SlideShare a Scribd company logo

Ics & computer security for nuclear facilities

Download as PPTX, PDF
O
omriyad

The document discusses computer security guidance for nuclear facilities' instrumentation and control (I&C) systems. It reviews Nuclear Security Series No. 17 (NSS-17) and a new publication NST036. NST036 aims to provide more robust guidance on applying computer security throughout the lifecycle of I&C systems, including addressing both safety and security considerations. It outlines key principles like prioritizing safety over security if there is a conflict. The document also discusses potential security controls and measures that could be applied to I&C systems, such as system hardening, application whitelisting, data diodes, and intrusion detection systems. It emphasizes the importance of considering computer security for vendors and during maintenance/testing activities involving

1 of 36
ICS & Computer Security for Nuclear Facilities Refer to NSS-17 and NST036
Content • Nuclear Security Series No 17 • NST036 – Computer Security of Nuclear I&C Systems • Interface with Safety Guides • Scope • Key Principles • Sample Measures and Controls
NSS-17 Computer Security for Nuclear Facilities
Review of Nuclear Security Series • NSS No.17 Computer Security for Nuclear Facilities • NST036 Computer Security of Nuclear I&C Systems
Review of NSS No. 17 – Awareness publication – Safety I&C systems are assigned Levels 1 to 3 – No categorization hierarchy provided for PPS – Security Objective is not stated for many computer security measures – Risk assessment in general terms – Non-safety items may impact on safety systems and require protection
Review NSS No. 17 - Example EXAMPLE – Zone 1: Safety relevant digital and software based I&C systems – Zone 2: Process-control and Process-computing systems e.g. 2A = Reactor near area, 2B = Main Control Room – Zone 3: Administrative computer systems e.g. 3A = Physical Protection Systems 3B = Telecommunication Systems – Zone 4: External systems e.g. 4A = Systems for Internet Services and data exchange
Comparing IT and I&C Systems
NST036 Computer Security of I&C Systems at Nuclear Facilities
What NSS17 does not provide? 1. Coherence with IAEA Safety Guides 2. Robust Risk Assessment Method 3. Safety and Security Considerations when applying security controls – unique to Nuclear I&C. 4. Computer Security measures for the entire I&C System lifecycle. 5. Goal based guidance
Approved for Publication NST036 – Computer Security of I&C Systems – Nuclear I&C designers have robust processes in place to ensure systems provide for safe, reliable, and deterministic behavior. – NST036 aims to overlay security considerations on top of these processes to meet safety and security objectives. – Developed in tandem with SSG-37and SSG-39 IAEA Safety Guide for I&C Systems NPPs and RRs.
NST036 Objective – Aims to provide guidance on computer security for I&C systems at nuclear facilities. – This guidance includes safety and security considerations which have to be addressed in order to provide security throughout the life cycle of an I&C system. – Application of this guidance may also benefit safety and operational performance of nuclear facilities.
NST036 Scope – The application of computer security measures to I&C systems which provide safety or auxiliary functions at nuclear facilities. – I&C systems used for Nuclear material accounting and control (NMAC) or nuclear security, such as physical protection and security monitoring, where applicable. – Considers the application of computer security measures to the development, simulation and maintenance environments.
Potential Consequences The effects of compromise on a system functions arranged from worst to best cases are: i. Function is indeterminate ii. Function has unexpected behaviours or actions iii. Function fails iv. Function performs as expected (i.e. fault tolerant)
Compromise examples – Failure (e.g. Denial of service/Loss of Function) Block operator’s ability to observe and/or respond to changing system conditions, slow the system to a crawl. – Interception (Man in the Middle) Interception and modification of data stream between nodes – Unobserved System Monitoring/Modification; Unauthorized access and data recording/modification – Operator Spoofing leading to Incorrect Action Causing operator to take incorrect action. Direct manipulation of computer/control system Ref: Tutănescu, Ion, Ass. Prof., Ph.D., Prof. Emil Sofron, Ph.D., Anatomy and Types of Attacks against Computer Networks, Department of Electronics and Computers, University of Piteşti, ROMANIA.
Safety-Security Considerations – Computer security measures that protect the human–system interface (HSI) should be implemented so that they do not adversely affect the operators’ ability to maintain the safety of the facility. – Adverse impacts such as the interception and modification of process data to the HSI (e.g. spoofing) with the aim to preventing or delaying the operator from actuating a safety function (e.g. manual trip) should also be considered.
Safety-Security Considerations – If there is a conflict between safety and security, then design considerations taken to assure safety should be maintained provided that a compatible solution to ensure security is pursued. – Compensatory computer security measures should be implemented to reduce the risk to an acceptable level and be supported by a comprehensive justification and security risk analysis. – The implemented measures should not rely solely upon administrative controls for an extended period. – The absence of a security solution should never be accepted.
Review – Computer Security Measures Types of protective measures – Administrative Controls – policy, procedures and practices designed to safeguard computer systems through personnel behaviors. These are directive in nature specifying what employees should and should not do. – Physical Controls – physical barriers for the protection of computer and supporting assets from physical damage and physical access. (fences, physical protection systems, locks, doors, guards, fire protection) – Technical Controls – computer hardware/software solutions for the protection, detection, mitigation and recovery from intrusion or malicious acts. (e.g. firewalls, IDS, anti-virus software, access control)
Facility Level Risk Assessment – Applies to all I&C systems. – Determine the effects that may result from cyber-attacks which successfully exploit vulnerabilities in the system. – Identifies facility I&C systems (including supporting and complimentary systems) that, if compromised, could have an adverse effect on safety, security of nuclear material, or accident management.
System Level Risk Assessment – I&C system components should be assessed and assigned to the appropriate security level based upon the security risk assessment. – Malicious actions that could change process signals, equipment configuration data, or software should be considered in the I&C system security risk assessment. – Cyber-attack should be considered as an event that may occur at any point during the I&C system life cycle.
NST036 – General Guidance NST036 (All I&C systems) – Identify and document the standards and procedures that will conform with the applicable security policies to ensure the system design products (hardware, software, and firmware) minimize: – undocumented code (e.g. back door coding), – malicious code (e.g. intrusions, viruses, worms, Trojan horses or bomb codes), and – other unwanted, unnecessary or undocumented functions or applications with the aim of minimizing attack surface. NSS 17 (Computer Security Plan components) – Platform and application security (e.g. hardening);
System Hardening Definition – The process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; – Reducing available ways of attack typically includes changing default passwords, the removal of unnecessary software, unnecessary usernames or logins, and the disabling or removal of unnecessary services. How it Works – Principle that a single-function system is more secure than a multipurpose one. – Options: Kernel Patch, Closing Network Ports, IDS/IPS – Hardening Scripts/Applications (MBSA, Lynis, Bastille)
System Hardening Example – Nessus scanner used to identify vulnerabilities and missing patches. – Hardening of System removed all Critical Vulnerabilities and reduced overall risk. Ref: J. Sladek - OPG http://www.tenable.com/products/nessus-vulnerability-scanner
Security Architecture – Highest security level (i.e. requiring the greatest degree of security) should only be connected to systems in lower protection categories via fail-secure, deterministic, unidirectional data communication pathways. – The direction of these data pathways should be limited to transmission of data from the highest security level to the devices in the lower security levels (i.e. lower levels are not allowed to transmit data to the higher level). – Exceptions are strongly discouraged and may only be considered on a strict case by case basis and if supported by a complete justification and security risk analysis. – Aligns with NSS No. 17
Potential Control (Data Diode) – Data diodes use physical means to ensure that data can only flow in one direction. – This prevents the use of any protocol that requires handshaking (including TCP/IP). – Designs using data diodes must consider the possibility that data packets will be dropped. This can be addressed through redundancy and error correction codes.
Data Diodes Data Diodes create one-way traffic between two networks!
Data Diodes – Data diodes can protect systems from network-based attacks. – They do not protect against malware from mobile devices or removable media. – Data diodes do not protect confidentiality of data that is transmitted over the network. – If configured correctly security event messages can be sent through the diode to a central logging and monitoring system.
NST036 – Operations and Maintenance NST036 (All I&C systems) – Operations and maintenance activities should be analysed to ensure that computer security measures are implemented to prevent introduction of malicious software to the I&C system. NSS 17 (Security Level 1) – Strict organizational and administrative procedures apply to any modifications, including hardware maintenance, updates and software modifications.
Potential Control - Application Whitelisting Definition – Only software which is on a list of software that is considered safe to run is permitted to run. All other software is blocked. How it Works – A signature is generated and stored in the whitelist. The signature typically is the output of a cryptographic function applied to the program. – When the program is run, the signature is recalculated and compared to the whitelist. – If a program is changed then the signature will change and the program will be blocked. – Any new program installed on the system will not have a signature and will be blocked
Potential Control - Application Whitelisting Advantages – Only requires signature file updates when the software is modified – Deterministic behavior - the time to generate the signature is the same every time. Disadvantages – Inappropriate design may impede the ability of a system to respond as per its design requirements. Care should be taken in designing the whitelist. – Hard to use in an environment where programs are changed frequently. – May not be effective against programs that insert themselves into memory. – Not effective in interpreted programs. The interpreter will be whitelisted, but the input files will not be. For example: python < badscript.py
NST036 – Operations and Maintenance NST036 (All I&C systems) – Calibration, testing and maintenance activities may involve the use of removable media and mobile devices. Computer security measures should include considerations for: – The implementation of effective administrative and technical controls in the safe and secure handling of the digital devices. – Verification of the integrity of all control set points with the aim to prevent and protect them from undesired changes; and – Use of qualified personnel (including 3rd parties) that have received training in performance of these activities based on computer security requirements. NSS 17 (Security Level 1) – Removable media must be controlled in accordance with security operating procedures. – Every data entry to the systems is approved and verified on a case by case basis – Measures to ensure the integrity and availability of the systems are typically explained as a part of the safety cases.
Potential Control - Logfile based IDS Function – Active device that analyses logfiles from one or more systems to identify security events. Advantages – Inexpensive and easy to use Disadvantages – The systems being monitored must support remote access to event logs or remote transmission of events to the IDS. This may not be possible on legacy ICS systems. – Different structure and format of logfiles for different systems.
Network Intrusion Detection System A network based IDS is a device which analyzes network traffic to identify intrusion. – Does not require changes to the ICS. – Intrusion detection signatures are required. – The signatures for ICS systems are different from signatures used in corporate environments. – IDS aimed at corporate environments assume that there is a rigerous patch process in place and old signatures are dropped to maintain adequate performance. This is not the case with ICS. – ICS specific signatures must be used to protect I&C equipment. – When ICS network traffic is deterministic and uses limited protocols, effective rules can be developed which identify anomolous traffic.
Host based IDS – Host based firewall can identify new network communications and block them by default. An alert can be generated. – Antivirus may be used to block malicious software based on a blacklist. This may not work so well in an ICS environment: – Scanning is non-deterministic based on number of signatures. – Requires regular signature updates and may require scanning engine updates. – Vendors assume patching in place so old signatures are dropped. – When base O/S goes out of support, antivirus vendors will drop support for the O/S. No new signatures, no updates to the engine. – Host-based IDS may also interpret network traffice in realtime based on signatures and block traffic. – These solutions all require software to be installed on the system to be protected. Additional system loading may affect real-time performance. May also block needed software from running.
NST036 – Vendors – Vendor and sub-vendor organizations should have robust and verifiable computer security processes. – Computer security requirements and controls should be met and applied respectively by vendors including support provided on site, at the vendor’s workplace, and during any transit or storage of purchased goods. – The vendor should have a computer security management process. – The applicable requirements for computer security at sites where a vendor performs activities with I&C systems should be clearly and contractually specified based on security level by the operator. – A process should exist between the facility (i.e. operators) and vendor for either organization to report vulnerabilities and to coordinate response and mitigation efforts. – The vendor should demonstrate that they have a credible mechanism for receiving reports of vulnerabilities, assessing them and reporting them to the nuclear facility during the entire period of their contractual service. This may extend beyond any normal warranty period to support the life cycle of the installed equipment. – Audits and assessment of vendors responsible for I&C design, development, integration, and maintenance should be conducted and the results reported to the operator.
NSS 17 vs. NST036
Tamat

Recommended

PhD-Guidance-in-Cyber-Security
PhD-Guidance-in-Cyber-SecurityPhD-Guidance-in-Cyber-Security
PhD-Guidance-in-Cyber-Security
Phdtopiccom
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Network Security
Network SecurityNetwork Security
Network Security
Techknow Book
 
Network infrastructure security management solution - A holistic approach in ...
Network infrastructure security management solution - A holistic approach in ...Network infrastructure security management solution - A holistic approach in ...
Network infrastructure security management solution - A holistic approach in ...
Twinkle Sebastian
 
Modern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeModern Network Security Issue and Challenge
Modern Network Security Issue and Challenge
Ikhtiar Khan Sohan
 
Cyber security
Cyber securityCyber security
Cyber security
Aman Pradhan
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentation
hamzakareem2
 

Recommended

PhD-Guidance-in-Cyber-Security
PhD-Guidance-in-Cyber-SecurityPhD-Guidance-in-Cyber-Security
PhD-Guidance-in-Cyber-Security
Phdtopiccom
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Network Security
Network SecurityNetwork Security
Network Security
Techknow Book
 
Network infrastructure security management solution - A holistic approach in ...
Network infrastructure security management solution - A holistic approach in ...Network infrastructure security management solution - A holistic approach in ...
Network infrastructure security management solution - A holistic approach in ...
Twinkle Sebastian
 
Modern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeModern Network Security Issue and Challenge
Modern Network Security Issue and Challenge
Ikhtiar Khan Sohan
 
Cyber security
Cyber securityCyber security
Cyber security
Aman Pradhan
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentation
hamzakareem2
 
Presentation1 new (1) (1)cf
Presentation1 new (1) (1)cfPresentation1 new (1) (1)cf
Presentation1 new (1) (1)cf
toamma
 
PhD-Guidance-in-Security
PhD-Guidance-in-SecurityPhD-Guidance-in-Security
PhD-Guidance-in-Security
Phdtopiccom
 
Network Security Goals
Network Security GoalsNetwork Security Goals
Network Security Goals
Kabul Education University
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Kumawat Dharmpal
 
CNIT 140: Perimeter Security
CNIT 140: Perimeter SecurityCNIT 140: Perimeter Security
CNIT 140: Perimeter Security
Sam Bowne
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network security
IGZ Software house
 
Network Security Certification
Network Security CertificationNetwork Security Certification
Network Security Certification
Vskills
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updated
InfosecTrain
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and Types
Vikram Khanna
 
IoT Security
IoT SecurityIoT Security
IoT Security
Narudom Roongsiriwong, CISSP
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
Jisc
 
Security Aspects in IoT - A Review
Security Aspects in IoT - A Review Security Aspects in IoT - A Review
Security Aspects in IoT - A Review
Asiri Hewage
 
Top 10 Cyber Security Tips for SMEs
Top 10 Cyber Security Tips for SMEsTop 10 Cyber Security Tips for SMEs
Top 10 Cyber Security Tips for SMEs
DarraghCommsec
 
Presentation on Network Security
Presentation on Network SecurityPresentation on Network Security
Presentation on Network Security
AditiPatni3
 
IEEE 2014 DOTNET NETWORKING PROJECTS Network intrusion detection system using...
IEEE 2014 DOTNET NETWORKING PROJECTS Network intrusion detection system using...IEEE 2014 DOTNET NETWORKING PROJECTS Network intrusion detection system using...
IEEE 2014 DOTNET NETWORKING PROJECTS Network intrusion detection system using...
IEEEMEMTECHSTUDENTPROJECTS
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Fat-Thing Gabriel-Culley
 
Computer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewComputer Security Lecture 1: Overview
Computer Security Lecture 1: Overview
Mohamed Loey
 
Network security
Network security Network security
Network security Madhumithah Ilango
 
CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsCompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsGanbayar Sukhbaatar
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security ppt
SAIKAT BISWAS
 
Monitoring your organization against threats - Critical System Control
Monitoring your organization against threats - Critical System ControlMonitoring your organization against threats - Critical System Control
Monitoring your organization against threats - Critical System Control
Marc-Andre Heroux
 
F017223742
F017223742F017223742
F017223742
IOSR Journals
 

More Related Content

What's hot

Presentation1 new (1) (1)cf
Presentation1 new (1) (1)cfPresentation1 new (1) (1)cf
Presentation1 new (1) (1)cf
toamma
 
PhD-Guidance-in-Security
PhD-Guidance-in-SecurityPhD-Guidance-in-Security
PhD-Guidance-in-Security
Phdtopiccom
 
Network Security Goals
Network Security GoalsNetwork Security Goals
Network Security Goals
Kabul Education University
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Kumawat Dharmpal
 
CNIT 140: Perimeter Security
CNIT 140: Perimeter SecurityCNIT 140: Perimeter Security
CNIT 140: Perimeter Security
Sam Bowne
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network security
IGZ Software house
 
Network Security Certification
Network Security CertificationNetwork Security Certification
Network Security Certification
Vskills
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updated
InfosecTrain
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and Types
Vikram Khanna
 
IoT Security
IoT SecurityIoT Security
IoT Security
Narudom Roongsiriwong, CISSP
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
Jisc
 
Security Aspects in IoT - A Review
Security Aspects in IoT - A Review Security Aspects in IoT - A Review
Security Aspects in IoT - A Review
Asiri Hewage
 
Top 10 Cyber Security Tips for SMEs
Top 10 Cyber Security Tips for SMEsTop 10 Cyber Security Tips for SMEs
Top 10 Cyber Security Tips for SMEs
DarraghCommsec
 
Presentation on Network Security
Presentation on Network SecurityPresentation on Network Security
Presentation on Network Security
AditiPatni3
 
IEEE 2014 DOTNET NETWORKING PROJECTS Network intrusion detection system using...
IEEE 2014 DOTNET NETWORKING PROJECTS Network intrusion detection system using...IEEE 2014 DOTNET NETWORKING PROJECTS Network intrusion detection system using...
IEEE 2014 DOTNET NETWORKING PROJECTS Network intrusion detection system using...
IEEEMEMTECHSTUDENTPROJECTS
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Fat-Thing Gabriel-Culley
 
Computer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewComputer Security Lecture 1: Overview
Computer Security Lecture 1: Overview
Mohamed Loey
 
CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsCompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsGanbayar Sukhbaatar
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security ppt
SAIKAT BISWAS
 

What's hot (20)

Presentation1 new (1) (1)cf
Presentation1 new (1) (1)cfPresentation1 new (1) (1)cf
Presentation1 new (1) (1)cf
 
PhD-Guidance-in-Security
PhD-Guidance-in-SecurityPhD-Guidance-in-Security
PhD-Guidance-in-Security
 
Network Security Goals
Network Security GoalsNetwork Security Goals
Network Security Goals
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
CNIT 140: Perimeter Security
CNIT 140: Perimeter SecurityCNIT 140: Perimeter Security
CNIT 140: Perimeter Security
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network security
 
Network Security Certification
Network Security CertificationNetwork Security Certification
Network Security Certification
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updated
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and Types
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
 
Security Aspects in IoT - A Review
Security Aspects in IoT - A Review Security Aspects in IoT - A Review
Security Aspects in IoT - A Review
 
Top 10 Cyber Security Tips for SMEs
Top 10 Cyber Security Tips for SMEsTop 10 Cyber Security Tips for SMEs
Top 10 Cyber Security Tips for SMEs
 
Presentation on Network Security
Presentation on Network SecurityPresentation on Network Security
Presentation on Network Security
 
IEEE 2014 DOTNET NETWORKING PROJECTS Network intrusion detection system using...
IEEE 2014 DOTNET NETWORKING PROJECTS Network intrusion detection system using...IEEE 2014 DOTNET NETWORKING PROJECTS Network intrusion detection system using...
IEEE 2014 DOTNET NETWORKING PROJECTS Network intrusion detection system using...
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Computer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewComputer Security Lecture 1: Overview
Computer Security Lecture 1: Overview
 
Network security
Network security Network security
Network security
 
CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsCompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentals
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security ppt
 

Similar to Ics &amp; computer security for nuclear facilities

Monitoring your organization against threats - Critical System Control
Monitoring your organization against threats - Critical System ControlMonitoring your organization against threats - Critical System Control
Monitoring your organization against threats - Critical System Control
Marc-Andre Heroux
 
F017223742
F017223742F017223742
F017223742
IOSR Journals
 
Privacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial SystemPrivacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial System
iosrjce
 
Multi agents based architecture for is security incident reaction
Multi agents based architecture for is security incident reactionMulti agents based architecture for is security incident reaction
Multi agents based architecture for is security incident reaction
Luxembourg Institute of Science and Technology
 
Multi agents based architecture for is security incident reaction
Multi agents based architecture for is security incident reactionMulti agents based architecture for is security incident reaction
Multi agents based architecture for is security incident reaction
christophefeltus
 
introduction to #OT cybersecurity for O&M teams.pdf
introduction to #OT cybersecurity for O&M teams.pdfintroduction to #OT cybersecurity for O&M teams.pdf
introduction to #OT cybersecurity for O&M teams.pdf
PrabaKaran649935
 
Industrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphyIndustrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphy
PROFIBUS and PROFINET InternationaI - PI UK
 
ME Information Security
ME Information SecurityME Information Security
ME Information SecurityMohamed Monsef
 
PACE-IT, Security+1.1: Introduction to Network Devices (part 2)
PACE-IT, Security+1.1: Introduction to Network Devices (part 2)PACE-IT, Security+1.1: Introduction to Network Devices (part 2)
PACE-IT, Security+1.1: Introduction to Network Devices (part 2)
Pace IT at Edmonds Community College
 
Hp2513711375
Hp2513711375Hp2513711375
Hp2513711375
IJERA Editor
 
security and system mainatance
security and system mainatancesecurity and system mainatance
security and system mainatance
Kudzi Chikwatu
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
Hamed Moghaddam
 
Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...
Luxembourg Institute of Science and Technology
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy Sector
EnergySec
 
Integrated Control and Safety - Assessing the Benefits; Weighing the Risks
Integrated Control and Safety - Assessing the Benefits; Weighing the RisksIntegrated Control and Safety - Assessing the Benefits; Weighing the Risks
Integrated Control and Safety - Assessing the Benefits; Weighing the Risks
Schneider Electric
 
Ics presentation
Ics presentationIcs presentation
Ics presentation
🖥 Chad Hunter
 
In what ways do you think the Elaboration Likelihood Model applies.docx
In what ways do you think the Elaboration Likelihood Model applies.docxIn what ways do you think the Elaboration Likelihood Model applies.docx
In what ways do you think the Elaboration Likelihood Model applies.docx
jaggernaoma
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control System
Hemanth M
 

Similar to Ics &amp; computer security for nuclear facilities (20)

Monitoring your organization against threats - Critical System Control
Monitoring your organization against threats - Critical System ControlMonitoring your organization against threats - Critical System Control
Monitoring your organization against threats - Critical System Control
 
F017223742
F017223742F017223742
F017223742
 
Privacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial SystemPrivacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial System
 
Multi agents based architecture for is security incident reaction
Multi agents based architecture for is security incident reactionMulti agents based architecture for is security incident reaction
Multi agents based architecture for is security incident reaction
 
Multi agents based architecture for is security incident reaction
Multi agents based architecture for is security incident reactionMulti agents based architecture for is security incident reaction
Multi agents based architecture for is security incident reaction
 
introduction to #OT cybersecurity for O&M teams.pdf
introduction to #OT cybersecurity for O&M teams.pdfintroduction to #OT cybersecurity for O&M teams.pdf
introduction to #OT cybersecurity for O&M teams.pdf
 
Industrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphyIndustrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphy
 
ME Information Security
ME Information SecurityME Information Security
ME Information Security
 
PACE-IT, Security+1.1: Introduction to Network Devices (part 2)
PACE-IT, Security+1.1: Introduction to Network Devices (part 2)PACE-IT, Security+1.1: Introduction to Network Devices (part 2)
PACE-IT, Security+1.1: Introduction to Network Devices (part 2)
 
Hp2513711375
Hp2513711375Hp2513711375
Hp2513711375
 
Hp2513711375
Hp2513711375Hp2513711375
Hp2513711375
 
security and system mainatance
security and system mainatancesecurity and system mainatance
security and system mainatance
 
abstract LNG world
abstract LNG worldabstract LNG world
abstract LNG world
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
 
Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy Sector
 
Integrated Control and Safety - Assessing the Benefits; Weighing the Risks
Integrated Control and Safety - Assessing the Benefits; Weighing the RisksIntegrated Control and Safety - Assessing the Benefits; Weighing the Risks
Integrated Control and Safety - Assessing the Benefits; Weighing the Risks
 
Ics presentation
Ics presentationIcs presentation
Ics presentation
 
In what ways do you think the Elaboration Likelihood Model applies.docx
In what ways do you think the Elaboration Likelihood Model applies.docxIn what ways do you think the Elaboration Likelihood Model applies.docx
In what ways do you think the Elaboration Likelihood Model applies.docx
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control System
 

Recently uploaded

Forklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella PartsForklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella Parts
Intella Parts
 
WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234
AafreenAbuthahir2
 
addressing modes in computer architecture
addressing modes in computer architectureaddressing modes in computer architecture
addressing modes in computer architecture
ShahidSultan24
 
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdfAKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
SamSarthak3
 
Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
gerogepatton
 
Courier management system project report.pdf
Courier management system project report.pdfCourier management system project report.pdf
Courier management system project report.pdf
Kamal Acharya
 
Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024
Massimo Talia
 
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdfH.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
MLILAB
 
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdf
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdfCOLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdf
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdf
Kamal Acharya
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
VENKATESHvenky89705
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
Neometrix_Engineering_Pvt_Ltd
 
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdfHybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
fxintegritypublishin
 
ethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.pptethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.ppt
Jayaprasanna4
 
Final project report on grocery store management system..pdf
Final project report on grocery store management system..pdfFinal project report on grocery store management system..pdf
Final project report on grocery store management system..pdf
Kamal Acharya
 
MCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdfMCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdf
Osamah Alsalih
 
Student information management system project report ii.pdf
Student information management system project report ii.pdfStudent information management system project report ii.pdf
Student information management system project report ii.pdf
Kamal Acharya
 
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
AJAYKUMARPUND1
 
The role of big data in decision making.
The role of big data in decision making.The role of big data in decision making.
The role of big data in decision making.
ankuprajapati0525
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
R&R Consult
 
CME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional ElectiveCME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional Elective
karthi keyan
 

Recently uploaded (20)

Forklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella PartsForklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella Parts
 
WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234
 
addressing modes in computer architecture
addressing modes in computer architectureaddressing modes in computer architecture
addressing modes in computer architecture
 
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdfAKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
 
Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
 
Courier management system project report.pdf
Courier management system project report.pdfCourier management system project report.pdf
Courier management system project report.pdf
 
Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024
 
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdfH.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
 
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdf
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdfCOLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdf
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdf
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
 
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdfHybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
 
ethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.pptethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.ppt
 
Final project report on grocery store management system..pdf
Final project report on grocery store management system..pdfFinal project report on grocery store management system..pdf
Final project report on grocery store management system..pdf
 
MCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdfMCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdf
 
Student information management system project report ii.pdf
Student information management system project report ii.pdfStudent information management system project report ii.pdf
Student information management system project report ii.pdf
 
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
 
The role of big data in decision making.
The role of big data in decision making.The role of big data in decision making.
The role of big data in decision making.
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
 
CME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional ElectiveCME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional Elective
 

Ics &amp; computer security for nuclear facilities

  • 2. Content • Nuclear Security Series No 17 • NST036 – Computer Security of Nuclear I&C Systems • Interface with Safety Guides • Scope • Key Principles • Sample Measures and Controls
  • 3. NSS-17 Computer Security for Nuclear Facilities
  • 4. Review of Nuclear Security Series • NSS No.17 Computer Security for Nuclear Facilities • NST036 Computer Security of Nuclear I&C Systems
  • 5. Review of NSS No. 17 – Awareness publication – Safety I&C systems are assigned Levels 1 to 3 – No categorization hierarchy provided for PPS – Security Objective is not stated for many computer security measures – Risk assessment in general terms – Non-safety items may impact on safety systems and require protection
  • 6. Review NSS No. 17 - Example EXAMPLE – Zone 1: Safety relevant digital and software based I&C systems – Zone 2: Process-control and Process-computing systems e.g. 2A = Reactor near area, 2B = Main Control Room – Zone 3: Administrative computer systems e.g. 3A = Physical Protection Systems 3B = Telecommunication Systems – Zone 4: External systems e.g. 4A = Systems for Internet Services and data exchange
  • 7. Comparing IT and I&C Systems
  • 8. NST036 Computer Security of I&C Systems at Nuclear Facilities
  • 9. What NSS17 does not provide? 1. Coherence with IAEA Safety Guides 2. Robust Risk Assessment Method 3. Safety and Security Considerations when applying security controls – unique to Nuclear I&C. 4. Computer Security measures for the entire I&C System lifecycle. 5. Goal based guidance
  • 10. Approved for Publication NST036 – Computer Security of I&C Systems – Nuclear I&C designers have robust processes in place to ensure systems provide for safe, reliable, and deterministic behavior. – NST036 aims to overlay security considerations on top of these processes to meet safety and security objectives. – Developed in tandem with SSG-37and SSG-39 IAEA Safety Guide for I&C Systems NPPs and RRs.
  • 11. NST036 Objective – Aims to provide guidance on computer security for I&C systems at nuclear facilities. – This guidance includes safety and security considerations which have to be addressed in order to provide security throughout the life cycle of an I&C system. – Application of this guidance may also benefit safety and operational performance of nuclear facilities.
  • 12. NST036 Scope – The application of computer security measures to I&C systems which provide safety or auxiliary functions at nuclear facilities. – I&C systems used for Nuclear material accounting and control (NMAC) or nuclear security, such as physical protection and security monitoring, where applicable. – Considers the application of computer security measures to the development, simulation and maintenance environments.
  • 13. Potential Consequences The effects of compromise on a system functions arranged from worst to best cases are: i. Function is indeterminate ii. Function has unexpected behaviours or actions iii. Function fails iv. Function performs as expected (i.e. fault tolerant)
  • 14. Compromise examples – Failure (e.g. Denial of service/Loss of Function) Block operator’s ability to observe and/or respond to changing system conditions, slow the system to a crawl. – Interception (Man in the Middle) Interception and modification of data stream between nodes – Unobserved System Monitoring/Modification; Unauthorized access and data recording/modification – Operator Spoofing leading to Incorrect Action Causing operator to take incorrect action. Direct manipulation of computer/control system Ref: Tutănescu, Ion, Ass. Prof., Ph.D., Prof. Emil Sofron, Ph.D., Anatomy and Types of Attacks against Computer Networks, Department of Electronics and Computers, University of Piteşti, ROMANIA.
  • 15. Safety-Security Considerations – Computer security measures that protect the human–system interface (HSI) should be implemented so that they do not adversely affect the operators’ ability to maintain the safety of the facility. – Adverse impacts such as the interception and modification of process data to the HSI (e.g. spoofing) with the aim to preventing or delaying the operator from actuating a safety function (e.g. manual trip) should also be considered.
  • 16. Safety-Security Considerations – If there is a conflict between safety and security, then design considerations taken to assure safety should be maintained provided that a compatible solution to ensure security is pursued. – Compensatory computer security measures should be implemented to reduce the risk to an acceptable level and be supported by a comprehensive justification and security risk analysis. – The implemented measures should not rely solely upon administrative controls for an extended period. – The absence of a security solution should never be accepted.
  • 17. Review – Computer Security Measures Types of protective measures – Administrative Controls – policy, procedures and practices designed to safeguard computer systems through personnel behaviors. These are directive in nature specifying what employees should and should not do. – Physical Controls – physical barriers for the protection of computer and supporting assets from physical damage and physical access. (fences, physical protection systems, locks, doors, guards, fire protection) – Technical Controls – computer hardware/software solutions for the protection, detection, mitigation and recovery from intrusion or malicious acts. (e.g. firewalls, IDS, anti-virus software, access control)
  • 18. Facility Level Risk Assessment – Applies to all I&C systems. – Determine the effects that may result from cyber-attacks which successfully exploit vulnerabilities in the system. – Identifies facility I&C systems (including supporting and complimentary systems) that, if compromised, could have an adverse effect on safety, security of nuclear material, or accident management.
  • 19. System Level Risk Assessment – I&C system components should be assessed and assigned to the appropriate security level based upon the security risk assessment. – Malicious actions that could change process signals, equipment configuration data, or software should be considered in the I&C system security risk assessment. – Cyber-attack should be considered as an event that may occur at any point during the I&C system life cycle.
  • 20. NST036 – General Guidance NST036 (All I&C systems) – Identify and document the standards and procedures that will conform with the applicable security policies to ensure the system design products (hardware, software, and firmware) minimize: – undocumented code (e.g. back door coding), – malicious code (e.g. intrusions, viruses, worms, Trojan horses or bomb codes), and – other unwanted, unnecessary or undocumented functions or applications with the aim of minimizing attack surface. NSS 17 (Computer Security Plan components) – Platform and application security (e.g. hardening);
  • 21. System Hardening Definition – The process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; – Reducing available ways of attack typically includes changing default passwords, the removal of unnecessary software, unnecessary usernames or logins, and the disabling or removal of unnecessary services. How it Works – Principle that a single-function system is more secure than a multipurpose one. – Options: Kernel Patch, Closing Network Ports, IDS/IPS – Hardening Scripts/Applications (MBSA, Lynis, Bastille)
  • 22. System Hardening Example – Nessus scanner used to identify vulnerabilities and missing patches. – Hardening of System removed all Critical Vulnerabilities and reduced overall risk. Ref: J. Sladek - OPG http://www.tenable.com/products/nessus-vulnerability-scanner
  • 23. Security Architecture – Highest security level (i.e. requiring the greatest degree of security) should only be connected to systems in lower protection categories via fail-secure, deterministic, unidirectional data communication pathways. – The direction of these data pathways should be limited to transmission of data from the highest security level to the devices in the lower security levels (i.e. lower levels are not allowed to transmit data to the higher level). – Exceptions are strongly discouraged and may only be considered on a strict case by case basis and if supported by a complete justification and security risk analysis. – Aligns with NSS No. 17
  • 24. Potential Control (Data Diode) – Data diodes use physical means to ensure that data can only flow in one direction. – This prevents the use of any protocol that requires handshaking (including TCP/IP). – Designs using data diodes must consider the possibility that data packets will be dropped. This can be addressed through redundancy and error correction codes.
  • 25. Data Diodes Data Diodes create one-way traffic between two networks!
  • 26. Data Diodes – Data diodes can protect systems from network-based attacks. – They do not protect against malware from mobile devices or removable media. – Data diodes do not protect confidentiality of data that is transmitted over the network. – If configured correctly security event messages can be sent through the diode to a central logging and monitoring system.
  • 27. NST036 – Operations and Maintenance NST036 (All I&C systems) – Operations and maintenance activities should be analysed to ensure that computer security measures are implemented to prevent introduction of malicious software to the I&C system. NSS 17 (Security Level 1) – Strict organizational and administrative procedures apply to any modifications, including hardware maintenance, updates and software modifications.
  • 28. Potential Control - Application Whitelisting Definition – Only software which is on a list of software that is considered safe to run is permitted to run. All other software is blocked. How it Works – A signature is generated and stored in the whitelist. The signature typically is the output of a cryptographic function applied to the program. – When the program is run, the signature is recalculated and compared to the whitelist. – If a program is changed then the signature will change and the program will be blocked. – Any new program installed on the system will not have a signature and will be blocked
  • 29. Potential Control - Application Whitelisting Advantages – Only requires signature file updates when the software is modified – Deterministic behavior - the time to generate the signature is the same every time. Disadvantages – Inappropriate design may impede the ability of a system to respond as per its design requirements. Care should be taken in designing the whitelist. – Hard to use in an environment where programs are changed frequently. – May not be effective against programs that insert themselves into memory. – Not effective in interpreted programs. The interpreter will be whitelisted, but the input files will not be. For example: python < badscript.py
  • 30. NST036 – Operations and Maintenance NST036 (All I&C systems) – Calibration, testing and maintenance activities may involve the use of removable media and mobile devices. Computer security measures should include considerations for: – The implementation of effective administrative and technical controls in the safe and secure handling of the digital devices. – Verification of the integrity of all control set points with the aim to prevent and protect them from undesired changes; and – Use of qualified personnel (including 3rd parties) that have received training in performance of these activities based on computer security requirements. NSS 17 (Security Level 1) – Removable media must be controlled in accordance with security operating procedures. – Every data entry to the systems is approved and verified on a case by case basis – Measures to ensure the integrity and availability of the systems are typically explained as a part of the safety cases.
  • 31. Potential Control - Logfile based IDS Function – Active device that analyses logfiles from one or more systems to identify security events. Advantages – Inexpensive and easy to use Disadvantages – The systems being monitored must support remote access to event logs or remote transmission of events to the IDS. This may not be possible on legacy ICS systems. – Different structure and format of logfiles for different systems.
  • 32. Network Intrusion Detection System A network based IDS is a device which analyzes network traffic to identify intrusion. – Does not require changes to the ICS. – Intrusion detection signatures are required. – The signatures for ICS systems are different from signatures used in corporate environments. – IDS aimed at corporate environments assume that there is a rigerous patch process in place and old signatures are dropped to maintain adequate performance. This is not the case with ICS. – ICS specific signatures must be used to protect I&C equipment. – When ICS network traffic is deterministic and uses limited protocols, effective rules can be developed which identify anomolous traffic.
  • 33. Host based IDS – Host based firewall can identify new network communications and block them by default. An alert can be generated. – Antivirus may be used to block malicious software based on a blacklist. This may not work so well in an ICS environment: – Scanning is non-deterministic based on number of signatures. – Requires regular signature updates and may require scanning engine updates. – Vendors assume patching in place so old signatures are dropped. – When base O/S goes out of support, antivirus vendors will drop support for the O/S. No new signatures, no updates to the engine. – Host-based IDS may also interpret network traffice in realtime based on signatures and block traffic. – These solutions all require software to be installed on the system to be protected. Additional system loading may affect real-time performance. May also block needed software from running.
  • 34. NST036 – Vendors – Vendor and sub-vendor organizations should have robust and verifiable computer security processes. – Computer security requirements and controls should be met and applied respectively by vendors including support provided on site, at the vendor’s workplace, and during any transit or storage of purchased goods. – The vendor should have a computer security management process. – The applicable requirements for computer security at sites where a vendor performs activities with I&C systems should be clearly and contractually specified based on security level by the operator. – A process should exist between the facility (i.e. operators) and vendor for either organization to report vulnerabilities and to coordinate response and mitigation efforts. – The vendor should demonstrate that they have a credible mechanism for receiving reports of vulnerabilities, assessing them and reporting them to the nuclear facility during the entire period of their contractual service. This may extend beyond any normal warranty period to support the life cycle of the installed equipment. – Audits and assessment of vendors responsible for I&C design, development, integration, and maintenance should be conducted and the results reported to the operator.
  • 35. NSS 17 vs. NST036
  • 36. Tamat