1. Secure SCADA supervisory control and data acquisition Presenter: Tal Ein-Habar, CISSP Security Architect
2. What is SCADA Network? Government Services Transportation (Road, rail, air, local public transportation, hazardous materials) Energy (Electrical utility transmission & distribution, oil and gas pipelines, nuclear materials & power) Water Controls (Dams, levees,reservoirs) Public Health (Hospitals, disease control) Emergency Services (Fire and police departments) Defense Industrial Base Critical Infrastructures Chemical Industry (Petroleum, hazardous waste) State & Municipal Services (Safe water systems, waste disposal) Banking And Finance (Trading systems, automated clearinghouse network, ATM networks) Telecommunications (Broadcast television and radio) Postal & Shipping
3. Why Security Is An Issue ? Connections to IT networks are now the norm Normal security maintenance causes disruptions and outages Remote access suffers from wireless and radio communication vulnerabilities Critical asset information is unsecured Security forensics are almost non-existent Identification of cyber attacks is difficult to impossible > 1500 potential and existing regulations and standards Control systems are on the hackers’ radar Specific malware has already been created and downloadable Insiders pose biggest threat 75-80% of incidents have been caused by current employees
4. Threat is changing Countries are looking at Cyber war as primary & legitimate way of Damaging their opponents The incentive for using cyberwar are: damage citizens to lead into chaos / changing political policy Acting from religious / political agenda Cyberwar is intended to create fear on the remote populations
5.
6.
7.
8. Where is the problem We divide the problem into several main segments: Connection between control networks & their sensor’s Connection between Control network & IT network Remote management of critical Infrastructure
10. 9 Critical Infrastructure Protection (CIP) Standards Affected companies must be “auditably” compliance by mid-2010 Compliance must be re-confirmed annually Consequence of non-compliance: Up to $1m USD per day
11. 4 Design Requirements Segment and Protect Critical Infrastructure Assets from Interconnected Networks Know Who Has Access and What They’re Doing in the Network Protect Information about Critical Infrastructure Assets from Data Leakage Implement Strong Security without Jeopardizing Availability, Integrity, and Reliability Requirements
24. הרכיבים שונים זה מזה ברמת החומרה , לא ניתן להפוך ליחידת שידור ליחידת קליטה וההיפך .
25. הפרוטוקול הינו חד כיווני בתיכנונו כך שאינו מחייב ACKs אינו מצטריך תהליך ראשוני של Hand Shake ואינו פונה בבקשת מיידע לאחור בשום מקרה שהוא.
26. המוצר תומך בכל שיטות העברת הקבצים הקיימות =ביכולתו להעבירכל מיידע באשר הוא המוגדר כקובץ . בין אם מדובר במיידע מוצפן , קבצי ZIP , קבצי דואר , קבצים שמקורם בעברת FTP , וכו'Receiver Transmitter Hardware Based One-Way Data-Flow Gate Laser – Transmit Only Photocell– Receive Only
54. McAfee - Application Visibility & Control Case Studies Many customers depend upon the positive model & application proxies to protect critical apps and data: Database - Oracle & MS-SQL DOD– protects all Human Resources records (several million) held in Oracle Web App – HTTP/S Insurance–protects all in/out Web traffic using Sidewinder Retail– largest vacation travel provider uses for protecting inbound web traffic & PCI compliance Remote Access for Citrix Finance–protects the Citrix-delivered trading infrastructure of the largest stock exchange VOIP (SIP), DNS, FTP, etc. Finance – protects data transfers (FTP) Plant CML – largest worldwide 911 network MSP protects all VoIP Classified Agencies – secure imaging and intelligence data using the IIOP proxy Infrastructure/SCADA Multiple Utilities –segment their network & control systems 2 of out the 3 Largest Energy Producers –NERC CIP regulations
Notes de l'éditeur
So security for critical infrastructure is now an issue around the world. Because these systems are no longer isolated, they need to be protected from Internet-borne threats that can come in through the corporate IT network.Typical IT security products rely heavily on the need to take down the network on a regular basis for maintenance, security patches, and signature updates. While a signature file update can only take a few minutes, in a controlled system like the power grid, that would constitute a denial of service, causing outages and service disruptions.Non-employees are now being given access to the control networks as well. Separate entities, like the Independent Systems Operators, need to aggregate power between multiple companies.Remote access poses its own security risks and hacking into wired or wireless communications is fairly routine.Since critical systems were never designed with security in mind, it can be extremely difficult to diagnose an attack. In a famous case in Australia in 2000, an attacker was able to penetrate a water treatment plant over 20 times before they even realized they were under attack. The hacker was caught after his 46th infiltration, but it was already too late. His hacking caused a pumping station to overflow, dumping raw sewage into a residential neighborhood and tidal canal.In addition, there are about 1500 potential regulations and standards that these industries could be subject to. It’s almost a guarantee that every company is out of compliance with SOMETHING.And don’t think that the hacker community hasn’t been aware of these vulnerabilities. Chatter on hacker sites using “control systems” or “scada” as key words has grown astronomically over the last 2 years. And it only takes one talented hacker … or one disgruntled employee … to give away the keys to the kingdom to every miscreant on the planet.
Here are the 9 CIP standards. Secure Computing can provide solutions for almost every CIP standard. The only one that we can’t help with is physical security.These regulations have some real teeth in them, too. While it might seem like the target date to be “auditably” compliant is far off, it really isn’t based on the amount of thought and planning that needs to go into making critical infrastructure really secure. And that planning will pay off. Companies who meet the deadlines will be spared the fines of up to $1 million US per day.Now let’s discuss the four most critical ones where Secure Computing can help you meet and exceed CIP requirements.
The first is to protect the critical network from everything else … whether it’s the IT corporate network or an independent systems’ operator … the control network must be segmented and secured.The second is to control users … everything from allowing access to monitoring their behaviour in the network. Insiders pose the greatest risks … the best protection is monitoring and control.The third is protection of critical asset information. If network schematics or topologies were to fall into the wrong hands, serious damage could ensue.And lastly, these all need to be done without jeopardizing the business reasons for the networks’ existence .. Availability, integrity and reliability.