Presentation on theme: "The Tofino Security Industrial Solution Making the Control System Intrinsically Secure."— Presentation transcript:
The Tofino Security Industrial Solution Making the Control System Intrinsically Secure
Agenda 1.Who Turned Out the Lights? Making the Case for Control System Security 2.Plugging the Holes Understanding Defence-in-Depth Security 3.The Tofino Industrial Security Solution Creating Intrinsically Secure Control Systems 4.Questions & Answers
Who Turned Out the Lights? Making the Case for Control System Security
The Incident in Harrisburg, PA ýOct a foreign-based hacker (via Internet) infiltrates the laptop of an employee at the Harrisburg water system. ýUses the employees remote access as the entry point into the SCADA system. ýThe hacker then installs malware and spyware in a SCADA HMI computer.
But It Wont Happen to My System… Most public utilities rely on a highly customized SCADA system. No two are the same, so hacking them requires specific knowledge. Scott Berinato;Debunking the Threat to Water Utilities CIO Magazine March 15, 2002
Security Incidents in the Water Industry ýSalt River Project SCADA Hack ýMaroochy Shire Sewage Spill ýSoftware Flaw Makes MA Water Undrinkable ýTrojan/Keylogger on Ontario Water SCADA System ýViruses Found on Auzzie SCADA Laptops ýAudit/Blaster Causes Water SCADA Crash ýDoS attack on water system via Korean telecom ýPenetration of California irrigation district wastewater treatment plant SCADA. ýSCADA system tagged with message, "I enter in your server like you in Iraq."
Security Incidents in the Oil Industry ýElectronic Sabotage of Venezuela Oil Operations ýCIA Trojan Causes Siberian Gas Pipeline Explosion ýAnti-Virus Software Prevents Boiler Safety Shutdown ýSlammer Infected Laptop Shuts Down DCS ýVirus Infection of Operator Training Simulator ýElectronic Sabotage of Gas Processing Plant ýSlammer Impacts Offshore Platforms ýSQL Slammer Impacts Drill Site ýCode Red Worm Defaces Automation Web Pages ýPenetration Test Locks-Up Gas SCADA System ýContractor Laptop Infects Control System
Security Incidents in the Chemical Industry ýIP Address Change Shuts Down Chemical Plant ýHacker Changes Chemical Plant Set Points via Modem ýNachi Worm on Advanced Process Control Servers ýSCADA Attack on Plant of Chemical Company ýContractor Accidentally Connects to Remote PLC ýSasser Causes Loss of View in Chemical Plant ýInfected New HMI Infects Chemical Plant DCS ýBlaster Worm Infects Chemical Plant
Security Incidents in the Power Industry ýSlammer Infects Control Central LAN via VPN ýSlammer Causes Loss of Comms to Substations ýSlammer Infects Ohio Nuclear Plant SPDS ýIranian Hackers Attempt to Disrupt Israel Power System ýUtility SCADA System Attacked ýVirus Attacks a European Utility ýFacility Cyber Attacks Reported by Asian Utility ýE-Tag Forgery Incident in Power PSE ýPower Plant Security Details Leaked on Internet
Risking It All on the Great Wall Why Security Solutions Fail
The Bastion Model of Security ýA popular solution for industrial security is to install single firewall between business and the control system. ýKnown as the Bastion Model since it depends on a single point of security. ýOther examples of the bastion model: The Great Wall of China The Maginot Line
A Few Incorrectly Configured Firewalls… ýStudy of 37 firewalls from financial, energy, telecommunications, media, automotive, and security firms... Almost 80 percent of firewalls allow both the "Any" service on inbound rules and insecure access to the firewalls. These are gross mistakes by any account. A quantitative study of firewall configuration errors Avishai Wool, " IEEE Computer Magazine, IEEE Computer Society, June 2004
The Bastion Model Doesn't Work ýThe Slammer Worm infiltrated a: Nuclear plant via a contractors T1 line; Power utility SCADA system via a VPN; Petroleum control system via laptop; Paper machine HMI via dial-up modem. ýFirewalls existed in at least three of these cases. * Industrial Security Incident Database June 2006
Pathways into the Control Network Infected Laptops Mis-Configured Firewalls Control LAN Plant Network Office LAN Internet Unauthorized Connections External PLC Networks Infected Remote Support RS-232 Links Modems
How the Bad Guys Get In… ýCorporate WANs & Business Networks ýDirectly from the Internet ýTrusted third parties ýInfected laptops being connected to the PCN
Plugging the Holes Creating Defense in Depth Security Strategies
A Perimeter Defence is Not Enough ýWe cant just install a control system firewall and forget about security. ýThe bad guys will eventually get in. ýSo we must harden the plant floor. ýWe need Defence in Depth. Crunchy on the Outside - Soft in the Middle
Defence-in-Depth Strategy ýBy defense-in-depth strategy, we mean the protection measures composed of more than one security control to protect the property. ýBy the use of this kind of multi-layer measures, another layer will protect the property even if one layer is destroyed, so the property is protected more firmly. Yokogawa Security Standard of System TI 33Y01B30-01E
The Solution in the IT World ýYour desktop has flaws so you add security software: Patches Personal Firewalls (like ZoneAlarm) Anti-Virus Software Encryption (VPN Client or PGP) ýThis is a good idea for PCs in the control system… ýBut you cant add software to your DCS, PLC or RTU…
Distributed Security Appliances ýAdd hardware instead - a security appliance designed to be placed in front of individual control devices (such as PLC, DCS, RTU etc). ýProtects the control device from any unauthorized contact, probing, commands, etc.
Distributed Security Appliances Distributed FW DCS Controllers Cluster of PLCs Infected HMI Business/Control System Firewall Business Network Internet Firewall Internet Infected Business PC Internet Attacks Distributed FW Layer 5 Defence (Enterprise) Layers 3/4 Defence (Control System) Layers 1/2 Defence (Device) DMZ SCADA RTU
The Tofino Industrial Security Solution Creating Intrinsically Secure Control Systems
The Tofino Architecture IDS Module Being Loaded to Appliance PLC Controllers Cluster of DCS Controllers SCADA RTU HMI Station Router Tofino Central Management Platform Tofino Appliance Monitoring DCS Network Status Being Sent to CMP Corporate Intranet Tofino Appliance Protecting PLC
Tofino Security Appliance ýIndustrially hardened hardware appliances. ýInstalled in front of individual and/or networks of HMI, DCS, PLC or RTU control devices that require protection.
Tofino Loadable Security Modules ýLSMs are software plug-ins providing security services such as: Firewall, Intrusion detection system (IDS), VPN encryption. ýEach LSM is downloaded into the security appliance to allow it to offer customizable security functions, depending on the requirements of the control system. ýThe Firewall LSM is available now. ýOthers will be released through 2008.
Tofino Central Management Platform ýThe CMP is a Windows-based centralized management server. ýProvides database for monitoring, supervision and configuration of each security appliance.
Key Tofino Features Intrinsically Secure Designed for Industry
Form Factor and Robustness ýHardware specifications: Temperature -40C to 70C Dual Power Supply ýForm factor similar to common I/O or barriers DIN Rail Mount Ethernet Ports Serial Port Option (Q2 2008) Dual VDC Dual Digital Inputs Secure USB Ports
Zero Configuration Deployment Model ýField technician need do no more than: Attach the firewall to the DIN Rail Attach instrument power Plug in network cables Walk away… ýTofino is completely transparent to the process network on startup.
Simple to Operate ýPlug security appliance onto the control network in front of a PLC, DCS or HMI station: Select the appropriate device from a central database where each devices protocols and vulnerabilities are recorded. Guides administrator to load appropriate rules to protect that specific device.
Intuitive Rule Generator Preconfigured to block known device flaws Globally control specific types of communications Create a list of devices that can talk to a protected device and allowed protocols
Functionality for Control Protocols ýAvailable Now: Tofino filters all major control protocols: MODBUS/TCP Ethernet/IP (Rockwell) GE-Fanuc Honeywell Yokogawa Emerson Mitsubishi PI OPC And Many More!
Functionality for Control Protocols ýQ2 2008: Options to filter specific control protocols in depth ýExample: User can specify what MODBUS functions are allowable: Allow Register Read cmds to safety system Drop all Write Registers cmds
Administration and Global Management ýOne management station can monitor and manage hundreds of firewalls, deployed in remote locations. ýReports with encrypted heartbeat (like a fieldbus) to report status and events.
More Than Just a Firewall ýLoadable Security Modules (LSM) allow multiple security functions to be deployed in one appliance. ýIn 2007 the Firewall LSM is available ýThrough out 2008 IDS and VPN/Encryption will be released ýNew modules can be deployed at any time. List of available modules for download
Sample Tofino Use Cases ýSatellite Control Networks ýProtection from Alien Control Networks ýProtection Of Safety Systems ýProtection from External Networks ýProtection from Insecure Networks ýProtection for Unpatchable Systems ýProtection of Wireless Systems ýProtection of OPC Traffic ýFuture – Full Scale Network Separation
Tofino – Intrinsically Secure ýMore than a firewall - LSMs can provide security solutions tailored to specific plant floor situations. ýDesigned with the environment, staff capabilities and needs of industry in mind. ýA truly distributed security solution, yet can be easily managed from a central location. ýFlexible enough to be used by a small plant or a multi-national organization with 1000s devices scattered around the globe.
Questions MTL Instruments Edmonton, Alberta Byres Security Inc. Lantzville, BC