IDEA’ s 23RD CAMPUS ENERGY CONFERENCE – Feb 9, 2010
Securing Campus Utility
Systems from Cyber Attack
TC Lau, Industrial Defender VP of Professional Services Bob Manning, Harvard University
Engineering & Utilities
Case Study Overview
University Situation
Challenges
Mitigation Options Available
Options Comparison
Chosen Solution
Lessons Learned
University Situation
Campus netw ork characteristics
Open academic cultures
Students have open access and vulnerable to malicious sites
Flat and open netw orks pose additional threats to plant operations
Key Concern – Availability of Plant Operations
Utility system is on campus backbone
Utility system is vital to university operations
Challenges
Architecture
No isolation w ith current architecture
Need secured communications across distributed campus netw ork
Operational
Expertise needed in control systems and new security devices
Staffing required for 24x7 monitoring services
Implementation w ith minimal to no impact on Operations Focus on core competencies
Mitigation Options
1. Firew alls
2. Netw ork/Host Intrusion Detection System (NIDS/HIDS)
3. Internal Security Event Monitoring (SEM)
Options Comparison
Firew alls/UTM
* Examples include Cisco, Checkpoint & Juniper
Pros
Basic ‘ traffic cop’ firew all functionality Basic Anti-Virus (AV) functionality
Basic Intrusion Prevention Services (IPS)
Most have AV/IPS automatic signature updates Logged data packets
Cons
Additional infrastructure to be supported – and by w hich group? IT practices may not w ork for Plant Operations
Not SCADA protocol aw are (modbus, DNP3, ICCP,etc) Not a ‘ defense-in-depth’ solution
Options Comparison
Netw ork & Host Intrusion Detection (NIDS/HIDS)
* Examples include Tripw ire ,Real Secure, Enterasys, Snort & ISS
Pros
Some security and performance metrics Detection of malicious traffic
Detection of netw ork changes
Monitoring unauthorized netw ork access
Alert on unknow n, not -understood traffic (w hite-listing)
Cons
False positive
Lack of signatures for SCADA protocols
Can impact netw ork or processor utilization consumption Not a ‘ defense-in-depth’ solution
Options Comparison
Internal Monitoring Systems
* Examples include What’ s Up Gold, HP OpenView , SolarWinds, and several others
Pros
Can be cost-effective
Ease of configuration using SNMP or syslog
Great for monitoring up/dow n status
Dashboard functionality
Cons
Robust systems can be very expensive
No connectors for RTU, PLC, HMI and PI
Robust solutions can require in-depth training
Additional infrastructure to be supported
Options Comparison
Outsourced to Security Company
* Examples include BT Counterpane and CSCPros
Augment staffing
Especially beneficial for 24x7 Operations
Elimination of ongoing training needs
Allow s focus on core business functions
Leverages economies of scales
Additional services often available
Cons
Lack know ledge in SCADA & DCS domain
Customer could lose access to critical data
Chosen Solution
Defense-in-Depth
Multi-layered approach Fully integrated security
Chosen Solution
Co-Managed Security Service
Customer has administrative control of systems Customer has access to logs, backups, reports, etc. Customer controls firew all policy changes
Customer customized alert priorities
Domain Expertise
Know ledge of control systems Know ledge of security practice
Hardened 24x7 Security Operations Center (SOC)
Industrial Defender’ s Managed Security Services
Fully integrated ‘ defense-in-depth’
8 distributed firew alls providing isolation and UTM functionality
2 NIDS monitoring key netw ork segments
Lessons Learned
Field devices not connected to UPS systems
Prone to potential data loss as a resultUnencrypted logs over the campus netw ork
Mitigated via VPN tunnels betw een distributed endpoints
Coordination of router changes and implementation of new
devices
Industrial sw itches in use
Difficult to accessMounted via DIN rails (not standard for netw ork devices) Concerns about port spanning capabilities
– Mitigated by replacement w ith standard Cisco sw itches
