Critical Infrastructure Cybersecurity

Critical Infrastructure

Cybersecurity

Kim Legelis

Vice President, Marketing

Lockheed Martin Industrial Defender

Webinar July 23, 2014

Rich Mahler

Director, Commercial Cyber Solutions Lockheed Martin

+

Program vs. Project

Risk Management - A Fundamental Driver

Risk Escalation is Real and Continuing

Viruses … Diverse Sophisticated Combination Attacks Cyber Warfare Criminals and “Insider” Threats More Integration

More Connectivity _Highly

Targeted Governments

Businesses Will Get More Help in Defining Risk

“Major Cyber Attack Aimed at Natural Gas Pipeline

Companies”

Msnbc.com

May 2012

“Stuxnet Infected [Oil & Gas Companies] IT Networks”

Wall Street Journal

November 2012

“Chinese Hackers Stole Plans For Dozens Of Critical US

Weapons Systems”

Business Insider

May 2013 “Iran Hacks Energy Firms,

U.S. Says”

Wall Street Journal

May 2013

“Obama Executive Order Redefines Critical

Infrastructure”

Computerworld

February 2013

“House Democrats’ Report Says Power Grid is Vulnerable

to Cyberattack”

The Washington Post

Rethinking Cyber-Security…

We Now have Years of Experience – Security is Complex

Security Issues Explanation

Cost is High The cost of implementation and maintaining security is high, it adds nothing to the value of most manufactured products and security is never 100% no matter how much is invested.

Motivations for Investing in Security is Changing

Over recent years, regulations and government involvement have driven security investments, especially in critical infrastructure industries. Regulations are likely to broaden and spread to other industries, changing security

strategies significantly.

Solving Persistent Security Problems

One example: Patches cannot be tested and installed fast enough for systems operations because of the large variety of applications and system

configurations. Consequently, the period of high exposure to successful attack is too long

Securing Remote Access

Effective maintenance of business assets requires that service providers remotely access the assets, yet the risk of connecting assets to the internet is high. Many approaches are used but a consistent, cost effective, and highly secure solution is needed.

Accelerating Standards Development

Standards are critical for improving security but the process is toO slow and the results are barely adequate. Most standards must be adapted and extended for systems in operations.

Making Sure We Are on Track

Cyber security activity is intense; it is a good time to step back and be sure we are working on the right problems and solutions

Are We on the Right Track?

What are the Emerging Opportunities

Security Is Not a One-time Investment

Practices are Maturing - It Is Difficult – Skills Shortage?

New …

• Vulnerabilities • Threats • Patches • People • Organizations • Governments • …

New …

• Technologies • Architectures • Practices • …

New …

• Business Initiatives • Acquisitions • Partners • Regulations • Cost Pressures • Applications • Systems • …

Cyber Security is a Very Dynamic Activity

Continued Investment is Required

Test, Monitor, Mitigate, Adapt Design Assess Audit Renovate

Evolutionary Security Maturity

Foundational Security Technologies Basic Security Compliant Security (Reactive) Sustainable Security (Proactive)

Intelligence Driven Defense® (Predictive)

Procedures and Documentation

Automation and Efficient IT/OT Process Integration

Cyber Intelligence

Integrated in Operations

Where Are

You Today?

Where Do You Want

to be Tomorrow?

Developing a Security Roadmap is Essential to

Your Long Term Program Success

Integrated Risk Management at All Levels

Cyber Intel Analysts

• Understands the Adversary

• Derives Intelligence from Internal & External Sources

• Integrates Cyber Intelligence into Security Operations

Board of Directors

• Aware of Cyber Threats

• Ensures Controls and Adequate Resources Exist

• Understands Risk Exposure

Executive Management

• Alignment of Resources to Risk

• Measures Success of Cyber Defenses

• Ensures Return on Security Investment

Business

Operational

Understand the Challenges

• Adverse impact on critical infrastructure

from potential cyber attacks

• Increasing level of government

oversight and regulatory interest

• Complex mix of IT and OT environments • Disciplined programmatic approaches

to safety and availability

• Business investment constraints

• Security staffing and training challenges

for security

• Varying security maturity levels across

business areas & supply chains

• Measure of security effectiveness/ROI

• Fragmented situational awareness

across the enterprise

• Overabundance of technology point

solutions

• Challenged to stay ahead of the

threat landscape

• Priority & fidelity of intelligence

sources

• Strategic and sustainable

cybersecurity roadmap

• Governance & risk management • Regulatory reporting requirements

(internal & external)

Unique Requirements of IT & OT…

Enterprise IT Systems Management

• Business critical

• Confidentiality and integrity take priority – reboot common • Transactional orientation

• HP, Cisco, McAfee, etc. • PCs , servers and cloud

• Web services model is dominant

• Many commercial OTC software products installed • Protocol is primarily HTTP/HTTPS over TCP/IP

- widely known

• Office environment, plus mobile • Governance and compliance

OT Systems Management

• Safety first

• Zero downtime focus & real-time focus • Few people; many, many devices

• ABB, Siemens, GE, Honeywell, Emerson, etc.

• Sensors, Controllers, Servers, Industrial Devices (IED, RTU, PLC) • Polled process control model

• Purpose-specific devices

• Industrial Protocols: ICCP, Modbus, DNP3, some over TCP/IP • Harsh operating plant environments

Theft of legitimate user accounts

Loss of Control, Production and Physical Damage

Impacts to Automation Systems

DUQU

STUXNET

Flame

Gauss

Exfiltration of data related to ICS

Espionage, Data theft

Security Evolution in Industrial Control Systems

Firewalls Business connectivity Locks on the Door Intrusion Detection Network Based Host Based Known Bad Industrial Protocols Alarm Sensors Event Monitor Central Logging Monitor and respond Alert on Events of interest Log everything and apply forensics Incident Management Flight recorder Intrusion Prevention Network Based Host Based Deep packet inspection Known Bad signatures Known Good Signatures Whitelisting System hardening System locked down Security Management Automate manual process

Enforce policy, process & procedures Leverage “baselines” Manage changes Audit reporting Continuous assessments Attestation data

Doing it and Proving you are doing it

T

echnology

Sophi

st

ication

2003

2005

2007

2009

Today

Converging Challenges

• Improving cybersecurity, addressing compliance mandates,

and enhancing operational effectiveness.

Cybersecurity

Threats exist from both malicious outsiders and well-intentioned insiders.

Compliance

Increasing external

oversight from government

(NERC CIP, BSI). Internal

compliance with corporate

policies, industry associations and best practices (NIST, CPNI, ISA99, API 1164, etc.)

Change Management

Need to know what assets are in your environment and when changes are

Automation Systems’ Balancing Act

Secure, Comply – Gain Operational Advantage

Striving for Operational Excellence via Improved,

Reliability, Availability, Health and Safety

Security

“We need to do it”

Insurance

Compliance

“We have to do it”

Corporate “tax”

Operational

• More complex

automation systems

• Budgetary pressure

• Need for increased security

• Increasing compliance

requirements

• Fewer resources and increasing

skill set gaps

• Limited resources to allocate for

change management and

business process requirements

Operational Challenges

• Balancing operational requirements with

emerging cybersecurity, compliance

and change management requirements:

Meeting the Challenge

More complex

automation systems

Ease-of-use software.

Outsourced partnership options

Vendor agnostic offering

across disparate asset base

Integrated defense-in-depth

Reduced manual labor

through automation

Automated collection tools

and standardized reports

Baseline archiving, variances,

workflow, trouble-ticketing

Limited resources to allocate

for change management and

business process requirements

Budgetary pressure

Need for increased security

Increasing compliance

requirements

Fewer resources and

increasing skill set gaps

Lockheed Martin Cyber Security Solutions

Lockheed Martin

Intelligence Driven Defense

®

Enterprise Solutions Intelligence

Professional Services

Situational Awareness Actionable Intelligence

Risk Assessment

Managed Services

Lockheed Martin Comprehensive Portfolio

Over 3,000 Cyber-Security Professionals on Staff

• Security Risk assessment • Cyber Architecture • Systems Integration • Incident Response • SIC/SOC Transformation • IT/SOC Insource/Outsource • Training • Cyber Intelligence Management

• Automation (OT) Systems Management Solution • External and Insider Threat

ID Solutions

• Security Education & Awareness

• SOC/SIC/MSSP Services • Advanced Threat Mitigation • LM & Classified Intelligence • Analysis-on-Demand • Managed IT • Intelligence Driven Defense®

• Cyber Kill Chain® _Analysis

• Industry-Specific and Cross-Industry Visibility • 12-year Knowledge Base

Across >25 SOC/SICs

Risk Assessment Risk Mitigation Risk Management

Professional Services Enterprise Solutions Managed Service Intelligence

Risk Lifecycle

Asset Event Configuration Policy Compliance Work Automation

Optional Agent Automation Systems End-Points

Applications

Configuration Management

Track and audit device settings, software, firewall rules and user

accounts and view and baseline the system configurations, ports & services, and software.

Compliance Reporting

A comprehensive suite of standard configurable reports to meet audit

requirements, internal or external. Enables users to define, generate and

automate reports as needed.

A single unified view of all assets enables onboarding and

decommissioning of assets, device status reporting, information access and state information.

Asset Management

Event Management

Brings visibility to control system and networks by providing event log

data from multiple security sources, centralizes operations and reduces expenses.

Policy

Management Communicate new policies, track acceptance and manage conformance.

Work Automation

Suite

Integrates document management, ticketing, and reporting as part of a

structured workflow enabling ICS professionals to initiate, track, approve,

Capabilities

•

Report subscriptions

•

User account change

identification

•

Network & system health and

performance

•

Analyze changes across asset

base & environment

•

Maintain central configuration

policy

•

Collect & report on settings,

accounts, configurations

•

Manage hardened electronic

security perimeter

•

Event logging, correlation, and

archiving

•

Customizable user interface

dashboards

•

Scalable architecture

•

Configuration change

management

•

File integrity monitoring

•

Device configuration file

archiving

•

Network traffic monitoring

•

Critical process & service

monitoring

In Depth Integration

Integration with:

• ABB 800xA, ABB Symphony/Harmony, ABB Infi90, ABB FACTS and ABB SYS600C & MicroSCADA, Ventyx Network Manager

• Elster Calisto & EnergyAxis

• Emerson DeltaV and Emerson Ovation • GE XA / 21 & PowerOn FUSION • Foxboro I/A Series

• Honeywell Experion • Itron OpenWay System • Rockwell RSView

• Schneider Electric Momentum, Quantum, OASyS, Citec • Siemens PCS7

• and many more!

Operating Systems

• Windows NIT, 2003, NT, 7, 8 • HP-UX PA-RISC & Itanium • Linux • DEC Tru-64 • Sun Solaris • IBM AIX Industrial Rules • DNP3 • Modbus • ICCP • IEC • Siemens S7 Protocol • TCP/IP

Industrial Defender FleetView

• Unprecedented situational awareness for control systems.

Aggregates data across all sites for improved visibility

Quickly spot trends in changes between groups of assets including firewalls, switches, or routers Easily view trends

over time at site-by-site level, or to specific systems and assets

Compare changes over time to see where anomalies exist for process improvements

Infrastructure/Utility Systems Management

SIEM

• Change Management • Policy Management • Patch Management

• Event, Log Data • End-Point Data • Compliance

Integration with Enterprise IT & Security Systems

• Threat Intelligence Feeds

Third Party Threat Intelligence

The Industrial Defender Platform is Open in its Ability to

Integrate with Enterprise IT & Security Systems

Industrial Defender Solutions

• Simplify and scale with a complete turnkey solution.

Address resource and expertise challenges with

a single view, vendor agnostic platform.

a

_{Infrastructure}

Tackle increasing security,

compliance and change management challenges

despite resource constraints.

a

_Applications

Partner with Lockheed Martin’s

OT-experienced team so your team can deliver on reliability and

availability of your systems.

a

_Services

Best Practices Recommendation

1. Encourage Dialogue between the key stakeholders

• Engineering, Enterprise Security and Operations

2. Keep a regular inventory of Applications and Infrastructure dependencies

• Hardware, software, interdependencies

3. Understand that many OT systems were not designed with Security in

mind

• Availability and operational efficiency

4. Understand your cybersecurity maturity

• Create an ongoing program

5. Ensure situational awareness across the entire organization: IT &OT

• Understand the differing requirements for cybersecurity

Questions

Join a Product Webinar and Demonstration:

http://bit.ly/v6demo or visit

http://id.lockheedmartin.com/

Want to know more about Industrial Defender ASM ?

Please use the

“Ask a Question”

button at the top of the Player to interactively text your questions in to our presenter