Download Cyber Security Education Consortium 2008 Retreat

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
Document related concepts

Distributed firewall wikipedia , lookup

Information security wikipedia , lookup

Unix security wikipedia , lookup

Access control wikipedia , lookup

Mobile security wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Cyberattack wikipedia , lookup

Computer security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Transcript 
Critical Infrastructure and
Automated Control Systems
Security: A Strategy for Securing
Against Cyber Attacks
Dr. Thomas L. Pigg
Director of the Tennessee CSEC
CSEC
Mission
• The Cyber Security Education
Consortium is a National Science
Foundation ATE Regional Center of
Excellence dedicated to building an
information security workforce who
will play a critical role in implementing
the national strategy to secure
cyberspace.
CSEC Sites
Tennessee CSEC
Mission
• Phase 1
– Train the trainer
• Phase 2
– Develop Student
Curriculum/Courses/Concentrations
• Phase 3
– Develop Partnerships with Business,
Industry and Government
Core Train the
Trainer Workshops
• Principles of Information Assurance
• Network Security
• Enterprise Security Management
• Secure E-Commerce
• Digital Forensics
New CSEC Courses
• Automation and Control Systems
– Control Systems Architecture
– Control Systems Software Applications
– Control Systems Security I and II
• Mobile Communications Devices
– Mobile Device Architecture
– Mobile Device Programming
– Mobile Device Hardware
• Secure Coding
– Secure Programming I and II
– Software Testing
– Software Security
What are Control
Systems
• SCADA
(Supervisory Control and Data Acquisition)
• DCS (Distributed Control Systems)
• ICS (Industrial Control Systems)
• BAS (Building Automation Systems)
• PLC (Programmable Logic Controllers)
• Smart Grid
Critical
Infrastructures
• Agriculture & Food
• Banking & Finance
• Chemical
• Commercial Facilities
• Communications
• Critical Manufacturing
Critical
Infrastructures
• Dams
• Defense Industrial Base
• Emergency Services
• Energy
• Government Facilities
• Healthcare & Public Health
Critical
Infrastructures
• Information Technology
• National Monuments & Icons
• Nuclear Reactors, Materials & Waste
• Postal & Shipping
• Transportation Systems
• Water
Key Critical
Infrastructures
• Key Sectors for Control Systems Security
• Energy (Electricity, Oil, and Natural Gas)
• Water & Wastewater
• Nuclear
• Chemical
• Dams
• Transportation
• Critical Manufacturing
Current Trends in
Control Systems
• Continued move to open protocols
• Continued move to more COTS
operating systems & applications
• More remote control & management
• More network access to systems
• More widespread use of wireless
Current State of
Security
• Control Systems protocols with little or no security
• Migration to TCP/IP networks with its inherent
vulnerabilities
• Interconnection with enterprise networks
• Old operating systems & applications with poor
patching practices
• Little monitoring of Control Systems for attacks
being done
• Vendors not securing their product offerings
adequately
Current State of
Security
• Increased risk of insider attacks by outsourced IT
services
• Experts seeing increased interest in Control
Systems by terrorists & foreign governments
• Evidence that nation-states have been taking
remote control of Control Systems
• Denial by some companies that there is a problem
• Some companies are now starting to see the need
and address the issues
Real Control System
Security Breaches
• Diamler-Chrysler Plant Shutdown
– Zotob worm – August 2005
• First Energy’s Nuclear Plant
Infestation
– Slammer worm – January 2003
• Maroochy Shire Sewage
– Release of millions of gallons of sewage January 2000 – Perpetrator accessed
system 46 times
Real Control System
Security Breaches
• Hacking the Industrial Network
– http://www.isa.org/FileStore/Intech/White
Paper/Hacking-the-industrial-networkUSversion.pdf
• DHS Video – Idaho National
Laboratory – AURORA Test
– http://www.cnn.com/2007/US/09/26/power.
at.risk/index.html#cnnSTCVideo
AURORA Test
Real Control System
Security Breaches
• Stuxnet
– http://www.tofinosecurity.com/stuxnetcentral
– http://www.exida.com/images/uploads/The
_7_Things_Every_Plant_Manager_Should
_Know_About_Control_System_Security.p
df
Current Threats
• Internet Based Threats
• Worms
• Viruses
• Denial of Service Attacks
• Targeted Attacks
• Terrorist
• Foreign Nation
• Former Insider
Current Threats
• Physical Threats
• Natural Disasters
• Man-made Disasters (War, Riots,
etc.)
• Terrorist Attacks
Current Threats
• Internal Threats
• Disgruntled employee
• On-site contractor
• Unintentional attack
• IT worker
• Curious Employee
Current Threats
• Targeted Attacks
• Can use any threat & threat agent
• Internet
• Internal
• Physical
• Social Engineering
• Etc.
IT Security for
Control Systems
• CIA
• Confidentiality
• Integrity
• Availability
IT Security for
Control Systems
• Technical Controls
• Firewalls
• IDS
• Smart Cards
• Access Controls
IT Security for
Control Systems
• Administrative Controls
• Security Policies & Procedures
• Security Awareness
• People
IT Security for
Control Systems
• TCP/IP
• Patches & Updates
• Intrusion Detection Systems
• Control Systems Monitoring
• Signatures for Control Systems
• Anti-Virus Software
IT Security for
Control Systems
• Access Control Methods
• Passwords
• Multi-Factor
• Smart Cards
• RFID
• Proximity
• Biometric
IT Security for
Control Systems
• Authentication
• Active Directory
• Control Systems Integration
• Certificates
IT Security for
Control Systems
• Authorization
• Role Based
• Area of Responsibility
• Station Access Control
Using an IDS with a
Control System
• Network based
• Inspects all network traffic on that
segment (incoming & outgoing)
• Uses pattern based signatures
• Anomaly based uses baseline
• Uses network tap or mirrored port
• Monitors multiple hosts
Using an IDS with a
Control System
• Host based
• Inspects network traffic for a
specific host
• Better at protecting a machines
specific function
• Misses LAN based attacks
Using an IDS with a
Control System
• Commercial
• Pre-configured fee based IDS
• CA eTrust
• McAfee IntruShield & Entercept
• SonicWall
• StillSecure Strata Guard
Using an IDS with a
Control System
• Open Source
• Snort
• Base
• Sguil – Real-time GUI interface
• OSSEC (Open Source Host-based
Intrusion Detection System)
Using an IDS with a
Control System
• IPS
• Intrusion Prevention System
• Automated Response
• Dynamically change firewall
ruleset
• NIST IDS Guide (SP800-94)
Security Solutions
• Network Segmentation
• DMZ Design
• Can use ISA S99 standard as guide
• Design to protect each segment
• Allows for centralized services
Security Solutions
• Network Segmentation
• Centralized Services
• Anti-Virus
• Updates & Patches
• Active Directory Services
• Data Historians
• System Management
Security Solutions
• Secure Remote Access
• Secured VPN connections
• Escorted Access for vendors
• Require secured tokens
• Call in by vendor with request
• Issue 1-time code for access
Security Solutions
• IDS/IPS for Control Systems
• Which one to use?
• Where to use?
• HIDS or Application Whitelisting?
• UTM – Unified Threat Management
Security Solutions
• Security Event Monitoring & Logging
• Network Devices
• Switches, Routers, Firewalls, IDS
• Computing Devices
• Historians, Servers, Operator consoles
• Field Devices
• RTU, PLC, Telemetry Devices, Embedded
Devices
Security Solutions
• Security Framework
• NIPP
• NERC CIP
• CSSP DHS
• NIST
Security Solutions
• Policy & Guidance
• Developing Good Policies
• Track Data
• Points of Contact
• Areas of Concern
• Data Risk Assessment
• Evaluate the Impact of Data Loss
• Available Controls
• Technical, Administrative, & Compensating
Security Solutions
• Policy & Guidance
• Implementation
• Roles & Responsibilities
• Security Requirements
• Change Management Process
• Backup & Redundancy
• Self Assessments
Control Systems
Security Initiatives
• NIPP (National Infrastructure Protection Plan)
• CIPAC (Critical Infrastructure Partnership
Advisory Council)
• ICSJWG (Industrial Control Systems Joint
Working Group)
• ICS-Cert (Industrial Control Systems Cyber
Emergency Response Team)
• Strategy for Securing Control Systems
Control Systems
Security Initiatives
• CSSP (Control Systems Security Program)
• Idaho National Laboratory
• National SCADA Test Bed Program
• SCADA & Control Systems Procurement Project
• Smart Grid Interoperability Standards Project
• UK NISCC - Now CPNI (Centre for the Protection
of National Infrastructure)
• PCSF/SCySAG (SCADA Cyber Self Assessment
Working Group) - Historical
Control Systems
Regulations
• NERC (North American Electric Reliability
Council)
• Develop & enforce reliability standards
• CIDX/ACC – Now ChemITC (American Chemistry
Council)
• CFATS guidance & assessment tools
Control Systems
Regulations
• ISA SP99 (Industrial Automation & Control
System Security) – International Society of
Automation
• Part 1 Standard: Concepts, Terminology &
Models
• Part 2 Standard: Establishing an Industrial
Automation & Control Systems Security
Program
• Part 3 Standard: Technical Requirements for
Industrial Control Systems (Currently in
development
Control Systems
Regulations
• AGA 12 – Discontinued and used in IEEE 1711
Trial Standard
• Encryption of Serial Communications
• Serial Encrypting Transceivers now available
• API Standard 1164 (American Petroleum Institute)
• Standard on SCADA security for pipelines
• NIST – National Institute of Standards and
Technology
Control Systems
Regulations
• SP800-82 – Guide to Industrial Control
Systems (ICS) Security
• NIST initiative on Critical Infrastructure
Protection (CIP)
• Uses ISO 15408 Common Criteria methodology
Control System
Security Takeaway
• The 7 Things Every Plant Manager Should Know
About Control System Security – John Cusimano –
Director of Security Solutions for exida
– http://www.exida.com/images/uploads/The_7_Things_Every
_Plant_Manager_Should_Know_About_Control_System_Sec
urity.pdf
Contact Information
Dr. Thomas L. Pigg
Professor of Computer Information Systems
Jackson State Community College
2046 N. Parkway
Jackson, TN 38305
(731) 424-3520 Ext. 201
[email protected]
Related documents
Report: Intrusion Detection Systems
Report: Intrusion Detection Systems
SECURITY IN THE BALTIC SEA REGION 1. Lecture
SECURITY IN THE BALTIC SEA REGION 1. Lecture
History 105C: Civ I
History 105C: Civ I
Slides
Slides
Network Infrastructure Security
Network Infrastructure Security
ids control strategies
ids control strategies
SRI International
SRI International
No Slide Title
No Slide Title
Prep sheet for midterm
Prep sheet for midterm
E-Commerce and Bank Security
E-Commerce and Bank Security
Introduction to Information Security Chapter N
Introduction to Information Security Chapter N
Fides et Ratio
Fides et Ratio