Security Considerations in Process Control and SCADA Environments
1. Security Considerations in Process Control and SCADA Environments Rich Clark Industry Security Guidance Wonderware and ArchestrA Business Units Invensys Wonderware
21. Cost of Protection vs Breach Event Probability More Vulnerable to Attack Safer Against Breach Events Cost curve for increasing the protection level Breach events having a high probability of never occurring
22.
23. Some Sources of These Threats… General attacker threats Common criminals Organized crime Nation states/ Governments Non state-sponsored terrorism Anti world trade/ Anti globalization activists Regional political activism Animal rights activists Environmental groups Malicious code attack specifically directed against a Customer General malicious code threat Illegal information brokers and freelance agents Competitors, contractors, corporations Disaffected staff (including contractors) Corporate intelligence/ Investigation companies “ Insider” threats including social engineering, espionage, and spoofing people with high access levels Unintentional exposure of vulnerabilities by untrained personnel
24.
25. Attack Sophistication vs. Intruder Technical Knowledge Sources: Carnegie Mellon University, 2002 and Idaho National Laboratory, 2005 1980 1985 1990 1995 2000 2005 2010 Automated Probes/Scans Password Guessing Self-Replicating Code Password Cracking Exploiting Known Vulnerabilities Disabling Audits Hijacking Sessions Sweepers Sniffers Distributed Attack Tools Denial of Service GUI Network Management Diagnostics WWW Attacks “ Stealth”/Advanced Scanning Techniques High Low Intruders Back Doors Zombies BOTS Morphing Malicious Code Attack Sophistication Intruder Knowledge Packet Spoofing
26.
27.
28.
29. The Case of the CFO’s Sleeping Notebook Historian – InSQL Application Object Server Application Object Server Application Object Server Instead of shutting down the machine properly, he made the machine sleep keeping the virus in resident memory. Company policy required that all machines connected to the Corp Net be rebooted and virus scanned. They did not enforce this policy at the Executive Level. When it connected to the Corp Net and woke up, the virus spread immediately to all machines that were not properly patched for the particular virus (a lot of them). The Enterprise was down for 2 days. His daughter used the machine to surf the web and it contracted a virus. CFO Notebook Operator Station Operator Station Operator Station Operator Station Development Station Development Station
46. Current Designs of Secure Architectures: SCADA Legacy HMI OPC or SuiteLink Enabled Firewall Client PC with Active Factory SuiteVoyager Client Win Terminal Client HMI Win Terminal Client Dev Other Corporate IT Functions Corporate Network Infrastructure Firewall InSQL Server Platform / AlarmDB Other WW Databases SuiteVoyager Platform Win Terminal Server Platform InTouch TSE FS A 2 Dev TSE DMZ InTouch Platform ActiveFactory Alarm History Viewer Other WW DB Viewers PLCs Sub-station Network Optional Firewall SCADAlarm With Modem and Monitored DO line Galaxy Repository InTouch file server AOS Platform DI Network Object AOS Platform DI Network Object SCADA Com Manager PLCs Proprietary Distributed SCADA Communications Infrastructure Firewall Firewall Firewall Supervisory Control Network TCP/IP Distributed SCADA Communications Infrastructure InTouch Platform Active Factory Alarm History Viewer Other WW DB Viewers PLCs Sub-station Network
47. Current Designs of Secure Architectures: PCN Firewall Client PC with Active Factory SuiteVoyager Client Win Terminal Client HMI Win Terminal Client Dev Other Corporate IT Functions Corporate Network Infrastructure Firewall InSQL Server Platform / AlarmDB Other WW Databases SuiteVoyager Platform Win Terminal Server Platform InTouch TSE FS A 2 Dev TSE DMZ InTouch Platform ActiveFactory Alarm Clients QI Client Router PLCs Factory Floor Network (TCP/IP) Optional Firewall SCADAlarm With Modem and Monitored DO line Galaxy Repository InTouch file server TSE server IDE AOS Platform DI Network Object PLCs Non TCP/IP based PLC Network Process Control Network
48. Current Designs of Secure Architectures: PCN Firewall Client PC with Active Factory SuiteVoyager Client Win Terminal Client HMI Win Terminal Client Dev Other Corporate IT Functions Corporate Network Infrastructure Firewall InSQL Server Platform / AlarmDB Other WW Databases SuiteVoyager Platform Win Terminal Server Platform InTouch TSE FS A 2 Dev TSE DMZ InTouch Platform ActiveFactory Alarm Clients QI Client Router PLCs Factory Floor Network (TCP/IP) Optional Firewall SCADAlarm With Modem and Monitored DO line Galaxy Repository InTouch file server TSE server IDE AOS Platform DI Network Object PLCs Non TCP/IP based PLC Network Process Control Network This is a Serious Data Bottleneck
49. Current Designs of Secure Architectures: PCN Firewall Client PC with Active Factory SuiteVoyager Client Win Terminal Client HMI Win Terminal Client Dev Other Corporate IT Functions Corporate Network Infrastructure Firewall InSQL Server Platform / AlarmDB Other WW Databases SuiteVoyager Platform Win Terminal Server Platform InTouch TSE FS A 2 Dev TSE DMZ InTouch Platform ActiveFactory Alarm Clients QI Client Router PLCs Factory Floor Network (TCP/IP) Optional Firewall SCADAlarm With Modem and Monitored DO line Galaxy Repository InTouch file server TSE server IDE AOS Platform DI Network Object PLCs Non TCP/IP based PLC Network Process Control Network This is all the same logon/admin domain. The PCN is susceptible to Corp Net failure and attacks.
54. Current Wonderware Architecture Guidance This network only carries PCN traffic. No corporate spending projections. No emails to Aunt Hildebrandt. No web surfing to see how my stocks are doing.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66. Security Program Performance Management Security Program Performance Management Awareness & Assessment Policy & Procedures Security Solution
67.
68. Security Lifecycle Project Management Define Risk Goals Assess & Define Existing System Design or Select Countermeasures Conduct Risk Assessment & Gap Analysis Procure or Build Security Countermeasures
69. Security Lifecycle Project Management Define Risk Goals Assess & Define Existing System Design or Select Countermeasures Define Integration Test Plan Define System Validation Test Plan Conduct Risk Assessment & Gap Analysis Procure or Build Security Countermeasures Define Component Test Plans
70. Security Lifecycle Project Management Finalize Operational Security Measures Perform Pre-Installation Integration Test Define Risk Goals Assess & Define Existing System Design or Select Countermeasures Define Integration Test Plan Perform Validation Test on Installed System Define System Validation Test Plan Conduct Risk Assessment & Gap Analysis Procure or Build Security Countermeasures Test Countermeasures Define Component Test Plans
71. Security Lifecycle Project Management Reevaluate Security Countermeasures (Break-in or Major Plant Change) Periodic Audit and Compliance Measures Routine Security Reporting and Analysis Finalize Operational Security Measures Perform Pre-Installation Integration Test System Goes Operational Here Define Risk Goals Assess & Define Existing System Design or Select Countermeasures Define Integration Test Plan Perform Validation Test on Installed System Define System Validation Test Plan Conduct Risk Assessment & Gap Analysis Procure or Build Security Countermeasures Test Countermeasures Define Component Test Plans
72.
73.
74.
75.
76.
77.
78.
79.
80. Your Presenter has been… Please drop me an email if you have any security related questions. Customer Security Guidance
![Introduction ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)