SlideShare a Scribd company logo

RF_NEC

A
Ayal Vogel
1 of 2
Download to read offline
Special Security Report The Target - Industrial Control Systems Industrial control systems (ICS) are used for managing critical infrastructure networks such as smart grids, gas supply and many other critical services to modern life. Hackers looking to disrupt civilian life have been focusing lately on critical infrastructure networks to reduce the capability of local and state governments’ to provide basic services. The Challenge - Authentication & Control ICS networks are considered safe because they are assumed to be isolated from the outside world. However, there are two main situations where this isolation is compromised: when the system is physically accessed for system maintenance, and during remote maintenance. From both the network operations and the network security aspects, maintenance operations pose a high-level risk to the network. Without proper control, access rights granted for maintenance operations may be improperly used for illicit activities on the ICS, either by a malicious insider or an unintentional employee with an infected laptop. The Radiflow-NEC Solution Radiflow and NEC have developed an integrated solution for securing ICSs during both remote and on-site (physical) maintenance operations. The solution, focused on human-generated traffic and based on the RBAC (Role Base Access Control) methodology, is compatible with the Guidelines for Remote Access Management in NERC CIP Ver.5. Under the proposed solution, the first, if not the most crucial step prior to granting a user access to the facility, as well as network access, is verifying the identity of the user. This is achieved using an advanced two-factor authentication scheme utilizing the NEC facial recognition system and Electronic Card (or username and password in the case of remote maintenance). Once the user’s identity is verified, however, it is still imperative to ensure that he has access to only specific devices on the network and specific privileges on each device. Upon authentication, a firewall configuration file is downloaded to the Radiflow routers. These firewall rules enforce the predefined task parameters, so that during the maintenance operation the user is able to send only a specific range of commands to predefined assets. The user’s privileges must be aligned with the task at hand, so that he won’t be able to engage with any other device. At the same time, inside the facility, the technician’s location is constantly monitored by the video surveillance system, which escorts him to the maintained relevant device. Any violations of these rules are monitored and logged, and sent as alerts to the control center along with the all network traffic data. This capability provides a comprehensive, real-time picture of the maintenance performed. A New Approach to Managing Human Maintenance Activities at Remote Installations Combined with NEC’s Physical Security Solution Suite, offering biometric identification, access gates, video surveillance and behavior pattern analysis, Radiflow’s ruggedized routers and gateways (including the 3180 Switch/Router, shown) allow securing ICSs during remote and on-site (physical) maintenance.  RTU 2   The Radiflow-NEC integrated solution uses two-factor authentication to limit access to specific devices, allowing secure remote or on-site maintenance. RTU 1 Radiflow Server Radiflow 3180 NEC Server
For example: Brad, a technician for a power generation firm, is tasked with servicing an ICS at a remote site used for controlling the set points in one of the generator rooms, and reduce a target value in one of the RTUs in that generator room. To enter the substation, Brad’s electronic card credentials are cross referenced with his image, as captured on camera and analyzed by NEC’s facial recognition system. Once Brad’s credentials are verified, he receives permission to connect his laptop to the network in order to access the ICS. However, accidently or not, Brad attempts to instead increase the target value. Radiflow’s DPI (Deep-Packet Inspection) will instantly block this session to prevent network-wide damage and notify the control center about the violation. Conclusion With the proliferation of ICS automation at infrastructure substations and remote facilities and the rising threat of cyber attacks, it is extremely important to impose strong security for maintenance operations, both remote and on-site. By combining NEC’s Physical Security Solutions Suite and Radiflow’s firewalled switch/routers, you can practically eliminate the risk inherent to exposing the network to maintenance operations. A New Approach to Managing Human Maintenance Activities at Remote Installations Specificationsaresubjecttochangewithoutpriornotice.©2015RadiflowLTD. Special Security Report Radiflow Secure Switch/Routers • Ruggedized industrial-grade hardware for harsh operating conditions • Distributed per-port DPI (Deep Packet Inspection) SCADA Firewall with Anomaly behavior detection • Network Learning for easy creation of firewall rules • Two-Factor authentication Remote Access, full auditing • IPSec VPN over Cellular (dual cellular modem) and Fiber with X.509 certificates • Syslog reporting to SIEM tools for integration of physical and cyber security • Secure management using SNMPv3, SSH and RADIUS NEC’s Physical Security Solution Suite • Comprehensive solution set including biometric identification, access gates, video surveillance & behavior pattern analysis • Facial recognition solutions recognized as world’s fastest and most accurate biometric technologies for identification • Behavior detection solution allows verifying user’s locations against predetermined list of accessible devices and areas • Highly resilient to varying environmental conditions • Highly scalable to large facilities, systems & traffic • Easy integration with existing systems • Ability to process live and archived video images Sample Use Cases Resulting Process: Follow maintenance person’s movements inside facility using video surveillance system; match location of employee against work order. Triggering Events: > Visual Positioning/NFC > Work Order Resulting Process: Block access to device and/or access to network; generate alarm and push video alert to control center; log all activities. Triggering Events: > Unauthorized operation on maintained device Resulting Process: Pertinent network traffic flow is automatically mirrored and fully recorded packet-by- packet by the logging function of the integrated control server. Triggering Events: > Execution of admin commands Resulting Process: Redirect and zoom camera toward the physical switch where violation occured; push video alert to control room; log violation. Triggering Events: > Network access violation > Visual positioning Resulting Process: Unlock door upon combined successful authentication by facial recognition and ID card authentication; firewall rules are sent to RADiFlow router upon authentication to assure access to only specific devices and commands specified by the work order. Triggering Events: > Facial Recognition > ID Card > Work Order

Recommended

ICS security
ICS securityICS security
ICS securityAhmed Shitta
 
NetSpi Whitepaper: Hardening Critical Systems At Electrical Utilities
NetSpi Whitepaper: Hardening Critical Systems At Electrical UtilitiesNetSpi Whitepaper: Hardening Critical Systems At Electrical Utilities
NetSpi Whitepaper: Hardening Critical Systems At Electrical UtilitiesCoreTrace Corporation
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen MillerAVEVA
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA Jeffrey Wang , P.Eng
 
Security Issues in SCADA based Industrial Control Systems
Security Issues in SCADA based Industrial Control Systems Security Issues in SCADA based Industrial Control Systems
Security Issues in SCADA based Industrial Control Systems aswanthmrajeev112
 
Cyber security of power grid
Cyber security of power gridCyber security of power grid
Cyber security of power gridP K Agarwal
 
Cyber Security in Substation Automation (IEC 61850)
Cyber Security in Substation Automation (IEC 61850)Cyber Security in Substation Automation (IEC 61850)
Cyber Security in Substation Automation (IEC 61850)Nikandrov Maxim
 
Mission Impact Assessment for Industrial Control Systems
Mission Impact Assessment for Industrial Control SystemsMission Impact Assessment for Industrial Control Systems
Mission Impact Assessment for Industrial Control SystemsMarina Krotofil
 

Recommended

ICS security
ICS securityICS security
ICS securityAhmed Shitta
 
NetSpi Whitepaper: Hardening Critical Systems At Electrical Utilities
NetSpi Whitepaper: Hardening Critical Systems At Electrical UtilitiesNetSpi Whitepaper: Hardening Critical Systems At Electrical Utilities
NetSpi Whitepaper: Hardening Critical Systems At Electrical UtilitiesCoreTrace Corporation
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen MillerAVEVA
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA Jeffrey Wang , P.Eng
 
Security Issues in SCADA based Industrial Control Systems
Security Issues in SCADA based Industrial Control Systems Security Issues in SCADA based Industrial Control Systems
Security Issues in SCADA based Industrial Control Systems aswanthmrajeev112
 
Cyber security of power grid
Cyber security of power gridCyber security of power grid
Cyber security of power gridP K Agarwal
 
Cyber Security in Substation Automation (IEC 61850)
Cyber Security in Substation Automation (IEC 61850)Cyber Security in Substation Automation (IEC 61850)
Cyber Security in Substation Automation (IEC 61850)Nikandrov Maxim
 
Mission Impact Assessment for Industrial Control Systems
Mission Impact Assessment for Industrial Control SystemsMission Impact Assessment for Industrial Control Systems
Mission Impact Assessment for Industrial Control SystemsMarina Krotofil
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)Byres Security Inc.
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Yokogawa1
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolShah Sheikh
 
Scada security
Scada securityScada security
Scada securitysommerville-videos
 
Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review ChecklistEberly Wilson
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilitiesNirmal Thaliyil
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
SCADA Security
SCADA SecuritySCADA Security
SCADA Securityamiable_indian
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2David Spinks
 
Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...Jiunn-Jer Sun
 
SCADA Presentation
SCADA PresentationSCADA Presentation
SCADA PresentationEric Favetta
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
 
Classification cyber security threats of modern substation
Classification cyber security threats of modern substationClassification cyber security threats of modern substation
Classification cyber security threats of modern substationNikandrov Maxim
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCommunity Protection Forum
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodClubHack
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentationguest85a34f
 
IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsShah Sheikh
 
Improving SCADA Security
Improving SCADA SecurityImproving SCADA Security
Improving SCADA SecurityNarinrit Prem-apiwathanokul
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)Ivan Carmona
 
Src 147
Src 147Src 147
Src 147sudhakar5472
 

More Related Content

What's hot

ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)Byres Security Inc.
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Yokogawa1
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolShah Sheikh
 
Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review ChecklistEberly Wilson
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilitiesNirmal Thaliyil
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...Jiunn-Jer Sun
 
SCADA Presentation
SCADA PresentationSCADA Presentation
SCADA PresentationEric Favetta
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
 
Classification cyber security threats of modern substation
Classification cyber security threats of modern substationClassification cyber security threats of modern substation
Classification cyber security threats of modern substationNikandrov Maxim
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCommunity Protection Forum
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodClubHack
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentationguest85a34f
 
IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsShah Sheikh
 

What's hot (20)

ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing Framework
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrol
 
Scada security
Scada securityScada security
Scada security
 
Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review Checklist
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilities
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
SCADA Security
SCADA SecuritySCADA Security
SCADA Security
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2
 
Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...
 
SCADA Presentation
SCADA PresentationSCADA Presentation
SCADA Presentation
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
 
Classification cyber security threats of modern substation
Classification cyber security threats of modern substationClassification cyber security threats of modern substation
Classification cyber security threats of modern substation
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT Approach
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentation
 
IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED-V2I2P15
IJSRED-V2I2P15
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security Solutions
 
Improving SCADA Security
Improving SCADA SecurityImproving SCADA Security
Improving SCADA Security
 

Similar to RF_NEC

White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)Ivan Carmona
 
E2 E Solution 4 Wind Park 1st Draft
E2 E Solution 4 Wind Park 1st DraftE2 E Solution 4 Wind Park 1st Draft
E2 E Solution 4 Wind Park 1st Draftenergyvijay
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsIJEACS
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesNir Cohen
 
Secure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security SensemakingSecure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security SensemakingAnita D'Amico
 
Electrical Appliances Control using Wi-Fi and Laptop
Electrical Appliances Control using Wi-Fi and LaptopElectrical Appliances Control using Wi-Fi and Laptop
Electrical Appliances Control using Wi-Fi and LaptopIRJET Journal
 
Power system automation
Power system automationPower system automation
Power system automationAbbas Ali
 
31779261-NOC-and-SOC.pdf
31779261-NOC-and-SOC.pdf31779261-NOC-and-SOC.pdf
31779261-NOC-and-SOC.pdfssusera5b321
 
IRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET- SDN Simulation in Mininet to Provide Security Via FirewallIRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET- SDN Simulation in Mininet to Provide Security Via FirewallIRJET Journal
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber SecurityJAZEEL K T
 
Comparative analysis of traditional scada systems and io t implemented scada
Comparative analysis of traditional scada systems and io t implemented scadaComparative analysis of traditional scada systems and io t implemented scada
Comparative analysis of traditional scada systems and io t implemented scadaIJARIIT
 
Cloud Based intrusion Detection System
Cloud Based intrusion Detection SystemCloud Based intrusion Detection System
Cloud Based intrusion Detection SystemIJMTST Journal
 
ICSA 2019 Architectural Security Weaknesses in Industrial Control Systems
ICSA 2019 Architectural Security Weaknesses in Industrial Control SystemsICSA 2019 Architectural Security Weaknesses in Industrial Control Systems
ICSA 2019 Architectural Security Weaknesses in Industrial Control SystemsDanielleGonzalez25
 
Remote sensing and control of an irrigation system using a distributed wirele...
Remote sensing and control of an irrigation system using a distributed wirele...Remote sensing and control of an irrigation system using a distributed wirele...
Remote sensing and control of an irrigation system using a distributed wirele...nithinreddykaithi
 
Scada Based Online Circuit Breaker Monitoring System
Scada Based Online Circuit Breaker Monitoring SystemScada Based Online Circuit Breaker Monitoring System
Scada Based Online Circuit Breaker Monitoring SystemIOSR Journals
 

Similar to RF_NEC (20)

White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
 
Src 147
Src 147Src 147
Src 147
 
E2 E Solution 4 Wind Park 1st Draft
E2 E Solution 4 Wind Park 1st DraftE2 E Solution 4 Wind Park 1st Draft
E2 E Solution 4 Wind Park 1st Draft
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-Sheet
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control Systems
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power Utilities
 
Industrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphyIndustrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphy
 
Secure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security SensemakingSecure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security Sensemaking
 
3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid
3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid
3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid
 
Electrical Appliances Control using Wi-Fi and Laptop
Electrical Appliances Control using Wi-Fi and LaptopElectrical Appliances Control using Wi-Fi and Laptop
Electrical Appliances Control using Wi-Fi and Laptop
 
Power system automation
Power system automationPower system automation
Power system automation
 
31779261-NOC-and-SOC.pdf
31779261-NOC-and-SOC.pdf31779261-NOC-and-SOC.pdf
31779261-NOC-and-SOC.pdf
 
IRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET- SDN Simulation in Mininet to Provide Security Via FirewallIRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET- SDN Simulation in Mininet to Provide Security Via Firewall
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber Security
 
Comparative analysis of traditional scada systems and io t implemented scada
Comparative analysis of traditional scada systems and io t implemented scadaComparative analysis of traditional scada systems and io t implemented scada
Comparative analysis of traditional scada systems and io t implemented scada
 
Cloud Based intrusion Detection System
Cloud Based intrusion Detection SystemCloud Based intrusion Detection System
Cloud Based intrusion Detection System
 
ICSA 2019 Architectural Security Weaknesses in Industrial Control Systems
ICSA 2019 Architectural Security Weaknesses in Industrial Control SystemsICSA 2019 Architectural Security Weaknesses in Industrial Control Systems
ICSA 2019 Architectural Security Weaknesses in Industrial Control Systems
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
 
Remote sensing and control of an irrigation system using a distributed wirele...
Remote sensing and control of an irrigation system using a distributed wirele...Remote sensing and control of an irrigation system using a distributed wirele...
Remote sensing and control of an irrigation system using a distributed wirele...
 
Scada Based Online Circuit Breaker Monitoring System
Scada Based Online Circuit Breaker Monitoring SystemScada Based Online Circuit Breaker Monitoring System
Scada Based Online Circuit Breaker Monitoring System
 

RF_NEC

  • 1. Special Security Report The Target - Industrial Control Systems Industrial control systems (ICS) are used for managing critical infrastructure networks such as smart grids, gas supply and many other critical services to modern life. Hackers looking to disrupt civilian life have been focusing lately on critical infrastructure networks to reduce the capability of local and state governments’ to provide basic services. The Challenge - Authentication & Control ICS networks are considered safe because they are assumed to be isolated from the outside world. However, there are two main situations where this isolation is compromised: when the system is physically accessed for system maintenance, and during remote maintenance. From both the network operations and the network security aspects, maintenance operations pose a high-level risk to the network. Without proper control, access rights granted for maintenance operations may be improperly used for illicit activities on the ICS, either by a malicious insider or an unintentional employee with an infected laptop. The Radiflow-NEC Solution Radiflow and NEC have developed an integrated solution for securing ICSs during both remote and on-site (physical) maintenance operations. The solution, focused on human-generated traffic and based on the RBAC (Role Base Access Control) methodology, is compatible with the Guidelines for Remote Access Management in NERC CIP Ver.5. Under the proposed solution, the first, if not the most crucial step prior to granting a user access to the facility, as well as network access, is verifying the identity of the user. This is achieved using an advanced two-factor authentication scheme utilizing the NEC facial recognition system and Electronic Card (or username and password in the case of remote maintenance). Once the user’s identity is verified, however, it is still imperative to ensure that he has access to only specific devices on the network and specific privileges on each device. Upon authentication, a firewall configuration file is downloaded to the Radiflow routers. These firewall rules enforce the predefined task parameters, so that during the maintenance operation the user is able to send only a specific range of commands to predefined assets. The user’s privileges must be aligned with the task at hand, so that he won’t be able to engage with any other device. At the same time, inside the facility, the technician’s location is constantly monitored by the video surveillance system, which escorts him to the maintained relevant device. Any violations of these rules are monitored and logged, and sent as alerts to the control center along with the all network traffic data. This capability provides a comprehensive, real-time picture of the maintenance performed. A New Approach to Managing Human Maintenance Activities at Remote Installations Combined with NEC’s Physical Security Solution Suite, offering biometric identification, access gates, video surveillance and behavior pattern analysis, Radiflow’s ruggedized routers and gateways (including the 3180 Switch/Router, shown) allow securing ICSs during remote and on-site (physical) maintenance.  RTU 2   The Radiflow-NEC integrated solution uses two-factor authentication to limit access to specific devices, allowing secure remote or on-site maintenance. RTU 1 Radiflow Server Radiflow 3180 NEC Server
  • 2. For example: Brad, a technician for a power generation firm, is tasked with servicing an ICS at a remote site used for controlling the set points in one of the generator rooms, and reduce a target value in one of the RTUs in that generator room. To enter the substation, Brad’s electronic card credentials are cross referenced with his image, as captured on camera and analyzed by NEC’s facial recognition system. Once Brad’s credentials are verified, he receives permission to connect his laptop to the network in order to access the ICS. However, accidently or not, Brad attempts to instead increase the target value. Radiflow’s DPI (Deep-Packet Inspection) will instantly block this session to prevent network-wide damage and notify the control center about the violation. Conclusion With the proliferation of ICS automation at infrastructure substations and remote facilities and the rising threat of cyber attacks, it is extremely important to impose strong security for maintenance operations, both remote and on-site. By combining NEC’s Physical Security Solutions Suite and Radiflow’s firewalled switch/routers, you can practically eliminate the risk inherent to exposing the network to maintenance operations. A New Approach to Managing Human Maintenance Activities at Remote Installations Specificationsaresubjecttochangewithoutpriornotice.©2015RadiflowLTD. Special Security Report Radiflow Secure Switch/Routers • Ruggedized industrial-grade hardware for harsh operating conditions • Distributed per-port DPI (Deep Packet Inspection) SCADA Firewall with Anomaly behavior detection • Network Learning for easy creation of firewall rules • Two-Factor authentication Remote Access, full auditing • IPSec VPN over Cellular (dual cellular modem) and Fiber with X.509 certificates • Syslog reporting to SIEM tools for integration of physical and cyber security • Secure management using SNMPv3, SSH and RADIUS NEC’s Physical Security Solution Suite • Comprehensive solution set including biometric identification, access gates, video surveillance & behavior pattern analysis • Facial recognition solutions recognized as world’s fastest and most accurate biometric technologies for identification • Behavior detection solution allows verifying user’s locations against predetermined list of accessible devices and areas • Highly resilient to varying environmental conditions • Highly scalable to large facilities, systems & traffic • Easy integration with existing systems • Ability to process live and archived video images Sample Use Cases Resulting Process: Follow maintenance person’s movements inside facility using video surveillance system; match location of employee against work order. Triggering Events: > Visual Positioning/NFC > Work Order Resulting Process: Block access to device and/or access to network; generate alarm and push video alert to control center; log all activities. Triggering Events: > Unauthorized operation on maintained device Resulting Process: Pertinent network traffic flow is automatically mirrored and fully recorded packet-by- packet by the logging function of the integrated control server. Triggering Events: > Execution of admin commands Resulting Process: Redirect and zoom camera toward the physical switch where violation occured; push video alert to control room; log violation. Triggering Events: > Network access violation > Visual positioning Resulting Process: Unlock door upon combined successful authentication by facial recognition and ID card authentication; firewall rules are sent to RADiFlow router upon authentication to assure access to only specific devices and commands specified by the work order. Triggering Events: > Facial Recognition > ID Card > Work Order