SlideShare a Scribd company logo

Industrial control systems cybersecurity.ppt

Download as PPT, PDF
D
DelforChacnCornejo

This document discusses industrial control system (ICS) cybersecurity. It begins with an introduction to ICS, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and programmable logic controllers (PLC). It then compares ICS and IT security, discussing risks specific to ICS. The document outlines the risk management process and describes ICS security architecture, including network segmentation. It also covers authentication, firewall implementation, and applying the six steps of the NIST risk management framework to implement security controls for ICS.

1 of 31
INDUSTRIAL CONTROL SYSTEM (ICS) CYBER SECURITY DR. MOFEED TURKY RASHID ELECTRICAL ENG. DEP. BASRAH UNIVERSITY HUDA AMEER ZEKI COMPUTER SCIENCE DEP. SHATT AL-ARAB UNI. COLLEGE National Institute of Standards and Technology (NIST) Special Publication 800-82 Revision 2 https://www.nist.gov/
OUTLINE  Introduction to Industrial Control Systems (ICS).  Supervisory Control and Data Acquisition (SCADA).  Distributed Control Systems (DCS).  Programmable Logic Controller (PLC).  Comparing ICS and IT Systems Security.  The Risk Management Process.  ICS Security Architecture.  Authentication and Authorization.  Applying Security Controls to ICS.
INTRODUCTION TO ICS An ICS is a general term that encompasses several types of control systems, including • Supervisory control and data acquisition (SCADA). • Systems, distributed control systems (DCS). • Control system configurations such as Programmable Logic Controllers (PLC). • Human Machine Interfaces (HMIs). • Remote diagnostics and maintenance tools built using an array of network protocols.
ICS control industrial processes are typically used in: • Electrical. • Water and wastewater. • Oil and natural gas. • Chemical. • Transportation. • Pharmaceutical. • Pulp and paper. • Food and beverage. • Discrete manufacturing (e.g., automotive, aerospace, and durable goods) industries.
INDUSTRIAL CONTROL SYSTEM OPERATION Controlled Processes Sensors Actuators Controller Human Machine Interface (HMI) Remote Diagnostics and Maintenance Disturbances Outputs Inputs
SCADA SYSTEMS  SCADA systems are designed to collect field information, transfer it to a central computer facility, and display the information to the operator graphically or textually, thereby allowing the operator to monitor or control an entire system from a central location in near real time.  Typical hardware includes a control server placed at a control center, communications equipment (e.g., radio, telephone line, cable, or satellite), and one or more geographically distributed field sites consisting of Remote Terminal Units (RTUs) and/or PLCs, which controls actuators and/or monitors sensors.
SCADA SYSTEM GENERAL LAYOUT
DISTRIBUTED CONTROL SYSTEMS (DCS)  DCS are used to control production systems within the same geographic location for industries such as oil refineries, water and wastewater treatment, electric power generation plants, chemical manufacturing plants, automotive production, and pharmaceutical processing facilities.  DCS are integrated as a control architecture containing a supervisory level of control overseeing multiple, integrated sub-systems that are responsible for controlling the details of a localized process. A DCS uses a centralized supervisory control loop to mediate a group of localized controllers that share the overall tasks of carrying out an entire production process.
DCS IMPLEMENTATION EXAMPLE
PROGRAMMABLE LOGIC CONTROLLER (PLC)  PLCs are used in both SCADA and DCS systems as the control components of an overall hierarchical system to provide local management of processes through feedback control.  PLCs are also implemented as the primary controller in smaller control system configurations to provide operational control of discrete processes such as automobile assembly lines and power plant soot blower controls.  PLCs have a user-programmable memory for storing instructions for the purpose of implementing specific functions such as I/O control, logic, timing, counting, PID controller, communication, arithmetic, and data and file processing.
PLC CONTROL SYSTEM IMPLEMENTATION EXAMPLE
COMPARING ICS AND IT SYSTEMS SECURITY ICS control is the physical world while IT system is data management. ICS have many characteristics that differ from traditional IT systems, including • Significant risk to the health and safety of human lives. • Serious damage to the environment. • Financial issues such as production losses and negative impact to a nation’s economy. • ICS have different performance and reliability requirements, and also use operating systems and applications that may be considered unconventional in a typical IT network environment.
The following lists some special considerations when considering security for ICS:  Timeliness and Performance Requirements.  Availability Requirements.  Risk Management Requirements.  Physical Effects.  System Operation.  Resource Constraints.  Communications.  Change Management.  Managed Support.  Component Lifetime.  Component Location.
THE RISK MANAGEMENT PROCESS The risk management process has four components: Framing, Assessing, Responding and Monitoring.
ICS SECURITY ARCHITECTURE  It is usually recommended to separate the ICS network from the corporate network.  Internet access, FTP, email, and remote access will typically be permitted on the corporate network but should not be allowed on the ICS network.  If ICS network traffic is carried on the corporate network, it could be intercepted or be subjected to attacks.  By having separate networks, security and performance problems on the corporate network should not be able to affect the ICS network.  If the networks must be connected, it is recommended that only minimal (single if possible) connections be allowed and that the connection is through a firewall and a demilitarized zones (DMZ).  A DMZ is a separate network segment that connects directly to the firewall.
NETWORK SEGMENTATION AND SEGREGATION  The aim of network segmentation and segregation is to minimize access to sensitive information for those systems and people who don’t need it, while ensuring that the organization can continue to operate effectively.  Traditionally, network segmentation and segregation is implemented at the gateway between domains.  ICS environments often have multiple well-defined domains, such as:  operational LANs.  control LANs.  operational DMZs.  gateways to non-ICS.  less trustworthy domains such as the Internet and the corporate LANs.  Network segregation involves developing and enforcing a rule set controlling which communications are permitted through the boundary.
FIREWALLS Network firewalls are devices or systems that control the flow of network traffic between networks employing differing security postures. There are three general classes of firewalls: • Packet Filtering Firewalls at layer 3 (transport) by IP. (More Delay). • Stateful Inspection Firewalls at layer 4 (TCP / UDP). (Complex and expensive). • Application-Proxy Gateway Firewalls at Application layer. (Overheads and Delay).
FIREWALL BETWEEN CORPORATE NETWORK AND CONTROL NETWORK
FIREWALL AND ROUTER BETWEEN CORPORATE NETWORK AND CONTROL NETWORK
FIREWALL WITH DMZ BETWEEN CORPORATE NETWORK AND CONTROL NETWORK
PAIRED FIREWALLS BETWEEN CORPORATE NETWORK AND CONTROL NETWORK
AUTHENTICATION AND AUTHORIZATION  An ICS may contain a large number of systems, each of which must be accessed by a variety of users. Performing the authentication and authorization of these users presents a challenge to the ICS.  Authentication and authorization can be performed either in a distributed or centralized approach.  Managing these user’s accounts can be problematic as employees are added, removed, and as their roles change.  As the number of systems and users grow, the process of managing these accounts becomes more complicated.  The authentication of a user or system is the process of verifying the claimed identity.  Authorization, the process of granting the user access privileges, is determined by applying policy rules to the authenticated identity and other relevant information. Authorization is enforced by some access control mechanism.  The authentication process can be used to control access to both systems (e.g. HMIs, field devices, SCADA servers) and networks (e.g., remote substations LANs).
APPLYING SECURITY CONTROLS TO ICS Executing the Risk Management Framework Tasks for Industrial Control Systems
STEP 1: CATEGORIZE INFORMATION SYSTEM  The first activity in the Risk Management Framework (RMF) is to categorize the information and information system according to potential impact of loss.  For each information type and information system under consideration, the three Federal Information Security Modernization Act (FISMA) defined security objectives: (confidentiality, integrity, and availability) are associated with one of three levels of potential impact should there be a breach of security.  The standards and guidance for this categorization process can be found in FIPS 199 and NIST SP 800-60.  The following ICS example is taken from FIPS 199:
A power plant contains a SCADA system controlling the distribution of electric power for a large military installation. The SCADA system contains both real-time sensor data and routine administrative information. The management at the power plant determines that: (i) for the sensor data being acquired by the SCADA system, there is no potential impact from a loss of confidentiality, a high potential impact from a loss of integrity, and a high potential impact from a loss of availability; and (ii) for the administrative information being processed by the system, there is a low potential impact from a loss of confidentiality, a low potential impact from a loss of integrity, and a low potential impact from a loss of availability.
 The resulting security categories, SC, of these information types are expressed as: SC sensor data = {(confidentiality, NA), (integrity, HIGH), (availability, HIGH)}, and SC administrative information = {(confidentiality, LOW), (integrity, LOW), (availability, LOW)}.  The resulting security category of the information system is initially expressed as: SC SCADA system = {(confidentiality, LOW), (integrity, HIGH), (availability, HIGH)},
STEP 2: SELECT SECURITY CONTROLS  This framework activity includes the initial selection of minimum security controls planned or in place to protect the information system based on a set of requirements.  FIPS 200 documents a set of minimum-security requirements covering 18 security-related areas with regard to protecting the confidentiality, integrity, and availability of federal information systems and the information processed, stored, and transmitted by those systems.  An overlay is a fully specified set of security controls, control enhancements, and supplemental guidance derived from the application of tailoring guidance to security control baselines described in NIST SP 800-53.  In general, overlays are intended to reduce the need for ad hoc tailoring of baselines by organizations through the selection of a set of controls and control enhancements that more closely correspond to common circumstances, situations, and/or conditions.
STEP 3: IMPLEMENT SECURITY CONTROLS The security control selection process can be applied to ICS from two different perspectives: (i) new development; and (ii) legacy. For new development systems, the security control selection process is applied from a requirements definition perspective since the systems do not yet exist and organizations are conducting initial security categorizations. The security controls included in the security plans for the information systems serve as a security specification and are expected to be incorporated into the systems during the development and implementation phases of the system development life cycle. In contrast, for legacy information systems, the security control selection process is applied from a gap analysis perspective when organizations are anticipating significant changes to the systems (e.g., during major upgrades, modifications, or outsourcing).
STEP 4: ASSESS SECURITY CONTROLS  This activity determines the extent to which the security controls in the information system are effective in their application.  NIST SP 800-53A provides guidance for assessing security controls initially selected from NIST SP 800- 53 to ensure that they are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements of the system.  To accomplish this, NIST SP 800-53A provides expectations based on assurance requirements defined in NIST SP 800-53 for characterizing the expectations of security assessments by FIPS 199 impact level.
STEP 5: AUTHORIZE INFORMATION SYSTEM This activity results in a management decision to authorize the operation of an information system and to explicitly accept the risk to agency operations, agency assets, or individuals based on the implementation of an agreed-upon set of security controls. STEP 6: MONITOR SECURITY CONTROLS This activity continuously tracks changes to the information system that may affect security controls and assesses control effectiveness. NIST SP 800-137 provides guidance on information security continuous monitoring.
THANK YOU

More Related Content

What's hot

Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
Wajahat Rajab
 
Access Controls
Access ControlsAccess Controls
Access Controls
primeteacher32
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control Fundamentals
Information Technology
 
Introduction to ICS/SCADA security
Introduction to ICS/SCADA securityIntroduction to ICS/SCADA security
Introduction to ICS/SCADA security
Cysinfo Cyber Security Community
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Control
idingolay
 
Network attacks
Network attacksNetwork attacks
Network attacks
Manjushree Mashal
 
Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management
Maganathin Veeraragaloo
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
John Ely Masculino
 
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1
Mukesh Chinta
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
SCADA hacking industrial-scale fun
SCADA hacking industrial-scale funSCADA hacking industrial-scale fun
SCADA hacking industrial-scale fun
Jan Seidl
 
Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and Firewall
ShafeeqaFarsana
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing
Yehia Mamdouh
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & Metrics
Marius FAILLOT DEVARRE
 
DEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSDEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICS
Chris Sistrunk
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 

What's hot (20)

Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
Access Controls
Access ControlsAccess Controls
Access Controls
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control Fundamentals
 
Introduction to ICS/SCADA security
Introduction to ICS/SCADA securityIntroduction to ICS/SCADA security
Introduction to ICS/SCADA security
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Control
 
Network attacks
Network attacksNetwork attacks
Network attacks
 
Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
Information security
Information securityInformation security
Information security
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
SCADA hacking industrial-scale fun
SCADA hacking industrial-scale funSCADA hacking industrial-scale fun
SCADA hacking industrial-scale fun
 
Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and Firewall
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & Metrics
 
DEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSDEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICS
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 

Similar to Industrial control systems cybersecurity.ppt

Security Issues in SCADA based Industrial Control Systems
Security Issues in SCADA based Industrial Control Systems Security Issues in SCADA based Industrial Control Systems
Security Issues in SCADA based Industrial Control Systems
aswanthmrajeev112
 
3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid
3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid
3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid
Sandia National Laboratories: Energy & Climate: Renewables
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control System
Hemanth M
 
IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED-V2I2P15
IJSRED-V2I2P15
IJSRED
 
Integrated Control and Safety - Assessing the Benefits; Weighing the Risks
Integrated Control and Safety - Assessing the Benefits; Weighing the RisksIntegrated Control and Safety - Assessing the Benefits; Weighing the Risks
Integrated Control and Safety - Assessing the Benefits; Weighing the Risks
Schneider Electric
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilities
Nirmal Thaliyil
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
Ivan Carmona
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber Security
JAZEEL K T
 
Are your industrial networks protected...Ethernet Security Firewalls
Are your industrial networks protected...Ethernet Security Firewalls Are your industrial networks protected...Ethernet Security Firewalls
Are your industrial networks protected...Ethernet Security Firewalls
Schneider Electric
 
Secure architecture-industrial-control-systems-36327
Secure architecture-industrial-control-systems-36327Secure architecture-industrial-control-systems-36327
Secure architecture-industrial-control-systems-36327
vimal Kumar Gupta
 
Industrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphyIndustrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphy
PROFIBUS and PROFINET InternationaI - PI UK
 
Scada slide
Scada slideScada slide
Scada slide
Towfiqur Rahman
 
Cloud Security Solution Overview
Cloud Security Solution OverviewCloud Security Solution Overview
Cloud Security Solution Overview
Cisco Service Provider
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Abhishek Goel
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinet
Ivan Carmona
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82
majolic
 
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...
Dhana Raj Markandu
 
Critical Information Infrastructure Systems Worldwide
Critical Information Infrastructure Systems WorldwideCritical Information Infrastructure Systems Worldwide
Critical Information Infrastructure Systems Worldwide
Angela Hays
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power Utilities
Nir Cohen
 
Cybridge Secure Content Filter for SCADA Networks
Cybridge Secure Content Filter for SCADA NetworksCybridge Secure Content Filter for SCADA Networks
Cybridge Secure Content Filter for SCADA Networks
George Wainblat
 

Similar to Industrial control systems cybersecurity.ppt (20)

Security Issues in SCADA based Industrial Control Systems
Security Issues in SCADA based Industrial Control Systems Security Issues in SCADA based Industrial Control Systems
Security Issues in SCADA based Industrial Control Systems
 
3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid
3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid
3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control System
 
IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED-V2I2P15
IJSRED-V2I2P15
 
Integrated Control and Safety - Assessing the Benefits; Weighing the Risks
Integrated Control and Safety - Assessing the Benefits; Weighing the RisksIntegrated Control and Safety - Assessing the Benefits; Weighing the Risks
Integrated Control and Safety - Assessing the Benefits; Weighing the Risks
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilities
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber Security
 
Are your industrial networks protected...Ethernet Security Firewalls
Are your industrial networks protected...Ethernet Security Firewalls Are your industrial networks protected...Ethernet Security Firewalls
Are your industrial networks protected...Ethernet Security Firewalls
 
Secure architecture-industrial-control-systems-36327
Secure architecture-industrial-control-systems-36327Secure architecture-industrial-control-systems-36327
Secure architecture-industrial-control-systems-36327
 
Industrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphyIndustrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphy
 
Scada slide
Scada slideScada slide
Scada slide
 
Cloud Security Solution Overview
Cloud Security Solution OverviewCloud Security Solution Overview
Cloud Security Solution Overview
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinet
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82
 
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...
 
Critical Information Infrastructure Systems Worldwide
Critical Information Infrastructure Systems WorldwideCritical Information Infrastructure Systems Worldwide
Critical Information Infrastructure Systems Worldwide
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power Utilities
 
Cybridge Secure Content Filter for SCADA Networks
Cybridge Secure Content Filter for SCADA NetworksCybridge Secure Content Filter for SCADA Networks
Cybridge Secure Content Filter for SCADA Networks
 

Recently uploaded

DealBook of Ukraine: 2024 edition
DealBook of Ukraine: 2024 editionDealBook of Ukraine: 2024 edition
DealBook of Ukraine: 2024 edition
Yevgen Sysoyev
 
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsScaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Mydbops
 
What's New in Copilot for Microsoft365 May 2024.pptx
What's New in Copilot for Microsoft365 May 2024.pptxWhat's New in Copilot for Microsoft365 May 2024.pptx
What's New in Copilot for Microsoft365 May 2024.pptx
Stephanie Beckett
 
Mitigating the Impact of State Management in Cloud Stream Processing Systems
Mitigating the Impact of State Management in Cloud Stream Processing SystemsMitigating the Impact of State Management in Cloud Stream Processing Systems
Mitigating the Impact of State Management in Cloud Stream Processing Systems
ScyllaDB
 
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
ArgaBisma
 
Best Programming Language for Civil Engineers
Best Programming Language for Civil EngineersBest Programming Language for Civil Engineers
Best Programming Language for Civil Engineers
Awais Yaseen
 
Calgary MuleSoft Meetup APM and IDP .pptx
Calgary MuleSoft Meetup APM and IDP .pptxCalgary MuleSoft Meetup APM and IDP .pptx
Calgary MuleSoft Meetup APM and IDP .pptx
ishalveerrandhawa1
 
Cookies program to display the information though cookie creation
Cookies program to display the information though cookie creationCookies program to display the information though cookie creation
Cookies program to display the information though cookie creation
shanthidl1
 
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Erasmo Purificato
 
How to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptxHow to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptx
Adam Dunkels
 
20240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 202420240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 2024
Matthew Sinclair
 
Details of description part II: Describing images in practice - Tech Forum 2024
Details of description part II: Describing images in practice - Tech Forum 2024Details of description part II: Describing images in practice - Tech Forum 2024
Details of description part II: Describing images in practice - Tech Forum 2024
BookNet Canada
 
Choose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presenceChoose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presence
rajancomputerfbd
 
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
Kief Morris
 
Advanced Techniques for Cyber Security Analysis and Anomaly Detection
Advanced Techniques for Cyber Security Analysis and Anomaly DetectionAdvanced Techniques for Cyber Security Analysis and Anomaly Detection
Advanced Techniques for Cyber Security Analysis and Anomaly Detection
Bert Blevins
 
How RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptxHow RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptx
SynapseIndia
 
Recent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS InfrastructureRecent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS Infrastructure
KAMAL CHOUDHARY
 
Quantum Communications Q&A with Gemini LLM
Quantum Communications Q&A with Gemini LLMQuantum Communications Q&A with Gemini LLM
Quantum Communications Q&A with Gemini LLM
Vijayananda Mohire
 
Pigging Solutions Sustainability brochure.pdf
Pigging Solutions Sustainability brochure.pdfPigging Solutions Sustainability brochure.pdf
Pigging Solutions Sustainability brochure.pdf
Pigging Solutions
 
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALLBLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
Liveplex
 

Recently uploaded (20)

DealBook of Ukraine: 2024 edition
DealBook of Ukraine: 2024 editionDealBook of Ukraine: 2024 edition
DealBook of Ukraine: 2024 edition
 
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsScaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
 
What's New in Copilot for Microsoft365 May 2024.pptx
What's New in Copilot for Microsoft365 May 2024.pptxWhat's New in Copilot for Microsoft365 May 2024.pptx
What's New in Copilot for Microsoft365 May 2024.pptx
 
Mitigating the Impact of State Management in Cloud Stream Processing Systems
Mitigating the Impact of State Management in Cloud Stream Processing SystemsMitigating the Impact of State Management in Cloud Stream Processing Systems
Mitigating the Impact of State Management in Cloud Stream Processing Systems
 
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
 
Best Programming Language for Civil Engineers
Best Programming Language for Civil EngineersBest Programming Language for Civil Engineers
Best Programming Language for Civil Engineers
 
Calgary MuleSoft Meetup APM and IDP .pptx
Calgary MuleSoft Meetup APM and IDP .pptxCalgary MuleSoft Meetup APM and IDP .pptx
Calgary MuleSoft Meetup APM and IDP .pptx
 
Cookies program to display the information though cookie creation
Cookies program to display the information though cookie creationCookies program to display the information though cookie creation
Cookies program to display the information though cookie creation
 
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
 
How to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptxHow to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptx
 
20240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 202420240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 2024
 
Details of description part II: Describing images in practice - Tech Forum 2024
Details of description part II: Describing images in practice - Tech Forum 2024Details of description part II: Describing images in practice - Tech Forum 2024
Details of description part II: Describing images in practice - Tech Forum 2024
 
Choose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presenceChoose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presence
 
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
 
Advanced Techniques for Cyber Security Analysis and Anomaly Detection
Advanced Techniques for Cyber Security Analysis and Anomaly DetectionAdvanced Techniques for Cyber Security Analysis and Anomaly Detection
Advanced Techniques for Cyber Security Analysis and Anomaly Detection
 
How RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptxHow RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptx
 
Recent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS InfrastructureRecent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS Infrastructure
 
Quantum Communications Q&A with Gemini LLM
Quantum Communications Q&A with Gemini LLMQuantum Communications Q&A with Gemini LLM
Quantum Communications Q&A with Gemini LLM
 
Pigging Solutions Sustainability brochure.pdf
Pigging Solutions Sustainability brochure.pdfPigging Solutions Sustainability brochure.pdf
Pigging Solutions Sustainability brochure.pdf
 
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALLBLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
 

Industrial control systems cybersecurity.ppt

  • 1. INDUSTRIAL CONTROL SYSTEM (ICS) CYBER SECURITY DR. MOFEED TURKY RASHID ELECTRICAL ENG. DEP. BASRAH UNIVERSITY HUDA AMEER ZEKI COMPUTER SCIENCE DEP. SHATT AL-ARAB UNI. COLLEGE National Institute of Standards and Technology (NIST) Special Publication 800-82 Revision 2 https://www.nist.gov/
  • 2. OUTLINE  Introduction to Industrial Control Systems (ICS).  Supervisory Control and Data Acquisition (SCADA).  Distributed Control Systems (DCS).  Programmable Logic Controller (PLC).  Comparing ICS and IT Systems Security.  The Risk Management Process.  ICS Security Architecture.  Authentication and Authorization.  Applying Security Controls to ICS.
  • 3. INTRODUCTION TO ICS An ICS is a general term that encompasses several types of control systems, including • Supervisory control and data acquisition (SCADA). • Systems, distributed control systems (DCS). • Control system configurations such as Programmable Logic Controllers (PLC). • Human Machine Interfaces (HMIs). • Remote diagnostics and maintenance tools built using an array of network protocols.
  • 4. ICS control industrial processes are typically used in: • Electrical. • Water and wastewater. • Oil and natural gas. • Chemical. • Transportation. • Pharmaceutical. • Pulp and paper. • Food and beverage. • Discrete manufacturing (e.g., automotive, aerospace, and durable goods) industries.
  • 5. INDUSTRIAL CONTROL SYSTEM OPERATION Controlled Processes Sensors Actuators Controller Human Machine Interface (HMI) Remote Diagnostics and Maintenance Disturbances Outputs Inputs
  • 6. SCADA SYSTEMS  SCADA systems are designed to collect field information, transfer it to a central computer facility, and display the information to the operator graphically or textually, thereby allowing the operator to monitor or control an entire system from a central location in near real time.  Typical hardware includes a control server placed at a control center, communications equipment (e.g., radio, telephone line, cable, or satellite), and one or more geographically distributed field sites consisting of Remote Terminal Units (RTUs) and/or PLCs, which controls actuators and/or monitors sensors.
  • 8. DISTRIBUTED CONTROL SYSTEMS (DCS)  DCS are used to control production systems within the same geographic location for industries such as oil refineries, water and wastewater treatment, electric power generation plants, chemical manufacturing plants, automotive production, and pharmaceutical processing facilities.  DCS are integrated as a control architecture containing a supervisory level of control overseeing multiple, integrated sub-systems that are responsible for controlling the details of a localized process. A DCS uses a centralized supervisory control loop to mediate a group of localized controllers that share the overall tasks of carrying out an entire production process.
  • 10. PROGRAMMABLE LOGIC CONTROLLER (PLC)  PLCs are used in both SCADA and DCS systems as the control components of an overall hierarchical system to provide local management of processes through feedback control.  PLCs are also implemented as the primary controller in smaller control system configurations to provide operational control of discrete processes such as automobile assembly lines and power plant soot blower controls.  PLCs have a user-programmable memory for storing instructions for the purpose of implementing specific functions such as I/O control, logic, timing, counting, PID controller, communication, arithmetic, and data and file processing.
  • 11. PLC CONTROL SYSTEM IMPLEMENTATION EXAMPLE
  • 12. COMPARING ICS AND IT SYSTEMS SECURITY ICS control is the physical world while IT system is data management. ICS have many characteristics that differ from traditional IT systems, including • Significant risk to the health and safety of human lives. • Serious damage to the environment. • Financial issues such as production losses and negative impact to a nation’s economy. • ICS have different performance and reliability requirements, and also use operating systems and applications that may be considered unconventional in a typical IT network environment.
  • 13. The following lists some special considerations when considering security for ICS:  Timeliness and Performance Requirements.  Availability Requirements.  Risk Management Requirements.  Physical Effects.  System Operation.  Resource Constraints.  Communications.  Change Management.  Managed Support.  Component Lifetime.  Component Location.
  • 14. THE RISK MANAGEMENT PROCESS The risk management process has four components: Framing, Assessing, Responding and Monitoring.
  • 15. ICS SECURITY ARCHITECTURE  It is usually recommended to separate the ICS network from the corporate network.  Internet access, FTP, email, and remote access will typically be permitted on the corporate network but should not be allowed on the ICS network.  If ICS network traffic is carried on the corporate network, it could be intercepted or be subjected to attacks.  By having separate networks, security and performance problems on the corporate network should not be able to affect the ICS network.  If the networks must be connected, it is recommended that only minimal (single if possible) connections be allowed and that the connection is through a firewall and a demilitarized zones (DMZ).  A DMZ is a separate network segment that connects directly to the firewall.
  • 16. NETWORK SEGMENTATION AND SEGREGATION  The aim of network segmentation and segregation is to minimize access to sensitive information for those systems and people who don’t need it, while ensuring that the organization can continue to operate effectively.  Traditionally, network segmentation and segregation is implemented at the gateway between domains.  ICS environments often have multiple well-defined domains, such as:  operational LANs.  control LANs.  operational DMZs.  gateways to non-ICS.  less trustworthy domains such as the Internet and the corporate LANs.  Network segregation involves developing and enforcing a rule set controlling which communications are permitted through the boundary.
  • 17. FIREWALLS Network firewalls are devices or systems that control the flow of network traffic between networks employing differing security postures. There are three general classes of firewalls: • Packet Filtering Firewalls at layer 3 (transport) by IP. (More Delay). • Stateful Inspection Firewalls at layer 4 (TCP / UDP). (Complex and expensive). • Application-Proxy Gateway Firewalls at Application layer. (Overheads and Delay).
  • 18. FIREWALL BETWEEN CORPORATE NETWORK AND CONTROL NETWORK
  • 19. FIREWALL AND ROUTER BETWEEN CORPORATE NETWORK AND CONTROL NETWORK
  • 20. FIREWALL WITH DMZ BETWEEN CORPORATE NETWORK AND CONTROL NETWORK
  • 21. PAIRED FIREWALLS BETWEEN CORPORATE NETWORK AND CONTROL NETWORK
  • 22. AUTHENTICATION AND AUTHORIZATION  An ICS may contain a large number of systems, each of which must be accessed by a variety of users. Performing the authentication and authorization of these users presents a challenge to the ICS.  Authentication and authorization can be performed either in a distributed or centralized approach.  Managing these user’s accounts can be problematic as employees are added, removed, and as their roles change.  As the number of systems and users grow, the process of managing these accounts becomes more complicated.  The authentication of a user or system is the process of verifying the claimed identity.  Authorization, the process of granting the user access privileges, is determined by applying policy rules to the authenticated identity and other relevant information. Authorization is enforced by some access control mechanism.  The authentication process can be used to control access to both systems (e.g. HMIs, field devices, SCADA servers) and networks (e.g., remote substations LANs).
  • 23. APPLYING SECURITY CONTROLS TO ICS Executing the Risk Management Framework Tasks for Industrial Control Systems
  • 24. STEP 1: CATEGORIZE INFORMATION SYSTEM  The first activity in the Risk Management Framework (RMF) is to categorize the information and information system according to potential impact of loss.  For each information type and information system under consideration, the three Federal Information Security Modernization Act (FISMA) defined security objectives: (confidentiality, integrity, and availability) are associated with one of three levels of potential impact should there be a breach of security.  The standards and guidance for this categorization process can be found in FIPS 199 and NIST SP 800-60.  The following ICS example is taken from FIPS 199:
  • 25. A power plant contains a SCADA system controlling the distribution of electric power for a large military installation. The SCADA system contains both real-time sensor data and routine administrative information. The management at the power plant determines that: (i) for the sensor data being acquired by the SCADA system, there is no potential impact from a loss of confidentiality, a high potential impact from a loss of integrity, and a high potential impact from a loss of availability; and (ii) for the administrative information being processed by the system, there is a low potential impact from a loss of confidentiality, a low potential impact from a loss of integrity, and a low potential impact from a loss of availability.
  • 26.  The resulting security categories, SC, of these information types are expressed as: SC sensor data = {(confidentiality, NA), (integrity, HIGH), (availability, HIGH)}, and SC administrative information = {(confidentiality, LOW), (integrity, LOW), (availability, LOW)}.  The resulting security category of the information system is initially expressed as: SC SCADA system = {(confidentiality, LOW), (integrity, HIGH), (availability, HIGH)},
  • 27. STEP 2: SELECT SECURITY CONTROLS  This framework activity includes the initial selection of minimum security controls planned or in place to protect the information system based on a set of requirements.  FIPS 200 documents a set of minimum-security requirements covering 18 security-related areas with regard to protecting the confidentiality, integrity, and availability of federal information systems and the information processed, stored, and transmitted by those systems.  An overlay is a fully specified set of security controls, control enhancements, and supplemental guidance derived from the application of tailoring guidance to security control baselines described in NIST SP 800-53.  In general, overlays are intended to reduce the need for ad hoc tailoring of baselines by organizations through the selection of a set of controls and control enhancements that more closely correspond to common circumstances, situations, and/or conditions.
  • 28. STEP 3: IMPLEMENT SECURITY CONTROLS The security control selection process can be applied to ICS from two different perspectives: (i) new development; and (ii) legacy. For new development systems, the security control selection process is applied from a requirements definition perspective since the systems do not yet exist and organizations are conducting initial security categorizations. The security controls included in the security plans for the information systems serve as a security specification and are expected to be incorporated into the systems during the development and implementation phases of the system development life cycle. In contrast, for legacy information systems, the security control selection process is applied from a gap analysis perspective when organizations are anticipating significant changes to the systems (e.g., during major upgrades, modifications, or outsourcing).
  • 29. STEP 4: ASSESS SECURITY CONTROLS  This activity determines the extent to which the security controls in the information system are effective in their application.  NIST SP 800-53A provides guidance for assessing security controls initially selected from NIST SP 800- 53 to ensure that they are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements of the system.  To accomplish this, NIST SP 800-53A provides expectations based on assurance requirements defined in NIST SP 800-53 for characterizing the expectations of security assessments by FIPS 199 impact level.
  • 30. STEP 5: AUTHORIZE INFORMATION SYSTEM This activity results in a management decision to authorize the operation of an information system and to explicitly accept the risk to agency operations, agency assets, or individuals based on the implementation of an agreed-upon set of security controls. STEP 6: MONITOR SECURITY CONTROLS This activity continuously tracks changes to the information system that may affect security controls and assesses control effectiveness. NIST SP 800-137 provides guidance on information security continuous monitoring.