0
Cyber security for Industrial Plants
Threats and defense approach
Dave Hreha
System Architect Engineer
Cyber security for Industrial Plants
Threats and Defense Approach
• The proliferation of cyber threats and recent facts ha...
What is Cyber security?
• Cyber security is a branch of network administration
that addresses attacks on or by computer sy...
An Example of Facility
Facilities may include:
• Coke ovens
• Blast Furnaces
• Electric Arc Furnaces
• Continuous Casting
• Rolling Mills
• Finis...
Security Challenges
• Impact on Control system being secured
• Exposure to malicious software from “friendly
sources”
• Ex...
Security Threats
Internal threats:
• Good intentions from misinformed employees
• Non-appropriate behavior from employees ...
System Access
• Peer utilities
• Poorly configured firewalls
• Database links
• Corporate VPN (Virtual Private Network)
• ...
System Access Points
Supplier access points
Peer utilities
VPN
Dial up access
Poorly configured firewall
Database links
IT...
Accessing the Process
• System databases
• SCADA or HMI screens
• PC systems
• “Man-in-the-Middle”
• Denial of Service
• A...
Defense in Depth
• Risk assessment
• Security plan based on the assessment
• Develop training
• Define network separation ...
Risk assessment
• Identify threats
• Prioritize
Safety
Severity
Business impact
• Deploy resources
• Document with infrast...
Security Plan
• Roles and responsibilities of those affected by the policy and procedures
• Actions, activities, and proce...
Training
Cyber security awareness program
• Understanding the organization’s security policies,
procedures, and standards
...
Network separation
Firewall - DMZ (Demilitarized Zone)
• No direct communication between Enterprise
and Control network
• ...
Network segmentation
Still behind Firewall - DMZ
• Logical segments
• Security zones
Virtual Local Area Network (VLAN)
• M...
Network segmentation
Benefits
• Contains infection if occurs
• Limits node visibility
• Stops intruder scans of network
• ...
Access Control
Security for remote access
RADIUS (Remote Authentication Dial In User Service)
AAA Protocol
– Authenticatio...
Access Control
VPN Protocols and components
• Secure Socket Layer (SSL)
• Internet Protocol Security (Ipsec)
• Internet Ke...
Device Hardening
Configuring device settings to strengthen security
• Network devices
– Firewalls
– Managed Switches
– Rou...
Device Hardening
• Implement Password protection
• Implement access control
• Disable any unused services
• Maintain up to...
Network monitoring
& maintenance
Users should monitor for any suspicious activity
• Use intrusion detection systems
• Moni...
Conclusion
The Defense in Depth recommendations can
decrease the risk of attack.
No single component provides adequate
def...
Upcoming SlideShare
Loading in...5
×

Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha

238

Published on

As presented at AIST 2014: The proliferation of cyber threats and recent facts have prompted asset owners in industrial environments to search for security solutions that can protect plant assets and prevent potentially significant monetary loss and safety issues

While some industries have made progress in reducing the risk of cyber attacks, the barriers to improving cybersecurity remain high. More open architectures and different networks exchanging data among different levels have made systems more vulnerable to attack.

With the increased use of commercial off-the-shelf IT solutions in industrial environments, control system integrity started to be vulnerable to malware originally targeted for commercial applications and already opened a new world of new threats dedicated for control systems.

The objective of this presentation is to describe a multi-layered Defense-in-Depth approach through a holistic, step-by-step plan to mitigate risk.

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
238
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
9
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha "

  1. 1. Cyber security for Industrial Plants Threats and defense approach Dave Hreha System Architect Engineer
  2. 2. Cyber security for Industrial Plants Threats and Defense Approach • The proliferation of cyber threats and recent facts have prompted asset owners in industrial environments to search for security solutions that can protect plant assets and prevent potentially significant monetary loss and safety issues. • While some industries have made progress in reducing the risk of cyber attacks, the barriers to improving cyber security remain high. • More open architectures and different networks exchanging data among different levels have made systems more vulnerable to attack. • With the increased use of commercial off-the-shelf IT solutions in industrial environments, control system integrity started to be vulnerable to malware originally targeted for commercial applications and already opened a new world of new threats dedicated for control systems.
  3. 3. What is Cyber security? • Cyber security is a branch of network administration that addresses attacks on or by computer systems and through computer networks that can result in accidental or intentional disruptions. • The objective of cyber security is to provide increased levels of protection for information and physical assets from theft, corruption, misuse, or accidents while maintaining access for their intended users. • Cyber security is an ongoing process that encompasses procedures, policies, software, and hardware and it must be continually re-evaluated.
  4. 4. An Example of Facility
  5. 5. Facilities may include: • Coke ovens • Blast Furnaces • Electric Arc Furnaces • Continuous Casting • Rolling Mills • Finishing Lines • Water Treatment Typical Facilities
  6. 6. Security Challenges • Impact on Control system being secured • Exposure to malicious software from “friendly sources” • Exposure from linked systems • Adverse effects from implementation • Multiple sites and geography • Physical and logical boundaries
  7. 7. Security Threats Internal threats: • Good intentions from misinformed employees • Non-appropriate behavior from employees or contractors • Disgruntled employees or contractors External threats: • Hackers • Virus writers • Activists • Criminal groups • Terrorists • Foreign governments
  8. 8. System Access • Peer utilities • Poorly configured firewalls • Database links • Corporate VPN (Virtual Private Network) • IT controlled communication equipment • Spear phishing • Supplier access • Legacy dial up systems
  9. 9. System Access Points Supplier access points Peer utilities VPN Dial up access Poorly configured firewall Database links IT controlled products
  10. 10. Accessing the Process • System databases • SCADA or HMI screens • PC systems • “Man-in-the-Middle” • Denial of Service • Accidents
  11. 11. Defense in Depth • Risk assessment • Security plan based on the assessment • Develop training • Define network separation and segmentation • Define system access control • Device hardening • Network monitoring and continued maintenance
  12. 12. Risk assessment • Identify threats • Prioritize Safety Severity Business impact • Deploy resources • Document with infrastructure diagrams
  13. 13. Security Plan • Roles and responsibilities of those affected by the policy and procedures • Actions, activities, and processes that are allowed and not allowed • Consequences of non-compliance • Incident response policies and procedures • Who to notify and what actions to perform to contain the incident • Role-specific procedures for restoring devices and process to known good operating state • Details equipment, software, protocols, procedures, and personnel • Summarizes the risk assessment and includes infrastructure diagrams • Defines the training plan. The security plan should be reviewed periodically for changes in threats, environment, and adequate security level
  14. 14. Training Cyber security awareness program • Understanding the organization’s security policies, procedures, and standards • Job and role based training classes that detail the relevant security policies, procedures, and standards • Classes that provide specific steps for applying the security policies and procedures. • Classes on how to respond if a cyber attack or accident has occurred. • Classes for vendors and other visitors
  15. 15. Network separation Firewall - DMZ (Demilitarized Zone) • No direct communication between Enterprise and Control network • Only certain server types allowed in DMZ – Data servers (Historian) – Patch management – Proxy servers – RADIUS (Remote Authentication Dial In User Service) – VPN
  16. 16. Network segmentation Still behind Firewall - DMZ • Logical segments • Security zones Virtual Local Area Network (VLAN) • Managed switches • Routers – Access control list
  17. 17. Network segmentation Benefits • Contains infection if occurs • Limits node visibility • Stops intruder scans of network • Limits impact if breach • Restricts broadcasts and multicasts • Improved network performance • Provides higher level of security
  18. 18. Access Control Security for remote access RADIUS (Remote Authentication Dial In User Service) AAA Protocol – Authentication – Authorization – Accounting RAS (Remote Access Services) VPN (Virtual Private Network)
  19. 19. Access Control VPN Protocols and components • Secure Socket Layer (SSL) • Internet Protocol Security (Ipsec) • Internet Key Exchange (IKE) • Advanced Encryption Standard (AES) • Data Encryption Standard (DES) • Encapsulating Security Payload (ESP)
  20. 20. Device Hardening Configuring device settings to strengthen security • Network devices – Firewalls – Managed Switches – Routers • Control system devices – Distributed Control Systems (DCS) – Supervisory Control and Data Acquisition (SCADA) – Programmable Automation Controllers (PAC) – Programmable Logic Controllers (PLC)
  21. 21. Device Hardening • Implement Password protection • Implement access control • Disable any unused services • Maintain up to date patches and hot fixes (especially security) • Use strong authentication
  22. 22. Network monitoring & maintenance Users should monitor for any suspicious activity • Use intrusion detection systems • Monitor network loading • Examining log files • Use SNMP (Simple Network Management Protocol) traps By being proactive, any attempts to gain access to the system should be discovered and stopped before any entry is made
  23. 23. Conclusion The Defense in Depth recommendations can decrease the risk of attack. No single component provides adequate defense. It is important to consider all of the Defense in Depth recommendations to mitigate risk.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×