Situational Awareness Reference
Architecture (SARA)
Overview
• Reference Architecture for Shared Visibility
– Facility, industry, region, nation, world
• Technical and Process
– Open ...
• Identity
– “Who are we?”
• Inventory
– “What do we have?”
• Activity
– “What is it doing?”
• Sharing
– “How do we commun...
• Standard of Practice for Determining Identity
– What capabilities do we have?
– How do we make decisions?
– What is our ...
• Create and Maintain Inventory
– Control System Components
– Process Equipment
– System Topology
– Device Configurations
...
• Behavior Baseline
– Device Relationships
– Approved Patterns
– Change Control
• Anomaly Detection
– Device Configuration...
• Inbound
– Receiving and Utilizing External Knowledge
• Outbound
– Deriving
– Anonymizing
• Communication
– Schemas and T...
Emergent Properties of Knowledge Sharing
ICS-ISAC
Integrators
CERTs
ICS-ISAC
Knowledge
Source
MSSPs
Trade
Organizations
Kn...
ICS-ISAC
Schemas and
Transports
STIX/TAXII
IODEF
CIF
ROW
Privacy
Legalities
Motivations
PLC
Switch
HMI
SCADA Server
Networ...
• CY 2013
– Functional Draft SARA Document
– Limited Pilot
• CY 2014
– 1.0 SARA Document Published
– Scaled Pilot
SARA Tim...
For more information:
ics-isac.org
sara@ics-isac.org
+1 408-656-8732
Upcoming SlideShare
Loading in …5
×

Situational Awareness Reference Architecture (SARA) Overview

870 views

Published on

SARA is a project of the Industrial Control System Information Sharing and Analysis Center (ICS-ISAC) to capture and codify the industry standards and best practices associated with critical infrastructure cybersecurity situational awareness.

See http://ics-isac.org for more information on SARA.

Published in: Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
870
On SlideShare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Ward:You can use this phone number to dial in:Dial +1 (646) 307-1716Access Code: 289-394-150Or you can select “Mic and Speakers” under “Audio” in the gotomeeting gadget
  • Situational Awareness Reference Architecture (SARA) Overview

    1. 1. Situational Awareness Reference Architecture (SARA) Overview
    2. 2. • Reference Architecture for Shared Visibility – Facility, industry, region, nation, world • Technical and Process – Open Standards of Practice • Compatible and Extensible – Combine Industry Efforts – Solution Provider Framework SARA Overview
    3. 3. • Identity – “Who are we?” • Inventory – “What do we have?” • Activity – “What is it doing?” • Sharing – “How do we communicate with others?” SARA Components
    4. 4. • Standard of Practice for Determining Identity – What capabilities do we have? – How do we make decisions? – What is our structure? • Existing Open Architecture – http://all.net/Arch/index.html Identity
    5. 5. • Create and Maintain Inventory – Control System Components – Process Equipment – System Topology – Device Configurations Inventory
    6. 6. • Behavior Baseline – Device Relationships – Approved Patterns – Change Control • Anomaly Detection – Device Configurations Activity
    7. 7. • Inbound – Receiving and Utilizing External Knowledge • Outbound – Deriving – Anonymizing • Communication – Schemas and Transports (STIX, TAXII, IODef, CIF…) Sharing
    8. 8. Emergent Properties of Knowledge Sharing ICS-ISAC Integrators CERTs ICS-ISAC Knowledge Source MSSPs Trade Organizations Knowledge Centers Asset Owner
    9. 9. ICS-ISAC Schemas and Transports STIX/TAXII IODEF CIF ROW Privacy Legalities Motivations PLC Switch HMI SCADA Server Network Monitoring Server Internet Process Equipment Technical Architecture Inventory Activity Change ICS LAB Firewall/VPN
    10. 10. • CY 2013 – Functional Draft SARA Document – Limited Pilot • CY 2014 – 1.0 SARA Document Published – Scaled Pilot SARA Timeline
    11. 11. For more information: ics-isac.org sara@ics-isac.org +1 408-656-8732

    ×