cccc ics: viewfrom rrrrussiawps1705.international-bc-online.org/wp-content/... · a major player in...
TRANSCRIPT
![Page 1: CCCC ICS: VIEWFROM RRRRUSSIAwps1705.international-bc-online.org/wp-content/... · A major player in the Russian market of Network security solutions: more than 1million client software](https://reader036.vdocument.in/reader036/viewer/2022081407/6053eb0a71a7c04c8a389d3c/html5/thumbnails/1.jpg)
CCCCYBERSECURITYYBERSECURITYYBERSECURITYYBERSECURITY ISSUESISSUESISSUESISSUES ININININ THETHETHETHE ICS: ICS: ICS: ICS: VIEWVIEWVIEWVIEW FROMFROMFROMFROM RRRRUSSIAUSSIAUSSIAUSSIA
Dmitry GusevDmitry GusevDmitry GusevDmitry GusevDeputy Director General, Infotecs JSC
Joint meeting of the IBC Joint meeting of the IBC Joint meeting of the IBC Joint meeting of the IBC “Information and Communication” Working Committee“Information and Communication” Working Committee“Information and Communication” Working Committee“Information and Communication” Working Committee
![Page 2: CCCC ICS: VIEWFROM RRRRUSSIAwps1705.international-bc-online.org/wp-content/... · A major player in the Russian market of Network security solutions: more than 1million client software](https://reader036.vdocument.in/reader036/viewer/2022081407/6053eb0a71a7c04c8a389d3c/html5/thumbnails/2.jpg)
©2017 Infotecs JSC
ABOUT US
Infotecs JSC (Information Technologies and Communication Systems)Infotecs JSC (Information Technologies and Communication Systems)Infotecs JSC (Information Technologies and Communication Systems)Infotecs JSC (Information Technologies and Communication Systems)
Founded in 1989. Since 1991, registered among the first Russian joint-stock companies. 25 years of experience in the development of cryptographic and network data protection tools
A major player in the Russian market of Network security solutions: more than 1 million client software licenses and more than 60,000 server products (software, appliances) sold
A secretary company of TC 26 (Technical Committee for Standardization “Cryptography and Security Mechanisms”)
700 7
Employees Products Offices Subsidiaries Partners
3 20050
![Page 3: CCCC ICS: VIEWFROM RRRRUSSIAwps1705.international-bc-online.org/wp-content/... · A major player in the Russian market of Network security solutions: more than 1million client software](https://reader036.vdocument.in/reader036/viewer/2022081407/6053eb0a71a7c04c8a389d3c/html5/thumbnails/3.jpg)
©2017 Infotecs JSC
ViPNet
Crypto routers / VPN
Firewalls/IDS/HIDS
Threat IntelligenceEmbedded Crypto
Modules / SDKs
PKI and Applied Cryptography
VIPNET PRODUCTS PORTFOLIO
![Page 4: CCCC ICS: VIEWFROM RRRRUSSIAwps1705.international-bc-online.org/wp-content/... · A major player in the Russian market of Network security solutions: more than 1million client software](https://reader036.vdocument.in/reader036/viewer/2022081407/6053eb0a71a7c04c8a389d3c/html5/thumbnails/4.jpg)
©2017 Infotecs JSC
ATTACKS ON ICS - A MYTH OR REALITY?
� �
Japan,Nuclear power
plant
Ukraine,Energy
Germany,Steel mill
USA, Transport
Jeep Cherokee remote hacking
Finland, Smarthome
Iran,Stuxnet
2010
2014
2015
2015
2015
Nov.2016
![Page 5: CCCC ICS: VIEWFROM RRRRUSSIAwps1705.international-bc-online.org/wp-content/... · A major player in the Russian market of Network security solutions: more than 1million client software](https://reader036.vdocument.in/reader036/viewer/2022081407/6053eb0a71a7c04c8a389d3c/html5/thumbnails/5.jpg)
©2017 Infotecs JSC
https://www.shodan.io/
YOUR ICS PROTECTED BY ISOLATED INFRASTRUCTURE ?
components available components available components available components available through non secure through non secure through non secure through non secure industrial protocolsindustrial protocolsindustrial protocolsindustrial protocols
96%
6,3% of available components of available components of available components of available components have known vulnerabilitieshave known vulnerabilitieshave known vulnerabilitieshave known vulnerabilities
of all components of all components of all components of all components available through Internetavailable through Internetavailable through Internetavailable through Internet
200 000
![Page 6: CCCC ICS: VIEWFROM RRRRUSSIAwps1705.international-bc-online.org/wp-content/... · A major player in the Russian market of Network security solutions: more than 1million client software](https://reader036.vdocument.in/reader036/viewer/2022081407/6053eb0a71a7c04c8a389d3c/html5/thumbnails/6.jpg)
©2017 Infotecs JSC
PROGRESS VS SECURITY� Mass implementation of typical
ICS
� Using the Internet as a universal data transport
� Integration of ICS with ERP andMES
� Poor updates of ICS
� Rapid development of remote monitoring and control systems
� New global concepts and visions: Industry 4.0, IIoT, Digital Factory, PLM
� Service models in industry(Industry Cloud, SECaaS)
Even one incident on
critical infrastructure
are enough
![Page 7: CCCC ICS: VIEWFROM RRRRUSSIAwps1705.international-bc-online.org/wp-content/... · A major player in the Russian market of Network security solutions: more than 1million client software](https://reader036.vdocument.in/reader036/viewer/2022081407/6053eb0a71a7c04c8a389d3c/html5/thumbnails/7.jpg)
©2017 Infotecs JSC
REGULATORY FRAMEWORK IN RUSSIA / ICS SECURITY
ГОСТГОСТГОСТГОСТ
ФСБФСБФСБФСБФСТЭКФСТЭКФСТЭКФСТЭК
Отраслевые Отраслевые Отраслевые Отраслевые требованиятребованиятребованиятребования
PRESIDENT/GOVERNMENT
Decree of the President of the Russian Federation No. 683 of December 31, 2015 "On the National Security Strategy of the Russian Federation“
"The Doctrine of Information Security of the Russian Federation", 12/05/2016
Authorized Bodies(Federal Security Service, Federal Service for Technical and Export Control)
FSTEC Order No. 31 of March 14, 2014 «On Approval of Requirements for Providing Information Protection in Automated Control Systems»
"Requirements for firewalls," FSTEC, 2016 (inc. industrial FW).
«The concept of the state system for detecting, preventing and eliminating the consequences of computer attacks on the information resources of the Russian Federation», December 12, 2014, FSS
No.256-FL "On the safety of fuel and energy facilities“
Draft federal law "On the Security of the Critical Information Infrastructure of the Russian Federation" of December 2016.
FEDERAL LAW
![Page 8: CCCC ICS: VIEWFROM RRRRUSSIAwps1705.international-bc-online.org/wp-content/... · A major player in the Russian market of Network security solutions: more than 1million client software](https://reader036.vdocument.in/reader036/viewer/2022081407/6053eb0a71a7c04c8a389d3c/html5/thumbnails/8.jpg)
©2017 Infotecs JSC
RUSSIAN NATIONAL TECHNICAL COMMITTEE FOR STANDARDIZATION«CRYPTOGRAPHY AND SECURITY MECHANISMS» (TC 26)[ISO/IEC JTC1/SC27]
Sub-Committee 1
State secret cryptography
Sub-Committee 3
Cryptography for payment
systems (National Card Payment System)
Sub-Committee 2
Cryptography for sensitive information for government
organization
Sub-Committee 4
Mass cryptography, blockchains and IoT/IIoT
TC 26
www.tc26.ru
Cryptography for ICS
![Page 9: CCCC ICS: VIEWFROM RRRRUSSIAwps1705.international-bc-online.org/wp-content/... · A major player in the Russian market of Network security solutions: more than 1million client software](https://reader036.vdocument.in/reader036/viewer/2022081407/6053eb0a71a7c04c8a389d3c/html5/thumbnails/9.jpg)
©2017 Infotecs JSC
INFORMATION SECURITY FOR ENTERPRISES
o Centralized management and monitoring
o Support of arbitrary communication technologies
o Support of arbitrary network topologies
o Scaling up to dozens of thousands hosts within a single protected network
o Network-level virtualization for integration of several local networks with mismatched IP addresses
o Provision of cryptographic services for customer’s application software
![Page 10: CCCC ICS: VIEWFROM RRRRUSSIAwps1705.international-bc-online.org/wp-content/... · A major player in the Russian market of Network security solutions: more than 1million client software](https://reader036.vdocument.in/reader036/viewer/2022081407/6053eb0a71a7c04c8a389d3c/html5/thumbnails/10.jpg)
©2017 Infotecs JSC
TOWARDS AND INTEGRATED IS: ENTERPRISE + ICS
![Page 11: CCCC ICS: VIEWFROM RRRRUSSIAwps1705.international-bc-online.org/wp-content/... · A major player in the Russian market of Network security solutions: more than 1million client software](https://reader036.vdocument.in/reader036/viewer/2022081407/6053eb0a71a7c04c8a389d3c/html5/thumbnails/11.jpg)
©2017 Infotecs JSC
ALL ABOUT PRIORITY
Confidentiality
Integrity
Availability
Enterprise
solutions
ICS
solutions
Availability
Integrity
Confidentiality
![Page 12: CCCC ICS: VIEWFROM RRRRUSSIAwps1705.international-bc-online.org/wp-content/... · A major player in the Russian market of Network security solutions: more than 1million client software](https://reader036.vdocument.in/reader036/viewer/2022081407/6053eb0a71a7c04c8a389d3c/html5/thumbnails/12.jpg)
©2017 Infotecs JSC
TWO WAYS TO PROTECT ICS
External (overlay)
tools
Built-in (embedded)
tools
![Page 13: CCCC ICS: VIEWFROM RRRRUSSIAwps1705.international-bc-online.org/wp-content/... · A major player in the Russian market of Network security solutions: more than 1million client software](https://reader036.vdocument.in/reader036/viewer/2022081407/6053eb0a71a7c04c8a389d3c/html5/thumbnails/13.jpg)
©2017 Infotecs JSC
ENTERPRISE AND ICS MIXED INFRASTRUCTURE
WAN
![Page 14: CCCC ICS: VIEWFROM RRRRUSSIAwps1705.international-bc-online.org/wp-content/... · A major player in the Russian market of Network security solutions: more than 1million client software](https://reader036.vdocument.in/reader036/viewer/2022081407/6053eb0a71a7c04c8a389d3c/html5/thumbnails/14.jpg)
©2017 Infotecs JSC
EMBEDDED CRYPTOGRAPHY IN FIELD LEVEL OF ICS
![Page 15: CCCC ICS: VIEWFROM RRRRUSSIAwps1705.international-bc-online.org/wp-content/... · A major player in the Russian market of Network security solutions: more than 1million client software](https://reader036.vdocument.in/reader036/viewer/2022081407/6053eb0a71a7c04c8a389d3c/html5/thumbnails/15.jpg)
©2017 Infotecs JSC
APPLIED CRYPTOGRAPHY FOR ICS
Data and command protection
• Integrity
• Confidentiality
• Replay attack protection
• Authenticity
• Legal relevance
Personnel authorization and authentication
• Multifactor authentication
• Secret sharing
![Page 16: CCCC ICS: VIEWFROM RRRRUSSIAwps1705.international-bc-online.org/wp-content/... · A major player in the Russian market of Network security solutions: more than 1million client software](https://reader036.vdocument.in/reader036/viewer/2022081407/6053eb0a71a7c04c8a389d3c/html5/thumbnails/16.jpg)
©2017 Infotecs JSC
VIPNET INDUSTRIAL/ENTERPRISE SECURITY GATEWAY MODELS
[WITH GOST CRYPTO]
55 Mbit/s
100 Mbit/s
1 Gbit/s
2,7 Gbit/s
5,5 Gbit/sHW100
HW1000
HW2000
HW50
HW5000
ViPNet Coordinator IG1010 Mbit/s
![Page 17: CCCC ICS: VIEWFROM RRRRUSSIAwps1705.international-bc-online.org/wp-content/... · A major player in the Russian market of Network security solutions: more than 1million client software](https://reader036.vdocument.in/reader036/viewer/2022081407/6053eb0a71a7c04c8a389d3c/html5/thumbnails/17.jpg)
©2017 Infotecs JSC
ICS PROTECTION: VIPNET COORDINATOR IG10
Secured Gateway with failover function, L3 VPN with L2overIP support(up to 10 Mbps), firewall.
Industrial design (-200… +600C, IP30, 10…30 V DC, DIN rail)
Router (DNS, DHCP, VLAN)
Wireless interfaces (3G, LTE, Wi-Fi)
RS-232/RS-485 - Ethernet gateway,Modbus TCP to Modbus RTU bridge
Discrete I/O ports (GPIO) to connect external sensors/actuators
![Page 18: CCCC ICS: VIEWFROM RRRRUSSIAwps1705.international-bc-online.org/wp-content/... · A major player in the Russian market of Network security solutions: more than 1million client software](https://reader036.vdocument.in/reader036/viewer/2022081407/6053eb0a71a7c04c8a389d3c/html5/thumbnails/18.jpg)
©2017 Infotecs JSC
VIPNET SIES CORE: FIELD LEVEL CRYPTOGRAPHY
o Hardware appliance intended to integration in | with protected device
o Provides basic cryptographic operations in order to implement security scenarios as a simple crypto API
o Protected Keys management and storage
o Passive mode connection to the protected
device via UART, SPI, USB, I2C technical
interfaces
o Designed as an SOM module, 64x36 mm
o Industrial design and power supply: -40…+750C,
4 …17 V DC, 0.7 W (at 5 V)
or
o A set of software crypto libraries for integration, Windows/Linux and x86, ARM, MIPS architectures (Baikal)
Ha
rdw
are
So
ftw
are
![Page 19: CCCC ICS: VIEWFROM RRRRUSSIAwps1705.international-bc-online.org/wp-content/... · A major player in the Russian market of Network security solutions: more than 1million client software](https://reader036.vdocument.in/reader036/viewer/2022081407/6053eb0a71a7c04c8a389d3c/html5/thumbnails/19.jpg)
©2017 Infotecs JSC
VIPNET SIES SERVER: SCADA LEVEL CRYPTOGRAPHY
Based on the ViPNet HSM appliance
(certified the Russian Federal Security Service under Russian high security classes, like FIPS 140-2 Level 3)
Protected secret key storage and 10,000+ cryptooperations per second
Backup feature
Full (PKCS#11) and simple crypto-API for integration with SCADA servers
Designed as an appliance or a virtual machine (Virtual Appliance)
![Page 20: CCCC ICS: VIEWFROM RRRRUSSIAwps1705.international-bc-online.org/wp-content/... · A major player in the Russian market of Network security solutions: more than 1million client software](https://reader036.vdocument.in/reader036/viewer/2022081407/6053eb0a71a7c04c8a389d3c/html5/thumbnails/20.jpg)
Thank you foryour attention!