Contenu connexe Similaire à Hima cyber security (20) Plus de ie-net ingenieursvereniging vzw (20) Hima cyber security2. © HIMA Paul Hildebrandt GmbH 2017 2
HIMA Mission
Our Mission is to contribute to
Plant Safety and Operational Availability by implementing
unique Smart Safety Solutions and life cycle Services
4. 4
HIMA: The leading Expert in Safety Solutions
▪ Headquarters in Germany Brühl
▪ Worldwide local service and support
▪ Over 40,000 safety systems installed
▪ More then 800 people dedicated to safety
▪ R&D investment with 125 experts
5. © HIMA Paul Hildebrandt GmbH 2018 5
Experienced recently while being airborne …
• How would you feel?
• Would you be worried?
• Will the plane be in trouble?
6. - autonomous, computer-based devices, used extensively in:
- oil refining,
- chemical processing,
- electrical generation
- other industries where the creation of a product is based on a continuous series
of processes being applied to raw materials.
6© HIMA Paul Hildebrandt GmbH 2018
Industrial Control Systems (ICS) is:
By deploying and programming ICS devices, engineers have the ability to remotely monitor and
control the different variables of the industrial process.
Supervisory Control and Data Acquisition (SCADA) systems, or distributed control systems (DCS),
and programmable logic controllers (PLCs))
7. A subcategory of ICS, and is used to protect
- humans,
- industrial plants
- and the environment in case of a monitored process going beyond the allowed
control margins.
7© HIMA Paul Hildebrandt GmbH 2018
Safety Instrumental Systems (SIS) is:
These devices are not intended for controlling the process itself,
but rather provide an overriding signal, so that immediate actions are taken if the process control
systems fail.
8. © HIMA Paul Hildebrandt GmbH 2017 8
What makes HIMA unique?
Safety solutions
Other companies
HIMA understands Safety better than any other company
Automation
Solutions
Smart Safety
solutions
Safety is our DNA
9. © HIMA Paul Hildebrandt GmbH 2017 9
Safeguards your plant/operations
9
e.g. pressure relief
valve
Public and plant-specifc
measures
e.g. retention basin
SIS (safety instrumented
system)
DCS / BPCS
and people
DCS / BPCS
Disaster prevention
Damage mitigation
Mechanical protection
MonitoringProcess alarm
Safety instrumented systemSafety shutdown
Operation
Monitored
Process value
Cyber Security
M
I
T
I
G
A
T
I
O
N
P
R
E
V
E
N
A
T
I
O
N
11. © HIMA Group 2018 11
SIL - Safety Integrity Level
SIL is how we measure the performance of safety functions carried out by the
safety instrumented systems
‣ Process owners:
Which safety functions do I need and how much SIL do I need?
‣ Engineering companies, system integrators, product developers:
How do I build SIL compliant safety devices, functions or systems?
‣ Process operators:
How do I operate, maintain and repair safety functions and systems
to maintain the identified SIL levels?
SIL has 3 sides to the story
13. © HIMA Group 2018 13
SIL Levels
PFDavg = Probability of Failure on Demand average
Most famous SIL requirement is the Probability of Failure on Demand
14. 14
Cyber security Risksecurity = threat * vulnerability * potential of the damage
Functional safety Risksafety = probability of a damage * potential of the damage
World
Sys.
Safety
+
What is Safety
World
Sys.
World Sys.
16. © HIMA Group 2018 16
100% GUARANTEE
See IEC 61508. Measures to reduce risk
to tolerable level once (and for ever)
for Safety there is none for Security there is none
See IEC 62443. Programmable Safety
Systems can be compromised.
18. 18
Safety and security interacting closely,
nevertheless
1. Both are focused on totally different aspects
2. Safety and security recommendations have no
automatic correlation
3. Alignment of safety and security requires a
special strategy
To tango requires common understanding
© HIMA Paul Hildebrandt GmbH 2018
19. 19
Principle 1: Protection of safety functions
Security effectively prevents safety against negative influences of threats.
Safety evaluations are based on the assumption of effective security measures.
Principle 2: Compatibility of implementations
Security does not interfere with safety and vice versa.
Principle 3: Protection of security countermeasures
The safety implementations do not negatively compromise the effectiveness of
security implementations.
Source: IEC/TR 63069
Guiding principles of applying Safety & Security
IEC 61508 & IEC 62443
Alignment of both dancing partners
© HIMA Paul Hildebrandt GmbH 2018
20. 20
Reviewed in
Safety Lifecycle Intervals
Safety Design Security Design
Secure Safety
Setup
Security Setup
Security Environment
• To protect the perimeters
of the Security environment
• To protect the internal Interactions
• To protect the individual functional units
Reviewed in
Security Lifecycle Intervals
1. Updates in years
2. Focus on malfunctions
3. Looking at (own) operational
experiences
I. Updates in weeks
II. Focus on vulnerabilities
III. Looking at community
experiences
Coordination of both Lifecycles
Our tango lasts longer
© HIMA Paul Hildebrandt GmbH 2018
21. HIMA Security Environment for Functional Safety
HIMA Secure Safety Core
21
Cyber secure down to its core
Gateway
CPU
I/O
COM
Interface
Interface4..20 mA
HART
DCS
Information
Domain
HIMA
MMI
Plant Security Zone
© HIMA Paul Hildebrandt GmbH 2018
DCS – Automation Domain
HIMA
22. ZONE DZONE C
ZONE B
ZONE A
22
MES OfficeVirtual Plant
WWW
ENG/MAIN
FieldbusHART4..20 mA
Level 0:
Instrumentation
Level 1:
Real Time Data
Processing
Level 2:
MMI/Maintenance
Level 3:
Local Office
ERP (local)
Level 4:
WWW
ERP (global)
SIS, HARTSIS
Zones & Conduits (IEC 62443)
Historian
AA A A A
© HIMA Paul Hildebrandt GmbH 2018
23. Do you have full
visibility of the
risks on your SIS
/ IOT system?
23© HIMA Paul Hildebrandt GmbH 2018
24. You think it will never
happens to me..
Until you are the
target..
24© HIMA Paul Hildebrandt GmbH 2018
25. 25© HIMA Paul Hildebrandt GmbH 2018
- Common vulnerability (e.g. SQL injection)
- Zero-day exploit
- USB keys
- Insider threat
- Physical access to devices
- Interactive social engineering
- Spear Phising
Common Attack methods:
26. © HIMA Group 2018 26
See Netflix film:
LO and Behold: Reveries of the connected World
From 53 min
27. 27© HIMA Paul Hildebrandt GmbH 2018
Petya-ransomware Attack
2017 – Again
Only this time a Worldwide hack
Cyber attacks are real
28. 28© HIMA Paul Hildebrandt GmbH 2018
Russia GRU caught hacking into OPCW via WIFI
October 2018
Example of the WIFI hack
Cyber attacks are real
31. © HIMA Group 2018 31
Cyber attacks are real
www.meltdownattack.com www.github.com/ICSrepo/TRISIS-TRITON-HATMAN
Incident Summary
The attacker gained remote access to an SIS engineering
workstation and deployed the TRITON attack framework
to reprogram the SIS controllers
Triton /Trisis/ HATMAN December 2017
Attackers Deploy New ICS Attack Framework “TRITON”
and Cause Operational Disruption to Critical Infrastructure
32. © HIMA Group 2018 32
MELTDOWN / SPECTRE
January 2018
• Critical weak points in chip hardware weaken nearly all IT
systems worldwide. (CPU chips)
• HIMA operating systems strictly segregate the memory
they access.
• Meltdown and Spectre have no effect on
HIMA security systems!
Cyber attacks are real
www.meltdownattack.com
33. 33© HIMA Paul Hildebrandt GmbH 2018
The malware also named Trojan-Spy.0485 or
Malware-Cryptor.Win32.Inject.gen.2
The drivers where registered in the virus database
under the name
Rootkit.TmpHider and
SScope.Rootkit.TmpHider.2
Uranium Plant - Iran
Cyber attacks are real
Stuxnet
Let’s look in detail Stuxnet
35. © HIMA Group 2018 35
Stuxnet
Targets specific Siemens PLC
• Each PLC must be configured before use
• Configuration is stored in system data blocks (SDB)
• Stuxnet parses these blocks
• Look for magic bytes 2C CB 00 01 at offset 50h
• Signifies a Profibus network card is attached - CP 342-5
• Looks for 7050h and 9500h
• Must have more than 33 of these values
• Injects different code based on number of occurrences
36. © HIMA Group 2018 36
Stuxnet
Programming the PLC
• Simatic or Step 7 software used to write code in STL
• STL code is compiled to MC7 byte code
• MC7 byte code is transferred to the PLC
• Control PC can now be disconnected
37. © HIMA Group 2018 37
Stuxnet
Stuxnet: Man-in-the-Middle Attack on PLCs
• Step7 uses a library to access the PLC
S7otbxdx.dll
• Stuxnet replaces that dll with its own version
• Stuxnet version intercepts, read and write to
the PLC and changes the code at this point.
Request code
block from
PLC
Show code
block from
PLC to user
Modified STL
code block
Step7
S7blk_read
STL code
block
S7otbxdx.dll
STL code
block
PLC
38. © HIMA Group 2018 38
Stuxnet
• Stuxnet: C7 Byte code
• Malicoius dll contains at least 70 blobs of data
• They are binary and encoded
• These are actually blocks of MC7 byte code
• This is the code that is injected into the PLC's
• Must be converted back to STL to understand it
39. © HIMA Group 2018 39
Stuxnet
• OB1 and OB35
Stuxnet changes these blocks
• OB1 = main on PLCs
-Stuxnet inserts its own code at the beginning of OB1 so it runs first
• OB35 is a 100ms interrupt routine
- Used to monitor inputs that would require fast action
- Stuxnet infects OB35 too
• Stuxnet will return clean versions of these functions when they are read from the PLC
41. © HIMA Group 2018 41
Stuxnet
984 centrifuges (unhappy)
Electrical IO
Reality blocker
PLC program (happy)
42. © HIMA Group 2018 42
Last Security Incidents
www.meltdownattack.com www.github.com/ICSrepo/TRISIS-TRITON-HATMAN
Wetware
The Human Factor
43. © HIMA Group 2018 43
See Netflix film:
LO and Behold: Reveries of the connected World
From 59 min
44. 44© HIMA Paul Hildebrandt GmbH 2018
Again, are you sure – that you are Secure?
45. 45© HIMA Paul Hildebrandt GmbH 2018
- Every Week?
How often do you monitor your :
- Procedures
- Policies
- 3rd Party Hard- and Software Vendors
- Cause & Effects
- KPI’s
- Log files
- Security Reports
- Risk Assessments
- Every Month?
- Never?
46. 46© HIMA Paul Hildebrandt GmbH 2018
How can you reduce the risk and protect your SIS / IOT Environments?
- Build higher walls
- Industrial Control System (ICS) Security will save you
- Adopt a new thinking
47. 47© HIMA Paul Hildebrandt GmbH 2018
How become from Reactive to Proactive?
49. 49
SIS Awareness Concept – Example 1
Broken SIS Engineering Station swapped (temporarily) with a Back Office workstation
© HIMA Paul Hildebrandt GmbH 2018
61. © HIMA Paul Hildebrandt GmbH 2018 61
Actual Cyber Security threats
No clear/Not up to date of:
- Policies; - Procedures; - Network drawing; - IP Database; - Backup; Disaster Recovery
- Actual Hardware registration; - Actual in- and external User Accounts;
- Registration of visitors; No Supervision of Visitors;
- CTTV; Door; Keys; Batch-IDs; USB-Sticks;
- Open Unused Switch Ports; Network Device Registration; Up-to-Date Network Drawings
Tampering with these systems can lead to:
You need to know, who is who in the Office & don’t leave them (alone) in Restricted Area’s
Possibly environmental disasters, due to loss of data
… Equipment damage
Production loss
Loss of valuable production recipes and installation data
Awareness of Cyber Security
in SIS / OT environments
62. © HIMA Paul Hildebrandt GmbH 2018 62
Nowadays Threats
• Software Bugs
• Unauthorized physical access
• Unauthorized network access
• Abuse (e.g. disgruntled employee)
• Human error (e.g. No virus check on USB)
Awareness of Cyber Security
in SIS / OT environments
63. © HIMA Paul Hildebrandt GmbH 2018 63
Actual Cyber Security threats
The BadUSB attack 2.0
A few weeks ago, a new version of this BadUSB attack is already found
which this time only requires a USB cable,
such as charge cable for your smartphone.
The cable continues to retain the ability to charge
the connected device, but on the side of the computer it acts as a Human Input Device (HID),
such as a keyboard or mouse and then
it will install malicious software
Awareness of Cyber Security
in SIS / OT environments
64. 64© HIMA Paul Hildebrandt GmbH 2018
Minimum Effort – Maximum Security
Awareness of Cyber Security
in SIS / OT environments
68. 68
SIS Awareness Scope of Support
Assets
- SIS
- Engineering Station
- OPC Server Station
- Tofino Firewall Technology
- Hirschmann VLAN
Technology
- Network Infrastructure
…
Policies & Procedures
- Hardening
- Patch Management
- User Management
- Logging Management
- Change Management
- Verification
- Backup/Restore
…
Detail Definition
- Hardware (LSM)
- Software (Off-Line) Patches
- Windows
- Antivirus Software
- Patches / Firmware
- Network Overview
(As-Build)
- Documentation
- Organisation
- Users
- …
© HIMA Paul Hildebrandt GmbH 2018
69. • Maintain integrity of SIS to its designed functionality
Overview on the current status of the SIS
• Comply with regulatory requirements
Practical base for improvements or further IT/OT risk
assessments
• Manage risk
Help to reveal undetected vulnerabilities of the SIS Network
before a plant disruption or malfunction
• Expertise of independent Cyber Security Specialists
Safety focus ensure that SIS specific configurations are covered
SIS Awareness Benefits
69© HIMA Paul Hildebrandt GmbH 2018
70. © HIMA Group 2018 70
HIMA Security MeasuresSecurity in Safety Instrumented Systems
Source: NAMUR NA 163
71. © HIMA Group 2018 71
HIMA Security Measures
PC-Infrastructure
Controller Hardware and Firmware Lifecycle Management
Engineering ToolCommunication Infrastructure
SIS, HARTSIS
A A
Security in ICS depends on five areas
72. © HIMA Group 2018 72
• 100% HIMA Software
• Extremely low software error rate (similar to military and aircraft)
• Automated code analysis
• Unused ethernet ports locked physically
• No access to program code during operation
• No backdoors
• No common cause failures SIS/BPCS
• …
Controller Hardware and Firmware
73. © HIMA Group 2018 73
• 100% HIMA Software
• Single-purpose Engineering tool
• Proprietory database file for efficient Recovery Backup
• Two-factor authentication for project and controller data
• Diagnoses and time stamps cannot be deleted (audit trail)
• Key switches for RELOAD, FORCE, READ possible
• Monitoring of program changes
• Enforced change of passwords
• Well-defined User management incl. Security Admin Role
• Function blocks with password protection (locking/read-only)
Engineering Tool
74. © HIMA Group 2018 74
• Secure BIOS Management
• Reduced access rights
• Only required Windows services activated
• No double-use of Engineering- and Office Laptops
• Minimal set of application programs
• Intelligent Password management
• …
PC Infrastructure
75. © HIMA Group 2018 75
• Separated protection layers between CPU and COM – Modules
• Proprietory and superior protocol for controller communication:
SafeEthernet
• Achilles-Certificate by Wurldtech
• Consequent separation of networks in each installation
• Tap-proof controler communication
• …
Communication Infrastructure
76. © HIMA Group 2018 76
• HIMA Group Company
• ISO 27001 Certification ongoing
• Security Certification (Achilles, ISASecure EDSA, TÜV, …)
• Penetration-testing (Customers, Service-providers, Universities)
• Need-to-know principle: Access to source code and internal documents
restricted to developers
• Separate development network
• Active collaboration in standardization committees like IEC and OpenGroup
• Services for our customers
• Security is integral part of HIMA Services and Engineering
• Basic Security Check of HIMA safety systems
• System hardening of safety systems and safety system environments
Lifecycle Management
77. © HIMA Group 2018 77
www.meltdownattack.com www.github.com/ICSrepo/TRISIS-TRITON-HATMAN
Fiber optic cable
Cyber secure?
78. © HIMA Group 2018 78
https://www.youtube.com/watch?v=bnzeyBK3kAY
79. © HIMA Paul Hildebrandt GmbH 2018 79
Summary
• Safety and cyber security are connected
• Cyber security needs your attention
• Separate safety from operations
• Think not only about the hardware
80. © HIMA Group 2018 80
Josse Brys
E-mail: info@hima.com
Internet: www.hima.com
HIMA Group
Albert-Bassermann-Str. 28
68782 Brühl, Germany
Phone: +49 6202 709-0
Fax: +49 6202 709-107
Thank You.
J.brys@hima.com