Your SlideShare is downloading. ×
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Cyber Security: Differences between Industrial Control Systems and ICT Approach

633

Published on

by Marco Biancardi …

by Marco Biancardi

Cyber Security Manager and Renewable Automation Sales Support at ABB SpA – Power system
Division;

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
633
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
57
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Marco Biancardi, Power Systems Division, BU Power Generation, October 2013 Cyber Security Differences between Industrial Control Systems and ICT approach
  • 2. Introduction Definitions Information Technology (IT)* is the application of computers and telecommunications equipment to store, retrieve, transmit and manipulate data, often in the context of a business or other enterprise. The term is commonly used as a synonym for computers and computer networks Industrial Control System (ICS)* is a general term that encompasses several types of control systems used in industrial production, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other smaller control system configurations such as programmable logic controllers (PLC) often found in the industrial sectors and critical infrastructures * Source: Wikipedia
  • 3. Introduction Cyber security: a definition Measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack* *Source: Merriam-Webster’s dictionary
  • 4. Introduction Why is it an issue? Isolated devices Point to point interfaces Proprietary networks Standard Ethernet/IPbased networks Interconnected systems Distributed systems Modern SCADA, automation, protection and control systems :  leverage commercial off the shelf IT components (i.e. MS Windows, Internet Explorer)  use standardized, IP based communication protocols  are distributed and highly interconnected  use mobile devices and storage media Modern control systems are specialized IT systems, with multiple vulnerabilities Hacking Employee Mistake Malicious software installed via USB port
  • 5. Differences Office IT vs Utilities/Industry: …they are different! Corporate/Office IT Utilities/Industry Environment Offices and «mobile» «in the field» People/Equipment Ratio # of Equipment ~= # of people Few people, many equipment. Object under protection Information Industrial process: availability Risk Impact Information disclosure, $$$ Safety (life), Health, Environment, Information disclosure, loss of production, downtime, repairing costs, $$$ Availability requirements 3,65 days) System lifetime 3-5 years 15-30 years Security focus Central Servers (CPU, memory,…) and PC Server/PC + distributed systems, Sensors, PLC,… Operating systems Windows Windows + proprietary Software Consumer Software , normally used on PC Specific Protocols Well known (HTTP over TCP/IP ,…) / mainly web Industrial (TCP/IP, Vendor specific) / polling Procedure Well known (password,…) Specific Main actors IBM, SAP, Oracle, etc. ABB, Siemens, GE, Honeywell, Emerson, etc. 95%-99% (accept. downtime/year: 18,25 – 99,9%-99,999% (accept. downtime/year: 8,76 hrs – 5,25 minutes)
  • 6. Introduction A definition in the context of power and automation technology *source MerriamWebster’s dictionary Measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack* translates into Measures taken to protect the reliability, integrity and availability of power and automation technologies against unauthorized access or attack
  • 7. Threats Where are attack sources?  Accidents / Mistakes  Rogue insider  Malware  Thieves / Extortionists  Enemies / Terrorists Likelihood  Likelihood is unknown  Consequences are potentially huge
  • 8. Threats What if…  What if this information gets disclosed  What if someone opens a breaker  What if it does not open when it should  What if I cannot operate a device/PLC  What if someone else can operate a device/PLC  What if a transformer is overloaded due to a wrong temperature reading?  What if a protection is not working properly?  What if a not-authorized person can access supervision/control network?  What if a not-authorized person can access DSO/TSO network?  What if a blackout happen in cold winter?
  • 9. Threats World news
  • 10. Solutions How can you proceed? Keeping up-to-date Awareness Check Actual Status Assessment What if… Follow-up Dedicated solutions Continuous monitoring Cyber Security Cycle Operational Security 100% Security does not exist. Security:  Is not a product but a process Risk Mitigation
  • 11. Solutions ABB Service Approach Different service levels, based on project status 1. ASSESSMENT Site Inventory Risk Assesment 2. FIRST-AID SERVICE Design Review HW update & Hardening SW service Analysis Report Patch management Account management Antivirus management Backup&Restore management 3. INDUSTRIAL DEFENDER Manage Monitor hardware/software 4. ACROSS-LIFE Keeping up-to-date Training Recurrent Reports/ Coursewares
  • 12. Why ABB Defense in depth Strong (Secure) ABB products + Industrial Defender Solutions Defense in depth

×