130 likes | 273 Views
Public Release. Control Systems Security Working Group Report. CIPC Meeting Denver, CO September 2005 Tom Flowers. CSSWG Activities Since D.C. August 10, 2005 Meeting in St. Louis (20) 2005 Work Plan Review & 2006-7 Initiatives Review NSTB Liaison Initiatives
E N D
Public Release Control Systems SecurityWorking Group Report CIPC Meeting Denver, CO September 2005 Tom Flowers
CSSWG Activities Since D.C. August 10, 2005 Meeting in St. Louis (20) • 2005 Work Plan Review & 2006-7 Initiatives • Review NSTB Liaison Initiatives - Mitigation of 2004 Top Ten Vulnerabilities - AGA – 12 Testing at SNL & PNNL • Security Guideline Information Security - Encryption (Email) • Liaison Reports • CSSWG Business Processes
CSSWG Activities Since D.C. 2005 Work Plan Review & 2006-7 Initiatives • Ongoing 2005 Deliverables -(SG) Information Security – Encryption (Email) -(RD) 2005 Top 10 Vulnerabilities & Mitigations • 12 emerging priorities in control system security identified • Top Four under consideration: -(RD) “Zero Day” event detection/correlation (2006) -(SG) Physical & Cyber Incident Response (2006) -(RD) Wireless (802.11+) use in SCADA (2007) -(SG) Information Security – SCADA (2007)
CSSWG Activities Since D.C. Review NSTB Liaison Initiatives • Mitigation Strategies for 2004 Top Ten Vulnerabilities “Potential Mitigation Strategies for theTop 10 Vulnerabilities Identifiedby NERC CSSWG” Discussion draft for the NERC CSSWG Meeting August 10, 2005 St. Louis, MO
2. Poorly designed Control System Networks that 1) fail to compartmentalize communication connectivity with corporate networks and other entities outside of the Control System electronic security perimeter; 2) fail to employ sufficient “defense in depth” mechanisms; 3) fail to restrict “trusted access” to the control system network; and 4) rely on “security through obscurity” as a security mechanism. • Foundational • Implement electronic perimeters. Disconnect all unnecessary network connections. • Intermediate • Implement concentric electronic perimeters. Use a completely autonomous network with no shared resources with non-control system networks. • Advanced • Implement virtual LANs, private VLANS, intrusion prevention, anomaly detection, smart switches, etc.
3. Misconfigured operating systems and embedded devices that allow unused features and functions to be exploited. Untimely implementation of software and firmware patches. Inadequate testing of patches prior to implementation. • Foundational • Conduct inventory. Ensure sufficient training of personnel responsible for component configuration and maintenance. • Intermediate • Evaluate and characterize applications. • Patch management process: Hardware, firmware, software. Maintain full system backups and have procedures in place for rapid deployment and recovery. Maintain a working test platform and procedures for evaluation of updates prior to system deployment. • Advanced • Active vulnerability scans. (Caution: recommend use of development system so that on-line control systems are not compromised during the scan.) Disable, remove, or protect unneeded or unused services/features that are vulnerable.
CSSWG Activities Since D.C. Review NSTB Liaison Initiatives • AGA – 12 Testing at SNL & PNNL “AGA - 12 Testing by the National SCADA Test Bed Program” Discussion draft for the NERC CSSWG Meeting August 10, 2005 St. Louis, MO
Scope • Evaluate commercial versions of devices built to the American Gas Association (AGA)-12 Part 2 standard in a laboratory setting • A variety of tests will be conducted using a representative assortment of equipment • Serial communication focus • Not formally approving nor certifying any devices: • But will publish test environment, suite of tests performed, and test results • Goal is to provide an environment that represents typical electrical industry installations
Elements • Equipment to be tested • Common test elements • Baseline tests • Functionality tests • Interoperability tests • Fail-over tests • Stress tests • Cryptographic security tests
CSSWG Activities Since D.C. Information Security - Encryption (Email) • Re-energize the effort • Re-constitute the team • May not be ready by December CIPC meeting
CSSWG Activities Since D.C. Liaison Reports • ISA (Flowers) • PCSF/I3P/O&G (Flowers & Holstein) • Telecom (Leffler) • IEC/IEEE (Klein) • Roadmap (Kenchington)
CSSWG Activities Since D.C. CSSWG Business Processes • Voting members • Associate members • Review participation over the last year - Finding (1) Asset Owner/Operator participation must be increased while preserving a quorum or (2) Relax quorum requirements
CSSWG Activities Since D.C. From CIPC EC Report in Long Beach: • WG/TF Chairs and EC are reviewing assignment of CIPC members to WG/TFs • ensure adequate resources are in place to achieve deliverables • ensure appropriate contribution of asset owners/operators • balance contribution by individual CIPC members