Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
1950s
5/4/2012 # 2
© 2012 ABB
Security Maturity Evolution in Industrial Control
Technology Sophistication
Security
Management
Intrusion Automates
Prevention manual process
Network Based Enforces policy,
Event Monitor
Host Based process &
Central Logging procedures
Deep packet
Monitor and inspection Leverages
Intrusion respond “baselines”
Known Bad
Detection Alert on Events of signatures Manages
Network Based interest changes
Known Good
Host Based Log everything Signatures Audit reporting
and apply
Firewalls Known Bad forensics Whitelisting Continuous
Industrial System assessments
Business Incident
connectivity Protocols Management hardening Attestation data
Locks on Alarm System locked Doing it and
Flight recorder down Proving you are
the Door Sensors
doing it
Enterprise IT
Automation
Systems
OT
5/4/2012 # 4
© 2012 ABB
Control Systems Have Unique Architectures
IEDs,
Servers: PCS, Automation Systems Devices Sensors, Controllers
SCADA, …
Hardened
Firewalls networking devices
5/4/2012 # 6
© 2012 ABB
IT/Data Center Environment
• Dedicated Specialists
- Desktop
- Database
- Network
- Security
• Dedicated Tools
- Desktop Management
- Database Management
- Network Management
- Security Monitoring
5/4/2012 # 7
© 2012 ABB
Operations Technology(OT) Environment
• OT Specialists
– Dedicated Applications Specialists
– Manage Control Network and Control Systems
– Generalists, Not Specialists
• OT Tools
– Diagnostic Tools Are Usually Supplied by Control Systems Vendor
– Control Systems Tools Are Application Centric
– Network, Security, Database, Desktop Support Tools Not Available
or Not Present
– Learning 4-5 IT Tools To Manage Environment Not Practical
5/4/2012 # 8
© 2012 ABB
Unique Challenge: 15+ Year Duty Cycle on Control Systems
• Look For:
– Security Technologies That Support Legacy Systems
– Technologies That Utilize Limited Network Bandwidth For Reporting/Monitoring
5/4/2012 # 9
© 2012 ABB
Unique Challenge: Industrial Controls Environment
• Look For:
– Technologies that support network monitoring of industrial protocols via purpose
built signatures for industrial protocols
– Technologies that can monitor configurations of industrial end point devices
5/4/2012 # 10
© 2012 ABB
Recommended OT Security Deployment
• Monitoring of Servers
– Syslog
– Embedded Agents
• Monitoring of Workstations
– Syslog
– Embedded Agents
• Perimeter Firewalls
• Anti-Virus Anti Malware
– Blacklist (signature based)
– Whitelist (application based)
• Configuration Management
– Monitoring and Baselines of Configuration Changes
5/4/2012 # 11
© 2012 ABB
Generation Plant Security Deployment
5/4/2012 # 12
© 2012 ABB
Security
Components
HMI Workstation w/ 4
Historian / PC Apps Servers w/
Monitors
MSL2024 Tape Library
Proliant DL380R06
SCADA
HP Domain Controller
SCADA Servers
StorageWorks
MSL2024
Ready Clean Attention Error Cancel Enter Tape
Library
Servers
UDW Proliant DL380R06
1 2 3 4 5 6 7 8
ONLINE HP
SPARE
1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k ProLiant 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8
POWER POWER
MIRROR serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi DL380G5 ONLINE HP ONLINE HP
PCI 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB SPARE SPARE
SUPPLY SUPPLY
RISER 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k ProLiant 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k ProLiant 1 2 3 4 5 6 7 8
CAGE POWER POWER
MIRROR serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi DL380G5 POWER POWER
MIRROR serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi DL380G5 ONLINE HP
PCI 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB PCI 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB SPARE
DIMMS SUPPLY SUPPLY
RISER
SUPPLY SUPPLY
RISER 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k ProLiant
MIRROR
CAGE CAGE serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi DL380G5
PPM
PPM
POWER POWER PCI
DIMMS DIMMS SUPPLY SUPPLY 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB
RISER
CAGE
PPM
PPM
PPM
PPM
DIMMS
PPM
PPM
PROC PROC
INTER
LOCK
FANS
PROC PROC PROC PROC
OVER
INTER INTER
TEMP LOCK LOCK
FANS FANS
PROC PROC
OVER OVER
INTER
TEMP TEMP LOCK
FANS
OVER
TEMP
UID 1 2
UID 1 2 UID 1 2
UID 1 2
Catalyst 2948G-L3
1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47
1000 Base - X
CONSOLE
49
1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8
ONLINE HP ONLINE HP ONLINE HP
SPARE SPARE SPARE
1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k ProLiant 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k ProLiant 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k ProLiant 1 2 3 4 5 6 7 8
50
POWER POWER
MIRROR serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi DL380G5 POWER POWER
MIRROR serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi DL380G5 POWER POWER
MIRROR serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi DL380G5 ONLINE HP
2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 PCI PCI PCI
1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 SUPPLY SUPPLY 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB SUPPLY SUPPLY 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB SUPPLY SUPPLY 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB SPARE
1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k ProLiant
RISER RISER RISER
MIRROR
STATUS AUX CAGE CAGE CAGE POWER POWER PCI
serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi DL380G5
PSI RPSU 49 50 DIMMS DIMMS DIMMS SUPPLY SUPPLY 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB
10/100/100 ETHERNET RISER
CAGE
PPM
PPM
PPM
PPM
PPM
PPM
LAYER 3 SWI TCH
DIMMS
PPM
PPM
PROC PROC PROC PROC PROC PROC
INTER INTER INTER
LOCK LOCK LOCK
FANS FANS FANS
PROC PROC
OVER OVER OVER
INTER
TEMP TEMP TEMP LOCK
FANS
OVER
TEMP
UID 1 2
Cisco Switch 1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47
CONSOLE
Catalyst 2948G-L3
1000 Base - X
49
50
WS-C3560G-48TS
2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48
1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47
STATUS AUX
PSI RPSU 49 50
10/100/100 ETHERNET
LAYER 3 SWI TCH
WS-C3560-48TS
Power Status
EMS LAN B
RSA Two Factor ProCurve
600 rps/eps EPS Port Status RPS Port Status
ID HIPS
J8168A
RTU LAN A
PoE
Appliance
Device Connected - E2 E1 Device Connected - R6 R5 R4 R3 R2 R1
Power Status - Power Status -
Fan/Temp
Power Status
Satellite Clock
ID NIDS
SBS
Technologies, Inc.
SBS
Technologies, Inc.
PCI Expansion Unit with
PCI Expansion
Unit
PCI Expansion
Unit
ICP Cards
16 Port Breakout
DMZ LAN A Panel
DMZ LAN B
1 2 3 4 5 6 7 8
ONLINE HP
SPARE
1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k ProLiant
MIRROR
POWER POWER PCI
serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi DL380G5
SUPPLY SUPPLY 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB
RISER
CAGE
DIMMS
PPM
PPM
1 2 3 4 5 6 7 8
ONLINE HP
SPARE
1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k 1 port 10k ProLiant
MIRROR
PROC PROC POWER POWER PCI
serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi serial scsi DL380G5
INTER SUPPLY SUPPLY 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB 146 GB
LOCK
RISER
FANS CAGE
OVER DIMMS
TEMP
PPM
PPM
UID 1 2
1 2 3 4 5 6 7 8
HP
UID 1 2
Proliant DL380R06
CNP / ICCP Servers
Proliant DL380R06
ID SEM
PRIMARY
Corporate Backup Control Routers Host Intrusion
WAN System Provided by RRI
Detection/Prevention
Example SCADA Management
System
5/4/2012 # 13
© 2012 ABB
Development of Secure Products
• Vulnerability Testing
– Independent, un-biased
5/4/2012 # 14
© 2012 ABB
Cyber Security Project Execution
Planning
– Functional Design Specification
– Security Policy Communicate and agree
– Network Topology Drawings
– Upgrades and Testing
Deployment and Commissioning
– Installation and Hardening Guideline Secure the system and
– Remote Access and File Transfer make it available
– Networks and Interfaces
– Group Policy and Organizational Units
Operation
– Computer and User Administration Operation starts on day
– Backup and Recovery one
– Patch and Rollup Management
5/4/2012 # 15
© 2012 ABB
Summary
5/4/2012 # 16
© 2012 ABB
5/4/2012 # 17
© 2012 ABB