1 / 13

Control Systems Security Working Group Report

Public Release. Control Systems Security Working Group Report. CIPC Meeting Denver, CO September 2005 Tom Flowers. CSSWG Activities Since D.C. August 10, 2005 Meeting in St. Louis (20) 2005 Work Plan Review & 2006-7 Initiatives Review NSTB Liaison Initiatives

viveka
Download Presentation

Control Systems Security Working Group Report

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Public Release Control Systems SecurityWorking Group Report CIPC Meeting Denver, CO September 2005 Tom Flowers

  2. CSSWG Activities Since D.C. August 10, 2005 Meeting in St. Louis (20) • 2005 Work Plan Review & 2006-7 Initiatives • Review NSTB Liaison Initiatives - Mitigation of 2004 Top Ten Vulnerabilities - AGA – 12 Testing at SNL & PNNL • Security Guideline Information Security - Encryption (Email) • Liaison Reports • CSSWG Business Processes

  3. CSSWG Activities Since D.C. 2005 Work Plan Review & 2006-7 Initiatives • Ongoing 2005 Deliverables -(SG) Information Security – Encryption (Email) -(RD) 2005 Top 10 Vulnerabilities & Mitigations • 12 emerging priorities in control system security identified • Top Four under consideration: -(RD) “Zero Day” event detection/correlation (2006) -(SG) Physical & Cyber Incident Response (2006) -(RD) Wireless (802.11+) use in SCADA (2007) -(SG) Information Security – SCADA (2007)

  4. CSSWG Activities Since D.C. Review NSTB Liaison Initiatives • Mitigation Strategies for 2004 Top Ten Vulnerabilities “Potential Mitigation Strategies for theTop 10 Vulnerabilities Identifiedby NERC CSSWG” Discussion draft for the NERC CSSWG Meeting August 10, 2005 St. Louis, MO

  5. 2. Poorly designed Control System Networks that 1) fail to compartmentalize communication connectivity with corporate networks and other entities outside of the Control System electronic security perimeter; 2) fail to employ sufficient “defense in depth” mechanisms; 3) fail to restrict “trusted access” to the control system network; and 4) rely on “security through obscurity” as a security mechanism. • Foundational • Implement electronic perimeters. Disconnect all unnecessary network connections. • Intermediate • Implement concentric electronic perimeters. Use a completely autonomous network with no shared resources with non-control system networks. • Advanced • Implement virtual LANs, private VLANS, intrusion prevention, anomaly detection, smart switches, etc.

  6. 3. Misconfigured operating systems and embedded devices that allow unused features and functions to be exploited. Untimely implementation of software and firmware patches. Inadequate testing of patches prior to implementation. • Foundational • Conduct inventory. Ensure sufficient training of personnel responsible for component configuration and maintenance. • Intermediate • Evaluate and characterize applications. • Patch management process: Hardware, firmware, software. Maintain full system backups and have procedures in place for rapid deployment and recovery. Maintain a working test platform and procedures for evaluation of updates prior to system deployment. • Advanced • Active vulnerability scans. (Caution: recommend use of development system so that on-line control systems are not compromised during the scan.) Disable, remove, or protect unneeded or unused services/features that are vulnerable.

  7. CSSWG Activities Since D.C. Review NSTB Liaison Initiatives • AGA – 12 Testing at SNL & PNNL “AGA - 12 Testing by the National SCADA Test Bed Program” Discussion draft for the NERC CSSWG Meeting August 10, 2005 St. Louis, MO

  8. Scope • Evaluate commercial versions of devices built to the American Gas Association (AGA)-12 Part 2 standard in a laboratory setting • A variety of tests will be conducted using a representative assortment of equipment • Serial communication focus • Not formally approving nor certifying any devices: • But will publish test environment, suite of tests performed, and test results • Goal is to provide an environment that represents typical electrical industry installations

  9. Elements • Equipment to be tested • Common test elements • Baseline tests • Functionality tests • Interoperability tests • Fail-over tests • Stress tests • Cryptographic security tests

  10. CSSWG Activities Since D.C. Information Security - Encryption (Email) • Re-energize the effort • Re-constitute the team • May not be ready by December CIPC meeting

  11. CSSWG Activities Since D.C. Liaison Reports • ISA (Flowers) • PCSF/I3P/O&G (Flowers & Holstein) • Telecom (Leffler) • IEC/IEEE (Klein) • Roadmap (Kenchington)

  12. CSSWG Activities Since D.C. CSSWG Business Processes • Voting members • Associate members • Review participation over the last year - Finding (1) Asset Owner/Operator participation must be increased while preserving a quorum or (2) Relax quorum requirements

  13. CSSWG Activities Since D.C. From CIPC EC Report in Long Beach: • WG/TF Chairs and EC are reviewing assignment of CIPC members to WG/TFs • ensure adequate resources are in place to achieve deliverables • ensure appropriate contribution of asset owners/operators • balance contribution by individual CIPC members

More Related