Date post: | 19-Jan-2015 |
Category: |
Technology |
Upload: | isa-interchange |
View: | 887 times |
Download: | 0 times |
Standards
Certification
Education & Training
Publishing
Conferences & Exhibits
Security Certification –
A Critical Review
Dr. Ragnar Schierholz
Kevin McGrath
ABB Corporate Research
Copyright 2010 ISA. All Rights Reserved.
Distributed with permission of author(s) by ISA 2010 Presented at ISA Automation Week 2010; http://www.isa.org
2
Presenter
Dr. Ragnar Schierholz
• Research Area Coordinator for
Secure Remote Service
Infrastructure in ABB’s Industrial
Software Systems research
program
• Voting member of ISA 99
committee representing ABB
Kevin McGrath
• Technical lead for security in
ABB’s Industrial Communication
research program
• R&D project manager for
technology development
projects
Copyright 2010 ISA. All Rights Reserved.
Distributed with permission of author(s) by ISA 2010 Presented at ISA Automation Week 2010; http://www.isa.org
Outline
• Background
• Security certification explained
– Economic fundamentals
– History of certification
– (Current approaches in industrial automation)
• Analysis
– Learn from the past
• Conclusions
3
Copyright 2010 ISA. All Rights Reserved.
Distributed with permission of author(s) by ISA 2010 Presented at ISA Automation Week 2010; http://www.isa.org
Background
• Security standardization
– Setting a minimum level of acceptable security
– Enabling technical interoperability
• Information asymmetry & market failure
– «Market actors having imperfect, asymmetric information»
is one condition which can lead to market failure
– Hidden characteristics
– Hidden action/information
– Hidden intention
– Security properties of a product are difficult to
assess for a customer (hidden characteristics)
4
Copyright 2010 ISA. All Rights Reserved.
Distributed with permission of author(s) by ISA 2010 Presented at ISA Automation Week 2010; http://www.isa.org
Security certification explained
Economics
Transaction cost economics
• Allocate different costs to
different stages of a market
transaction
5
Stage Examples for associated activities and costs
Initiation identification of transaction partners, e.g. marketing (on the
vendor’s side) and product/supplier search and comparison
(on consumers’ side)
Negotiation consulting and administrative costs for contract closure,
coordination costs in specification, delivery planning, etc.
Settlement costs for product delivery, management of the exchange of
products and payments, validation of delivery and payment
Monitoring monitoring of quality and timeliness of transaction execution
Adjustment modification of contracts according to changes in
requirements
Principal-Agent theory
• Explains effects of con-
flicting interests under
asymmetric information
and suggests governance
models
– Conflicts:
– Moral hazard
– Adverse selection
– Hold-up
– Governance models
– Signalling/Screening
– Self selection
– Institutional hierarchy
Copyright 2010 ISA. All Rights Reserved.
Distributed with permission of author(s) by ISA 2010 Presented at ISA Automation Week 2010; http://www.isa.org
Security certification explained
History of certification
Certification of cyber security properties of software
products has been attempted in other industries
– Trusted Computer System Evaluation Criteria (TCSEC or
Orange Book)
– US Government initiative for systems used by government agencies
– Characteristics
– Direct interaction between government (NSA) and product vendor
– Test of systems in their context of use (incl. security organization)
– NSA tested against different sets of defined requirements
(higher level of certification means more comprehensive or stronger
requirements)
– Expensive, long testing procedures
6
Copyright 2010 ISA. All Rights Reserved.
Distributed with permission of author(s) by ISA 2010 Presented at ISA Automation Week 2010; http://www.isa.org
Security certification explained
History of certification
Certification of cyber security properties of software
products has been attempted in other industries
– Information Technology Security Evaluation Criteria (ITSEC) /
IEC 15408 (Common Criteria)
– EU driven initiative, now internationally standardized, generic
certification of software product security
– Characteristics
– Tests against profiles selected/defined by product vendor
(Protection Profile, Security Target, Security Function
Requirements, Security Assurance Requirements)
– Tested by independent certification labs, accredited for certification
(Commercial Licensed Evaluation Facility - CLEF)
– Certification levels (EALs) depend on rigor of test procedure – not
on different product requirements
– Cost of certification depends on certification lab’s procedures
7
Copyright 2010 ISA. All Rights Reserved.
Distributed with permission of author(s) by ISA 2010 Presented at ISA Automation Week 2010; http://www.isa.org
Security certification explained
History of certification
Certification of cyber security properties of software
products has been attempted in other industries
– ISO/IEC 27000 series
– International standard for certification of generic system security
– Characteristics
– Test of systems in their context of use (incl. security organization)
– Guidelines of testing / auditing defined in standard
– Cost of certification depends on auditor’s procedures
– No certification levels, pass/fail certification
8
Copyright 2010 ISA. All Rights Reserved.
Distributed with permission of author(s) by ISA 2010 Presented at ISA Automation Week 2010; http://www.isa.org
Security certification explained
Current approaches in industrial automation
• Several certification approaches exist or are being
developed in the automation industry
– Wurldtech Achilles Communication Certification (ACC)
– Wurldtech Achilles Practices Certification (APC)
– MuDynamics MUSIC certification
– Exiday Integrity Certification
– ISCI ISASecure Certification (EDSA)
• More on this from the other speakers in this session
9
Copyright 2010 ISA. All Rights Reserved.
Distributed with permission of author(s) by ISA 2010 Presented at ISA Automation Week 2010; http://www.isa.org
Analysis
• Issues found with certification programs
(to learn from the history, not to repeat it)
– Certification criteria
– Must be meaningful measurements of actual security property1
– Must be transparent so the principal can check for fit
– Must take the context of use into account
– Race to the bottom
– Certification labs only compete on price, but have no liability
– Incentive is to reduce cost by lax testing / auditing
– Adverse selection
– Only vendors who can’t demonstrate security with more meaningful
(possibly more expensive) signals will pursue certification
– Lifecycle coverage
– Recertification dilemma with new vulnerabilities or attack paths
10 1 See also S. Pfleeger and R. Cunningham, "Why Measuring Security Is Hard," IEEE Security & Privacy Magazine, vol. 8, 2010, pp. 46-54.
and further references in the paper
Copyright 2010 ISA. All Rights Reserved.
Distributed with permission of author(s) by ISA 2010 Presented at ISA Automation Week 2010; http://www.isa.org
Conclusions
• Security is not only a technical matter
• Economic theories explaining the environment and
suggesting solutions are out there
– Transaction cost economics
– Principal-agent theory
• Certification of security properties is one approach
– Has been tried several times and has failed (almost) as often
– Learn from mistakes, don’t repeat them
• Don’t forget alternative approaches
– Leverage the characteristics of the automation domain
– Large, few market actors where individual interaction is common
– Framework contracts reduce the frequency of transactions
11
Copyright 2010 ISA. All Rights Reserved.
Distributed with permission of author(s) by ISA 2010 Presented at ISA Automation Week 2010; http://www.isa.org
Questions?
Ask now or contact us later!
12
Principal Scientist
Industrial Software Systems
ABB Switzerland
Corporate Research
Segelhofstr. 1K
CH-5405 Baden 5 Dättwil
Phone +41 58 586 82 97
E-Mail [email protected]
Dr. Ragnar Schierholz
Scientist
Industrial Communication
ABB Norway
Corporate Research
Bergerveien 12
NO-1375 Billingstad
Phone +47 22 874 624
E-Mail [email protected]
Kevin McGrath
Copyright 2010 ISA. All Rights Reserved.
Distributed with permission of author(s) by ISA 2010 Presented at ISA Automation Week 2010; http://www.isa.org