Presentation is loading. Please wait.

Presentation is loading. Please wait.

Siemens Openlab Major Review February 2012 PLCs Security Author: Filippo Tilaro Supervised by: Brice Copy.

Similar presentations


Presentation on theme: "Siemens Openlab Major Review February 2012 PLCs Security Author: Filippo Tilaro Supervised by: Brice Copy."— Presentation transcript:

1 Siemens Openlab Major Review February 2012 PLCs Security Author: Filippo Tilaro Supervised by: Brice Copy

2 2 PLC Security project phases Initial Phase 2009 Security standards analysis: IT standards do not suit for PCS: different performances, availability, network architecture … ISA-99 standards as reference standard Lack of pragmatic guidelines to secure PCSs Not finished yet Design & Report 2010 Design of the test-bench tools evaluation & development Test-bench validation and report ISA-Secure Embedded Device Security Assurance Certification Development 2011 Fulfilling the ISCI-CRT requirements: Integration of the CRT tests into the ‘Test-bench for Robust of Industrial Equipments’ (TRoIE) Releasing to Siemens a complete test definition set and implementation to be deployed and reproduced in Siemens Labs Starting speaking about Codenomicon tests (Protos fuzzer) Openlab Major Review Report February 2012

3 3 Fuzzing Test Generator Openlab Major Review Report February 2012 Target Customized Peach Fuzzing Framework Grammars INPUTGEN.  Generation and forging of any kind of communication load  Translate experts’ knowledge into grammar rules  Definition of proprietary and even not-existing protocols  Scalable in terms of:  Testing files  Protocol testing behavior (state-machine, mutation strategies)

4 4 ISCI Communication Robustness Test certification fulfilling  Integration of the CRT test cases into the TRoIE test-bench  Extension of the CRT for not covered protocols  5 security testing phases:  Discover Protocol Functionalities and Attack Surface  Storms and Maximum Load Tests  Single Field Injection  Combinatorial Fields Injection  Cross State Fuzzing (for stateful protocols) Openlab Major Review Report February 2012

5 5 Test-bench Reproducibility 3-Layers Architecture Extended Peach Framework REST Web Service Reverse Proxy & Access Control Client JSON  Authentication to run a test  Built-in invariant test definitions  No specific security knowledge  OS Compatibility Openlab Major Review Report February 2012

6 6 PLC I/O Monitoring Target Waveforms Comparison Feedback Control System:  No synchronization issues  Reduced PLC Scan Cycle for a best timing resolution Requirements:  3 sec period:1 sec High, 2 sec Low  PLC waveform generation  20 msec resolution  Parametric threshold jitter Openlab Major Review Report February 2012

7 7  Test-bench release & Expertise transfer to Siemens (Dec 2011)  Installation, configuration, Documentation  Next Steps:  Proprietary Network protocols testing (S7,PROFINET), Software applications, libraries and APIs, System I/O modules  Multi-Protocols (Man-in-the-middle) layer testing  PLC internal status monitoring  Extending to the supervision level: SCADA system like PVSS, OPC-UA… Openlab Major Review Report February 2012 Conclusions

8 Siemens Openlab Major Review February 2012 Step7 Openness, PVSS Security, Virtualization Author: Omer Khalid Supervised by: Renaud Barillere

9 Step7 Deployment - I  Step 7 / Totally Integrated Automation:  Software development environment to develop software for PLC’s that interfaces with the industrial equipment.  Aim: To bring-in modern software engineering capabilities to Step7 product line:  Step7 Deployment To automate the deploy Siemens software on engineering workstations; Scalability: from small (10’s of machines) to large (100’s of machines); Easy and flexible to deploy, fast refresh rate 9Openlab Major Review Report February 2012

10 Step7 Deployment - II  Status: Completed  All milestones has been achieved and delivered. Verified and confirmed by Siemens.  Value for Siemens:  Final strategy is implemented by Siemens in v12 of TIA.  TIA portal can now be deployed in automated fashion using 3 rd party standard software inventory management software.  Approach:  Three strategies validated through prototyping Reported in detail in previous major review Nutshell: either using chained MSI’s or SIA engine  Meets short term, medium and long terms objectives and product development plans of Step7 software  Criteria: integration with Siemens existing software tools. 10Openlab Major Review Report February 2012

11 Step7 Security  Stuxnet worm  Detected in June 2010.  Attack method (0-day exploit against windows, fake certificates, rootkit, DLL replacement)  Software Security  New topic was added to the project in Jul/Aug 2010 Market survey conducted – mostly source code based analysis Binary code based analysis identified to complement existing source code based analysis –BitBlaze and Veracode selected as test candidates  Status: Completed  Initial testing/prototyping  Siemens continues in-house 11Openlab Major Review Report February 2012

12 PVSS Security  Objective  Improve the SCADA security and system robustness  Strategy  Identifying vulnerability areas and their associated risks – including test use cases  Determine key cyber security aspects from CERN standpoint, Taking Siemens/ETM input  Evaluate risks and use cases identified, and prototype to investigate vulnerabilities  Security Areas:  Access Control, Data Integrity and Confidentiality, Auditing and Logging, Updating and Patching, Network Resource Availability  Status: SCADA recommendation document prepared and submitted to SCADA section. Openlab Major Review Report February 2012

13 Virtualization  Objective:  Evaluate and deploy engineering applications on private cloud infrastructure.  Process:  Various private cloud tool kits evaluated OpenNebula, Eucalyptus, Vmware vSphere  Performance of applications benchmarked For distributed and shared storage For high and low load deployment.  Outcome:  A private cloud infrastructure deployed PVSS developers using it extensively for application development.  Results related to infrastructure performance were published in a paper in ICALEPCS 2011 conference. 13Openlab Major Review Report February 2012

14 14  Khalid O., Sheikh A., Copy B., “Optimizing Infrastructure for Software Testing and Deployment for Engineering Applications", 13th International Conference on Accelerator and Large Experimental Physics Control Systems, Grenoble, France. Oct 2011.  Khalid O., “OpenNebula cloud for Engineering applications, OpenNebula Blog, Nov, 2011  Tilaro F., "Cyber security analysis for industrial control systems", CERN Computing Newsletter, 2010.  Tilaro F., Copy B., "Industrial Devices Robustness Assessment and Testing against Cyber Security Attacks", 13th International Conference on Accelerator and Large Experimental Physics Control Systems, Grenoble, France. Oct 2011.  Tilaro F., "Testbench for Robustness of Industrial Equipments (TROIE)", CERN, 2009  Copy B., Tilaro F., ”Standards Based Measurable Security For Embedded Devices” ICALEPCS 2009 Publications Openlab Major Review Report February 2012


Download ppt "Siemens Openlab Major Review February 2012 PLCs Security Author: Filippo Tilaro Supervised by: Brice Copy."

Similar presentations


Ads by Google