REDESIGNING SYSTEM SECURITY
OF A CONTROL ROOM
GREG JONES - SCADA AND DATA SYSTEMS ENGINEER
12 MARCH, 2014
Redesigning system security based on the front
end engineering & design of a control room
Overview
Safety Moment
→ Introduction
→ Control systems data,
access and technology business drivers
→ Effectiveness of pa...
Safety moment – threat of power loss to 2.1
million people
→  Integral Energy distributes electricity to 2.1 million peopl...
Data access for business intelligence
→ Big data provides competitive advantages
•  Regulatory requirements e.g. NGERS
•  ...
System access for management and
support
→ Cost, schedule and worker empowerment
•  Centralised management – CCR
•  Centra...
Technology – borderless networks
→  Cost, schedule and worker empowerment
→  Office network using
•  Cloud services (SaaS,...
Effectiveness of patching and anti-virus
→  Blacklisting philosophy
→  Office network
•  System downtime and integrity
•  ...
COTS systems and technology in the PCN
Cost, supportability and end of life issues force use of its COTS
systems and servi...
Is it too much work?
→  Businesses and people only use solutions that are efficient and effective (mind the
gap)
→  Albert...
Exporting data securely to the business
network
→  We can’t disconnect the PCN
→  Need data export for business intelligen...
Clear accountabilities through physical
boundaries
PatchTimeCriticality
→  Shared infrastructure makes ownership
unclear
→...
No internet access. Private WAN and
dedicated clients for remote access
PatchTimeCriticality
→  Remote access is a necessi...
Network segregation and device
hardening
→  WAN and wireless links cannot be fully trusted.
→  Need defence in depth
→  PC...
Conclusions
→  Safety must be designed in
→  Changed security requirements
→  Be efficient and effective (mind the gap)
→ ...
Questions
Titan ICT Consultants
→ Australian-owned Engineering consultancy
→ Leading-edge tailored Integrated Technology and Busines...
References
→  The delta between work capabilities and consumer capabilities is where "FUIT" happens.
Luckily we're past th...
Upcoming SlideShare
Loading in …5
×

Greg Jones, Titan ICT - Redesigning System Security based on the Front End Engineering and Design of a Control Room

560 views

Published on

Greg Jones, Senior ICT Consultant, Titan ICT delivered this presentation at the 2nd Annual Control Room Design & Operations Conference.

This conference provided insights into streamlining operations, optimising efficiency & managing costs in your control room facilities, through effective design and operations.

For more information, visit http://www.informa.com.au/controlroomdesign14

Published in: Design
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
560
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Greg Jones, Titan ICT - Redesigning System Security based on the Front End Engineering and Design of a Control Room

  1. 1. REDESIGNING SYSTEM SECURITY OF A CONTROL ROOM GREG JONES - SCADA AND DATA SYSTEMS ENGINEER 12 MARCH, 2014
  2. 2. Redesigning system security based on the front end engineering & design of a control room
  3. 3. Overview Safety Moment → Introduction → Control systems data, access and technology business drivers → Effectiveness of patching and anti-virus → Going back to the old ways of segregation → Conclusion
  4. 4. Safety moment – threat of power loss to 2.1 million people →  Integral Energy distributes electricity to 2.1 million people in NSW →  Network Virus Attack (2009) →  Business network infected by conficker worm •  Hackers able to issue commands to infected machines from the internet •  All desktops rebuilt by external security experts →  Threats due to control systems being on the same network •  Loss of power to 2.1 million people •  Uncontrolled access to control system →  Control System not vulnerable to Infection •  Generally unaffected as mostly on Unix
  5. 5. Data access for business intelligence → Big data provides competitive advantages •  Regulatory requirements e.g. NGERS •  Asset management •  Worker empowerment (Kanban) •  Remote screen view •  Collaboration CWE → This is done by •  Historian / database out •  File transfer out → I3 – Intelligent, Instrumented and Interconnected
  6. 6. System access for management and support → Cost, schedule and worker empowerment •  Centralised management – CCR •  Centralised support •  Remote vendor support •  Mobile operators → This requires: •  3rd Party WAN •  Wireless networks •  Internet access •  File transfer in and out •  3rd party devices •  Mobile devices
  7. 7. Technology – borderless networks →  Cost, schedule and worker empowerment →  Office network using •  Cloud services (SaaS, PaaS, IaaS...) •  BYOD (smart phone, laptop, tablet) •  Use of portable media (USB, DVD ...) →  Ubiquitous remote access →  Office network meshed with the Internet and home networks →  Social engineering (Facebook, Phishing ...) →  Proliferation of malware / zero day exploits / hacking tools →  Access to systems from anywhere →  Office network is untrusted
  8. 8. Effectiveness of patching and anti-virus →  Blacklisting philosophy →  Office network •  System downtime and integrity •  Test / dev cycle •  Large number of users dependent on the system •  Out of hours work and roll back •  AV within 24 hours and patches monthly →  Process control network •  Safety is first priority •  System downtime and integrity •  Vendor guarantee required – patches / AV certified •  Test / dev cycle •  AV within a month and patching 3+ months →  Inadequate patch speed to ensure protection →  Always vulnerable to day zero threats
  9. 9. COTS systems and technology in the PCN Cost, supportability and end of life issues force use of its COTS systems and services →  Office  network  security  requirements:   →  Process  control  network  security  requirements:   Confidentiality Medium high importance Integrity High importance Availability High lower importance Regulatory Low importance Availability Very high importance Integrity Highest high importance Confidentiality Medium low importance Regulatory Medium low importance
  10. 10. Is it too much work? →  Businesses and people only use solutions that are efficient and effective (mind the gap) →  Albert Einstein: •  “Intellectuals solve problems, geniuses prevent them.” →  Technologies •  Data diodes / IP KVM •  Thin clients •  Application white listing •  Timed access •  Network segregation →  Human firewall •  Chronic unease - need to access / need to know →  Design based on risk scenarios •  CHAZOP
  11. 11. Exporting data securely to the business network →  We can’t disconnect the PCN →  Need data export for business intelligence →  Can’t allow return traffic →  Can’t be vulnerable to malware, hackers and human error →  Use a data diode and export data →  Replicate systems →  Put PCN support systems on the PCN PatchTimeCriticality
  12. 12. Clear accountabilities through physical boundaries PatchTimeCriticality →  Shared infrastructure makes ownership unclear →  Support is compromised →  Necessary changes are not implemented. →  Management needs to be from a secure location (Management devices cannot have internet or email access) →  Use dedicated management clients in the PCN →  Keep PCN, PCN remote access and office network physically separate.
  13. 13. No internet access. Private WAN and dedicated clients for remote access PatchTimeCriticality →  Remote access is a necessity for timely and cost effective support →  Requires inbound access →  Internet access leaves you vulnerable →  Only enabled upon request (just like the turning on and modems) →  Use private WAN (MPLS) →  Use dedicated PCN mobile devices that are not allowed to connect to the internet →  In case of emergency use IP KVM connected to internet and host based firewall restrictions so the PCN is protected from malware
  14. 14. Network segregation and device hardening →  WAN and wireless links cannot be fully trusted. →  Need defence in depth →  PCN nodes are an attack path →  Uncontrolled portable media bring viruses and carry data away →  Operating systems on PCN clients are vulnerable. →  Encrypt 3rd party WAN and wireless links. →  Introduce network segmentation of clients, management, nodes, sites and PCD servers. →  Use thin clients with all applications and systems on servers →  Disable USB’s and use network file transfer →  Use an integrated security product suite PatchTimeCriticality
  15. 15. Conclusions →  Safety must be designed in →  Changed security requirements →  Be efficient and effective (mind the gap) →  Cannot successfully defend with patching →  Must use a different solution •  Technology −  Data diodes / thin clients −  Host and server segments −  Private remote access network with end to end security management •  Human firewall – need to access / need to know •  Design based on risk scenarios - CHAZOP →  Ethos of white listing
  16. 16. Questions
  17. 17. Titan ICT Consultants → Australian-owned Engineering consultancy → Leading-edge tailored Integrated Technology and Business Solutions → Proven strategies and processes, and many years of project delivery experience → Vendor neutral meaning our recommendations are not influenced by any commercial arrangements - we find the best solution for our client’s needs →  Dedicated project management office based on Prince2 and ISO:9001 accreditation www.titanict.com.au
  18. 18. References →  The delta between work capabilities and consumer capabilities is where "FUIT" happens. Luckily we're past that now!: BrianMadden, 24 Apr 2013, Jack Madden →  Solving the SCADA/ICS Security Patch Problem: 27 Mar 2013, Tofino Security, Eric Byres →  13 ways through a firewall: What you don’t know can hurt you, Mar/Apr 2013, ISA, Andrew Ginter →  Web-based SCADA Gathers More Fans: AutomationWorld, 5 Dec 2012, James R. Koelsch →  SCADA Security In A Post-Stuxnet World: 6 Nov 2012, Dark Reading, Kelly Jackson Higgins →  Maintaining Necessary Information Paths over Unidirectional Gateways: Oct 2011, Mohan Ramanathan & Andrew Ginter →  Process Control Domain – Security Requirements for Vendors: Sep 2010, WIB

×