Cyber Security
From product to system solution
Markus Brändle, Network Management Forum Heidelberg, 8./9./10. October 2013
© ABB Network Management Forum October 14, 2013 | Slide 1
Measures taken to protect a computer or computer system (as on the Internet) against unauthorized access
or attack*
translates into
Measures taken to protect the reliability, integrity and availability of power and automation technologies against unauthorized
access or attack
Cyber Security
A definition
in the context of power and automation technology
Existing regulatory frameworks
Energiewirtschaftsgesetz (EnWG) currently in force:
§11 (1a): "Der Betrieb eines sicheren
Energieversor-gungsnetzes umfasst […] einen angemessenen Schutz gegen Bedrohungen für Telekommunikations- und
elektronische Datenverarbeitungssysteme[…]. Die
Regulierungsbehörde erstellt hierzu […] einen Katalog
von Sicherheitsanforderungen […]. Ein angemessener Schutz des Betriebs eines Energieversorgungsnetzes wird vermutet, wenn dieser Katalog der Sicherheits-anforderungen eingehalten und dies vom Betreiber
dokumentiert worden ist. Die Einhaltung kann von der
Regulierungsbehörde überprüft werden. […]"
The mentioned catalogue of requirements is not
available yet!
© ABB Network Management Forum October 14, 2013 | Slide 3
Upcoming regulatory frameworks
"Referentenentwurf": "Gesetz zur Erhöhung der Sicherheit informationstechnischer Systeme"
Establishes German BSI as the "competent authority“.
Requires operators of critical infrastructure to implement state-of-the-art security controls.
Requires operators to report significant incidents to the
BSI.
Refers to industry standards and proven-in-the-field
practices as expected state-of-the-art.
© ABB Network Management Forum October 14, 2013 | Slide 4
Cyber Security
Cyber security has become an more important issue by
introducing Ethernet (TCP/IP) based communication
protocols to industrial automation and control systems. e.g. IEC60870-5-104, DNP 3.0 via TCP/IP or IEC61850
Connections to and from external networks (e.g. office
intranet) to industrial automation and control systems have opened systems and can be misused for cyber attacks
Cyber attacks on industrial automation and control systems
are real and increasing, leading to large financial losses
Utilities need to avoid liability due to non-compliance with
regulatory directives or industry best practices
Why is Cyber Security an issue?
© ABB Group October 14, 2013 | Slide 5
The biggest challenges - organizational
© ABB Network Management Forum October 14, 2013 | Slide 6
Images: www.guardianconsultants.co.uk wegilant.com www.floris-cm.nl blogpool4tool.com
Risk Management Awareness
Disruptive Changes Sustaining Security
The biggest challenges - technical
© ABB Network Management Forum October 14, 2013 | Slide 7
Images: www.zazzle.co.nz www.zoho.com blog.monitorscout.com www.leadthefish.com nl.123rf.com www.ccure.it
Situational Awareness Installed Base
© ABB Group October 14, 2013 | Slide 8
Cyber Security
BDEW White Paper Requirements
Motivation:
Security measures for control and
telecommunication systems
Protect the operation of these
systems against security threats Main Requirements:
Robustness Testing / Product &
System Hardening
User Account Management
User activity logging / Audit Trail
Secure Communication
Antivirus
Firewall
Holistic Approach to Cyber Security
Cyber Security for the energy sector
ABB Network Manager
System status 1. Secure network architecture 2. System monitoring 3. System protection 4. Cyber Security management system 5.
© ABB Group October 14, 2013 | Slide 9
Monitor Protect
Cyber Security for the energy sector
Steps to sustainable cyber security – network architecture
© ABB Group
October 14, 2013 | Slide 10
No direct access to secure zone
No services (e.g. remote desktop) between insecure and secure
zone
No direct data exchange between office and SCADA network (e.g. use of data diodes)
Control of traffic between zones
Cyber Security for the energy sector
Steps to sustainable cyber security – system monitoring
Automated and centralized monitoring:
Host monitoring:
Event-logs, processes, resources
Server and workstations
Equipment monitoring:
Ping, SNMP, Syslog
RTUs, switches and routers
Network monitoring:
performance incl. SCADA protocols (e.g. IEC
60870-5-104, DNP 3.0, Modbus, ICCP, …)
Monitoring within network zones
© ABB Group
Cyber Security for the energy sector
Steps to sustainable cyber security – system protection
System protection includes:
Access control
Antivirus systems (in Windows environments if
possible)
Whitelisting following need-to-know principle
Security updates of applications, operating systems and
third party products
Trusted shares for updates of applications
© ABB Group
Cyber Security for the energy sector
Steps to sustainable cyber security – management system
Fulfillment of policies:
BDEW Whitepaper, DIN 27009, ISO/IEC TR 27019
Internal policies (e.g. ISMS, integrated security management
systems)
Asset management for IP-based system components:
Baseline of current status
Procurement, commissioning and service
Change Management:
Traceability of software changes (e.g. operating system, applications, and configurations)
System restore (backup strategy)
© ABB Group
Cyber Security for the energy sector
Partnership ABB and Industrial Defender
Why Industrial Defender?
Global leader in automation systems management for industrial control systems
Customer benefits?
Technology alignment
Verified solutions
Combined Know-How
Efficient and comprehensive security solutions
Managing Diverse Requirements of Automation Systems
Environments
The convergence of:
© ABB Group
From product to system solution
Summary
Cyber security from ABB
is embedded in substation
automation products and solutions
is an integral part of product
development and quality assurance
comprises the latest technology
and high competence
enables customers to protect,
monitor and manage their systems
safeguards systems in a
changing world
© ABB Group
© ABB Group