Does Aligning Cyber Security and Process Safety Reduce Risk?

(1)

1

Does Aligning Cyber Security and Process Safety

Reduce Risk?

How can we align them to protect Operational Integrity?

Schneider Electric September 15, 2015

Hosted by Greg Hale, Founder & Editor of Industrial Safety & Security Source

(2)

2

Confidential Property of Schneider Electric 2

Host: Greg Hale

ISS Source

• Over 30 years in the publishing

industry covering manufacturing automation

• 10 years as the Chief Editor

of InTech magazine

• Formerly Editor in Chief at Post

Newsweek’s Reseller Management magazine

• co-author of the book, “Automation

Made Easy” “Everything You Wanted to Know About Automation – and Need to Ask”

(3)

3 Confidential Property of Schneider Electric

> Prevent or minimize risk of personnel injury & damage to plant, property, environment

> Applied through:

> Standards & regulations > Process & system design > Plant hardware & software > Procedures & controls

> Shared knowledge & experience > Regular reviews & updates

> Prevent or minimize risk of personnel injury & damage to plant, property, environment

> Applied through:

> Standards & regulations > Process & system design > Plant hardware & software > Procedures & controls

> Shared knowledge & experience > Regular reviews & updates

Both disciplines aim to protect

Operational Integrity

(4)

> Primary focus is on external threats

> Relatively new field

> Limited standards, spotty regulations

> Varied application and attention

> Information less likely to be shared

> Issues and sources continually changing

and not well understood

> A Cyber incident can cause a safety

incident

> Primary focus is on internal processes

> Mature discipline – Safety always an

issue

> Standards & regulations quite rigorous

> Widespread adoption – “common

practice”

> Knowledge widely shared to apply new

lessons

> Issues and sources relatively stable and

well understood

With key differences…..

Process Safety Cyber Security

(5)

5

Operational Integrity depends on:

Asset Owners

> Responsible to operate & maintain systems

Automation Equipment Suppliers

> Deliver safe, secure & reliable products

System Integrators

> Engineer & implement safe, secure & reliable systems

(6)

6

But….

If everything is not working together, with the same goals in mind…..

Disaster can occur

e.g. Turkish pipeline blast

CAPECO fire…

(Caribbean Petroleum Corp.)

"Caribbean Petroleum Corporation Disaster" by CSB

(7)

7

From the boardroom down

companies must ask

themselves these three

questions:

Health and Safety Executive (HSE)

Do we know what systems we have in place to prevent this from happening?

2

Do we understand what could go wrong?

1

Do we have the information to assure us they are working effectively?

(8)

All roles need to work together

with Security AND Safety in mind

Suppliers

Design and Manufacture COTS Control Systems

Integrators/Asset Owners

Engineer and Integrate COTS into Site Specific Systems

Asset Owners

Operate and Maintain Site Specific Systems

(9)

9

Steve Elliott

Integrator

Supplier

Andre Ristaino

John Cusimano

(10)

10

• Process Design

• Identify Hazards

• Consequence Analysis

• Layer of Protection Analysis

• Develop Non-SIS Layers

• Define Target SIL

• Document Requirements

Allocate Safety Functions and Protection Layers

Safety Requirements Specification

Process Hazards Analysis (PHA)

Management of Functional Safety Sy stems Lifecy cle Management

(11)

11

• Process Design

• Identify Hazards

• Consequence Analysis

• Layer of Protection Analysis

• Develop Non-SIS Layers

• Define Target SIL

• Document Requirements

Unmitigated Risk

(12)

12

1. Security Management Process

2. Security Requirements Specification

3. Security Architecture Design

4. Security Risk Assessment (Threat Model)

5. Detailed Software Design

6. Document Security Guidelines

7. Module Implementation & Verification

8. Security Integration Testing

9. Security Process Verification

10. Security Response Planning 11. Security Validation Testing 12. Security Response Execution

Supplier SDLA Phases

Security Development Lifecycle Assurance for design and manufacture

Supplier SDLA Phases

-for design and manufacture

(13)

13

Embedded Device Security Assurance (EDSA)

Detects & Avoids systematic design faults

• Audit development and maintenance processes

• Ensure a robust, secure development process

Detects Implementation Errors / Omissions

• Audit components’ security functionality

Identifies vulnerabilities in networks and devices

• Test components’ communication robustness • Test for vulnerabilities

Software Development Security Assessment (SDSA)

Functional Security Assessment (FSA)

Communications Robustness Testing (CRT)

(14)

14

• Many companies don’t have a true understanding of their cyber risk • There is a lot that can be learned

from process safety risk management

• Integrating cybersecurity into process safety is key

• Understanding cyber risk starts with a risk assessment

Analysis

Implementation

Operation

Process Safety Lifecycle (ISA 84 / IEC 61511) Assess Implement Maintain Cybersecurity Lifecycle (ISA / IEC 62443)

(15)

15

ICS Cybersecurity Risk Assessment

(a.k.a. Cyber PHA)

Help is on the way:

• ISA 62443-3-2 “Security Risk Assessment and System Design” • ISA-TR84.00.09-2013 “Security

Countermeasures Related to Safety Instrumented Systems (SIS) & Associated IACS”

(16)

Summary:

• Asset Owner: Understand the

Risk; Learn What to Protect

• Supplier: Create Threat Model • System Integrator: Risk

Assessment

2

1

(17)

17

• Select SIS Architecture

• Systems Detailed Design

• Hardware Build

• Software Programming

• Testing

• Systems Installation

• Commissioning

• Full System Validation

Management of Functional Safety Sy stems Lifecy cle Management

Testing of Systems Prior to Installations

Factory Acceptance Test (FAT)

Systems Installation and Commissioning

Design & Engineering Layers of Protection & Safe

Guards

Systems Safety Validation

(18)

18

Supplier SDLA Phases

Build

(19)

19

Asset Discovery Scan

• scan to discover network components

Communications Robustness Test

• verify operation under high network load and malformed packets

Network Stress Test

• verify that essential functions continue to operate under high network load

Vulnerability Identification Test

• scan for the presence of known

vulnerabilities using NESSUS and US Cert national vulnerability database

(20)

20

Defense-in-Depth

• One of the biggest challenges industry faces is a insufficient

integration of security into systems (e.g. defense-in-depth)

• Concepts are well recognized • Slow process

• Engineering, implementation and testing

(21)

Summary:

• Asset Owner: Full System

Validation

• Supplier: Test, Test, Test

• System Integrator: Integration

of Security; Defense in Depth

2

1

(22)

22

• Startup

• System Operation

• Bypassing & MOC

• Maintenance

• Periodic Proof Tests

• Modifications

Management of Functional Safety Sy stems Lifecy cle Management Systems Modification Systems Decommissioning

Systems Operation and Maintenance

(23)

23

Unmitigated Risk Mitigated Risk Bypass Overdue maintenance

• Startup

• System Operation

• Bypassing & MOC

• Maintenance

• Periodic Proof Tests

• Modifications

(24)

24

Supplier SDLA Phases

(25)

Integrators/Asset Owners

Engineer and Integrate COTS into Site Specific Systems

Asset Owners

Operate and Maintain Site Specific Systems

Suppliers

Design and Manufacture COTS Control Systems

(26)

26

Security Tools

> Network monitoring

> Host intrusion detection > Endpoint threat detection > Network intrusion detection > Network access control

> Security information and event management

> Application control / whitelisting > Vulnerability scanners

• There are plenty of security monitoring tools available

• Most are designed for enterprise IT • Need to be tested and carefully

applied to ICS systems

• Plant personnel need to be trained on how to use these tools to

effectively detect and respond to security incidents

(27)

Summary:

• Asset Owner: Use Risk Matrix • Supplier: Security Process

Verification

• System Integrator: Train

Personnel on How to Use Monitoring Tools

2

1

(28)

Aligning Cyber Security and Process Safety

Reduces Risk

Prevent Control Mitigate Emergency Prevent Control Mitigate Emergency

Safety

Security

Approach security

the same way that you do safety

“More similar than different” Stronger Together

(29)

29

Takeaways….

What are some specific actions

you can take to:

Better align Cyber Security

(30)

30

(31)

Where to get more information

ISSSource – www.isssource.com

ISA Secure – www.isasecure.org

ae Solutions – www.aesolns.com

(32)

32

Glen Bounds

Global Director,

Cyber Security Services Schneider Electric

[email protected]

Andre Ristaino

Managing Director

Automation Standards Compliance Institute [email protected]

Steve Elliott

Senior Director, Offer Marketing Schneider Electric

[email protected]

Farshad Hendi

Safety Services Practice Leader Schneider Electric

[email protected]

Contacts

John Cusimano

Director of Industrial Cybersecurity aeSolutions

(33)