• No results found

Cyber Security in a Nuclear Context

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Cyber Security in a Nuclear Context"

Copied!
56
0
0

Loading.... (view fulltext now)

Download now ( 56 Page )

Full text

(1)

Cyber Security in a Nuclear Context

Mitchell Hewes & Nick Howarth

(2)
(3)

Our Facilities

(4)
(5)
(6)

UNCLASSIFIED

(7)
(8)
(9)

So what is Security?

risk = likelihood x impact

• Mathematically security controls address risks by

minimising the likelihood or impact.

• How we see a risk is weighted by our perception of the

threat and our own historical experiences.

(10)

• Application of security controls to

a set of very complex

programmable electronic devices.

• “Digital Assets” encompassing

the hardware, software, and information.

Computer Security

(11)

Makeup of a Control System

Field Devices

Field Controllers

(12)

Cyber Attacks

Shamoon

Stuxnet

Siberian pipeline sabotage

(13)

Protect the Process

Confidentiality: Unauthorised logic changes must be

prevented.

Integrity: Field Device Outputs/Inputs must remain

immutable throughout their usable lifetime.

Availability: Everything should remain in an operable

(14)

How?

• Personnel Security

• Physical Security Controls

– “Perimeter” is not enough. • Network Segregation

– It Works! (if you do it properly)

• Ensure Authenticity (users, communications) • Change Control

(15)

Air Gap

• Physical isolation of a network from unsecured networks. – Provable unidirectional communication – data diode. – Reduces the attack surface.

• Is it really possible to isolate a control system? – Software patches.

– Engineering and maintenance updates. • Each transfer/modification comes with a risk

– Policy around transfers.

(16)
(17)

Priorities

• Plant Equipment fits into one of three categories.

1. Essential for Nuclear Safety.

2. Significant additional contribution to Nuclear Safety.

3. All other plant systems.

• Nuclear safety and nuclear security have a common

purpose — the protection of people, society and the environment.

INTERNATIONAL NUCLEAR SAFETY GROUP, The Interface Between Safety and Security at Nuclear Power Plants, INSAG-24, IAEA, Vienna (2010).

(18)

Design Problems

• Risks to a safety or safety related system could have significant

impact on the levels of defense in depth for the facility.

• Lifecycle of a typical Nuclear Facility is considerable.

– Reactor design to decommission can be 50-80 years. – A waste storage facility - ???

• We are the custodians of these facilities and this

(19)

Technical Guidance

• Produced by the IAEA in consultation with states, regulators, and

facility operators.

– NSS 17 Computer Security at Nuclear Facilities

– NST047 Computer Security Techniques for Nuclear Facilities – NST036 Computer Security for I&C systems at Nuclear Facilities

• Openly available and offer advice that is relevant for even

(20)

A Graded Approach

• Many systems in a Nuclear Facility – Protection System

– Physical Access Control System – Reactor Control System

– Email

• All separate systems

– Consider and characterize risks to each individually – Segregate and apply security controls to reduce risk

(21)

Don’t bolt it on…

(22)
(23)

Cyber Security at the

OPAL Research Reactor

(24)
(25)

A brief introduction to OPAL

• Open Pool Australian Light Water Reactor • 20MW Thermal

• Utilisation:

– Radiopharmaceutical Production – Silicon Doping (NTD)

– Neutron Beams (Bragg Institute) – Other Irradiations

(26)

A brief introduction to OPAL

• 1997 – Replacement Research Reactor Project (RRRP)

first funded

• 2000 – Contract signed with INVAP • 2001 – License to construct issued • 2006 – Operating license issued • 12 August 2006 – First Criticality • April 2007 – Official Opening

(27)
(28)
(29)
(30)
(31)
(32)
(33)

Protection Systems

• First Reactor Protection System • Second Reactor Protection System

(34)

Control Systems

• Reactor Control and Monitoring System

• Other PLCs

(35)
(36)

A Disclaimer

• This is what we do at OPAL

• This may or may not be suitable for your own facilities

and organisations

(37)

Organisational

• Dedicated IT people for the plant

– Not corporate IT – Not I&C Engineers

(38)

Physical

• Protected site

• Protected building

• Secure rooms and cabinets • Monitoring

(39)

Physical

• No wireless • No exceptions

(40)

Physical

• Keep contractor’s IT assets away

– Maintain a dedicated computer for each contractor – They’ll complain, but they’ll comply

• Keep corporate IT assets away

– Dedicated engineering workstations and laptops

(41)

Physical

• Don’t leave boxes lying around

– Stand alone systems rot

• Consolidate and virtualise whatever you can

– Vendors wont always appreciate it

(42)

Physical

• Keep your plant offline, use data diodes if you really

must have real time access to data

• Physical media controls

– Physically block USB and other media, remove external

media drives

(43)

Logical

• Use data diodes to control what data is coming to/from

the plant

• Physical media control software, for instances where

you really must have physical media

(44)

Logical

• Conventional cyber security controls

(45)
(46)

How did we get there?

• Australian Government Information Security Manual

(ISM), from the Australian Signals Directorate

• http://asd.gov.au

(47)

The ISM in Context

(48)

From high level controls…

(49)

…to low level controls

(50)

Process

UNCLASSIFIED

Security

Policy • High level 1 pager

Security Risk Management

Plan

• What are the risks, and how bad are they?

• What controls will mitigate those risks, and how good are they?

System Security Plan • How are we implementing those controls? SOPs and other lower level Docs

• e.g. training material, checklists, forms

(51)

SRMP

• You already do HAZOPs and CHAZOPs, now do the same for IT security • Generic SCADA Risk Management Framework For Australian Critical

Infrastructure Developed by the IT Security Expert Advisory Group (ITSEAG) (Revised March 2012)

http://www.tisn.gov.au/Documents/SCADA-Generic-Risk-Management-Framework.pdf

(52)
(53)

The ‘Top 35’

• Strategies to Mitigate Targeted Cyber Intrusions

http://www.asd.gov.au/infosec/top35mitigationstrategies.htm

• If you don’t want the whole ISM, do the Top 35

(54)
(55)

The ‘Top 4’

1. Application whitelisting of permitted/trusted programs, to prevent execution of

malicious or unapproved programs including .DLL files, scripts and installers.

2. Patch applications e.g. Java, PDF viewer, Flash, web browsers and Microsoft Office.

Patch/mitigate systems with "extreme risk" vulnerabilities within two days. Use the latest version of applications.

3. Patch operating system vulnerabilities. Patch/mitigate systems with "extreme risk"

vulnerabilities within two days. Use the latest suitable operating system version. Avoid Microsoft Windows XP.

4. Restrict administrative privileges to operating systems and applications based on

user duties. Such users should use a separate unprivileged account for email and web browsing.

(56)

References

Download now ( PDF - 56 Page - 4.37 MB )

Related documents

Digital Beamforming Architecture and Techniques for a Spaceborne Interferometric Ka-Band Mission

The SCan-On-Receive (SCORE) mode of operation is pri- marily based on generating a wide transmit beam and a narrow, high gain beam on receive that follows the pulse echo on the

Nuclear Regulatory Commission Computer Security Office Computer Security Standard

Web applications will be assessed against the most recent effective version of the Open Web Application Security Project (OWASP) Top Ten list of web application

COMPUTER SECURITY OF INSTRUMENTATION AND CONTROL SYSTEMS AT NUCLEAR FACILITIES

The computer security plan should ensure that access to I&C systems, components, software, 17. configuration data and/or tools is controlled during all phases of the life

WORKING GROUP 1 REPORT Managing Cyber Threats

These include: Nuclear Security Series No 17 (NSS17) Computer Security at Nuclear Facilities, which provides guidance for implementing a cyber security program, evaluating

Designing the Teacher: Applying \u27Design Thinking\u27 to Improve Composition Pedagogy and Practice

Many scholars and teachers are interested in and writing on multimodality and the importance of utilizing digital technologies to produce multimedia texts, but far too often are

Electronic Fulfillment of Feature, Capacity and Subscription License Activation Keys via the License Management System (LMS)

ƒ Attached to the email is a .PDF file which contains the RTUs (Authorization Code(s)) or software serial numbers, and contains instructions to obtain the license activation

RBNZ preview: Quietly monitoring house prices

But to keep the RBNZ rate expectations capped, markets will likely require evidence in the coming months that the government’s measures are effectively curbing house prices.. We may

Chronic toxicity of silver nanoparticles to Daphnia magna under different feeding conditions

Detrimental effects of AgNP on survival, growth and reproduction were observed in concentrations higher than 10 μg Ag/L, whereas the animals exposed to 10 μg Ag/L had larger