securing industrial control systems
TRANSCRIPT
Securing Industrial Control Systems
Kevin Wheeler, CISSP, CISA
2
Evolving Threat Landscape1
Industrial Control Systems2
Emerging Industrial Control System Threats3
Securing Industrial Control Systems4
Agenda
Questions and Discussion5
Evolving Threat Landscape
5
Today’s Internet Threats
In 2007
1,431 variants per day
Malware Growth
6
• Kits Allow Novice Attackers to Launch Sophisticated Attacks
• Can Be Used to Easily Customize Attacks• Create Unique Variants of Common Malware
Threats
7
Attack Kits
8
Threat Motives
8
Monetary PoliticalNationalSecurity
Industrial Control Systems
SCADA Functionality• Industrial System
Monitoring
• Industrial Actuator Control
• Used for:• Power Generation
and Transmission• Water Supply• Oil and Gas• Wastewater
Treatment• Building
Management
10
SCADA Functionality
11
SCADA System Architecture
12
SCADA System Architecture
13
Evolving Industrial Control System Threats
15
Industrial Control System Threats
• Nation-state Threats are Increasing
• Cyber-Terrorism Has Become More Prevalent
• SCADA Remains Inherently Insecure
Case Study: Illinois Water District
Occurred: November 8, 2011Attack Vector: SCADA system software compromised by Russian hackersMotive: Cyber Terrorism/WarfareEffect of Breach: Equipment (water pump) destroyedRemediation: IDs and passwords were changed, logical access control enhanced
https://krebsonsecurity.com/2011/11/cyber-strike-on-city-water-system/
18
Case Study: Iran Nuclear Program
Occurred: June, 2010Attack Vector: SCADA system comprised by Israeli and US intelligence agencies through Stuxnet wormMotive: Cyber WarfareEffect of Breach: Equipment (Siemens centrifuges used for uranium enrichment) destroyedRemediation: Authentication and logical access control enhanced
19
Case Study: LA Traffic Control Center
Announced: August 21, 2006Attack Vector: Stolen Supervisor passwordsMotive: Cyber Terrorism, Union StrikeEffect of Breach: Traffic lights at four key LA intersections were disabled for four days jamming traffic at the intersectionsRemediation: Attackers eventually relinquished control of the system. The city most likely changed passwords, implemented more stringent password policies and possibly implemented a strong authentication system.
20
Securing Industrial Control Systems
ISA99 and ISA/IEC 62443 Standards
© Industrial Society of Automation, https://www.isa.org
22
Security Governance
1. Obtain Executive Sponsorship
2. Develop an Industrial Control System Security Committee
3. Define Policies4. Provide Security Training
for ICS Engineers5. Implement Security
Metrics and Reporting to Measure Progress
24
Threat and Vulnerability Management
1. Implement a System Patch Management Process
2. Disable System Services and Functions that are not Required
3. Optimize Security Configurations
4. Implement an Ongoing Threat Identification and Assessment Procedure
5. Periodically Test for Vulnerabilities
25
Logical Access Control
26
1. Isolate ICS Networks2. Define Logical Security
Zones3. Implement Next Gen
Firewall Technology4. Deploy Role-based Access
Control 5. Require Multi-factor
Authentication
*Use Privileged Access Management Technology if Possible
1. Centralize Network Access to Supervisory Level Industrial Control Systems Using Next Generation Firewall Technology
2. Provide Centralized Authentication and Accounting (Logging) for Industrial Control System Access
3. Isolate Industrial Control Network Access Using VPNs Over Internal Networks and VLANS to the Supervisory Level
4. Harden SCADA Management Systems as Single Purpose Devices
5. Monitor Supervisory Level Database Activity6. Authenticate and Encrypt Dial-up and Wireless Access to
Out-of-band Control Level PLCs and RTUs7. Physically Secure the Device Level at Facilities
26
Recommendations
SCADA Security Architecture
25
VPNAuthentication
Corporate Network
