit
- Algorithm
- Key generation
- Key handling
- Storage
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
40
Security
• Securing networking components is critical
• Configure user settings, tag security, application
security
• Patching and updates are necessary
• A defense-in-depth approach within the design
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
41
Process
• Asset owners should work closely with vendors
• All technical details should be considered
• Operational considerations should be evaluated
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
42
It is possible to
securely transfer data
outside the core IACS environment
if all facets of the RTDT solution
have been secured and
a plan is established to maintain
the needed level of security
throughout the life-cycle.
© 2016 LOGIIC APPROVED FOR PUBLIC RELEASE —
43
Related documents
NT-ware Markets Global Market Expertise
NT-ware Markets Global Market Expertise
Period F
Period F
Green Wave Environmental Care Competition 2016
Green Wave Environmental Care Competition 2016
Phase 2- Parent Letter
Phase 2- Parent Letter
Selligent and StrongView 2016 Marketing Trends Survey
Selligent and StrongView 2016 Marketing Trends Survey
Public Relations and Strategic Communication Courses Fall 2016
Public Relations and Strategic Communication Courses Fall 2016
Dear (Insert Managers name), I would like to attend the
Dear (Insert Managers name), I would like to attend the
Chang Gung Cleft Workshop
Chang Gung Cleft Workshop
Chapter 2 – Motion Section 1 – Describing Motion Reference Point
Chapter 2 – Motion Section 1 – Describing Motion Reference Point
32nd IEEE International Conference on Data Engineering May 16
32nd IEEE International Conference on Data Engineering May 16