OPC & Security Agenda

(1)

OPC & Security

Agenda

• Cyber Security Today

• Cyber Security for SCADA/IS • OPC Security Overview

(2)

CYBER

SECURITY

TODAY

Introduction

The

Need

for

Reliable

Information

Flow

• Reliable data communications is critical for modern

ICS and SCADA:

– Production management systems

– Manufacturing execution systems

– Asset management systems

– Enterprise data historians

– Just‐in‐time manufacturing

– Regulatory compliance

– Remote maintenance support

(3)

The

Stuxnet

Worm

• July, 2010: Stuxnet worm was discovered attacking

Siemens PCS7, S7 PLC and WIN‐CC systems around the

world

• Infected 100,000 computers

• Infected at least 22

manufacturing sites

• Appears to have impacted

its possible target, Iran’s

nuclear enrichment

program

Here

Come

the

SCADA

Vulnerabilities…

• March 15: Gleg Ltd. (Russia) releases Agora SCADA+

exploit pack for Canvas. Used 11 0‐day exploits ( grew

to 54)

• March 21: security researcher (Italy) releases 34

(4)

What

Stuxnet

Means

to

the

ICS

World

• Stuxnet has become a “SCADA‐for‐Dummies” training

manual for the hacking community

• “Security Researchers” are focusing on SCADA/ICS

because it is easy money/fame (little malicious intent)

• Actors with bad intent have access to the weapons:

– Download exploits for free (Italian list)

– Purchase tool kits (Gleg)

– Directed where to look for more vulnerabilities

Some

Lessons

Learned

• SCADA and ICS are now targets of interest

• Most systems have many exploit opportunities

• The Son‐of‐Stuxnet is only a matter of time

(5)

UNDERSTANDING

CYBER

SECURITY

FOR

SCADA

AND

ICS

Concepts & Technologies

The

Bastion

Model

of

Security

• A popular industrial security policy is to install single

firewall between business and the control system.

• Known as the Bastion Modelsince it depends on a

single point of security.

(6)

Layering

Your

Defenses

#1

• Manage risk with

diverse and layered

defensive strategies

• If one defence is

compromised, another

layer presents

additional obstacles to

the attacker

Layering

Your

Defenses

#2

• Remember that attacks come in different flavors

• Each defensive layer can be optimized to deal with a

specific range of threats.

Technology Layer Example Solution Defense Against

Network Security Firewall Scanning

Malformed Packets Denial of Service Attacks Platform Security Anti‐virus software Known worms

Application Security Account and Role Access

Control

Disgruntled Employees Inappropriate Access

(7)

Too

Many

Protocols…

• ICS

network

can

be

an

alphabet

soup

of

network

protocols

and

technologies

• Each

protocol

brings

new

hacker

“opportunities”

Reducing

the

Attack

Surface

• Picking

one

or

two

universal

protocols

and

sticking

with

them

Reduces

the

Attack

Surface

• Limits

hacker

opportunities

(8)

• There are important differences between information

technology (IT) networks and industrial automation

and control systems networks.

• Problems occur because assumptions that are valid in

the IT world may not be on the plant floor

• Some examples:

– Valid types of outbound traffic

– Importance of web “customers”

– What are the “Critical” protocols

– Desired state on failure

IT

Security

is

not

SCADA/ICS

Security

• IT Assumption: Outbound traffic is safe, inbound

traffic is unsafe

• Result:

By default, all ports are blocked on the outside

interface, and all ports are open on the inside

interface of the security appliance.

Cisco ASA 5500 Adaptive Security Appliances

Document ID: 91970

(9)

• Plant Floor Reality: Cisco ASA firewall is installed

between DCS and PLCs with DCS as SCADA master

(thus inbound traffic to PLC must be allowed)

• Event: Firewall installed with default rule sets

• Impact: All traffic to PLCs is blocked, plant down for

three hours

Its

Impact

on

a

Chemical

Plant

SCADA/ICS

‐

Appropriate

Technologies

• Deploy ICS‐appropriate security technologies to

secure ICS/SCADA systems

• Look beyond traditional network layer firewalls,

towards firewalls that are capable of deep packet

(10)

UNDERSTANDING

OPC

SECURITY

High Level Overview

• World’s leading technology for integrating different

automation products.

• Defines the communication interface that exposes

Automation data.

• Includes all OPC standards that are based on

Microsoft's DCOM Technology.

• Security concerns due to DCOM.

(11)

OPC

Security

Considerations

Who has Access? What can they Do? What might they Do?

Cyber Security Network

Security

Secure OPC

Architectures OPC Security Network Security Process Security Behavioral Security

Common

OPC

Security

Issues

• Unauthorized OPC Clients

• Authorized OPC Clients with too much power

• No layering of security

• OPC Servers implemented with no security restrictions

(12)

Issue:

Unauthorized

Access

• Keep out malicious users

• Keep out unauthorized clients

• Microsoft Windows Security – ACL based

– User control: Windows Security

– Application Control: DCOM

What

DCOM

Security

Provides

OPC

Server

User 1 • OPC Client

•OPC Servers employ no security •OPC Clients control OPC Servers •Prevent unauthorized access •DCOM ACLs used to limit who may: •Launch (start) the server •Access (communicate) with OPC server

OPC Server Access Control List

User/Group Launch Access

User 1 Yes Yes

User 2 No Yes

User 3 No (or not

listed)

No (or not

(13)

What

Can

Users

Do?

• User

Connects

• User

Token

Passed

• Full

Access

Granted

Administrator Engineer Contractor

DCOM

Security

• User

Connects

• User

Token

Passed

• Same

Access

granted

to

all

Users

(14)

OPC

Security

Specification

• Developed

by

OPC

Foundation

• NT

Security

performs

authentication

• OPC

Server

performs

access

authorization

• Access

authorization

based

on

either

:

1. NT Access Token (preferred)

• Uses the Windows login name/password

2. Private Credential (IOPCSecurityPrivate)

• Special interface

• Both OPC Server and client support required

OPC

Security

Specification

• User

first

passes

DCOM

security

(Authentication)

• Access

Certificate

passed

to

OPC

Server

• OPC

Server

grants

access

(

Authorizes

)

Read Write Browse

(15)

Layering

security

‐

Goals

• Give

the

least

rights

possible

to

authorized

clients

• Eliminate

ability

to

arbitrarily

add

client

nodes

• One

big

firewall

is

not

good

enough

(16)

Cyber Security Cyber Security

Network Security Network Security

Secure OPC

Architectures Secure OPC

Architectures

Nested Security Perspectives

Cyber Security Cyber Security

Network Security Network Security

Secure OPC

Architectures Secure OPC

Architectures

(17)

Leveraging

OPC

Security

• Specification

is

vendor

neutral

• Vendor

implementations

vary:

–Most: Do not implement

–Some : Perform user authentication only

–OPC Security Gateway: Per‐User‐Per‐Tag Security

• Not

all

OPC

products

are

made

equal

OPC

Security

In

Action

• Tag

level

security

• User

based

ACL

Read Write

(18)

OPC

Security

in

Action

ACL

• Limited Tag Visibility

• Custom Read/Write Permission

Read Write Browse

OPC

Security

in

Action

ACL

• Tag

level

security

• Custom

Read/Write

Permissions

Read Write Browse

(19)

Example

Server

Read Write Browse

Company A _{Company B}

Example

(20)

Easy

Permission

Settings

Per User Per Group Per Tag

Example

Server

Company A _{Company B}

Read Write Browse

(21)

SECURING

OPC

ARCHITECTURES

Bringing it all together

Securing

Existing

OPC

Architectures

• Most

OPC

Servers:

–Do not support OPC Security Specification

–DCOM level authorization only

• Multi

‐

vendor

OPC

Architectures

Typical

• Firewalls

not

used

(22)

Secure

Data

Access

Corporate

Engineering

Server 1 Server 2 App

IT

Secure

Data

Access

Corporate

Engineering

Server 1 Server 2 App

IT

(23)

Secure

Data

Access

Corporate

Engineering

Server 1 Server 2 App

IT

Tunneller

Secure

OPC

Components

• Minimize

Accidental

damage

• Control

OPC

Server

Visibility

(24)