1 / 55

Integrating IT & OT: Design Challenges in Critical Infrastructure Security

Explore the importance, challenges, and future scenarios of integrating IT and OT in critical infrastructure security. This interactive lab discusses real-world integration scenarios, traditional approaches, and the impact of cloud technology. Learn about the convergence of IT and OT and why secure integration is crucial in today's complex systems.

jotero
Download Presentation

Integrating IT & OT: Design Challenges in Critical Infrastructure Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Integrating IT & OT:Design Challenges in Critical Infrastructure Security LAB2-W12 Security Research and Software Engineer Tripwire @Lane_Thames Lane Thames

  2. root@localhost> whoami Lane Thames • Vulnerability and Exposure Research Team (VERT) • Background • PhD, Electrical and Computer Engineering (Georgia Tech) • IT • Software Development • Cybersecurity

  3. root@localhost> whoami

  4. Lab Objectives – Key Topic Areas • What is IT/OT integration • Why is IT/OT integration important? • Where is IT/OT integration happening? • How should IT/OT integration work? • Real-world Integration Scenario • Simulation based on traditional integration approaches • Future-world Integration Scenario • Simulation based on the needs of the very near future where the cloud will impact IT and OT in ways yet to be understood, but converging rapidly around us

  5. Lab Format • Interactive, Interactive, Interactive • We will be considering two different integration scenarios. • Problems, solutions, and design challenges will be discussed interactively from the IT and OT perspectives. • First scenario will be based on a common situation • Second scenario will extend the first, but based on near future technologies

  6. Lab Objectives – Key Topic Areas • What is IT/OT integration • Why is IT/OT integration important? • Where is IT/OT integration happening? • How should IT/OT integration work? • Real-world Integration Scenario • Simulation based on traditional integration approaches • Future-world Integration Scenario • Simulation based on the needs of the very near future where the cloud will impact IT and OT in ways yet to be understood, but converging rapidly around us

  7. Introduction and Overview • Some important questions: • What is this idea of IT and OT Integration? • What is critical infrastructure and why should I care about its (in-)security? • What security standards, processes, and frameworks should I adopt?

  8. Introduction and Overview • Some Definitions: • Information Technology (IT): • “Information technology covers computer and communication systems that support corporate functions such as finance, HR, supply chain, order management and sales. These functions tend to be common across industries. Software applications in IT are people centric, and endpoints are managed by human actors using computing devices”* • Objective: Information Assurance • *Source: Industrial Internet Consortium (http://www.iiconsortium.org/IISF.htm)

  9. Introduction and Overview • Some Definitions: • Operational Technology (OT): • AKA: Operations Technology • “Operations Technology (OT) is a combination of hardware and software that collects information or causes changes in the physical world through the direct monitoring and control of physical devices in industrial contexts. Operations technology covers systems that deal with the physical transformation of products and services. They tend to be task-specific, and are often highly customized for specific industries. Endpoint control, unlike IT systems, is highly automated and rarely requires user interaction.” * • Objective: Mission Assurance • *Source: Industrial Internet Consortium (http://www.iiconsortium.org/IISF.htm)

  10. Introduction and Overview • Some Definitions: • Critical Infrastructure • "The assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.“ • "It provides the essential services that underpin American society and serve as the backbone of our nation's economy, security, and health.“ • Includes sectors such as Chemical, Communications, Manufacturing, Financial, Transportations, etc. (16 defined sectors) • Source: Department of Homeland Security (https://www.dhs.gov/what-critical-infrastructure)

  11. What is IT/OT Integration (Convergence)? Current State of the Art

  12. What is IT/OT Integration (Convergence)? Next Generation: Networks Of Cyber Physical Systems

  13. Lab Objectives – Key Topic Areas • Discussion Topics: We have talked about “What”, now Why, Where, and How • Why is IT/OT integration occurring? • Where is it occurring? • How should it occur?

  14. Why you should care about secure integration Extreme System Complexity Paradigm Shifts

  15. Why you should care about secure integration Source: https://icsmap.shodan.io/

  16. Lab Objectives – Key Topic Areas • What is IT/OT integration • Why is IT/OT integration important? • Where is IT/OT integration happening? • How should IT/OT integration work? • Real-world Integration Scenario • Simulation based on traditional integration approaches • Future-world Integration Scenario • Simulation based on the needs of the very near future where the cloud will impact IT and OT in ways yet to be understood, but converging rapidly around us

  17. Integration Scenario and Case Study #1

  18. Integration Scenario and Case Study #1

  19. Integration Scenario and Case Study #1

  20. Integration Scenario and Case Study #1 • Discussion: Critical Security Controls – What are they? • "The Top 20 Critical Security Controls are a recommended set of actions for cyber defense, designed to provide specific and actionable ways to stop today’s most pervasive attacks. They were developed and are maintained by a volunteer consortium of hundreds of security experts from across the public and private sectors. An underlying theme of the Controls is support for large-scale, standards-based security automation for the management of cyber defenses."

  21. Integration Scenario and Case Study #1 • Discussion: Critical Security Controls – IT versus OT – Pros and Cons • CSC 1: Inventory of Authorized and Unauthorized Devices • CSC 2: Inventory of Authorized and Unauthorized Software • CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers • CSC 4: Continuous Vulnerability Assessment and Remediation • CSC 5: Controlled Use of Administrative Privileges • CSC 6: Maintenance, Monitoring, and Analysis of Audit Logs • CSC 20: Penetration Tests and Red Team Exercises

  22. Integration Scenario and Case Study #1 Discussion Topic: Why is the “traditional” model of securing IT/OT systems becoming outdated?

  23. Lab Objectives – Key Topic Areas • What is IT/OT integration • Why is IT/OT integration important? • Where is IT/OT integration happening? • How should IT/OT integration work? • Real-world Integration Scenario • Simulation based on traditional integration approaches • Future-world Integration Scenario • Simulation based on the needs of the very near future where the cloud will impact IT and OT in ways yet to be understood, but converging rapidly around us

  24. Cloud, IT, and OT: Do they coexist? • Important Questions: • What is the cloud? • How will it impact industrial systems and other critical infrastructure? • How do we secure it? • Cloud and OT integration? • Has been barely studied from a security perspective. • What are the implications of this integration?

  25. Cloud, IT, and OT: Do they coexist?

  26. Cloud, IT, and OT: Do they coexist? • Real-World Case Study • Based on my own experience bringing advanced manufacturing systems into a “Cloud” • MENTOR • Manufacturing Experimentation and Outreach • MENTOR is part of DARPA’s Adaptive Vehicle Make (AVM) program, a larger effort to dramatically compress development timelines for future defense vehicles, shift the product value chain toward high value-added design activities and democratize the innovation process.

  27. MENTOR - Objectives DARPA will contract multiple organizations to deploy a variety of programmable manufacturing equipment, such as 3D printers, to high schools throughout the country and orchestrate a series of prize-based challenges to encourage competition and collaboration within high school teams as they design and build cyber-electro-mechanical systems.

  28. MENTOR - Objectives Discussion: Based on these objectives, what challengesdo you see here from both an IT and OT perspective?

  29. MENTOR – Overcoming the Integration Challenge

  30. MENTOR – System Model and Architecture

  31. MENTOR – System Model and Architecture

  32. Cloud, IT, and OT: Do they coexist?

  33. Cloud, IT, and OT: What is a (the) Driving Force? Industrial Internet Internet of Things Industrial Internet of Things Industry 4.0 DATA

  34. Cloud, IT, and OT: Current Generation of the Technology Big Data Processing and Analytics • General Electric • Industrial Internet Control System Data Feeds

  35. Cloud, IT, and OT: Next Generation? CLOUD CONTROLLER Sensor Interface Actuator Interface

  36. Cloud, IT, and OT: Do they coexist? • Discussion: • What are the implications and consequences of this near-future “coexistence”? • Is it a good thing or a bad thing? • Looks look into this further by considering some paradigm shifts.

  37. Communication Paradigm Shift • Command and Control Communication Architectures (C&C) • Driving a communication paradigm shift for the Cloud • It is evolving • Exists within the IoT • It will exist in near-future Industrial Systems and other Critical Infrastructures

  38. Application Paradigm Shift

  39. Application Paradigm Shift $> sshroot\'\<img\ src\=x\ onerror\=alert\(\'ssh\'\)\>@10.11.12.13

  40. Application Paradigm Shift

  41. Integration Scenario and Case Study #2 CLOUD CONTROLLER

  42. Cloud, IT, and OT: Consequences • Discussion: • What are the consequences of the Cloud, IT, and OT as an integrated ecosystem? • What are the pros/cons of the communication paradigm shifts? • What are the pros/cons of the application paradigm shifts? • Is this a technology or people problem?

  43. Cloud, IT, and OT: What can we do to make our systems more secure?

  44. Wrap Up Final Thoughts and Discussions

  45. Applying This Knowledge • In the next week, start thinking about how IoTtechnology might impact your industrial environments. Think about the opportunities and threats that you’ll need to balance. • Within the next 6 weeks, start bridging the gap between your IT and OT units. • Develop an Integration Roadmap and Communication Standards for your organization to employ • Within the next 3 months, put your new integration plans in action.

  46. Thank you!

  47. References and Resources World Economic Forum, "Industrial Internet of Things: Unleashing the Potential of Connected Products and Services," January 2015 - http://www3.weforum.org/docs/WEFUSA_IndustrialInternet_Report2015.pdf ICS-CERT Advisories - https://ics-cert.us-cert.gov/advisories Weiss, J. 2010. Protecting Industrial Control Systems from Electronic Threats, Momentum Press Stouffer, K., Lightman, S., Pilliterri, V., Abrams, M., Hahn A., “NIST Special Publication 800-82 Revision 2 Final Public Draft: Guide to Industrial Control Systems (ICS) Security,” NIST, http://csrc.nist.gov/publications/drafts/800-82r2/sp800_82_r2_second_draft.pdf ISA-62443-3-2, Security for Industrial Automation and Control Systems - Security Risk Assessment and System Design, http://isa99.isa.org/Public/Documents/ISA-62443-3-2-WD.pdf Knapp, E., Langill, J.T., Industrial Network Security, Second Edition: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems, Syngress Knapp, E., Langill, J.T., Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems, Syngress Tripwire, "Defending Industrial Control Systems with Tripwire", https://www.tripwire.com/register/defending-industrial-control-systems-with-tripwire/ Lane Thames and Dirk Schaefer, Cybersecurity for Industry 4.0: Analysis for Design and Manufacturing, 2017, http://www.springer.com/us/book/9783319506593, Springer International Publishing, Springer Series in Advanced Manufacturuing

  48. Appendix

  49. Ongoing Interaction: Introduction to Hacking Embedded Devices Our future involves a world with Cyber Physical Systems all around us. IT/OT convergence is just one place where cyber physical systems reside. These cyber physical systems contain embedded computing devices. Understanding their security flaws can help you understand how to better protect your environment.

  50. Ongoing Interaction: Introduction to Hacking Embedded Devices The following slides correspond to an IoTHack Lab that VERT provides periodically. You can contact me (lthames@tripwire.com) to receive a download link for a Virtual Machine that my colleague Craig Young(@craigtweets) has available that you can use along with the “cheat sheet” details in the next few slides. These materials are based on Craig’s outstanding “Brainwashing Embedded Systems” training. The best way to learn about security and system vulnerabilities is to get your hands dirty doing it.

More Related