Cyber Security From product to system solution

(1)

Cyber Security

From product to system solution

Markus Brändle, Network Management Forum Heidelberg, 8./9./10. October 2013

(2)

Measures taken to protect a computer or computer system (as on the Internet) against unauthorized access

or attack*

translates into

Measures taken to protect the reliability, integrity and availability of power and automation technologies against unauthorized

access or attack

Cyber Security

A definition

in the context of power and automation technology

(3)

Existing regulatory frameworks

 Energiewirtschaftsgesetz (EnWG) currently in force:

 §11 (1a): "Der Betrieb eines sicheren

Energieversor-gungsnetzes umfasst […] einen angemessenen Schutz gegen Bedrohungen für Telekommunikations- und

elektronische Datenverarbeitungssysteme[…]. Die

Regulierungsbehörde erstellt hierzu […] einen Katalog

von Sicherheitsanforderungen […]. Ein angemessener Schutz des Betriebs eines Energieversorgungsnetzes wird vermutet, wenn dieser Katalog der Sicherheits-anforderungen eingehalten und dies vom Betreiber

dokumentiert worden ist. Die Einhaltung kann von der

Regulierungsbehörde überprüft werden. […]"

 The mentioned catalogue of requirements is not

available yet!

(4)

Upcoming regulatory frameworks

 "Referentenentwurf": "Gesetz zur Erhöhung der Sicherheit informationstechnischer Systeme"

 Establishes German BSI as the "competent authority“.

 Requires operators of critical infrastructure to implement state-of-the-art security controls.

 Requires operators to report significant incidents to the

BSI.

 Refers to industry standards and proven-in-the-field

practices as expected state-of-the-art.

(5)

Cyber Security

 Cyber security has become an more important issue by

introducing Ethernet (TCP/IP) based communication

protocols to industrial automation and control systems. e.g. IEC60870-5-104, DNP 3.0 via TCP/IP or IEC61850

 Connections to and from external networks (e.g. office

intranet) to industrial automation and control systems have opened systems and can be misused for cyber attacks

 Cyber attacks on industrial automation and control systems

are real and increasing, leading to large financial losses

 Utilities need to avoid liability due to non-compliance with

regulatory directives or industry best practices

Why is Cyber Security an issue?

(6)

The biggest challenges - organizational

Images: www.guardianconsultants.co.uk wegilant.com www.floris-cm.nl blogpool4tool.com

Risk Management Awareness

(7)

Disruptive Changes Sustaining Security

The biggest challenges - technical

Images: www.zazzle.co.nz www.zoho.com blog.monitorscout.com www.leadthefish.com nl.123rf.com www.ccure.it

Situational Awareness Installed Base

(8)

Cyber Security

BDEW White Paper Requirements

Motivation:

 Security measures for control and

telecommunication systems

 Protect the operation of these

systems against security threats Main Requirements:

 Robustness Testing / Product &

System Hardening

 User Account Management

 User activity logging / Audit Trail

 Secure Communication

 Antivirus

 Firewall

(9)

Holistic Approach to Cyber Security

Cyber Security for the energy sector

ABB Network Manager

System status 1. Secure network architecture 2. System monitoring 3. System protection 4. Cyber Security management system 5.

Monitor Protect

(10)

Cyber Security for the energy sector

Steps to sustainable cyber security – network architecture

October 14, 2013 | Slide 10

 No direct access to secure zone

 No services (e.g. remote desktop) between insecure and secure

zone

 No direct data exchange between office and SCADA network (e.g. use of data diodes)

 Control of traffic between zones

(11)

Cyber Security for the energy sector

Steps to sustainable cyber security – system monitoring

Automated and centralized monitoring:



_{Host monitoring:}

 Event-logs, processes, resources

 Server and workstations



_{Equipment monitoring:}

 Ping, SNMP, Syslog

 RTUs, switches and routers



Network monitoring:

 performance incl. SCADA protocols (e.g. IEC

60870-5-104, DNP 3.0, Modbus, ICCP, …)

 Monitoring within network zones

(12)

Cyber Security for the energy sector

Steps to sustainable cyber security – system protection

System protection includes:

 Access control

 Antivirus systems (in Windows environments if

possible)

 Whitelisting following need-to-know principle

 Security updates of applications, operating systems and

third party products

 Trusted shares for updates of applications

(13)

Cyber Security for the energy sector

Steps to sustainable cyber security – management system

Fulfillment of policies:

 BDEW Whitepaper, DIN 27009, ISO/IEC TR 27019

 Internal policies (e.g. ISMS, integrated security management

systems)

Asset management for IP-based system components:

 Baseline of current status

 Procurement, commissioning and service

Change Management:

 Traceability of software changes (e.g. operating system, applications, and configurations)

 System restore (backup strategy)

(14)

Cyber Security for the energy sector

Partnership ABB and Industrial Defender

Why Industrial Defender?

 Global leader in automation systems management for industrial control systems

Customer benefits?

 Technology alignment

 Verified solutions

 Combined Know-How

Efficient and comprehensive security solutions

Managing Diverse Requirements of Automation Systems

Environments

The convergence of:

(15)

From product to system solution

Summary

Cyber security from ABB

 is embedded in substation

automation products and solutions

 is an integral part of product

development and quality assurance

 comprises the latest technology

and high competence

 enables customers to protect,

monitor and manage their systems

 safeguards systems in a

changing world

(16)