Cyber Security Services · Purpose: Comply to international standards (primarily IEC62443) and ABB experience ...

PRESENTATION OF SERVICES, 2018

Svein Henry Hag en, Glob a l Prod uct Manag er

Cyber Securit y ServicesLife Cycle Manag em ent

—Guiding Principles

April 6, 2018 Slide 2

Reality

Process

Balance

Cyber security is all about risk management

There is no such thing as 100% or absolute security

Cyber security is not destination but an evolving target – it is not a product but a process

Cyber security is about finding the right balance – it impacts usability and increases cost

PUBLIC

There are no Silver bullets…

A def init ion in t he cont ext of power and aut omat ion t echno log yCyber Securit y

Ap ril 6, 20 18 Slid e 3

Measures t aken t o p ro t ect a com p ut er o r com p ut er sys t em (on t he Int e rne t ) ag a ins t unaut horized acces s o r a t t ack.*

Measures taken to protect the reliability, integrity, and availability of power and automation technologies against unauthorized access or attack

Tradit ional Power and aut omat ion t echnology

* Merriam -Web s t er d ict ionary d efinit ion

PUBLIC

Cyber Security in Power and Automation

April 6, 2018 * Merriam-Webster’s dictionarySlide 4

Why is Cyber Security an Issue?

Modern automation, protection, and control systems are highly specialized IT systems

• Leverage commercial off the shelf IT components

• Use standardized, IP-based communication protocols

• Are distributed and highly interconnected

• Use mobile devices and storage media

• Based on software (> 50% of the ABB offering is software-related)

• Increased attack surface as compared to legacy, isolated systems

• Communication with external (non-OT) systems

• Attacks from/over the IT world

Power and Automation Today Cyber Security Issues

PUBLIC

..if not - cos t o f Cyb er Crim eCyber Securit y


Eva lua t ed t he cyb er s ecurit y resp onses o f 2,182 int e rviews from 254 com p anies in s even count ries - Aus t ra lia , France , Germ any, It a ly, Jap an, Unit ed King d om and t he Unit ed St a t es where som e of t he b us ines s was ; Ind us t ria l/ m anufact uring , Financia l, Energ y, Hea lt hcare , Com m unica t ion, Transp ort a t ion and Technology. • $2.4 m illion averag e cos t o f m a lware a t t ack sp end and t he t op

cos t t o com p anies• 50 d ays averag e t im e t o reso lve a m a licious ins id ers a t t ack• 23 d ays average t im e t o reso lve a ransom ware a t t ack

Global st udy

Source : Ponem on Ins t it ut e – 20 17 COST OF CYBER CRIME STUDY

..if not -> t yp ica l find ing sCyber Securit y


– Cyb er crim es cont inue t o ris e fo r o rg aniza t ions– Cyb er crim e cos t varies b y o rg aniza t iona l s ize– All ind us t ries fa ll vict im t o cyb ercrim e , b ut t o d iffe rent d eg rees– The m os t cos t ly cyb er crim es a re t hos e caus ed b y m alicious ins id ers , d enia l o f s e rvices and web -b as ed a t t acks– Cyb er a t t acks can g e t cos t ly if no t res o lved q uickly– Bus ines s d is rup t ion rep res ent s t he hig hes t ext e rna l cos t , fo llowed b y t he cos t s as s ocia t ed wit h info rm at ion los s– Dep loym ent o f s ecurit y int e llig ence s ys t em s m akes a d iffe rence

PUBLIC

—

April 6, 2018 Slide 7

This is not “fake news”…

Attacks are real and have an actual safety, health, environmental, and financial impact

PUBLIC

Cyber Security in Power and Automation

April 6, 2018 Slid e 8

Cyber Securit y Services wit h lif ecycle management

– Safe op era t ions from ABB Collab ora t ion Cent er– Increased up t im e – avo id ing shut d owns / ensure

m ore s t ab le op era t ion – 10 yea rs exp erience wit h op era t o r p a rt nership – Com p liance wit h int e rna t iona l bes t p ract ices

• ISA/ IEC 62443

Benefit s

ABB is actively participating in establishing best practices as part of international industry standards

PUBLIC

Service quadrantCyber Securit y Lif e Cycle Management


Service port f olioCyb er Securit y Benchm ark

Cyb er Securit y Fing erp rint

Cyb er Securit y As s es s m ent

Securit y Pa t ch Manag em ent

Malware Pro t ect ion Manag em ent

Us er & Acces s Manag em ent

Backup and Recovery Manag em ent

Net work Securit y Manag em ent

Cyb er Securit y Monit o ring

Sys t em Securit y Manag em ent

Cyb er Securit y Maint enance

Cyb er Securit y Ris k As s es s m ent

Com p liance Manag em ent

PUBLIC

Complet e life cycle o f p ro t ect ionHow can ABB help our cust omers?

Ap ril 6, 20 18• * Current ly b e ing d evelop ed• ** Planned t o b e d eve lop edSlid e 10

Prot ect

Know where t o f ix

First ident if ying what needs t o be prot ect ed

Perform Benchm arks , Fing erp rint s o r as s es s m ent s

Know how and what t o f ix

Implement securit y solut ions f or prot ect ion

Our cyb er s ecurit y s e rvice p ort fo lio p ro t ect s your s ys t em from int rus ion

Abilit y t o det ect

Monit or t o not if y breaches and vulnerabilit ies

Cont inuous s ecurit y m onit oring t o p red ict unwant ed Incid ent s

Ident if y Det ect Respond Recover

Abilit y t o help

Respond t o help if compromised

We can offe r on d em and incid ent res p ons e and s ched uled m aint enance

Abilit y t o rest orat ion

Proper backup and recovery

Ens ures t ha t you have a m aint a ined b ackup s ys t em wit h recovery fea t ures

We will d e liver cyb er s ecurit y s ervices acros s ABB’s s cop e of sup p ly AND acros s our cus t om ers ’ flee t

Diagnose Design & Implement Sust ain

..how can we prot ect our syst ems? ->Mult i-p has e ap p roachCyber Securit y Lif e Cycle Management


Im p lem entDiag nos e Sus t a in

Cyb er Securit y Lifecycle Manag em ent is es t ab lished t o m aint a in inform at ion s ecurit y fo r crit ica l p roces s cont ro l sys t em s .

Purp ose : Com p ly t o int e rna t iona l s t and ard s (p rim arily IEC62443) and ABB exp erience

Why: Prevent unaut horized acces s , use , d is rup t ion or m od ifica t ions t ha t can lead s t o d es t ruct ion of t he cont ro l sys t em

What : Have d efined s ervices t o sup p ort op era t ors t o m aint a in hig h leve ls o f cyb er s ecurit y in t he ir d a ily rout ines

PUBLIC

Det ermine cyber securit y st at usCyber Securit y Lif e Cycle Management


Diag nos e

Collect ion inform at ion ford efined cyb er KPIs

Det erm ine s t a t us and com p ly itwit h int e rna t iona l s t and ard s , cus t om er p olicy andreq uirem ent s and ABB exp erience

This p hase is recom m end ed forcus t om er sys t em s in op era t ions

• Dat a

• Collect

• St ore

• View

• Analyze

• Int erp re t

• Rep ort

PUBLIC

Fill t he gaps ident if ied in t he diagnose phaseCyber Securit y Lif e Cycle Management


Im p lem ent

Cyb er Securit y Guid e lines 10 0 - Securit y Po licy 10 1 - Securit y Des ig n Sp ecifica t ion 10 2 - Ant ivirus Soft ware 10 3 - Pa t ch Manag em ent 10 4 - Secure Default Set t ing s & Hard ening 10 5 - Acces s & Account Manag em ent 10 6 - Backup & Recovery 10 7 - Plant Net work Top o logy 10 8 - Secure Rem ot e Acces s 10 9 - Sys t em Connect ivit y 110 - Securit y Monit o ring & Diag nos t ics

PUBLIC

Im p lem ent a t ion of s ecurit y so lut ions

Securit y up d a t e o f sys t em s

Prep ara t ion fo r lifecycle m aint enance

Maint ain performance improvement sCyber Securit y Lif e Cycle Management


Sus t a in

Service ag reem ent s a re t a ilo red t o fit cus t om er need s . They can includ e everyt hing from securit y m onit o ring wit h incid ent resp onse t o s ched ule m aint enance

OGC Care

Site service desk

Shared work

processes

Integrated roles

Scheduled services

PUBLIC

Summary – Mult ip has e ap p roachCyber Securit y Lif e Cycle Management


DiagnoseMeasure p erfo rm ance g apForecas t b enefit sDeliver act ion p lan

ImplementFix p erfo rm ance g apIm p lem ent s e rvicesDefine m onit o r p lan

Sust ainSecurit y m onit o ringSched uled m a int enance Incid ent resp onse

Service

Increased Performance

DiagnoseMeas ure p erform ance g apForecas t b enefit sDeliver act ion p lan

1

ImplementFix p erform ance g ap

Im p lem ent s ervicesDefine m onit or p lan

2

SustainManag e p erform ance g apSched uled m a int enance

3PUBLIC

April 6, 2018 Slid e 16

Des crip t ion o f s ervices

DiagnoseCyber Securit y Fingerprint & Benchmark


Provid es a com p rehens ive view of your s it e ’s cyb er s ecurit y s t a t us . Id ent ifies s t reng t hs and weaknes ses fo r d efend ing ag a ins t an a t t ack wit hin your p lant ’s cont ro l sys t em s . Red uces p o t ent ia l fo r sys t em and p lant d is rup t ions . Increases p lant and com m unit y p ro t ect ion. Sup p lies a so lid found a t ion from which t o b uild a sus t a inab le cyb er s ecurit y s t ra t eg y.

Overview

PUBLIC

DiagnoseCyber Securit y Assessment


In-d ep t h survey t o ob t a in d e t a iled info rm a t ion ab out – t he sys t em infra s t ruct ure– t he e ffect ivenes s and s t a t us o f exis t ing cyb er s ecurit y

m easures– Policies & Proced uresThe a s ses sm ent is ca rried out b y ABB in close coop era t ion wit h t he cus t om er and wit hin a clea rly d efined s cop e o f work.Collect ed d a t a is com p ared ag a ins t ind us t ry b es t p ract ices and s t and a rd s t o d e t ect weaknes ses wit hin your sys t em ’s d efense .Pinp o int s a reas t ha t req uire act ion t o he lp p ro t ect your sys t em b y ensuring it has m ult ip le layers o f s ecurit y.Prop oses a so lut ion t ha t will m a int a in t he sys t em 's cyb er s ecurit y a t b es t -p ract ice leve ls

Overview

PUBLIC

ImplementSecurit y Pat ch Management


Mod ern op era t ing sys t em s and em b edded soft ware o ft en need t o b e p a t ched t o d efend aga ins t em erg ing t hrea t s . Efficient p a t ch m anag em ent is an es sent ia l p a rt o f any s ecurit y p o licy, b ut one t ha t is o ft en neg lect ed .

This s e rvice includes im p lem ent a t ion o f m anag em ent sys t em s t ha t hand le s ecurit y up d a t es fo r t hird p a rt y so ft ware (e .g . Microsoft o r Ad ob e p rod uct s ). Service can include :– Pa t ch q ua lifica t ion– Pa t ch d e livery (online o r o ffline)– Pa t ch d ep loym ent

Overview

PUBLIC

ImplementMalware Prot ect ion Management


A com m on t hrea t t o cont ro l sys t em s is t he infect ion wit h m a lware , o ft en g eneric m a lware circula t ing on t he Int e rne t b ut a lso t a rg e t m a lware fo r cont ro l sys t em s . Com m on ant i-virus so lut ions a re a p a rt o f t he s ecurit y a rchit ect ure recom m ended b y ABB.ABB exp ert s s ecure your p ower and aut om at ion sys t em s wit h ind us t ry-s t andard m a lware and int rus ion p ro t ect ion so lut ions , like ant i-virus p ro t ect ion. This s e rvice includ es im p lem ent a t ion o f m anag em ent sys t em s t ha t hand le m a lware p ro t ect ion.Service can include :– AV s ig na t ure up d a t es q ua lifica t ion– AV s ig na t ure up d a t es d e livery (online)– AV s ig na t ure up d a t es d ep loym ent

Overview

PUBLIC

ImplementBackup and Recovery Management


If t he wors t d oes hap p en, and cyb er-a t t ack o r na t ura l d is a s t e r s t rikes , t hen ABB’s b ackup and em erg ency resp onse s e rvices enab le a rap id recovery t o norm a l op era t ions .This s e rvice includes im p lem ent a t ion o f m anag em ent sys t em s t ha t hand le b ackup and res t o re .ABB’s b ack-up so lut ions ensure t he int eg rit y, and ava ilab ilit y, o f crit ica l d a t a and t he sys t em , no m a t t e r wha t hap p ens t o t he o rig ina l.

Overview

PUBLIC

ImplementNet work Securit y Management


Firewa lls p ro t ect t he p erim et er o f a ne t work ag a ins t out s id er int rus ion.

ABB’s m anag ed firewa ll s e rvice ensures your p erim et er p ro t ect ion is act ive ly m onit o red and m a int a ined .

Seg reg a t ed ne t works a llows fo r an eas ie r enforcem ent o f t he p rincip le o f lea s t p rivilege on a ne t work com m unica t ion leve l. Also , it is crucia l t o cont a in p o t ent ia l incid ent s t o a d efined sub sys t em and t o p revent a s ing le b reach o f s ecurit y t o sp read t hroug hout t he ent ire sys t em and int o o t her sys t em s .

A well-des igned s ecurit y p o licy will s ep a ra t e t he ne t work int o d is t inct , cont ro lled zones , p ro t ect ed b y int e rna l firewa lls t o ensure t ha t a com p rom ised s e rver d oesn’t m ean com p rom is ing t he ent ire ne t work.

Overview

PUBLIC

ImplementUser & Access Management


Im p lem ent ing user account s and acces s rig ht s is t he recom m ended m echanism t o enforce t he p rincip le o f lea s t p rivilege on t he user leve l. Defining user acces s rig ht s and user p o licies , a re a ll im p ort ant m easures .

Typ ica l user d efinit ions t o b e im p lem ent ed a re account s o f t he p roces s cont ro l sys t em , d em ilit a rized zone and fo r rem ot e work.

This s e rvice g ives t he cus t om er p eace o f m ind t ha t users o f t he sys t em a lways have t he ap p roved and re levant acces s rig ht s .

Overview

PUBLIC

Sust ainCyber Securit y Monit oring


Id ent ifies , cla s s ifies and he lp s p rio rit ize op p ort unit ies t o im p rove t he s ecurit y o f your cont ro l sys t em b y com p aring d a t a co llect ed ag a ins t ind us t ry b es t p ract ices and s t and a rd s t o d e t ect s ecurit y vulnerab ilit ies .

Feat ures:– Aut om at ic, non-invas ive d a t a g a t hering

– Proact ive ana lys is o f KPIs t o d e t ect p os s ib le s ecurit y weaknes ses

– On-d em and ana lys is

– On-s it e o r rem ot e acces s fo r s it e p ersonne l and ABB exp ert s

– Config urab le a le rt s (loca lly and e -m a il)

Overview

PUBLIC

Sust ain Syst em Securit y Management

Ap ril 6, 20 18 * Und er d eve lop m entSlid e 25

Monit o r and p ro t ect your OT (Op era t iona l Technology) ne t works from ad vanced cyb er s ecurit y t hrea t s from a s ecurit y op era t ion cent e r.

Feat ures:– 24/ 7 s ecurit y m onit o ring and ana lys is o f s ecurit y event s

– Manag ed IDS p la t fo rm

– On-d em and securit y ana lys is and rep ort ing

– Incid ent resp onse

– Threa t Int e lligence *

– Asse t Manag em ent *

Overview

PUBLIC

Sust ainCyber Securit y Maint enance


ABB exp ert s s ecure your p ower and aut om at ion sys t em s .

Perfo rm reg ula r m a int enance t o keep your sys t em up d a t ed fo r b es t p os s ib le p ro t ect ion.

– Up d a t e t he sys t em wit h s ecurit y p a t ches– Maint a in you ant ivirus so lut ion– Make sure t he b ackup so lut ion is working – Maint a in your firewa lls and swit ches– Make sure your sys t em users have t he rig ht acces s p rivileges

Overview

PUBLIC

Consult ingCyber Securit y Risk Assessment


This s e rvice cont a ins an IEC 62443 b ased p roces s fo r p erfo rm ing a s ecurit y risk a s ses sm ent s . The a s ses sm ent sha ll im p rove t he s ecurit y o f t he p rod uct s and sys t em s , p erfo rm a t hrea t s / risks b ased s ecurit y s t a t us eva lua t ion and a p lan fo r p rio rit izing t he t hrea t s / risks fo r t he cont ro l sys t em .

Risk a s ses sm ent id ent ifies and q ua lit a t ive ly a s ses ses risk an o rg aniza t ion is exp osed t o

Securit y a s ses sm ent checks com p liance wit h g iven req uirem ent s , e .g . from int e rna l, na t iona l o r int e rna t iona l s t and a rd s o r reg ula t ions

Overview

Ris k

PUBLIC

Consult ingCompliance Management


Wit h t his s e rvice , a com p liance review of a cont ro l sys t em is p erfo rm ed in accord ance wit h t he IEC 62443-3-3 Sys t em Securit y Req uirem ent s and Securit y Leve ls s t and a rd . This p a rt o f t he IEC 62443 s e ries sp ecifies t he req uirem ent s fo r t he s ecurit y cap ab ilit ies o f an Ind us t ria l Aut om at ion and Cont ro l Sys t em (IACS) a s a whole .

Review Eva lua t e whet her t he a s se t owner’s t a rg e t s ecurit y leve l (SL-T) req uirem ent s have b een m et b y t he Ind us t ria l Aut om at ion and Cont ro l Sys t em (IACS) so lut ion, Id ent ifies s ecurit y g ap s , Defines a s ecurit y road m ap t o reso lve is sues .

Overview

Com p liance

PUBLIC

Cyber securit y is included in..Cyber Securit y Lif e Cycle Management


– Des ig n– Im p lem ent a t ion– Verifica t ion– Release– Sup p ort

– Des ig n– Eng ineering– FAT– Com m iss ioning– SAT

– Op era t ion– Maint enance– Review– Up g rade

Cyber Securit y f rom t he beginning t o t he end

Product Lif ecycle Project Lif ecycle Plant Lif ecycle Service Lif ecycle

OGC Care

Site service desk

Shared work

processes

Integrated roles

Scheduled services

PUBLIC

Value proposit ionCyber Securit y Lif e Cycle Management


Customer’s peace of mind Safet y and int egrit y

• Enhances risk m it ig a t ion ag a ins t a cyb er s ecurit y a t t ack

• Im p roves sys t em ava ilab ilit y• Increases p lant p ro t ect ion• Im p roves p rod uct ion and eq uipm ent up t im e • Help s ensure com p liance wit h int e rna t iona l s t and a rd s

and cus t om er’s int e rna l s ecurit y p o licy

PUBLIC

Services d elivered from a Glob a l Service o rg aniza t ionABB Abilit y Collaborat ive Operat ions


PUBLIC

Global Core Compet ency cent er for cyber securit yABB Abilit y Collaborat ive Operat ions


Service port f olio

Cyb er Securit y Benchm ark

Cyb er Securit y Fing erp rint

Cyb er Securit y As s es s m ent

Securit y Pa t ch Manag em ent

Malware Pro t ect ion Manag em ent

Us er and Acces s Manag em ent

Backup and Recovery Manag em ent

Net work Securit y Manag em ent

Cyb er Securit y Monit o ring

Sys t em Securit y Manag em ent

Cyb er Securit y Maint enance

Securit y Ris k As s es s m ent

PUBLIC

Secure and ef fect ive access t o t he syst ems t hrough remot e workABB Abilit y Collaborat ive Operat ions


ABB Collab ora t ion Cent re 's wit h rem ot e m onit o ring & op era t ion room s .

PUBLIC

Why ABB? One vendor! One Solut ion st ack t oday and for t he fut ure !Cyber Securit y Lif e Cycle Management


Diagnose Implement Sustain

Protect and D

efend

ABB is active in establishing best practices as part of international industry standards like ISA/IEC 62443.

Design Install and configureThreat intelligence and

Training

Assess system health System deliveryScheduled maintenance and

Incident response

Benchmark & Fingerprint Fix performance gapsSecurity monitoring and

remote support

PUBLIC

TopologyCyber Securit y Lif e Cycle Management


PUBLIC

Cont act info rm a t ionCyber Securit y Lif e Cycle Management


Sup p ort :ABB Cont act Cent er – Norway

Phone: +47 22 87 20 0 0

E-m ail: cont act .cent e r@no .ab b .com

http://www.abb.com/cawp/seitp161/f0e786bb9b8d9f81c1257b0100706f7f.aspx

mailto:[email protected]?subject=Web%20inquiry

mailto:[email protected]

Cyber Security Services · Purpose: Comply to international standards (primarily IEC62443) and ABB experience ...

Documents