Cyber Security: Differences between Industrial Control Systems and ICT Approach


Published on

by Marco Biancardi

Cyber Security Manager and Renewable Automation Sales Support at ABB SpA – Power system

Published in: Technology, Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cyber Security: Differences between Industrial Control Systems and ICT Approach

  1. 1. Marco Biancardi, Power Systems Division, BU Power Generation, October 2013 Cyber Security Differences between Industrial Control Systems and ICT approach
  2. 2. Introduction Definitions Information Technology (IT)* is the application of computers and telecommunications equipment to store, retrieve, transmit and manipulate data, often in the context of a business or other enterprise. The term is commonly used as a synonym for computers and computer networks Industrial Control System (ICS)* is a general term that encompasses several types of control systems used in industrial production, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other smaller control system configurations such as programmable logic controllers (PLC) often found in the industrial sectors and critical infrastructures * Source: Wikipedia
  3. 3. Introduction Cyber security: a definition Measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack* *Source: Merriam-Webster’s dictionary
  4. 4. Introduction Why is it an issue? Isolated devices Point to point interfaces Proprietary networks Standard Ethernet/IPbased networks Interconnected systems Distributed systems Modern SCADA, automation, protection and control systems :  leverage commercial off the shelf IT components (i.e. MS Windows, Internet Explorer)  use standardized, IP based communication protocols  are distributed and highly interconnected  use mobile devices and storage media Modern control systems are specialized IT systems, with multiple vulnerabilities Hacking Employee Mistake Malicious software installed via USB port
  5. 5. Differences Office IT vs Utilities/Industry: …they are different! Corporate/Office IT Utilities/Industry Environment Offices and «mobile» «in the field» People/Equipment Ratio # of Equipment ~= # of people Few people, many equipment. Object under protection Information Industrial process: availability Risk Impact Information disclosure, $$$ Safety (life), Health, Environment, Information disclosure, loss of production, downtime, repairing costs, $$$ Availability requirements 3,65 days) System lifetime 3-5 years 15-30 years Security focus Central Servers (CPU, memory,…) and PC Server/PC + distributed systems, Sensors, PLC,… Operating systems Windows Windows + proprietary Software Consumer Software , normally used on PC Specific Protocols Well known (HTTP over TCP/IP ,…) / mainly web Industrial (TCP/IP, Vendor specific) / polling Procedure Well known (password,…) Specific Main actors IBM, SAP, Oracle, etc. ABB, Siemens, GE, Honeywell, Emerson, etc. 95%-99% (accept. downtime/year: 18,25 – 99,9%-99,999% (accept. downtime/year: 8,76 hrs – 5,25 minutes)
  6. 6. Introduction A definition in the context of power and automation technology *source MerriamWebster’s dictionary Measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack* translates into Measures taken to protect the reliability, integrity and availability of power and automation technologies against unauthorized access or attack
  7. 7. Threats Where are attack sources?  Accidents / Mistakes  Rogue insider  Malware  Thieves / Extortionists  Enemies / Terrorists Likelihood  Likelihood is unknown  Consequences are potentially huge
  8. 8. Threats What if…  What if this information gets disclosed  What if someone opens a breaker  What if it does not open when it should  What if I cannot operate a device/PLC  What if someone else can operate a device/PLC  What if a transformer is overloaded due to a wrong temperature reading?  What if a protection is not working properly?  What if a not-authorized person can access supervision/control network?  What if a not-authorized person can access DSO/TSO network?  What if a blackout happen in cold winter?
  9. 9. Threats World news
  10. 10. Solutions How can you proceed? Keeping up-to-date Awareness Check Actual Status Assessment What if… Follow-up Dedicated solutions Continuous monitoring Cyber Security Cycle Operational Security 100% Security does not exist. Security:  Is not a product but a process Risk Mitigation
  11. 11. Solutions ABB Service Approach Different service levels, based on project status 1. ASSESSMENT Site Inventory Risk Assesment 2. FIRST-AID SERVICE Design Review HW update & Hardening SW service Analysis Report Patch management Account management Antivirus management Backup&Restore management 3. INDUSTRIAL DEFENDER Manage Monitor hardware/software 4. ACROSS-LIFE Keeping up-to-date Training Recurrent Reports/ Coursewares
  12. 12. Why ABB Defense in depth Strong (Secure) ABB products + Industrial Defender Solutions Defense in depth