© ABB | Slide 1 March 22, 2016 MicroSCADA Pro Seminar Mikael Molander, ABB Grid Automation, Jakarta 2016 Cyber security in control and monitoring system
© ABB
| Slide 1March 22, 2016
MicroSCADA Pro SeminarMikael Molander, ABB Grid Automation, Jakarta 2016
Cyber security in control and monitoring system
© ABB
| Slide 2March 22, 2016
Cyber security in control and monitoring systemWhy is cyber security an issue?
Isolated
devices
Point to point
interfaces
Proprietary
networks
Standard
Information and
Communication
Technology
Inter-
connected
systems
Distributed
systems
Modern automation, protection and control systems
leverage commercial IT components (switches, computers, software, …)
use standardized, IP based communication protocols
are distributed and highly interconnected
use mobile devices and storage media
Cyber security in control and monitoring systemVulnerabilities in control systems
Industrial Control Systems Cyber Emergency Response
Team (ICS-CERT) analyse control system related incidents
Since 2010 the vulnerabilities in control system are
increasing
© ABB Group
March 22, 2016 | Slide 3
Cyber security in control and monitoring systemVulnerabilities in control systems
ICS-CERT: Incidents by sector
© ABB Group
March 22, 2016 | Slide 4
© ABB
| Slide 5March 22, 2016
Cyber security in control and monitoring systemTargets
Power companies
‒ Power plants,
utilities,
distributors
Mining companies
‒ Mines, processing
plants
Oil and gas companies
‒ Refineries,
research centers,
distributors
Public administration
‒ Cities, hospitals,
airports
Critical targets
© ABB
| Slide 6March 22, 2016
Cyber security in control and monitoring systemIn the news
Cyber security in control and monitoring systemCyber security and robustness threats
© ABB Group
March 22, 2016 | Slide 7
Physical Security Perimeter
Electronic Security Perimeter
Network disturbance,
malware, Cyber attacks
Electronic
perimeter protection
Unauthorized
Person
Security measures
Physical perimeter
protection
Infected
Mobile
data
storage
Infected
Notebook
Data storm by a
Faulty Device
Unauthorized
Person
Defense in depth
© ABB
| Slide 8March 22, 2016
Cyber security in control and monitoring systemWhat are potential consequences?
Potential consequences
Health, safety and environmental impacts
Plant downtime, loss of production
Loss of production data
Loss of consumer data (SmartGrids)
Impact to business success
Blackout in North America (2003)
Not a cyber attack
45 million people without power
Blackout lasted 2 days (up to 7 days in
remote areas)
At least 10 people died
Estimated costs of 6 billion US$
Stuxnet (2010)
Targeted cyber attack
100.000+ hosts infected
Delayed nuclear program of Iran by
estimated 1-2 years
Estimated costs for Control System
Vendor unclear
Cyber security in control and monitoring systemStandards and their scope
© ABB Group
March 22, 2016 | Slide 9
Energy
Industrial Automation
IT
Design Details
Completeness
IEC62443
NIST 800-53
IEC 62351
NE
RC
CIP
Operator Manufacturer
ISO 27K
Technical
aspects
Details of
Operations
Relevance
for Manufacturers
IEEE P 1686
Cyber security for substation automation Systematic approach to ensure cyber security
© ABB Group
March 22, 2016 | Slide 10
ABB has identified cyber security as a key requirement and is
committed to providing our customers with products, systems and
services that clearly address this issue
ABB takes a systematic approach to cyber security through its
operations on a global level. For instance, ABB has established
the power systems security council to
keep track of the global needs and requirements concerning
cyber security
to drive proactive R&D effort to support future trends, and
ensure fast and efficient security improvements
ABB’s mission statementCyber security - Addressed throughout the system life cycle
© ABB Group
March 22, 2016 | Slide 11
Cyber security not only as a single, one-time activity, but is an integrated part of different phases of the product and system life cycle
from early design and development
to testing and commissioning
and processes supporting products and systems in operations both now and in the future
One key element of this process is our independent robustness test center, where all our products are tested using current state-of-the-art security testing tools
ABB is also constantly extending and improving security-related organizational processes such as vulnerability handling
ABB’s cyber security initiatives
• Centralized security testing center
guarantees a common and best
practice robustness testing of all
products
• Regular regression tests on ABB
products and systems ensure a high
level of robustness against cyber
security attacks
Product and System Hardening
ABB’s cyber security activities Cyber security robustness tests
© ABB Group
March 22, 2016 | Slide 13
Cyber security
tests in robustness
test center
System
robustness
test in SVC
External
security
assessment
Before Gate 4 each product is being verified
SVC regularly performs cyber security system test
External security assessment
Development
tests
Regular security functional tests during development phase
Cyber security for substation automation Vulnerability handling and response
ABB has a Cyber security response system to handle
security vulnerabilities and incidents
Customers and other stakeholders can contact ABB to
report any security issue
E-mail: [email protected]
Cyber security alerts and notifications related to our
products and systems are published in this Web page
http://www.abb.com/cybersecurity
© ABB Group
March 22, 2016 | Slide 14
User account management (Local and
central)
Role based access control
Password policy enforcement
Logging of security events
Encrypted communication
Firewalls
Patch management process
Malware protection / anti-virus
System hardening
Security Deployment Guideline
Supports applicable standards such as
NERC-CIP and IEEE 1686
MicroSCADA ProCyber security capabilities
© ABB Group March 22, 2016 | Slide 15
© ABB
| Slide 16March 22, 2016
© ABB
| Slide 18March 22, 2016
Cyber security in control and monitoring systemSYS600 and DMS600
We aim at reducing complexity and make cyber security manageable
Security Guide has explanations and instructions for all needed changes
Hardening of servers and workstations
First BIOS settings, Microsoft updates and removing unused programs
Other hardening easily using new tool ”ABB Security Compliance Manager”
‒ Auditing the computer and operating system
‒ Log page gives all the results
‒ Enforcing hardening actions for several categories
Note: Custom baselines can be created to
allow additional software e.g. to firewall rules.
© ABB
| Slide 19March 22, 2016
SYS600 / SYS600CCyber security in control and monitoring system
SYS600 / SYS600C supports the following:
User account management
Role based access control
Password policy enforcement
Local logging of security events
Built-in VPN
Built-in firewall
Patch management process in place
Malware protection using anti-virus
SYS600 / SYS600C has been hardened,
unused services have been closed.
Deployment guideline available.
Supports NERC-CIP and IEEE 1686 standard.