SlideShare a Scribd company logo

ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)

Download as PPSX, PDF
Byres Security Inc.
Byres Security Inc.

This presentation explains the ANSI/ISA-99 and IEC 62443 standards for industrial control systems (ICS). It describes the Zone and Conduit security model and how it is used in an plant or factory. As well, the issues of security configuration errors are discussed. A case history of zone security deployment for a Safety Integrated System in a refinery is provided. For additional information see www.tofinosecurity.com.

Technology
1 of 38
Building Intrinsically SecureControl and Safety Systems Using ANSI/ISA99 Security Standards for Improved Security and Reliability Eric Byres, Chief Technology Officer, Byres Security Inc.
The Sinking of the Titanic On the night of 14 April 1912, Titanic struck an iceberg and sank two hours and forty minutes later. One of the contributing factors was that the bulkheads on Titanic did not make compartments fully watertight. Water from the damaged compartments was able to flood into the undamaged ones, sinking the ship.
Zotob Worm Security Incident August 18, 2005: 13 US auto plants were shut down by a simple Internet worm. Despite professionally installed firewalls between the Internet the company network and the control network, the Zotob worm had made its way into the control system (probability via a laptop). Once in the control system, it was able to travel from plant to plant in seconds. 50,000 assembly line workers to cease work during the outages. Estimated $14 million loss.
August 19, 2006: Operators at Browns Ferry Nuclear plant had to “scram” the reactor due to a potentially dangerous ‘high power, low flow condition’. The facility remained offline for 2 days. Redundant drives controlling the recirculating water system failed due to “excessive traffic" on the control systems network. Traffic between two different vendors’ control products was likely the cause. The Browns Ferry “Security” Incident
March 7, 2008: Unit 2 of the Hatch nuclear plant forced into an emergency shutdown for 48 hrs. An engineer installed a software update on a computer operating on the plant's business network. The computer was used to monitor diagnostic data with a PC on one of the primary control networks. The software update was designed to synchronize data on both systems. When the updated business computer rebooted, it reset the data on the control system computer. Safety systems interpreted the lack of data as a drop in water reservoirs that cool the plant's nuclear fuel rods, and triggering a shutdown. The Hatch Nuclear “Security” Incident
Lodz Tram System Security Incident January 8, 2008 – Teenage boy ‘hacks’ into the track control system of the Lodz city tram system, derailing four vehicles. He had adapted a television remote control so it could change track switches. Notice that the “Internet” is not involved…
Poor design or deployment of the “system” Flawed design philosophy Flawed configurations A lack of separation between key sub-systems A misunderstanding of the threat sources and the resultant risk. What does the Titanic and these Control System Events have in Common?
“The August 19, 2006, Brown’s Ferry transient unnecessarily challenged the plant safety systems and placed the plant in a potentially unstable high-power, low-flow condition. Careful design and control of the network architecture can mitigate the risks to plant networks from malfunctioning devices, and improper network performance, and ultimately result in safer plant operations.” NRC INFORMATION NOTICE: 2007-15 The Nuclear Regulatory Commission’s View…
What Makes a System Unsafe and Unreliable? A failure to contain communications in appropriate areas or sub-systems. Issues in one area can migrate to another area due to poor (or non-existent) separation strategy. Not Unusual… The North American Electrical Reliability Council (NERC) lists their #2 vulnerability in control systems as: “Inadequately designed control system networks that lack sufficient defense-in-depth mechanisms” The solution is the use of security zones.
Addressing Flawed Design:Using ANSI/ISA 99 Standards Understand Zones and Conduits Security Levels
ANSI/ISA99: Dividing Up The Control System A core concept in the new ANSI/ISA-99 security standard is “Zones and Conduits” Offers a level of segmentation and traffic control inside the control system. Control networks divided into layers or zones based on control function. Multiple separated zones help to provide “defense in depth”.
ANSI/ISA99: Connecting the Zones Connections between the zones are called conduits, and these must have security controls to: Control access to zone Resist Denial of Service (DoS) attacks or the transfer of malware Shield other network systems Protect the integrity and confidentiality of network traffic It is important to understand and manage all your conduits between zones, not just the obvious ones.
Security Zone Definition “Security zone: grouping of logical or physical assets that share common security requirements”. [ANSI/ISA99.01.01–2007- 3.2.116] A zone has a clearly defined border (either logical or physical), which is the boundary between included and excluded elements. HMI Zone Controller Zone
Conduits A conduit is a path for the flow of data between two zones. can provide the security functions that allow different zones to communicate securely. Any communications between zone must have a conduit. Conduit HMI Zone Controller Zone
Security Levels A zone will require a Security Level Target (SLT) based on factors such as criticality and consequence. Equipment in a zone will have a Security Level Capability (SLC) If they are not equal you need to add security technology and/or policy to make them equal.
Security Targets vs. Capabilities Example: The security level capabilities (SLC) of a zone full of Windows XP-based HMIs is typically greater than: a zone of Windows NT servers a zone with PLCs BUT they may have the same SLT. Securing the whole control system to the level needed by PLCs and NT Servers can be expensive: Complex process edge VPNs and firewalls… Wholesale replacement… Firewalls for each device…
Saving Money with Zones and Conduits Solution: Separate the PLCs and NT servers into their own zones and focus on securing each zone with a conduit. HMI Zone SLC = 2 SLT = 2 PLC Zone SLC = 1 SLT = 2 Conduit increases SL by 1
Addressing Flawed Configurations Oops – I forgot that dash
Study of 37 firewalls from financial,energy,telecommunications, media, automotive, and security firms... “Almost 80 percent of firewalls allow both the "Any" service on inbound rules and insecure access to the firewalls. These are gross mistakes by any account.” A Few Incorrectly Configured Firewalls… A quantitative study of firewall configuration errors“Avishai Wool, " IEEE Computer Magazine, IEEE Computer Society, June 2004
A Few Incorrectly Configured Firewalls… Only 5 out of 37 Good Firewalls?
Commands for creating firewall rules are too complex. For example: acl 201 permit tcp any eq 80 10.20.30.0 0.0.0.255 gt 1023 established (Cisco PIX) $IPT -A PCN_DMZ -p tcp --dport ! $DH_PORT -j LOG_PCN_DMZ (Linux iptables) This leads to security mistakes The Firewalls Are Just Fine But…
22 More Firewall Rules Even an ACL for a “simple” home router is complex:
Requirements in the Controls World "Certainly controls engineers and operators need to be security aware, but they should not all need to be security experts."  "The only way this is going to happen is if we rework IT security technologies and concepts into something that makes sense to our world of industrial control." "We have to make this [security] something a plant superintendent, engineer, or senior operator can do in their spare time, or it will flop." ISA-S99 Discussion Forum
Solution: Making Field Deployment Simple Zero Configuration Field Deployment Model Field technician should do no more than: Attach the firewall to the DIN Rail Attach instrument power Plug in network cables Walk away… Firewall should be completely transparent to the process network on startup.
When needed, rule creation must be intuitive Solution: Control Engineer Friendly List of devices that can “talk” to a protected device and allowed protocols
Case History: Creating Intrinsically a Secure Safety System
Using Zones: A Refinery Example
Specifying the Zones
Adding the Conduits
The Need for a Protected SIS Zone Risk analysis indicated that there was the potential for common-mode network failures to migrate between the DCS and the Safety Integrated System The solution was to: Separate a safety zone from the process control system zone. Define an approved “conduit” between the two zones Use a Tofino Modbus-TCP Enforcer industrial firewall between the two zones to enforce inter-zone traffic controls.
The Protected SIS Zone Architecture
Configuration Specifics - Redundancy Two Tofino Firewalls were connected between the Triconex™ terminal servers and the Level 2 Ethernet switches, providing redundant connections between the safety system and control system. The fact that the firewalls offered bridging mode rather than traditional routing simplified this configuration greatly.
Hardware specifications: Temperature -40C to 70C Dual Power Supply Zone 2 Form factor similar to common I/O or barriers Tofino Security Appliance Dual Digital Inputs Ethernet Ports Secure USB Ports DIN Rail Mount Dual 9-32 VDC
Simplifying Multiple Device Rule Sets Grouping of similar devices into “networks” simplified rule creation for common rule management
Managing Multicast Nuisance Traffic Tofino Test mode indicated that Window’s “multicast” traffic created a significant amount of nuisance traffic on the safety networks Messages like these were a significant factor in Brown’s Ferry incident Needed to be silently dropped from the network
Managing Multicasts Nuisance Alarms Tofino’s Assisted Rule Generation (ARG) feature proposed a block rule to drop these messages.
Internet-based hackers are the tip of the iceberg of security concerns for industry. Easy to focus on stories of hackers and terrorists and miss the real risks posed by lax security design and policy. Security is maintaining the reliability and safety of control systems (not just keeping hackers out). Separation of a process system into zones improves security AND reduces costs. Security of safety systems can be significantly improved at little cost with industrial firewalls. Summary
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)

Recommended

IEC and cyber security (June 2018)
IEC and cyber security (June 2018)IEC and cyber security (June 2018)
IEC and cyber security (June 2018)International Electrotechnical Commission (IEC)
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Yokogawa1
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Honeywell
 
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationOpen Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationEnergySec
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
 
Integrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsIntegrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsJim Gilsinn
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing KeynoteDigital Bond
 
Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014iotisrael
 

Recommended

IEC and cyber security (June 2018)
IEC and cyber security (June 2018)IEC and cyber security (June 2018)
IEC and cyber security (June 2018)International Electrotechnical Commission (IEC)
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Yokogawa1
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Honeywell
 
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationOpen Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationEnergySec
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
 
Integrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsIntegrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsJim Gilsinn
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing KeynoteDigital Bond
 
Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014iotisrael
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsHoneywell
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...Digital Bond
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMJim Gilsinn
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCreekside Marketing Group, LLC
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA Jeffrey Wang , P.Eng
 
Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...Jiunn-Jer Sun
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS CommunicationsDigital Bond
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen MillerAVEVA
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentationguest85a34f
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2David Spinks
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorEnergySec
 
What to Do When You Don’t Know What to Do: Control System Patching Problems a...
What to Do When You Don’t Know What to Do: Control System Patching Problems a...What to Do When You Don’t Know What to Do: Control System Patching Problems a...
What to Do When You Don’t Know What to Do: Control System Patching Problems a...EnergySec
 
Contributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsContributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsYokogawa1
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCommunity Protection Forum
 
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...PECB
 
Ignite 2019
Ignite 2019Ignite 2019
Ignite 2019TI Safe
 
Evolution of protective systems in petro chem
Evolution of protective systems in petro chemEvolution of protective systems in petro chem
Evolution of protective systems in petro chemGlen Alleman
 

More Related Content

What's hot

Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsHoneywell
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...Digital Bond
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMJim Gilsinn
 
Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...Jiunn-Jer Sun
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS CommunicationsDigital Bond
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen MillerAVEVA
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentationguest85a34f
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorEnergySec
 
What to Do When You Don’t Know What to Do: Control System Patching Problems a...
What to Do When You Don’t Know What to Do: Control System Patching Problems a...What to Do When You Don’t Know What to Do: Control System Patching Problems a...
What to Do When You Don’t Know What to Do: Control System Patching Problems a...EnergySec
 
Contributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsContributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsYokogawa1
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCommunity Protection Forum
 
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...PECB
 

What's hot (20)

Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing Framework
 
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and Production
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA
 
Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS Communications
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen Miller
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentation
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy Sector
 
What to Do When You Don’t Know What to Do: Control System Patching Problems a...
What to Do When You Don’t Know What to Do: Control System Patching Problems a...What to Do When You Don’t Know What to Do: Control System Patching Problems a...
What to Do When You Don’t Know What to Do: Control System Patching Problems a...
 
Contributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsContributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity Standards
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT Approach
 
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
 

Similar to ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)

Ignite 2019
Ignite 2019Ignite 2019
Ignite 2019TI Safe
 
Evolution of protective systems in petro chem
Evolution of protective systems in petro chemEvolution of protective systems in petro chem
Evolution of protective systems in petro chemGlen Alleman
 
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADARITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADAcsandit
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar Nnull The Open Security Community
 
Null Feb 13
Null Feb 13Null Feb 13
Null Feb 13Sundar N
 
IRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET- SDN Simulation in Mininet to Provide Security Via FirewallIRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET- SDN Simulation in Mininet to Provide Security Via FirewallIRJET Journal
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)Ivan Carmona
 
AEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAndy Taylor
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetIvan Carmona
 
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptDelforChacnCornejo
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Networks
 
Are your industrial networks protected...Ethernet Security Firewalls
Are your industrial networks protected...Ethernet Security Firewalls Are your industrial networks protected...Ethernet Security Firewalls
Are your industrial networks protected...Ethernet Security Firewalls Schneider Electric
 
Training manual on scada
Training manual on scadaTraining manual on scada
Training manual on scadabhavuksharma10
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber SecurityJAZEEL K T
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Cisco Canada
 
Cyber Security for SCADA
Cyber Security for SCADACyber Security for SCADA
Cyber Security for SCADARichard Umbrino
 
A Defense-in-depth Cybersecurity for Smart Substations
A Defense-in-depth Cybersecurity for Smart SubstationsA Defense-in-depth Cybersecurity for Smart Substations
A Defense-in-depth Cybersecurity for Smart SubstationsIJECEIAES
 

Similar to ANSI/ISA-99 and Intrinsically Secure Systems (May 2009) (20)

Ignite 2019
Ignite 2019Ignite 2019
Ignite 2019
 
Evolution of protective systems in petro chem
Evolution of protective systems in petro chemEvolution of protective systems in petro chem
Evolution of protective systems in petro chem
 
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADARITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
 
Null Feb 13
Null Feb 13Null Feb 13
Null Feb 13
 
IRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET- SDN Simulation in Mininet to Provide Security Via FirewallIRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET- SDN Simulation in Mininet to Provide Security Via Firewall
 
abstract LNG world
abstract LNG worldabstract LNG world
abstract LNG world
 
Scada slide
Scada slideScada slide
Scada slide
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
 
AEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution Slides
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinet
 
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.ppt
 
3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid
3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid
3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18
 
Are your industrial networks protected...Ethernet Security Firewalls
Are your industrial networks protected...Ethernet Security Firewalls Are your industrial networks protected...Ethernet Security Firewalls
Are your industrial networks protected...Ethernet Security Firewalls
 
Training manual on scada
Training manual on scadaTraining manual on scada
Training manual on scada
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber Security
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles
 
Cyber Security for SCADA
Cyber Security for SCADACyber Security for SCADA
Cyber Security for SCADA
 
A Defense-in-depth Cybersecurity for Smart Substations
A Defense-in-depth Cybersecurity for Smart SubstationsA Defense-in-depth Cybersecurity for Smart Substations
A Defense-in-depth Cybersecurity for Smart Substations
 

Recently uploaded

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 

Recently uploaded (20)

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 

ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)

  • 1. Building Intrinsically SecureControl and Safety Systems Using ANSI/ISA99 Security Standards for Improved Security and Reliability Eric Byres, Chief Technology Officer, Byres Security Inc.
  • 2. The Sinking of the Titanic On the night of 14 April 1912, Titanic struck an iceberg and sank two hours and forty minutes later. One of the contributing factors was that the bulkheads on Titanic did not make compartments fully watertight. Water from the damaged compartments was able to flood into the undamaged ones, sinking the ship.
  • 3. Zotob Worm Security Incident August 18, 2005: 13 US auto plants were shut down by a simple Internet worm. Despite professionally installed firewalls between the Internet the company network and the control network, the Zotob worm had made its way into the control system (probability via a laptop). Once in the control system, it was able to travel from plant to plant in seconds. 50,000 assembly line workers to cease work during the outages. Estimated $14 million loss.
  • 4. August 19, 2006: Operators at Browns Ferry Nuclear plant had to “scram” the reactor due to a potentially dangerous ‘high power, low flow condition’. The facility remained offline for 2 days. Redundant drives controlling the recirculating water system failed due to “excessive traffic" on the control systems network. Traffic between two different vendors’ control products was likely the cause. The Browns Ferry “Security” Incident
  • 5. March 7, 2008: Unit 2 of the Hatch nuclear plant forced into an emergency shutdown for 48 hrs. An engineer installed a software update on a computer operating on the plant's business network. The computer was used to monitor diagnostic data with a PC on one of the primary control networks. The software update was designed to synchronize data on both systems. When the updated business computer rebooted, it reset the data on the control system computer. Safety systems interpreted the lack of data as a drop in water reservoirs that cool the plant's nuclear fuel rods, and triggering a shutdown. The Hatch Nuclear “Security” Incident
  • 6. Lodz Tram System Security Incident January 8, 2008 – Teenage boy ‘hacks’ into the track control system of the Lodz city tram system, derailing four vehicles. He had adapted a television remote control so it could change track switches. Notice that the “Internet” is not involved…
  • 7. Poor design or deployment of the “system” Flawed design philosophy Flawed configurations A lack of separation between key sub-systems A misunderstanding of the threat sources and the resultant risk. What does the Titanic and these Control System Events have in Common?
  • 8. “The August 19, 2006, Brown’s Ferry transient unnecessarily challenged the plant safety systems and placed the plant in a potentially unstable high-power, low-flow condition. Careful design and control of the network architecture can mitigate the risks to plant networks from malfunctioning devices, and improper network performance, and ultimately result in safer plant operations.” NRC INFORMATION NOTICE: 2007-15 The Nuclear Regulatory Commission’s View…
  • 9. What Makes a System Unsafe and Unreliable? A failure to contain communications in appropriate areas or sub-systems. Issues in one area can migrate to another area due to poor (or non-existent) separation strategy. Not Unusual… The North American Electrical Reliability Council (NERC) lists their #2 vulnerability in control systems as: “Inadequately designed control system networks that lack sufficient defense-in-depth mechanisms” The solution is the use of security zones.
  • 10. Addressing Flawed Design:Using ANSI/ISA 99 Standards Understand Zones and Conduits Security Levels
  • 11. ANSI/ISA99: Dividing Up The Control System A core concept in the new ANSI/ISA-99 security standard is “Zones and Conduits” Offers a level of segmentation and traffic control inside the control system. Control networks divided into layers or zones based on control function. Multiple separated zones help to provide “defense in depth”.
  • 12. ANSI/ISA99: Connecting the Zones Connections between the zones are called conduits, and these must have security controls to: Control access to zone Resist Denial of Service (DoS) attacks or the transfer of malware Shield other network systems Protect the integrity and confidentiality of network traffic It is important to understand and manage all your conduits between zones, not just the obvious ones.
  • 13. Security Zone Definition “Security zone: grouping of logical or physical assets that share common security requirements”. [ANSI/ISA99.01.01–2007- 3.2.116] A zone has a clearly defined border (either logical or physical), which is the boundary between included and excluded elements. HMI Zone Controller Zone
  • 14. Conduits A conduit is a path for the flow of data between two zones. can provide the security functions that allow different zones to communicate securely. Any communications between zone must have a conduit. Conduit HMI Zone Controller Zone
  • 15. Security Levels A zone will require a Security Level Target (SLT) based on factors such as criticality and consequence. Equipment in a zone will have a Security Level Capability (SLC) If they are not equal you need to add security technology and/or policy to make them equal.
  • 16. Security Targets vs. Capabilities Example: The security level capabilities (SLC) of a zone full of Windows XP-based HMIs is typically greater than: a zone of Windows NT servers a zone with PLCs BUT they may have the same SLT. Securing the whole control system to the level needed by PLCs and NT Servers can be expensive: Complex process edge VPNs and firewalls… Wholesale replacement… Firewalls for each device…
  • 17. Saving Money with Zones and Conduits Solution: Separate the PLCs and NT servers into their own zones and focus on securing each zone with a conduit. HMI Zone SLC = 2 SLT = 2 PLC Zone SLC = 1 SLT = 2 Conduit increases SL by 1
  • 18. Addressing Flawed Configurations Oops – I forgot that dash
  • 19. Study of 37 firewalls from financial,energy,telecommunications, media, automotive, and security firms... “Almost 80 percent of firewalls allow both the "Any" service on inbound rules and insecure access to the firewalls. These are gross mistakes by any account.” A Few Incorrectly Configured Firewalls… A quantitative study of firewall configuration errors“Avishai Wool, " IEEE Computer Magazine, IEEE Computer Society, June 2004
  • 20. A Few Incorrectly Configured Firewalls… Only 5 out of 37 Good Firewalls?
  • 21. Commands for creating firewall rules are too complex. For example: acl 201 permit tcp any eq 80 10.20.30.0 0.0.0.255 gt 1023 established (Cisco PIX) $IPT -A PCN_DMZ -p tcp --dport ! $DH_PORT -j LOG_PCN_DMZ (Linux iptables) This leads to security mistakes The Firewalls Are Just Fine But…
  • 22. 22 More Firewall Rules Even an ACL for a “simple” home router is complex:
  • 23. Requirements in the Controls World "Certainly controls engineers and operators need to be security aware, but they should not all need to be security experts."  "The only way this is going to happen is if we rework IT security technologies and concepts into something that makes sense to our world of industrial control." "We have to make this [security] something a plant superintendent, engineer, or senior operator can do in their spare time, or it will flop." ISA-S99 Discussion Forum
  • 24. Solution: Making Field Deployment Simple Zero Configuration Field Deployment Model Field technician should do no more than: Attach the firewall to the DIN Rail Attach instrument power Plug in network cables Walk away… Firewall should be completely transparent to the process network on startup.
  • 25. When needed, rule creation must be intuitive Solution: Control Engineer Friendly List of devices that can “talk” to a protected device and allowed protocols
  • 26. Case History: Creating Intrinsically a Secure Safety System
  • 27. Using Zones: A Refinery Example
  • 30. The Need for a Protected SIS Zone Risk analysis indicated that there was the potential for common-mode network failures to migrate between the DCS and the Safety Integrated System The solution was to: Separate a safety zone from the process control system zone. Define an approved “conduit” between the two zones Use a Tofino Modbus-TCP Enforcer industrial firewall between the two zones to enforce inter-zone traffic controls.
  • 31. The Protected SIS Zone Architecture
  • 32. Configuration Specifics - Redundancy Two Tofino Firewalls were connected between the Triconex™ terminal servers and the Level 2 Ethernet switches, providing redundant connections between the safety system and control system. The fact that the firewalls offered bridging mode rather than traditional routing simplified this configuration greatly.
  • 33. Hardware specifications: Temperature -40C to 70C Dual Power Supply Zone 2 Form factor similar to common I/O or barriers Tofino Security Appliance Dual Digital Inputs Ethernet Ports Secure USB Ports DIN Rail Mount Dual 9-32 VDC
  • 34. Simplifying Multiple Device Rule Sets Grouping of similar devices into “networks” simplified rule creation for common rule management
  • 35. Managing Multicast Nuisance Traffic Tofino Test mode indicated that Window’s “multicast” traffic created a significant amount of nuisance traffic on the safety networks Messages like these were a significant factor in Brown’s Ferry incident Needed to be silently dropped from the network
  • 36. Managing Multicasts Nuisance Alarms Tofino’s Assisted Rule Generation (ARG) feature proposed a block rule to drop these messages.
  • 37. Internet-based hackers are the tip of the iceberg of security concerns for industry. Easy to focus on stories of hackers and terrorists and miss the real risks posed by lax security design and policy. Security is maintaining the reliability and safety of control systems (not just keeping hackers out). Separation of a process system into zones improves security AND reduces costs. Security of safety systems can be significantly improved at little cost with industrial firewalls. Summary