Presentation is loading. Please wait.

Presentation is loading. Please wait.

ORNL is managed by UT-Battelle for the US Department of Energy Cyber Security Assessment of the SNS ICS Karen S. White 10/18/15.

Published byAron Banks Modified over 8 years ago

Similar presentations

Presentation on theme: "ORNL is managed by UT-Battelle for the US Department of Energy Cyber Security Assessment of the SNS ICS Karen S. White 10/18/15."— Presentation transcript:

1 ORNL is managed by UT-Battelle for the US Department of Energy Cyber Security Assessment of the SNS ICS Karen S. White 10/18/15

2 Background News reports detailing increasing cyber attacks on industrial control systems led to ORNL management concerns ORNL COO directed the Office of Independent Oversight (IO) to conduct an assessment of cyber security of industrial control systems at ORNL The objective of this assessment was to perform a cyber security review of ORNL ICS at high risk nuclear and accelerator facilities to safely determine the vulnerabilities, risk and mitigations in place

3 Attacks on Industrial Control Systems US Department of Homeland Security ICS-CERT responded to 245 attacks on US industrial control systems in FY14

4 US Government a popular target

5 Approach The IO consulted with ORNL IT cyber team to plan review IO decided to engage an outside firm to conduct the review Assessment team was directed to focus on two areas: –The security posture of ICS implementations with respect to threats from the ORNL enterprise network and the ORNL supplied visitor network –The security posture of ICS implementations with respect to threats originating from remote access

6 How SNS prepared Conducted self assessment using DHS ICS-CERT Cyber Security Evaluation Tool (CSET) based on NIST 800-82 Used the results of this analysis to make targeted improvements –Completed conversion to more rigorous account management –Added Intrusion Detection System –Audited all accounts and role authorizations including prox card access to server rooms Prepared package of relevant documentation: network diagram, policies, architecture, etc. Captured network data requested by assessors

7 SNS ICS Large distributed system based on the Experimental Physics and Industrial Control System (EPICS) framework EPICS is developed by a collaboration across many laboratories and used for integrated control at US DOE labs and many others worldwide EPICS provides a flexible, layered architecture and integrates a variety of front end platforms This scalable, distributed architecture allows new devices, capability, functionality to be added as needed Emphasis on commercial, configurable, collaborative solutions

8 Protection Systems Two systems provide protection functions apart from the ICS Communication from protection systems to the ICS provides integrated status to operators but is not required for required shutdown to occur Machine Protection System shuts off the beam when predefined conditions are detected that may damage the machine Personnel Protection System shuts off the beam if entry to the accelerator enclosure is attempted during beam operations

9 SNS ICS Architecture ORNL RAN FIREWALLDMZ CF CONTROL CONTROL SYSTEM NETWORK - CHANNEL ACCESS FAST PROTECT SYSTEM BEAM PERMIT SYSTEM TIMING SYSTEM MASTER FRONT END CONTROL LINAC CONTROL RING CONTROL TARGET CONTROL PERSONNEL PROTECTION SYSTEM PPS SENSORS, CONTROL ELEMENTS, CONTROLLERS FRONT END SENSORS, CONTROL ELEMENTS, CONTROLLERS CF SENSORS, CONTROL ELEMENTS, CONTROLLERS RING SENSORS, CONTROL ELEMENTS, CONTROLLERS TARGET SENSORS, CONTROL ELEMENTS, CONTROLLERS LINAC SENSORS, CONTROL ELEMENTS, CONTROLLERS OPI SERVERS FIREWALL ORNL FIREWALL

10 SNS ICS Isolation Isolated behind a firewall with limited exemptions No wireless access points on ICS network DMZ allows limited remote access for authorized staff using three factor authentication Read-only access is provided inside ORNL System is run in isolation mode (air gapped) when ORNL experiences elevated cyber security threats –No remote access or monitoring –Control and monitoring from dedicated control room only Controls system data –Includes code and real-time process variable values –No sensitive, confidential, classified or PII

11 SNS ICS System Administration System is administered in partnership with ORNL ITSD staff –Linux machines – Controls Group –Windows machines and network – ITSD System leverages ITSD cyber services and experts –UCAMS – passwords –ORNL external firewall –Two factor authentication –Intrusion Detection System –System log monitoring and analysis –Cyber incident response and investigation

12 SNS ICS Cyber Security Challenge is to achieve the proper balance between meeting control system requirements and keeping system secure Many specialized devices are needed to control unique accelerator subsystems –Devices generally do not offer cyber protection mechanisms available in typical enterprise IT solutions Access limited to authorized, trained staff –Accelerator operators and physicists –Accelerator subsystem support technicians and engineers

13 Assessment Assessment team –Reviewed provided documents and PCAP data –Interviewed ORNL ITSD and SNS staff –Toured facilities –Conducted wireless assessment

14 Review Summary Overall the HFIR network is in good shape but there is room for improvement SNS is doing a good job of securing their systems and equipment The decision to align controls with NIST Special Publication 800-82, Guide to Industrial Control System (ICS) Security puts SNS and HFIR on the right track to providing consistent, verifiable security The wireless assessment of the SNS facility did not turn up any unknown access points. Unknown access points were identified on the HFIR network

15 Opportunities for Improvement - SNS Until moving to a tool for maintaining the PLC logic files, extra care should be taken to verify any changes in the PLC logic before it is put into use Move the logbook status entries behind the password system already in place or enforce policy to restrict sensitive information from being placed on the publicly readable logbook The EPICS system should have some form of security assessment performed

16 External Website

17 Relevant Enterprise Recommendation Use digital signatures to verify that an e-mail is legitimate for functions like authorizing Prox card access

18 Conclusion Announcement of the upcoming review motivated us to take a more careful look at our cyber security provisions We were able to make some improvements based on our self assessment Improved self imposed policies and formalized existing practices ICS-CERT good resources for free on-line tools and training

Download ppt "ORNL is managed by UT-Battelle for the US Department of Energy Cyber Security Assessment of the SNS ICS Karen S. White 10/18/15."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
Confidential & Proprietary to Cooper Compliance Corporation Revised September 8, 2014 AUDiT-READY TM.

Confidential & Proprietary to Cooper Compliance Corporation Revised September 8, 2014 AUDiT-READY TM.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.

What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.
<<Date>><<SDLC Phase>>

<<Date>><<SDLC Phase>>
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Kevin R Perry August 12, 2014. Part 1: High Level Changes & Clarifications.

Kevin R Perry August 12, Part 1: High Level Changes & Clarifications.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Controls for Information Security

Controls for Information Security
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Similar presentations

Ads by Google