Gestionando la Cyber Seguridad para Sistemas de Control Industrial
Donde estamos? Page 2
Convergencia IT & OT Brief overview of the convergence between OT and IT (Source: EY) Page 3
IT vs OT: Tecnología y Procesos Los sistemas de IT Los sistemas de OT Solo procesan datos Procesan datos y administran dispositivos Incluyen servidores, dispositivos de red, impresoras, estaciones de trabajo, etc. Además de servidores, dispositivos de red, y estaciones de trabajo, incluyen los PLCs, controladores, convertidores, y los dispositivos que colectan y distribuyen datos Page 4
IT vs OT: Prioridades de los principios de seguridad IT 1 Confidencialidad OT 1 Disponibilidad 2 Integridad 2 Integridad 3 Disponibilidad 3 Confidencialidad Page 5
Mitos de la seguridad de SCI No estamos conectados a Internet Estamos seguros porque tenemos un firewall Los hackers no entienden SCADA / DCS / PLC Nuestra fábrica no es un objetivo Nuestro sistema de seguridad nos va a proteger. Page 6 CSEC Limited
Desafíos de seguridad en OT Convergence wit h IT Transfer of technologies and evolution schemes from IT to OT, together with all related issues. OT will have, or already have introduced Internet connectivity, mobile devices access, etc. OT world Legal Regulat ions Specific regulatory guidance imposed by governments for in some sectors which will be moving towards formal regulatory oversight due to importance of the subject to national critical infrastructures. Cyber Crime Increasing number of attacks on critical infrastructure control systems such as SCADA all over the world resulting in power outages, destruction of equipment etc. New Technologies Implementation of technologies like Smart Grid, causes current OT environments to change in order to provide new functionalities and increase the level of data exchange resulting in increased production effectiveness. Page 7
Page 8 Estamos seguros? Ver: map.norsecorp.com
Entendiendo los desafíos de la Cyber Security El mundo digital ofrece muchos beneficios y oportunidades, aunque los riesgos han sido subestimados. Para reconocer los desafíos actuales y entender que se necesita hacer para estar por delante de los cyber criminales, las organizaciones necesitan pensar sobre las siguientes cuatro áreas: Page 9
Incremento de los ataques Aumento exponencial en el número de ataques de Malware En 2014-16, Total 202,322 ataques SCADA en Finlandia, 69,656 en el UK, y 51,258 en los US Page 10
Incremento de los ataques (Cont.) Page 11
Ahead of the threat (Complicate, Detect, Respond and Sustain) Page 12
Cuando la seguridad de los SCI falla! $$$.$$ Page 13
Riesgos de Seguridad de SCI Page 14
Factores que incrementan los riesgos Convergencia con IT Nuevas tecnologías Amenazas Requerimientos del negocio Tecnologías heredadas Responsables Page 15
Vulnerabilidades de ISA 99 son reales e impactan en casi todas las organizaciones Page 16
Typical OT Architecture Corporate Zone Mail Servers Corporate Servers Web Servers OSI PI Server Desktop 1 Laptop 1 Mobile Device 1 Wireless Router Corporate Firewall (FW1) Internet Adore Network, Noida IT Firewall CCTV Security Monitoring Zone Plant Interface Zone No off Mesh NW and Secure OT land scape Industrial OT Firewall Single point failure and Week Configuration No PDC /SDC,AV,Patch Management,SIEM,HIDS/ HIPS,Centtral Backup server, Jump box Adore Main Server (Access data from PI server) Text OPC Inspector Industrial Firewall Switch Printer Remote Maintenance and Web server Primary Domain PI Server Controller SEIM IDS / IPS SW1 & SW2 UCB 10-50, Toshiba DCS, Micro SCADA Process Control Zone OPC Com Adore Webserver UCB -Operator Workstations MER ( Unit 00-50) CCR( Unit00-50) OW (W1) OW(W2) Firewall Securing Ancillary Control systems Controllers EW (W1) AM(W2) Controllers ( Unit 10-50) CSA server WEB server PI Server Secured communication Patch Server AV Server Historian server PADO Server Asset Mgmt Server Controllers MTK/ BTK OW (W1) OW (W2) Secured communication Adore Web client WS1 Adore Web client WS2 DCS Field Layer Page 17 P PLC T DCS (D1) Field Layer P DCS (D2) F I PLC P1 T F I F I Safety PLC P2 F I FI DCS (D1) Intelligent Transmitter DCS (D2) F I PLC P3 F I HART HART Transmitter Transmitter Legend Leading practice Plant information Network Fiber Optic WirelessHART Ethernet Wireless
Problemas de seguridad y debilidades observadas CCR / UCB/ MER ( Unit 00-50 ) PIN Network OW ( W 1 ) OW ( W 2 ) DCS control system Controllers ( Unit 10-50) DCS (D1) DCS (D2) FBM 233 Secure Zone Ancillary control system Host Device All Communication Traffic Unauthorized Traffic Authorized Traffic Control Device Page 18
Problemas de seguridad y debilidades observadas (Cont.) Page 19
Quién puede explotar las vulnerabilidades del SCI? Page 20
Como aseguramos los Sistemas de Control Industrial? No tenemos Balas de Plata! Email server IDS IT Stuff Internet Enterprise Network VPN FW Proxy AV IPS Scan Host IPS Host AV Log Mgmt Control Network IT Stuff Event Mgmt FW IPS NAC Reporting 62351 Host IDS Host AV VPN FW VPN P1711 IDS FW AV Scan Field Site NAC Field Site Field Site Partner Site Page 21
Protegiendo el SCI Page 22
Defendiendo el SCI Protección de Perímetro en las Utilidades Firewall IDS/IPS Client VPN Site-to-site VPN DMZ Proxy Network AV Host IDS/IPS NAC Page 23
Corporate Zone RM&D Network Typical Secured OT Architecture Mail Servers Corporate Servers Web Servers OSI PI Server Desktop 1 Laptop 1 Mobile Device 1 Wireless Router Corporate Firewall (FW1) Internet IT Firewall CCTV Security Monitoring Zone Plant Interface Zone RM&D Main Server (Access data from PI server) Industrial OT Firewall OPC Inspector Text Industrial Firewall Switch Printer Remote Maintenance and Web server Primary Domain PI Server Controller SEIM IDS / IPS SW1 & SW2 UCB 10-50, Toshiba DCS, Micro SCADA Process Control Zone OPC Com RM&D Webserver UCB -Operator Workstations MER ( Unit 00-50) CCR( Unit00-50) OW (W1) OW(W2) Firewall Securing Ancillary Control systems Controllers EW (W1) AM(W2) Controllers ( Unit 10-50) CSA server WEB server PI Patch AV Historian Server Server Server server Secured communication PADO Server Asset Mgmt Server Controllers MTK/ BTK OW (W1) OW (W2) Secured communication RM&D Web client WS1 RM&D Web client WS2 DCS Field Layer P PLC T DCS (D1) Field Layer P DCS (D2) F I PLC P1 T F I F I Safety PLC P2 F I Global OT Advisory Services Center in Poland FI DCS (D1) Intelligent Transmitter DCS (D2) F I PLC P3 F I HART HART Transmitter Transmitter Legend Leading practice Plant information Network Fiber Optic WirelessHART Ethernet Wireless
Estándares y Guías NCIIPC NERC CIP IEC 62443 ISO 27001 NIST 800 Page 25
technology process organization How EY can help? Our OT Services Oil refining How does OT operate? Is it secure? Is it efficient? Does it meet business requirements? What actions to undertake and how, in order to make OT operate as good and as secured as it can? How to implement necessary solutions within given constraints and without disturbing the production? Assessment Improvement design Implementation & sustainment Oil and gas transformation Energy production Energy transmission Fuel storage and mass redistribution Architecture Designing, implementing and helping manage best architectures and technological solutions to run and optimize industrial processes business decisions Strategy and Effectiveness Developing OT Strategies and integrating them with business strategies, optimizing OT management processes, introducing mature OT governance models, managing cooperation between IT and OT Chemical production Water treatment Automated conveyors Robotic manufacturing Transportation Security Comprehensively securing clients critical control and automation systems, following best industrial standards such as ISA99, NIST 800-82 or API 1164 Information Insight Advanced analytics and business reporting of Big Data coming from production systems and devices, aiming at: e.g., efficiency improvement, predictive maintenance or quality Healthcare and life sciences Page 26
Q&A
Contacto Felipe Sotuyo Blanco Ing. en Computación CISA, CISM, CRISC, PMP felipe.sotuyo@uy.ey.com fsotuyo@gmail.com Page 28
Muchas gracias CSEC Limited