The session with highlight Intel’s vision for IoT Security and the fundamental building blocks and capabilities Intel and the ecosystem are providing to organizations to build security in from design through deployment and maintenance.
2. INTEL PROPRIETARY Intel Federal
Agenda
• Overview of Security Challenges in IoT
• The Vision for IoT Security
• Fundamental Capabilities
• Example Solutions / Use Cases
• Summary
3. INTEL PROPRIETARY Intel Federal
Current Issues in Protecting IoT and ICS
Increased Connectivity
Company Enterprise Network and ICS
Internet
Interdependencies
Cascading Failure Concerns
Complexity
Real Time Control Leads to Increased
System Complexity
Access to Systems Granted to More and
More Users, Business Systems, Control
Systems
Legacy Systems
Just Not Built for Security
Market Restructuring
Increased Volume of Transactions
Narrower Operating Margins (Engineering
and Monetary)
System Accessibility
Vulnerabilities and Back Doors
Wireless Access
Offshore Reliance
Information Availability
Manuals and Training Videos Available
Publicly
Hacker Tools Readily Available on Internet
3,000 Industrial Plants Per Year Infected
with Malware Targeted industrial control systems-themed malware
including one variant posing as Siemens PLC firmware
that has been in action since 2013, researchers find.
From:
DarkReading 3/21/17 by Kelly Jackson Higgins
4. INTEL PROPRIETARY Intel Federal
Threats to IoT and ICS
• Disrupt operation of ICS by delaying or blocking the flow of information through
control networks, thereby denying network availability to control system operators
• Send false information to control system operators, either to disguise unauthorized
changes or to initiate inappropriate actions by system operators.
• Modify the system software – producing unpredictable results
• Interfere with the operation of a safety system(s)
• Make unauthorized changes to programmed instructions in PLCs, RTUs, or DCS
controllers
• Change alarm thresholds and settings
• Order premature shutdown of processes
• Disable control equipment
5. INTEL PROPRIETARY Intel Federal
Adversary Trends
The interest in IoT and ICS is increasing:
Number of IoT / ICS presentations at conferences
Number of conference locations globally
Number of subculture information sharing networks
Visibility of Connected ‘things’ & ICS vulnerability research
6. INTEL PROPRIETARY Intel Federal
Attacks on IoT and ICS
Pipeline Communication Infrastructure
Compromise
Devices used in an attack against a third party.
Device configuration contributed to compromise
Large volume of network traffic generated
Compromised not detected by traditional means
Nuclear Power Plant cyber infection
Recovery time:
SPDS – 4 hours 50 minutes
PPC – 6 hours 9 minutes
Event: Slammer worm infects plant.
Impact: Complete shutdown of digital portion of Safety Parameter
Display System (SPDS) and Plan Process Computer (PPC).
Specifics: Worm started at contractors site. Worm jumped from
corporate to plant network and found an unpatched server. Patch
had been available for
6 months.
Lessons learned:
Verify device configuration
Ensure Defense-in-depth strategies are in
place
Isolate critical systems from the internet.
Lessons learned:
Secure remote (trusted) access channels
Ensure Defense-in-depth strategies with
appropriate procurement requirements
Critical patches need to be applied
Automobile Manufacturing Impact
Event: Internet worms shuts down major US automobile
manufacturer’s industrial control systems
Impact: Production lines were idle as infected systems were patched
Specifics: The malware infected 13 automobile manufacturing
plants. Revenue impact was approximately $1M USD/HR
Lessons learned:
Critical patches need to be applied
Provide adequate network segmentation
between control and business networks
Place controls between segments to
limit congestion and cascading effects
Automobile computer systems hacked
Event(s): Researchers take away driver control of a moving vehicle by
remotely hacking into relatively insecure computer systems
Impact: Computerized systems in modern cars control many critical
components and safety devices
Specifics: Several Team managed to break into key vehicle systems to
kill the engine, apply or disable the brakes and even send various
taunting messages to radio or dashboard displays
Lessons learned:
Automobile control systems are
vulnerable to the same kind of attacks
which are launched against Internet-
connected computers
7. INTEL PROPRIETARY Intel Federal
Attacks on IoT and ICS
Oil Platform Cyber Incident
Event: Insider computer attack on an energy company’s process
control system.
Impact: By disrupting one of the process control computer
systems, the leak detection system was periodically disabled.
Specifics: Disgruntled IT contractor damaged company
computer systems by impairing the integrity and availability of
critical operational data.
Water Utility Loses Control
Event: Residents of a rural town experienced loss of water
pressure
Impact: Approximately 10,000 residents without water
Specifics: Utility operator updated its HMI OS (Windows) with a
direct connection to the Internet and evidence points to a virus
infecting the SCADA system; causing it to crash.
The ICS was outdated, not supported by the vendor, and not
patched to current updates.
Lacked a firewall between the business and control networks
Water facility accessed via Internet
Event: Cyber researcher used new search engine “SHODAN” to
identify an online link to a utility company’s SCADA system. The
system was then accessed using the default user name and
passwords
Impact: The researcher gained administrative control over the
regional water treatment system
Specifics: After connecting to the water control and management
system via the internet the researcher as able to access all
control systems for water pumping and waste water treatment
Lessons learned:
Do not underestimate the insider threat
Ensure access controls
Policies and Procedure, with regards to
contract personnel, background checks
Lessons learned:
Utilize DMZ to ensure isolation from
business side and Internet
Keep systems patched
Establish and enforce sound security
policies
Lessons learned:
Change system default user names and
passwords
Avoid posting system details to public
facing devices
Not all public facing system details are
obviously visible
8. INTEL PROPRIETARY Intel Federal
8
Overview of Security Challenges in IoT:
Complexity and lack of Standards and Interoperability
Protocols
Standards based protocols slowly replacing
vendor-specific proprietary communication
protocols
Interconnected to other systems
Connections to business and administrative
networks to obtain productivity improvements
and mandated open access information
sharing
Reliance on public information systems
Increasing use of public telecommunication
systems and the Internet for portions of the
ICS
9. INTEL PROPRIETARY Intel Federal
9
Overview of Security Challenges in IoT:
Security Requirements & Required Certifications
10. INTEL PROPRIETARY Intel Federal
focus
Provide security
capabilities that enable
protection,
identification, and
assurance to all nodes in
the IoT ecosystem
InternetofthingssecurityStrategy
• Designed-In Security Foundation – Consistent security
features and a unified programming model which speeds
up ecosystem enablement.
• Built-In IOT Platform Security Architecture – Solutions
integrated to work edge to cloud which lead to HW
protected, market ready vertical solutions.
• On-Demand Device Lifecycle Security Services – Trust
services equip threat defenses with HW verified and
attested devices.
12. INTEL PROPRIETARY Intel Federal
Intel’s IoT Security Portfolio Strategy
FOUNDATION
(Consistency - WIP)
Ecosystem
1
Client
IoT
Auto
Drones
Data
Center
3
Memory
Comms
Altera
D
E
V
E
L
O
P
E
R
S
2
4
S
e
r
v
i
c
e
s
5
13. INTEL PROPRIETARY Intel Federal
13
The Vision for Device Security
13
Protected
Workloads
Trusted
Execution
Environment
Identity
Verifies boot process and enables software identification.
Enforces platform boot policies
• Secure Boot using TXT & TPMVerified Boot
Execution environment that isolates the operations from
manipulation or disclosure
• SGX (SW Guard Extensions)
Trusted Execution
Environment (TEE)
Provides a unique identifier for the device and can serve as
the basis for authentication
• EPID (Enhanced Privacy ID)Device Identification
Sensitive data (including key material) protected from misuse
or disclosure when in use, transit, or storage
• TPM – Trusted Platform Module
• PTT – Platform Trust Technology
Secure Storage
ExamplesDefinitionsSecurity Themes
Provides device management, provisioning, and policy • MeshCentral for IoT GatewaysManagement
15. INTEL PROPRIETARY Intel Federal
15
Security Isolation Options
• No Silver Bullet for Security
• No “one-size-fits-all” approach
• Enable a spectrum of security
implementations
• Choose best solution for use
case
• Process Isolation
• Security in same OS as other components
• Separate security processes
• Containerization Isolation
• Software Containers
• Hardware Containers
• Virtualization Isolation
• Security in separate OS
• Physical Isolation
• Gateway or Bump-in-the-Wire
16. INTEL PROPRIETARY Intel Federal
16
Embedded Security Deployment Models
16
• Process Separation
• Security in same OS as other components
• Separate security processes
• Containerization Separation
• Security in same OS, but in software containers (jails)
• Application separation (apps)
• Virtualization Separation
• Security in separate OS
• Physical Separation
• Gateway or Bump-in-the-Wire
Gateway
Virtualization
In same OS
Containerization
It’s all about separation of
concerns to keep security
apart from the
Operational components
17. INTEL PROPRIETARY Intel Federal
17
Security Comms Channel
• Provide Security Management and Monitoring Services
• Back-end Services
• Edge Services
• Traffic channels independent of Operational Flows and Services
• Separate payload and frequency
• Independent QoS
• Transport Security (Confidentiality and Integrity)
• Machine-to-Machine AA-A
• Device ID
• Authentication and Access Control
• Security and other Endpoint Events aggregated and correlated
• Back-end aggregation
• Edge aggregation
• Enables Security Analytics capabilities
• Back-end analytics
• Edge analytics
• Does not affect the existing Operational Services
• Loosely coupled to Operational Technologies
• Allows security to evolve independently from OT process
Management
Monitoring
Analytics
Secured
Unsecured
ApplicationData
Security Data
Security Data
18. INTEL PROPRIETARY Intel Federal
18
Security Management
• All devices have consistent security
APIs, whether security is mixed in
with the OS, below the OS in a
virtualized instance, or in an OS in
a physically separate instance.
• All devices now look the same from
the management perspective,
regardless of Make, Model,
Manufacturer.
• The security policies can be
pushed out to devices regardless of
their deployment model, all from a
centralized management “cloud”.
19. INTEL PROPRIETARY Intel Federal
19
Security Monitoring
• All devices can send events, logs,
properties, etc. back to the
centralized analytics “cloud”.
• Global visibility of all endpoints
and all communications means
that situational awareness spans
the entire environment.
• Create a near-realtime risk
algorithm measuring the level of
risk on the endpoints and the
communications between the
endpoints.
20. INTEL PROPRIETARY Intel Federal
20
Security Management & Monitoring Feedback Loop
• All devices can send events, logs,
properties, etc. back to the
centralized analytics “cloud”.
• Create a near-realtime risk
algorithm measuring the level of
risk on the endpoints and the
communications between the
endpoints.
• Crossing a risk threshold triggers
a state change in the management
system, resulting in automated
responses
• Notify appropriate personnel
• Push new policy out
21. INTEL PROPRIETARY Intel Federal
Management and Monitoring
Security as a Service (SecaaS) Logical View
21
IT & Security Ops
Context
Operational
Context
Security Management
& Monitoring
Communication
Security
Endpoint Security
Management & Monitoring
Services
Time Sequence Data
Custom Data
Operational Services
Context
Overlay
• IT data is out of band from OT data
• OT “cloud” services do not change
• Security encapsulated in IT “cloud”
• Time Sequence Data = Events
• Properties = Endpoints
• Policy = Management
• IT/OT Service Context Dichotomy
Metrics
Rules
Alarms
etc
Use or disclosure of the contents of this page
is restricted by the terms on the notice page
22. INTEL PROPRIETARY Intel Federal
Brownfield: Using Gateway Greenfield: Using Embedded Security in Device
23. INTEL PROPRIETARY Intel Federal
23
Example IoT Use Case: C4ISR + Analytics
C4ISR
Command, Control, Communications, Computers
Intelligence, Surveillance and Reconnaissance
Foundational USG Big Data Computer Vision
24. INTEL PROPRIETARY Intel Federal
Things To Do First
Protect what’s most important
Data “islanding” / secure enclaving
Consider new layers
Think beyond intrusion prevention
Post-infection detection and response
Mitigation
Monitoring logs; think about exfiltration
Deny, Disrupt, Disable, Destroy
Actively protect your supply chain
Maintain open dialogue with ISP, suppliers, customers,
employees
CLASSIC PERIMETER
Intellectual Property
(Secrets)
HR Data
Process Control
Recipes
Competitively
Sensitive Data
CLASSIC PERIMETERCLASSICPERIMETER
CLASSICPERIMETER