The document discusses computer security guidance for nuclear facilities' instrumentation and control (I&C) systems. It reviews Nuclear Security Series No. 17 (NSS-17) and a new publication NST036. NST036 aims to provide more robust guidance on applying computer security throughout the lifecycle of I&C systems, including addressing both safety and security considerations. It outlines key principles like prioritizing safety over security if there is a conflict. The document also discusses potential security controls and measures that could be applied to I&C systems, such as system hardening, application whitelisting, data diodes, and intrusion detection systems. It emphasizes the importance of considering computer security for vendors and during maintenance/testing activities involving
Network infrastructure security management solution - A holistic approach in ...Twinkle Sebastian
Network Infrastructure Security Management Solution can continuously provide network visualisation and identify critical attack risk. It provide security network and risk team with a firm understanding of Where the investment is needed, and Where greatest cyber attack risks lie. This understanding enable organizations to allocate resouces and take prioritized actions.
Its is project based on one of the most interesting and wide topic of Computer Science, named Cyber Security
CONTENT :
1. What is Cyber Security
2. Why Cyber Security is Important
3. Brief History
4. Security Timeline
5. Architecture
6. Cyber Attack Methods
7. Technology for Cyber Secuirty
8. Development in Cyber Security
9. Future Trend in Cyber Security
How To Learn The Network Security
Slide berikut merupakan slide yang berisikan dasar-dasar bagi kita dalam memahami konsep keamanan jaringan komputer, baik dari sisi inftrastruktur, teknologi dan paradigma bagi pengguna.
Materi yang diberikan sudah disusun oleh Pakar yang merupakan Trainer CEH dan memang berkompeten dibidang keamanan jaringan.
Slide ini saya dapatkan dari beliau saat mengikut training Certified Computer Security Officer (CCSO) dan Certified Computer Security Analyst (CCSA) dari beliau.
Semoga bermanfaat sebagai acuan bagi kita untuk belajar tentang keamanan jaringan komputer.
Terimakasih
Network infrastructure security management solution - A holistic approach in ...Twinkle Sebastian
Network Infrastructure Security Management Solution can continuously provide network visualisation and identify critical attack risk. It provide security network and risk team with a firm understanding of Where the investment is needed, and Where greatest cyber attack risks lie. This understanding enable organizations to allocate resouces and take prioritized actions.
Its is project based on one of the most interesting and wide topic of Computer Science, named Cyber Security
CONTENT :
1. What is Cyber Security
2. Why Cyber Security is Important
3. Brief History
4. Security Timeline
5. Architecture
6. Cyber Attack Methods
7. Technology for Cyber Secuirty
8. Development in Cyber Security
9. Future Trend in Cyber Security
How To Learn The Network Security
Slide berikut merupakan slide yang berisikan dasar-dasar bagi kita dalam memahami konsep keamanan jaringan komputer, baik dari sisi inftrastruktur, teknologi dan paradigma bagi pengguna.
Materi yang diberikan sudah disusun oleh Pakar yang merupakan Trainer CEH dan memang berkompeten dibidang keamanan jaringan.
Slide ini saya dapatkan dari beliau saat mengikut training Certified Computer Security Officer (CCSO) dan Certified Computer Security Analyst (CCSA) dari beliau.
Semoga bermanfaat sebagai acuan bagi kita untuk belajar tentang keamanan jaringan komputer.
Terimakasih
Vskills certification for Network Security Professional assesses the candidate for a company’s network security needs. The certification tests the candidates on various areas in network security which includes knowledge of networking, cryptography, implementation and management of network security measures.
http://www.vskills.in/certification/Certified-Network-Security-Professional
The Offensive Cyber Security Certification will upgrade your skills to become a pentester, exploit developer. You will learn multiple offensive approaches to access infrastructure, environment, and information, performing risk analysis and mitigation, compliance, and much more with this program.
Network Security protects your network and data from breaches, intrusions and other threats. View this presentation now to understand what is network security and the types of network security.
Happy learning!!
The growth of embedded systems connecting to the Internet or "Internet of Things" (IoT) increases year by year. Thus, the IoT ecosystems become new targets of the attackers. This presentation will talk about the basic principle of information security, why we need to secure IoT ecosystems, and also the vulnerabilities and solutions from OWASP.
IEEE 2014 DOTNET NETWORKING PROJECTS Network intrusion detection system using...IEEEMEMTECHSTUDENTPROJECTS
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09666155510, 09849539085 or mail us - ieeefinalsemprojects@gmail.com-Visit Our Website: www.finalyearprojects.org
https://mloey.github.io/courses/security2017.html
We will discuss the following: Cryptography, Computer Security, OSI Security Architecture, Security Structure Scheme, Key Properties, Symmetric Encryption, Asymmetric Encryption, finally Our Book
Monitoring your organization against threats - Critical System ControlMarc-Andre Heroux
Organizations are facing various types of threats. Threats can come from inside, outside your organization or from both. This article focus on monitoring informational resources against all types of threats against your critical functions supported by computer equipment such as servers, desktops, switches, routers, firewalls, etc.
Vskills certification for Network Security Professional assesses the candidate for a company’s network security needs. The certification tests the candidates on various areas in network security which includes knowledge of networking, cryptography, implementation and management of network security measures.
http://www.vskills.in/certification/Certified-Network-Security-Professional
The Offensive Cyber Security Certification will upgrade your skills to become a pentester, exploit developer. You will learn multiple offensive approaches to access infrastructure, environment, and information, performing risk analysis and mitigation, compliance, and much more with this program.
Network Security protects your network and data from breaches, intrusions and other threats. View this presentation now to understand what is network security and the types of network security.
Happy learning!!
The growth of embedded systems connecting to the Internet or "Internet of Things" (IoT) increases year by year. Thus, the IoT ecosystems become new targets of the attackers. This presentation will talk about the basic principle of information security, why we need to secure IoT ecosystems, and also the vulnerabilities and solutions from OWASP.
IEEE 2014 DOTNET NETWORKING PROJECTS Network intrusion detection system using...IEEEMEMTECHSTUDENTPROJECTS
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09666155510, 09849539085 or mail us - ieeefinalsemprojects@gmail.com-Visit Our Website: www.finalyearprojects.org
https://mloey.github.io/courses/security2017.html
We will discuss the following: Cryptography, Computer Security, OSI Security Architecture, Security Structure Scheme, Key Properties, Symmetric Encryption, Asymmetric Encryption, finally Our Book
Monitoring your organization against threats - Critical System ControlMarc-Andre Heroux
Organizations are facing various types of threats. Threats can come from inside, outside your organization or from both. This article focus on monitoring informational resources against all types of threats against your critical functions supported by computer equipment such as servers, desktops, switches, routers, firewalls, etc.
Privacy Protection in Distributed Industrial Systemiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
This presentation discusses why cybersecurity is an issue for safety instrumented systems and will examine example architectures when communicating with the SIS.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Training and Tips that are very helpful to gain knowledge in the field of information Security and passing your CISSP Certification Exam.
To be CISSP Certified Please Check out the link below:
http://asmed.com/cissp-isc2/
Lessons Learned for a Behavior-Based IDS in the Energy SectorEnergySec
This presentation will review lessons learned from a deployment of behavior-based intrusion detection system (IDS) on a SCADA network that was part of a large-scale energy management system. The IDS architecture, sensor features, and sensor placement within the target SCADA environment proved to be key for successful detection of malicious activity. Challenges included simultaneous monitoring of multiple SCADA protocols (DNP3 and ICCP) across multiple network segments; monitoring of both encrypted and unencrypted network traffic; adapting to slow environment changes to minimize false positive output; and integration of the behavior-based IDS output into an existing monitoring system/SIEM
Integrated Control and Safety - Assessing the Benefits; Weighing the RisksSchneider Electric
While best practice has leaned toward keeping control and
safety isolated from each other, recent enterprise data integration
and cost control initiatives are providing incentive to
achieve some level of integration. This paper describes three
basic integration models, including an “interfaced” approach,
in which separate control and safety communicate via a
custom built software bridge; an “integrated but separate”
approach, in which the disparate systems sit on the same
network, but share information only across isolated network
channels; and a “common” approach, in which both control
and safety systems share a common operating system. The
authors then compare the three approaches according to
compliance with safety standards and cost efficiencies.
Forklift Classes Overview by Intella PartsIntella Parts
Discover the different forklift classes and their specific applications. Learn how to choose the right forklift for your needs to ensure safety, efficiency, and compliance in your operations.
For more technical information, visit our website https://intellaparts.com
Water scarcity is the lack of fresh water resources to meet the standard water demand. There are two type of water scarcity. One is physical. The other is economic water scarcity.
Immunizing Image Classifiers Against Localized Adversary Attacksgerogepatton
This paper addresses the vulnerability of deep learning models, particularly convolutional neural networks
(CNN)s, to adversarial attacks and presents a proactive training technique designed to counter them. We
introduce a novel volumization algorithm, which transforms 2D images into 3D volumetric representations.
When combined with 3D convolution and deep curriculum learning optimization (CLO), itsignificantly improves
the immunity of models against localized universal attacks by up to 40%. We evaluate our proposed approach
using contemporary CNN architectures and the modified Canadian Institute for Advanced Research (CIFAR-10
and CIFAR-100) and ImageNet Large Scale Visual Recognition Challenge (ILSVRC12) datasets, showcasing
accuracy improvements over previous techniques. The results indicate that the combination of the volumetric
input and curriculum learning holds significant promise for mitigating adversarial attacks without necessitating
adversary training.
Courier management system project report.pdfKamal Acharya
It is now-a-days very important for the people to send or receive articles like imported furniture, electronic items, gifts, business goods and the like. People depend vastly on different transport systems which mostly use the manual way of receiving and delivering the articles. There is no way to track the articles till they are received and there is no way to let the customer know what happened in transit, once he booked some articles. In such a situation, we need a system which completely computerizes the cargo activities including time to time tracking of the articles sent. This need is fulfilled by Courier Management System software which is online software for the cargo management people that enables them to receive the goods from a source and send them to a required destination and track their status from time to time.
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdfKamal Acharya
The College Bus Management system is completely developed by Visual Basic .NET Version. The application is connect with most secured database language MS SQL Server. The application is develop by using best combination of front-end and back-end languages. The application is totally design like flat user interface. This flat user interface is more attractive user interface in 2017. The application is gives more important to the system functionality. The application is to manage the student’s details, driver’s details, bus details, bus route details, bus fees details and more. The application has only one unit for admin. The admin can manage the entire application. The admin can login into the application by using username and password of the admin. The application is develop for big and small colleges. It is more user friendly for non-computer person. Even they can easily learn how to manage the application within hours. The application is more secure by the admin. The system will give an effective output for the VB.Net and SQL Server given as input to the system. The compiled java program given as input to the system, after scanning the program will generate different reports. The application generates the report for users. The admin can view and download the report of the data. The application deliver the excel format reports. Because, excel formatted reports is very easy to understand the income and expense of the college bus. This application is mainly develop for windows operating system users. In 2017, 73% of people enterprises are using windows operating system. So the application will easily install for all the windows operating system users. The application-developed size is very low. The application consumes very low space in disk. Therefore, the user can allocate very minimum local disk space for this application.
About
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Technical Specifications
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
Key Features
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface
• Compatible with MAFI CCR system
• Copatiable with IDM8000 CCR
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
Application
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdffxintegritypublishin
Advancements in technology unveil a myriad of electrical and electronic breakthroughs geared towards efficiently harnessing limited resources to meet human energy demands. The optimization of hybrid solar PV panels and pumped hydro energy supply systems plays a pivotal role in utilizing natural resources effectively. This initiative not only benefits humanity but also fosters environmental sustainability. The study investigated the design optimization of these hybrid systems, focusing on understanding solar radiation patterns, identifying geographical influences on solar radiation, formulating a mathematical model for system optimization, and determining the optimal configuration of PV panels and pumped hydro storage. Through a comparative analysis approach and eight weeks of data collection, the study addressed key research questions related to solar radiation patterns and optimal system design. The findings highlighted regions with heightened solar radiation levels, showcasing substantial potential for power generation and emphasizing the system's efficiency. Optimizing system design significantly boosted power generation, promoted renewable energy utilization, and enhanced energy storage capacity. The study underscored the benefits of optimizing hybrid solar PV panels and pumped hydro energy supply systems for sustainable energy usage. Optimizing the design of solar PV panels and pumped hydro energy supply systems as examined across diverse climatic conditions in a developing country, not only enhances power generation but also improves the integration of renewable energy sources and boosts energy storage capacities, particularly beneficial for less economically prosperous regions. Additionally, the study provides valuable insights for advancing energy research in economically viable areas. Recommendations included conducting site-specific assessments, utilizing advanced modeling tools, implementing regular maintenance protocols, and enhancing communication among system components.
Final project report on grocery store management system..pdfKamal Acharya
In today’s fast-changing business environment, it’s extremely important to be able to respond to client needs in the most effective and timely manner. If your customers wish to see your business online and have instant access to your products or services.
Online Grocery Store is an e-commerce website, which retails various grocery products. This project allows viewing various products available enables registered users to purchase desired products instantly using Paytm, UPI payment processor (Instant Pay) and also can place order by using Cash on Delivery (Pay Later) option. This project provides an easy access to Administrators and Managers to view orders placed using Pay Later and Instant Pay options.
In order to develop an e-commerce website, a number of Technologies must be studied and understood. These include multi-tiered architecture, server and client-side scripting techniques, implementation technologies, programming language (such as PHP, HTML, CSS, JavaScript) and MySQL relational databases. This is a project with the objective to develop a basic website where a consumer is provided with a shopping cart website and also to know about the technologies used to develop such a website.
This document will discuss each of the underlying technologies to create and implement an e- commerce website.
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxR&R Consult
CFD analysis is incredibly effective at solving mysteries and improving the performance of complex systems!
Here's a great example: At a large natural gas-fired power plant, where they use waste heat to generate steam and energy, they were puzzled that their boiler wasn't producing as much steam as expected.
R&R and Tetra Engineering Group Inc. were asked to solve the issue with reduced steam production.
An inspection had shown that a significant amount of hot flue gas was bypassing the boiler tubes, where the heat was supposed to be transferred.
R&R Consult conducted a CFD analysis, which revealed that 6.3% of the flue gas was bypassing the boiler tubes without transferring heat. The analysis also showed that the flue gas was instead being directed along the sides of the boiler and between the modules that were supposed to capture the heat. This was the cause of the reduced performance.
Based on our results, Tetra Engineering installed covering plates to reduce the bypass flow. This improved the boiler's performance and increased electricity production.
It is always satisfying when we can help solve complex challenges like this. Do your systems also need a check-up or optimization? Give us a call!
Work done in cooperation with James Malloy and David Moelling from Tetra Engineering.
More examples of our work https://www.r-r-consult.dk/en/cases-en/
4. Review of Nuclear Security Series
• NSS No.17 Computer Security for Nuclear Facilities
• NST036 Computer Security of Nuclear I&C Systems
5. Review of NSS No. 17
– Awareness publication
– Safety I&C systems are assigned Levels 1 to 3
– No categorization hierarchy provided for PPS
– Security Objective is not stated for many computer security measures
– Risk assessment in general terms
– Non-safety items may impact on safety systems and require protection
6. Review NSS No. 17 - Example
EXAMPLE
– Zone 1: Safety relevant digital and software based I&C systems
– Zone 2: Process-control and Process-computing systems
e.g. 2A = Reactor near area, 2B = Main Control Room
– Zone 3: Administrative computer systems
e.g. 3A = Physical Protection Systems
3B = Telecommunication Systems
– Zone 4: External systems
e.g. 4A = Systems for Internet Services and data exchange
9. What NSS17 does not provide?
1. Coherence with IAEA Safety Guides
2. Robust Risk Assessment Method
3. Safety and Security Considerations when applying security controls –
unique to Nuclear I&C.
4. Computer Security measures for the entire I&C System lifecycle.
5. Goal based guidance
10. Approved for Publication
NST036 – Computer Security of I&C Systems
– Nuclear I&C designers have robust processes in place to ensure systems
provide for safe, reliable, and deterministic behavior.
– NST036 aims to overlay security considerations on top of these processes to
meet safety and security objectives.
– Developed in tandem with SSG-37and SSG-39 IAEA Safety Guide for I&C
Systems NPPs and RRs.
11. NST036 Objective
– Aims to provide guidance on computer security for I&C systems at
nuclear facilities.
– This guidance includes safety and security considerations which
have to be addressed in order to provide security throughout the
life cycle of an I&C system.
– Application of this guidance may also benefit safety and
operational performance of nuclear facilities.
12. NST036 Scope
– The application of computer security measures to I&C systems
which provide safety or auxiliary functions at nuclear facilities.
– I&C systems used for Nuclear material accounting and control
(NMAC) or nuclear security, such as physical protection and
security monitoring, where applicable.
– Considers the application of computer security measures to the
development, simulation and maintenance environments.
13. Potential Consequences
The effects of compromise on a system functions arranged from
worst to best cases are:
i. Function is indeterminate
ii. Function has unexpected behaviours or actions
iii. Function fails
iv. Function performs as expected (i.e. fault tolerant)
14. Compromise examples
– Failure (e.g. Denial of service/Loss of Function) Block operator’s ability to
observe and/or respond to changing system conditions, slow the system to
a crawl.
– Interception (Man in the Middle) Interception and modification of data
stream between nodes
– Unobserved System Monitoring/Modification; Unauthorized access and
data recording/modification
– Operator Spoofing leading to Incorrect Action Causing operator to take
incorrect action. Direct manipulation of computer/control system
Ref: Tutănescu, Ion, Ass. Prof., Ph.D., Prof. Emil Sofron, Ph.D., Anatomy and Types of Attacks against
Computer Networks, Department of Electronics and Computers, University of Piteşti, ROMANIA.
15. Safety-Security Considerations
– Computer security measures that protect the human–system
interface (HSI) should be implemented so that they do not
adversely affect the operators’ ability to maintain the safety of the
facility.
– Adverse impacts such as the interception and modification of
process data to the HSI (e.g. spoofing) with the aim to preventing
or delaying the operator from actuating a safety function (e.g.
manual trip) should also be considered.
16. Safety-Security Considerations
– If there is a conflict between safety and security, then design
considerations taken to assure safety should be maintained
provided that a compatible solution to ensure security is pursued.
– Compensatory computer security measures should be
implemented to reduce the risk to an acceptable level and be
supported by a comprehensive justification and security risk
analysis.
– The implemented measures should not rely solely upon
administrative controls for an extended period.
– The absence of a security solution should never be accepted.
17. Review – Computer Security Measures
Types of protective measures
– Administrative Controls – policy, procedures and practices designed to
safeguard computer systems through personnel behaviors. These are
directive in nature specifying what employees should and should not do.
– Physical Controls – physical barriers for the protection of computer and
supporting assets from physical damage and physical access. (fences,
physical protection systems, locks, doors, guards, fire protection)
– Technical Controls – computer hardware/software solutions for the
protection, detection, mitigation and recovery from intrusion or malicious
acts. (e.g. firewalls, IDS, anti-virus software, access control)
18. Facility Level Risk Assessment
– Applies to all I&C systems.
– Determine the effects that may result from cyber-attacks which
successfully exploit vulnerabilities in the system.
– Identifies facility I&C systems (including supporting and complimentary
systems) that, if compromised, could have an adverse effect on safety,
security of nuclear material, or accident management.
19. System Level Risk Assessment
– I&C system components should be assessed and assigned to the
appropriate security level based upon the security risk assessment.
– Malicious actions that could change process signals, equipment
configuration data, or software should be considered in the I&C system
security risk assessment.
– Cyber-attack should be considered as an event that may occur at any point
during the I&C system life cycle.
20. NST036 – General Guidance
NST036 (All I&C systems)
– Identify and document the standards and procedures that will conform with the
applicable security policies to ensure the system design products (hardware, software,
and firmware) minimize:
– undocumented code (e.g. back door coding),
– malicious code (e.g. intrusions, viruses, worms, Trojan horses or bomb codes), and
– other unwanted, unnecessary or undocumented functions or applications with the aim of
minimizing attack surface.
NSS 17 (Computer Security Plan components)
– Platform and application security (e.g. hardening);
21. System Hardening
Definition
– The process of securing a system by reducing its surface of vulnerability, which is larger
when a system performs more functions;
– Reducing available ways of attack typically includes changing default passwords, the
removal of unnecessary software, unnecessary usernames or logins, and the disabling
or removal of unnecessary services.
How it Works
– Principle that a single-function system is more secure than a multipurpose one.
– Options: Kernel Patch, Closing Network Ports, IDS/IPS
– Hardening Scripts/Applications (MBSA, Lynis, Bastille)
22. System Hardening Example
– Nessus scanner used to identify vulnerabilities and missing patches.
– Hardening of System removed all Critical Vulnerabilities and reduced overall risk.
Ref: J. Sladek - OPG
http://www.tenable.com/products/nessus-vulnerability-scanner
23. Security Architecture
– Highest security level (i.e. requiring the greatest degree of security) should only be
connected to systems in lower protection categories via fail-secure, deterministic,
unidirectional data communication pathways.
– The direction of these data pathways should be limited to transmission of data from
the highest security level to the devices in the lower security levels (i.e. lower levels are
not allowed to transmit data to the higher level).
– Exceptions are strongly discouraged and may only be considered on a strict case by
case basis and if supported by a complete justification and security risk analysis.
– Aligns with NSS No. 17
24. Potential Control (Data Diode)
– Data diodes use physical means to ensure that data can only flow in one direction.
– This prevents the use of any protocol that requires handshaking (including TCP/IP).
– Designs using data diodes must consider the possibility that data packets will be
dropped. This can be addressed through redundancy and error correction codes.
26. Data Diodes
– Data diodes can protect systems from network-based attacks.
– They do not protect against malware from mobile devices or removable media.
– Data diodes do not protect confidentiality of data that is transmitted over the network.
– If configured correctly security event messages can be sent through the diode to a
central logging and monitoring system.
27. NST036 – Operations and Maintenance
NST036 (All I&C systems)
– Operations and maintenance activities should be analysed to ensure that computer
security measures are implemented to prevent introduction of malicious software to
the I&C system.
NSS 17 (Security Level 1)
– Strict organizational and administrative procedures apply to any modifications,
including hardware maintenance, updates and software modifications.
28. Potential Control - Application Whitelisting
Definition
– Only software which is on a list of software that is considered safe to run is permitted
to run. All other software is blocked.
How it Works
– A signature is generated and stored in the whitelist. The signature typically is the output of a
cryptographic function applied to the program.
– When the program is run, the signature is recalculated and compared to the whitelist.
– If a program is changed then the signature will change and the program will be blocked.
– Any new program installed on the system will not have a signature and will be blocked
29. Potential Control - Application Whitelisting
Advantages
– Only requires signature file updates when the software is modified
– Deterministic behavior - the time to generate the signature is the same every time.
Disadvantages
– Inappropriate design may impede the ability of a system to respond as per its design requirements. Care
should be taken in designing the whitelist.
– Hard to use in an environment where programs are changed frequently.
– May not be effective against programs that insert themselves into memory.
– Not effective in interpreted programs. The interpreter will be whitelisted, but the input files will not be.
For example:
python < badscript.py
30. NST036 – Operations and Maintenance
NST036 (All I&C systems)
– Calibration, testing and maintenance activities may involve the use of removable media
and mobile devices. Computer security measures should include considerations for:
– The implementation of effective administrative and technical controls in the safe and secure handling
of the digital devices.
– Verification of the integrity of all control set points with the aim to prevent and protect them from
undesired changes; and
– Use of qualified personnel (including 3rd parties) that have received training in performance of these
activities based on computer security requirements.
NSS 17 (Security Level 1)
– Removable media must be controlled in accordance with security operating procedures.
– Every data entry to the systems is approved and verified on a case by case basis
– Measures to ensure the integrity and availability of the systems are typically explained as a part of the
safety cases.
31. Potential Control - Logfile based IDS
Function
– Active device that analyses logfiles from one or more systems to identify security events.
Advantages
– Inexpensive and easy to use
Disadvantages
– The systems being monitored must support remote access to event logs or remote
transmission of events to the IDS. This may not be possible on legacy ICS systems.
– Different structure and format of logfiles for different systems.
32. Network Intrusion Detection System
A network based IDS is a device which analyzes network traffic to identify intrusion.
– Does not require changes to the ICS.
– Intrusion detection signatures are required.
– The signatures for ICS systems are different from signatures used in corporate
environments.
– IDS aimed at corporate environments assume that there is a rigerous patch process in
place and old signatures are dropped to maintain adequate performance. This is not the
case with ICS.
– ICS specific signatures must be used to protect I&C equipment.
– When ICS network traffic is deterministic and uses limited protocols, effective rules can be
developed which identify anomolous traffic.
33. Host based IDS
– Host based firewall can identify new network communications and block them by default.
An alert can be generated.
– Antivirus may be used to block malicious software based on a blacklist. This may not work
so well in an ICS environment:
– Scanning is non-deterministic based on number of signatures.
– Requires regular signature updates and may require scanning engine updates.
– Vendors assume patching in place so old signatures are dropped.
– When base O/S goes out of support, antivirus vendors will drop support for the O/S. No new signatures,
no updates to the engine.
– Host-based IDS may also interpret network traffice in realtime based on signatures and
block traffic.
– These solutions all require software to be installed on the system to be protected.
Additional system loading may affect real-time performance. May also block needed
software from running.
34. NST036 – Vendors
– Vendor and sub-vendor organizations should have robust and verifiable computer security processes.
– Computer security requirements and controls should be met and applied respectively by vendors including
support provided on site, at the vendor’s workplace, and during any transit or storage of purchased goods.
– The vendor should have a computer security management process.
– The applicable requirements for computer security at sites where a vendor performs activities with I&C
systems should be clearly and contractually specified based on security level by the operator.
– A process should exist between the facility (i.e. operators) and vendor for either organization to report
vulnerabilities and to coordinate response and mitigation efforts.
– The vendor should demonstrate that they have a credible mechanism for receiving reports of vulnerabilities,
assessing them and reporting them to the nuclear facility during the entire period of their contractual
service. This may extend beyond any normal warranty period to support the life cycle of the installed
equipment.
– Audits and assessment of vendors responsible for I&C design, development, integration, and maintenance
should be conducted and the results reported to the operator.