close

Вход

Забыли?

вход по аккаунту

?

H t U d th S it fth How to Upgrade the Security of the Control Systems

код для вставки
Markus Braendle, Control System Security Manager, ABB Power Systems, 2009-02-03
How tto U
H
Upgrade
d th
the S
Security
it off th
the
Control Systems You Already Own
SANS Process Control & SCADA Security Summit
В© ABB Group
February 10, 2009 | Slide 1
Content
В© ABB Group
February 10, 2009 | Slide 2
Вѓ
Use what is there
Вѓ
System hardening – the basics
Вѓ
S
System
hardening – the second step
Вѓ
Patch management
Вѓ
Flaw remediation – a lesson learned
Use what is there
Actively managing your system
Content
Use what is there
System hardening I
System hardening II
Patch management
Flaw remediation
Summary
Account Management
Вѓ
Вѓ
Вѓ
Make use of the possibility to have personal accounts
Make use of the ability to change passwords
M k use off role
Make
l based
b
d access control
t l tto limit
li it access privileges
i il
Access can be controlled from the system level down to the object level. Access
can be limited, defining for example the right to open a single valve, or start a
complete
l t boiler.
b il
ABB System 800xA for Power Generation
Monitor log files regularly
DCS/SCADA log, system event logs, security log files, etc.
Alerts Г† use and listen to them
Вѓ
Вѓ
В© ABB Group
February 10, 2009 | Slide 3
Make use of reporting capabilities of the DCS/SCADA System
Third p
party
yp
products are often able to g
generate alarm and event in the
DCS/SCADA environment
System Hardening
The basics
Content
Use what is there
All systems already deployed can be hardened
hardened.
System hardening I
System hardening II
Patch management
Servers and Workstations
Flaw remediation
Вѓ
Summary
Вѓ
Вѓ
Вѓ
Removal of unused software
Disabling unused services
Removal unused accounts
Change of default passwords
Network and other Devices
Вѓ
Вѓ
Вѓ
Disabling unused services.
services
Removal unused accounts.
Change of default passwords.
Verify your setup (on a redundant or test system)
Вѓ
В© ABB Group
February 10, 2009 | Slide 4
Various tools available for auditing, e.g. Bandolier project by
g
DigitalBond
System Hardening
The second step
Content
Use what is there
System hardening I
System hardening II
Host Based Firewalls
Antivirus software
Patch management
Flaw remediation
Intrusion Detection Systems
S
Summary
Security Management Systems
ABB supports integration with third-party Security Management Systems (SMS).
Alerts from the SMS can be picked up from Network Manager in the form of
SNMPv3 traps, providing a capability to generate events/alarms for the operator
on duty in addition to whatever notification mechanisms the SMS may support
support.
ABB Network Manager
В© ABB Group
February 10, 2009 | Slide 5
Вѓ
Have a process for updating, maintaining and monitoring
Вѓ
Deploy them correctly
Patch Management
Content
Use what is there
System hardening I
For most DCS / SCADA systems vendors have a patch
management process is in place Г† use it!
System hardening II
Patch management
Perimeter protection
Summary
ABB evaluates all Microsoft security updates for relevance and system
compatibility as they are released by Microsoft. Our goal is to
communicate the validation plan for these updates within 24 hours of the
release and publish the results of the validation within 7 days. Microsoft
Service packs will be tested against the subsequent ABB System service
pack or product release.
ABB System 800xA
Most vendors test patches on baseline systems as part
of service contracts
If that is not enough you should first test the update on a
redundant or test systems
В© ABB Group
February 10, 2009 | Slide 6
Flaw remediation
Content
Use what is there
Вѓ
I 2008 thi
In
this was on off THE hot
h t ttopics
i
Вѓ
Security researches got bashed for
disclosing vulnerabilities
Вѓ
Vendors got bashed for not reacting
properly and in a timely fashion
Вѓ
And it was exciting
g to follow …
System hardening I
System hardening II
Patch management
Flaw remediation
Summary
… until it hit us!
В© ABB Group
February 10, 2009 | Slide 7
Flaw remediation
The ABB story
Content
NERC issues advisory
Use what is there
NERC contacts ABB
System hardening I
Vulnerability is published
System hardening II
Vulnerability report is sent do US-CERT
Patch management
ABB informs customers
INL contacts ABB
Flaw remediation
Summary
C4 makes first public announcement
ABB reports fix to US
US-CERT
CERT
ABB sends fix to C4 for validation
ABB responds to US-CERT
US-CERT contacts ABB
C4 returns completed vulnerability reporting form
Resource imitations at ABB
Conference call
C4-security contacts ABB
24/Jun
В© ABB Group
February 10, 2009 | Slide 8
1/Jul
8/Jul
15/Jul
22/Jul
29/Jul
5/Aug
12/Aug 19/Aug 26/Aug
2/Sep
9/Sep
16/Sep 23/Sep 30/Sep
Flaw remediation
Lessons learned
Content
Use what is there
1
1.
Cooperation with external company went well
BUT initial contact made through personal contact
2
2.
Internal process worked well
BUT it will be revised and formalized even more
3.
Communication to affected customers worked well
BUT overall external communications must be improved
4.
Government organization
g
were very
y cooperative
p
BUT NERC advisory used different text then ABB
vulnerability disclosure
5.
Patch and mitigation was made available
BUT will you use / install them?
System hardening I
System hardening II
Patch management
Flaw remediation
Summary
В© ABB Group
February 10, 2009 | Slide 9
Summary
Content
Use what is there
System hardening I
System hardening II
Tools
T
l and
d ttechniques
h i
are available
il bl tto add
dd
security to existing control systems
Patch management
Perimeter protection
Flaw remediation
Summary
Use th
U
the P
Procurementt Language
L
tto
challenge your vendor
B t allow
But
ll
the
th vendor
d to
t challenge
h ll
you
В© ABB Group
February 10, 2009 | Slide 10
Contact for questions and comments
Dr. Markus Braendle
Control System Security Manager
Power Systems
ABB Switzerland Ltd
Segelhofstr. 1K
CH-5405
CH
5405 Baden 5 Dättwil
Telefon +41 58 586 82 90
Mobile
+41 79 378 67 28
E-Mail:
E
Mail: markus.braendle@ch.abb.com
В© ABB Group
February 10, 2009 | Slide 12
Документ
Категория
Без категории
Просмотров
8
Размер файла
194 Кб
Теги
1/--страниц
Пожаловаться на содержимое документа