T22 - Industrial Control System Security · • Incident response services Capabilities. Benefits....

Copyright © 2017 Rockwell Automation, Inc. All Rights Reserved.

PUBLIC

PUBLIC

T22 - Industrial Control System Security

1

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 2

Holistic Approach

Defense in DepthShield targets behind multiple levels of security countermeasures to reduce risk

OpennessConsideration for participation of a variety of vendors in our security solutions

FlexibilityAble to accommodate a customer’s needs, including policies & procedures

ConsistencySolutions that align with Government directives and Standards Bodies

A secure application depends on multiple layers of protection and industrial security must be implemented as a system.

http://images.google.com/imgres?imgurl=http://upload.wikimedia.org/wikipedia/commons/thumb/4/4c/US_Department_of_Homeland_Security_Seal.svg/360px-US_Department_of_Homeland_Security_Seal.svg.png&imgrefurl=http://commons.wikimedia.org/wiki/Image:US_Department_of_Homeland_Security_Seal.svg&h=359&w=360&sz=82&hl=en&start=1&usg=__g68ZxZ1Czwnbm-C8k0D2deynJXk=&tbnid=fqr03iu-bFLMmM:&tbnh=121&tbnw=121&prev=/images?q=department+of+homeland+security&gbv=2&hl=en

http://images.google.com/imgres?imgurl=http://upload.wikimedia.org/wikipedia/commons/thumb/4/4c/US_Department_of_Homeland_Security_Seal.svg/360px-US_Department_of_Homeland_Security_Seal.svg.png&imgrefurl=http://commons.wikimedia.org/wiki/Image:US_Department_of_Homeland_Security_Seal.svg&h=359&w=360&sz=82&hl=en&start=1&usg=__g68ZxZ1Czwnbm-C8k0D2deynJXk=&tbnid=fqr03iu-bFLMmM:&tbnh=121&tbnw=121&prev=/images?q=department+of+homeland+security&gbv=2&hl=en


Strategic Develop an OT cyber security

program Adopt an industry framework Understand business drivers and risk

tolerances to drive target profiles Conduct assessments to develop

an understanding of gaps Create an improvement plan to drive

the tactical approach

Tactical Execute on filling gaps as

defined and prioritized in the strategic approach

Use validated designs and architectures

Implement pre-engineered infrastructure and software solutions to achieve targets

The Approach


Methodology

Securing your operations environments with a risk-based approach


ISA/IEC 62443Certified Products, Systems and System Delivery

Applies to those responsible for designing, manufacturing, implementing, or managing industrial control systems:

End-users (for example; asset owner) System integrators Security practitioners ICS product/systems vendors

Series of standards that define procedures for implementing electronically secure industrial automation and control systems (IACS).


Recent Events

https://www.wired.com/story/crash-override-malware/https://www.wired.com/2017/05/ransomware-meltdown-experts-warned/

Frequency of malware attacks are rapidly increasing

Phishing attacks are the #1 delivery mechanism

Increasing levels of adaption and scalability


Remote access

Modems

Business system connectivity

USB and portable media

Mobile PCs and devices

Typical Access Points

People are the weakest link!L 0/1

L 2

L 3

IDMZ

L 4


Our Plan of Attack

Harden the endpoints

Secure the infrastructure

Detect and monitor


Secure Infrastructure1. Establish the perimeter2. Harden the interior3. Prevent & contain


Secure Network InfrastructureValidated Architectures

Help achieve infrastructure security through a common, validated system architecture leveraging the Stratix portfolio and Cisco security solutions.

Design and Implementation Guides: • Converged Plantwide Ethernet (CPwE) Design and Implementation Guide • Segmentation Methods within the Cell/Area Zone • Securely Traversing IACS Data Across the Industrial Demilitarized Zone • Deploying Identity Services within a Converged Plantwide Ethernet Architecture • Site-to-site VPN to a Converged Plantwide Ethernet Architecture • Deploying Industrial Firewalls within a Converged Plantwide Ethernet Architecture

Download these and more at: http://www.rockwellautomation.com/global/products-technologies/network-technology/architectures.page

IDENTITYSERVICES

ENGINE

Adaptive Security

Appliances

http://www.rockwellautomation.com/global/products-technologies/network-technology/architectures.page


The Stratix® PortfolioIntegrating Industrial and Enterprise Environments

Leverage managed switches to build out robust networks that can manage ACL’s, VLANs, and QoS policies

Implement industrial firewalls (Stratix® 5950) to isolate critical systems


Connectivity Considerations Data Diodes for more secure one-way data transfer Enables data to move out of control system networks without allowing any

data in, for: View-only OPC View-only screen sharing Historian replication Backups

Allow tightly controlled movement of data into control system networks for needed files, patches and software updates


Connectivity Considerations

Network segmentation using private overlay networks on top of untrusted infrastructure Private networks can be mapped to users

and/or devices Requires no changes to existing infrastructure Leverages HIPswitches and a centralized

HIPConductor


Harden the Endpoints1. User access control for endpoints and applications2. Authorize appropriate software and devices3. Establish a patching procedure


Hardened PCs and Servers System Infrastructure Configuration User Manual: • Infrastructure: domain controller, Active Directory, Windows management and

• Windows group policies with recommendations (i.e. USB use policies, password complexity, time sync, etc.)

• WSUS for OS patch management – coming soon! • Application user authentication with FactoryTalk® Security

• Prescribed role-based policies (maintenance, operator, admin, etc.)• Area-based security models

Download the manual at: http://literature.rockwellautomation.com/idc/groups/literature/documents/um/proces-um001_-en-p.pdf

http://literature.rockwellautomation.com/idc/groups/literature/documents/um/proces-um001_-en-p.pdf


Application WhitelistingSymantec embedded security: critical system

protection Great for helping to protect PCs that can’t be frequently

updated Completely policy driven – no signatures Features include:

Application whitelisting Sandboxing Host firewall File protection Monitoring, and more…


User Access Control and AuthorizationFactoryTalk® Security

Provides a centralized authority to verify identity of each user Active Directory integration Disconnected environment support

Grants or deny user's requests to perform a particular set of actions on resources within the system

New in version 28: • Temporary Privilege Escalation• Guest User Access• Reusable Permission Sets

(Routines, Add-On Instruction, and Tags)• Secondary Security Authority

• Authenticate the user• Authorize use of applications• Authorize configuration access to

controllers


Asset Inventory & Patch ManagementFactoryTalk® AssetCentre

REDUCE THE TIME IT TAKES TO GET lifecycle INFORMATIONExport the asset inventory to Product Compatibility and Download Center (PCDC)


Disaster RecoveryFactoryTalk® AssetCentre

Disaster Recovery can optionally be configured to create a new archive versionWHEN A DIFFERENCE IS DETECTED

Version 10 Version 11

VS.

Compares image or code to master file in archive1 Detects differences & generates an

event to FactoryTalk® AssetCentre2 Email containing difference report sent to users3


Detection and Monitoring1. Alert on anomalous behavior2. Identify known threats3. Provide an audit trail to support analysis4. Measure on-going compliance to policy


Network Security AppliancesStratix® 5950 Security Appliance

Connectivity Options: (4) 1Gig Copper (2) 1Gig Copper and (2) SFP

Industrially-hardened

Based on recognized and proven technologies Adaptive security appliance for firewall and VPN SourceFire FirePower for inspection and detection Enhanced with OT context of protocols, behaviors,

and features

Strategic collaboration between Cisco and Rockwell Automation®

Key Features: Deep Packet Inspection for ICS

protocols Threat & application update service DIN rail mount


Line 1

Line 2

Line 3

Individually Managed Site Appliance

Centrally Managed Services

OT Assets

IT Assets

• Validate operational tasks to reduce risk, and maintain process integrity

• Near real-time detection of cyber threats

• Recover from security Incidents with Highly-Trained Professionals

• Reduce risk of downtime with 24x7 response

• Behavioral anomaly detection• Active change detection• Alert on operational and

security events• Incident response services

Capabilities Benefits

Secu

rity an

d Op

erati

onal

Monit

oring

MANAGED ANOMALY DETECTION

• Comprehensive asset inventorying

• Passive network monitoring• Vendor and protocol agnostic• Deep network analysis

• Continuous monitoring without interrupting production

• Single solution for many ICS vendors• Collect information on how assets are

configured, communicate and change• Discover issues with full visibility of

ICS networksAsse

t Mon

itorin

g

24x7 Monitoring and Response by Trained IT/OT Professionals

Security and Operational Alerts and Events

Powered by


Tripwire Configuration Compliance Manager (CCM) Audit industrial automation networks

and controllers for more secure and approved configurations

Identify unauthorized changes, configuration hardening errors and security vulnerabilities

Layer on top of a standard implementation of FactoryTalk® AssetCentrefor greater visibility into industrial automation applications

Compliance and Reporting


Industrial Security Landing Web Page

http://rockwellautomation.com/security

Security Resources

Security Advisory Index

Microsoft Patch QualificationReference

Architectures

[email protected]

Services Services

Security Technology

Security FAQ

www.rockwellautomation.com

PUBLIC

Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 25

Thank You!

Date post:	23-Apr-2018
Category:	Documents
Upload:	nguyendieu
View:	217 times
Download:	1 times

T22 - Industrial Control System Security · • Incident response services Capabilities. Benefits....

Documents