This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
FRANK HOHLBAUM, 2020-05-13
Cyber SecurityABB's cyber security end to end solution for Grid Automation
Security assessment &
monitoring
Backup & recovery
Security updates & hardening
Malware protection
Procedures & policies
Perimeter protection
May 13, 2020
Rough timeline
Some Significant Events
May 13, 2020 Slide 2
Threat level increasing over time
December 2015Ukraine distribution System
December 2017Trisis malware
October 2017NotPetya malware – Ukraine DHS/FBI Russia warning
June 2017NotPetya attack - Maersk
July 2017FBI/DHS warning US Energy Facilities - WCNOC
December 2016Ukraine Transmission System
December 2014DHS Alert – ICS a Target - Black Energy
March 23, 2018DOJ Charges 9 Iranians
March 16, 2018Russian Gov’t targeting Energy and CI
March 1999Melissa
August 2005 USEnergy Policy Act
August 2016NIS Directive
March 19, 2019Norway's Norsk Hydro Hit by 'Extensive' Cyberattack
International standards1
Regulations in Europe, US & Qatar
Cyber security regulations
May 13, 2020 Slide 5
NERC-CIP
– Regulation in USA and Canada
– Utilities have to be compliant with NERC CIP Version 5 by April 1, 2016
Energiewirtschaftsgesetz (EnWG) currently in forced
– Implement state-of-the-art security controls
– Report incidents.
EU Directive
– EU wide baseline cyber security obligation approved on July 6th 2016. “Market operators" have adequate technical and organizational security measures in place and report incidents
– National governance have to transport this EU directive into national laws (End 2018)
UAE: National Electronic Security Authority (NESA)
– UAE national cyber security standard
– The standard focuses on business continuity and risk management
– Quite similar to ISO27001
Increasing cyber security regulations
Technical & Management Related Aspects
Cyber Security Standards
May 13, 2020 Slide 6
Technical Aspects
– IEC62351 & IEEE 1686 are mainly relevant for ABB as manufacture
– Grid Automation products and solution has many cyber security features in place to support these standards
Management Aspects
– IEC62443 (former ISO99), NERC-CIP and ISO27000 addresses the processes of an organization
– Grid Automation service agreements can support the customer to maintain the security
Compliance has various aspects
IEC62443
Procedures and processes2
Cyber security layered architecture
May 13, 2020
Station LAN
Engineering
Workstation
Computer HMI
Network Control CenterMaintenance Center
Firewall
VPN
Gateway
GPS
Time Server
Physical Security perimeter
Electronic Security perimeter
IEC 61850 / Station bus
IEC 61850 / Process bus
Unauthorized
Person
Network disturbance,
malware, Cyber attacks
Unauthorized
Person
Infected
Notebook
Infected
Mobile
data
storage
USB
Data storm by a
Faulty Device
Concept summary
Grid Automation Cyber Security
May 13, 2020 Slide 10
– ABB proposes the following cyber security approach
– Secure system architecture
– Product and system hardening
– Defence in depth approach to address the cyber security challenges
– Service offering to keep the cyber security over the lifetime
Defence in depth
Cyber security throughout the entire product and system lifecycle
Cyber Security
13 May 2020 Slide 11
DesignImplementationVerificationReleaseSupport
Product
OperationMaintenanceReviewUpgrade
DesignEngineeringFATCommissioningSAT
Project
Service
ABB maintains a Secure Development Lifecycle & applies stringent Minimum Cyber Security Rules
Cyber security throughout the entire product and system lifecycle
13 May 2020 Slide 12
Cyber Security
Development Installation and Testing Operation
Prepare
Realise
VerifySecurity Testing
Secure design
Secure code
Threat Modelling
Developer Security Training
Security Testing
Secure configuration
Security Policy
System Security
Assessment
Project Security Training
Incident Handling
Monitoring & Audits
Security Architecture Maintenance
Patch Management Platform
React
Detect
Protect
Backup and Restore
Cyber Security Training
ABB’s Minimum Cyber Security Requirements
Products Systems Services
ABB Cyber Security Requirements
May 13, 2020 Slide 14
Product Security Requirements
Minimum cyber security requirements that must be fulfilled by all ABB products, e.g.
– Device Security Assurance Center Testing (robustness testing++)
– Removal of backdoor accounts and hardcoded credentials
– Malware prevention
– Hardening
– End-user documentation
– Vulnerability Handling
– Patch Management
Project Deployment Requirements
Minimum cyber security requirements that must be fulfilled by all ABB projects, e.g.
– Project security plan
– Training for project employees
– Malware prevention
– Hardening
– Removal of temporary accounts and services
– Patch Management
Service Delivery Requirements
Minimum cyber security requirements that must be fulfilled by all ABB services, e.g.
The full spectrum of mission critical communications from generator to grid
ABB mission critical communications portfolio offers long lasting support for utilities and renewables, whilst also delivering on the critical infrastructure requirements and applications
Tropos Tropos
System Data Manager SDM600
May 13, 2020 Slide 25
SDM600 in a nutshell
A comprehensive software solution for automatic management of service and cyber security relevant data across your substations.
See the unseen from a new perspective
Data Management Cyber SecurityManagement
Service and Maintenance
System Data Manager SDM600
May 13, 2020 All SDM600 functionality is based on open standards and allows to integrate ABB and 3rd party products (except RTU500 specific functionality)Slide 26
Product overview
RTU500 Configuration an
Firmware File management.
Automatically collect, store and provide evaluation for disturbance recorder files
Provide centralized User Account Management and security logging
Retrieve and manage Service and Maintenance relevant data
Disturbance Recorder Data Management
Disturbance Recorder Data
Evaluation
Central User Acount
Management
Tracking Software and Configuration
Versions
Central Cyber Security Logging
RTU500 Configuration and
Firmware File management.
Account Management
Substation Automation Cyber Security Offering
May 13, 2020 Slide 28
– System wide user management
– Role based access control (RBAC) according IEC 62351-8
– Enforce password policies
– For Relion 670/650 2.1 and newer, Windows PCs, MicroSCADAPro, RTU500 R12.4 and any RADIUS capable device.
– In accordance with IEC62443, NERC CIP and BDEW whitepaper requirements
Central user account management
Security Logging & Monitoring
Substation Automation Cyber Security Offering
May 13, 2020 Slide 29
– Store user activities and other security events from IEDs or system level components
– Integration of any device using Syslog protocol (UDP and TCP)
– Integration of Windows computers (converting Windows Event Logs)
– Categorization of unknown events based on rules
– Built in visualization and reporting
– Integrate SDM600 into an existing event logging system
System wide cyber security event logging using SDM600
Product & System Hardening
Substation Automation Cyber Security Offering
May 13, 2020 Slide 30
– Remove unused software and users
• Only needed software, services, tools and users are implemented in the system, everything that that is not needed is removed or disabled
– Firewall and anti virus
• Firewall is enabled and configured, anti virus is installed and updated through DMZ server
– Application Whitelisting is configured
– Restricted Users
• Each user has only access to the data and tools that are needed to perform the job
– Patch update
• WSUS Server is installed on the DMZ servers and can update all computers of the system
System Hardening
4 Product features
Cyber security in Relion® 670
May 13, 2020
Defense in depth
- Through the different releases of the Relion® 670 series we’ve added new security features to the product series
- This enhances the defense in depth for our users
Evolution of 670 series
- Local account management
670 series 1.1 - Local account management
- Denial of Service protection
670 series 1.2
- Local account management
- Denial of Service protection
- Secure communication
- Self-signed certificates
- Activity logging
670 series 2.0
- Local account management
- Central account management
- Denial of Service protection
- Secure communication
- Self-signed certificates
- Signed certificates
- Activity logging
670 series 2.1
- Local account management
- Central account management
- Denial of Service protection
- Secure communication
- Self-signed certificates
- Signed certificates
- Activity logging
- Ethernet configuration
- Firewall
- Restore points
670 series 2.2
2007 2010 - 2012 2014 2015 2017 - 2019
5 Services offering
Service Portfolio
13 May 2020 Slide 37
Cyber Security Care - Defense in depth, six layers of protection
We are enabling smarter system protection
Security assessment
& monitoring
Backup & recovery
Security updates & hardening
Malware protection
Procedures & policies
Perimeter protection
Above needs and challenges have historically been addressed in silos The total overview and end-to-end control is naturally limited
Industrial Security Center
Industrial Security Center – A managed Security ServiceMay 13, 2020 Slide 39
IT-Department
• Service continuity
• Cyber secure
• Protected Network & Applications
• Regulatory and Standards Compliant
Asset Management & Safety
• Operational Technology
• Business/ operational continuity
• Availability/Reliability
• Safety
• Risk
• Regulatory compliant
• Digitalized
Physical Security
• Limit risks to people
• Business/ operational continuity
• Protect values
• Compliance
Security needs in the Power Networks sector differ across domains
Target Solution Industrial Security Center
Industrial Security Center
Industrial Security Center – A managed Security ServiceMay 13, 2020 Slide 40
Support the Power Network sector to fulfillsecurity regulations, and manage the new total security threat in a more effective manner both regarding time & cost
A Global Security Partnership for the Power Network sector:
OT Operation
Cyber Defence
Physical Security
Ambition is to improve the total industrial security
Physical
Cyber
OTIT
SOC
Partners
An Integrated Managed Detection and Response Service for Critical Assets
Industrial Security Center
May 13, 2020 Industrial Security Center – A managed Security ServiceSlide 41
Continuous Vulnerabilityand Behavioral AnalysisOT IDSOT/IT Health MonitoringThread Intelligence
AC substation
Detect
Respond
Security Center
Customer reference: vertically-integrated power utility, UK
Cyber Security Assessment
May 13, 2020 Slide 46
During cyber security workshop with key technical and management people cyber security improvements identified
ABB solution: Cyber security workshop and assessment
Improve cyber security of the system and keep the system up to date
Customer requirement
– Create security zones between control center and substations
– Update existing XP computers
– Install antivirus + application white listing
– Harden all computers
– Update RTUs to the latest version
– Maintain the security of the system
ABB solution
—
ABB Grid Integration solutions help to balance the demand created by new electricity consumers entering ports with traditional and renewable power generation by enabling a stronger, smarter and greener port grid.
Patrick FragmanManaging Director,ABB, Power Grid, Grid Integration
—Cyber security request are increased
—ABB Grid Automation has an end to end
offering
—Large number of security features are
available in the products and solutions
—Service offering is available to keep the
security level over life time
Cyber SecuritySummary
End to end solution for Grid Automation
Cyber security isn’t a single problem, with one solution. It’s an on-going battle, and ABB provides a range of products and services that can help protect your network, and the equipment connected to it from the evolving threats emanating from the world.