Siemens Openlab Major Review February 2012 PLCs Security Author: Filippo Tilaro Supervised by: Brice Copy.

Slides:

Advertisements

Similar presentations

Quality Label and Certification Processes Vienna Summit 11 April 2014 Karima Bourquard Director of Interoperability IHE-Europe.

Advertisements

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Supervision of Production Computers in ALICE Peter Chochula for the ALICE DCS team.

Technical Brief v1.0. Communication tools that broadcast visual content directly onto the screens of computers, using multiple channels and formats Easy.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Developed by Reneta Barneva, SUNY Fredonia The Process.

Introduction to Software Testing

ICE Tea Presentation 5 th October 2012 PLCs Security Author: Filippo Tilaro.

A Survey on Interfaces to Network Security

5205 – IT Service Delivery and Support

Personnel hours$10,000-$12,000 Hardware Virtualization Server(?)$3000-$10,000 SIPROTEC 4 7SJ61 Relay s$0 SCALANCE S612 Security.

System Design/Implementation and Support for Build 2 PDS Management Council Face-to-Face Mountain View, CA Nov 30 - Dec 1, 2011 Sean Hardman.

W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.

.NET, and Service Gateways Group members: Andre Tran, Priyanka Gangishetty, Irena Mao, Wileen Chiu.

Effective Methods for Software and Systems Integration

Securing Legacy Software SoBeNet User group meeting 25/06/2004.

UC Security with Microsoft Office Communication Server R1/R2 FRHACK Sept 8, 2009 Abhijeet Hatekar Vulnerability Research Engineer.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

SEC835 Database and Web application security Information Security Architecture.

A sophisticated Malware Arpit Singh CPSC 420

Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.

1 ISASecure ISASecure Device Test Development and Execution ISA99 Standards Committee Other Standards Organizations Marketplace Donors ISA Security Compliance.

Introduction to VMware Virtualization

Jonathan Baulch  A worm that spreads via USB drives  Exploits a previously unknown vulnerability in Windows  Trojan backdoor that looks for a specific.

Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.

System Center 2012 Certification and Training May 2012.

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

ETICS2 All Hands Meeting VEGA GmbH INFSOM-RI Uwe Mueller-Wilm Palermo, Oct ETICS Service Management Framework Business Objectives and “Best.

Software Security Testing Vinay Srinivasan cell:

Product Development Chapter 6. Definitions needed: Verification: The process of evaluating compliance to regulations, standards, or specifications.

Siemens Openlab Major Review September  Organization  Data Analytics  PLCs Security  WinCC Open Architecture  Database Archiver  Deployment.

1 10/14/2015ã 2007, Spencer Rugaber The Waterfall Process Software plans and requirements Validation System feasibility Validation Product design Verification.

Control System Data Analysis Future Vision Author: Axel Voitier CERN EN-ICE.

© Siemens AG All rights reserved. openlab III Board of Sponsors 3-4 May 2011 at CERN Joint Report Siemens - CERN.

FAIR Accelerator Controls Strategy

Assessing the influence on processes when evolving the software architecture By Larsson S, Wall A, Wallin P Parul Patel.

Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control.

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

DataNet – Flexible Metadata Overlay over File Resources Daniel Harężlak 1, Marek Kasztelnik 1, Maciej Pawlik 1, Bartosz Wilk 1, Marian Bubak 1,2 1 ACC.

Paul Butterworth Management Technology Architect

© 2010 VMware Inc. All rights reserved vSphere 4.1: Install, Configure, Manage.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

Microsoft Management Seminar Series SMS 2003 Change Management.

Developed by Reneta Barneva, SUNY Fredonia The Process.

Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 Automate your way to.

CERN openlab technical workshop

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

2012 Objectives for CernVM. PH/SFT Technical Group Meeting CernVM/Subprojects The R&D phase of the project has finished and we continue to work as part.

European Organization for Nuclear Research LHC Gas Control System Applications Generation to Deployment phases Strategy/Principles.

Mark Shtern.  Our life depends on computer systems  Traffic control  Banking  Medical equipment  Internet  Social networks  Growing number of.

Introduction to ITIL and ITIS. CONFIDENTIAL Agenda ITIL Introduction  What is ITIL?  ITIL History  ITIL Phases  ITIL Certification Introduction to.

© 2011 VMware Inc. All rights reserved Course Introduction Module 1.

Information Security tools for records managers Frank Rankin.

Chang, Wen-Hsi Division Director National Archives Administration, 2011/3/18/16:15-17: TELDAP International Conference.

Copyright © New Signature Who we are: Focused on consistently delivering great customer experiences. What we do: We help you transform your business.

WP5 – Infrastructure Operations Test and Production Infrastructures StratusLab kick-off meeting June 2010, Orsay, France GRNET.

Open-source fuzzing testing for critical equipment robustness Brice Copy Engineering Department CERN, Switzerland (CS)2/HEP Workshop 18 th October 2015,

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

AN AUTOMATED TESTING PROCEDURE TO EVALUATE INDUSTRIAL DEVICES COMMUNICATION ROBUSTNESS Author: Filippo Tilaro Supervised by: Brice Copy.

Section Meeting Presentation 25th June 2012

Standards Based Measurable Security For Embedded Devices

Introduction to VMware Virtualization

Critical Security Controls

Virtualization Review and Discussion

Introduction to Software Testing

Automation of Control System Configuration TAC 18

DBOS DecisionBrain Optimization Server

OPC UA and EPICS Introduction

Presentation transcript:

Siemens Openlab Major Review February 2012 PLCs Security Author: Filippo Tilaro Supervised by: Brice Copy

2 PLC Security project phases Initial Phase 2009 Security standards analysis: IT standards do not suit for PCS: different performances, availability, network architecture … ISA-99 standards as reference standard Lack of pragmatic guidelines to secure PCSs Not finished yet Design & Report 2010 Design of the test-bench tools evaluation & development Test-bench validation and report ISA-Secure Embedded Device Security Assurance Certification Development 2011 Fulfilling the ISCI-CRT requirements: Integration of the CRT tests into the ‘Test-bench for Robust of Industrial Equipments’ (TRoIE) Releasing to Siemens a complete test definition set and implementation to be deployed and reproduced in Siemens Labs Starting speaking about Codenomicon tests (Protos fuzzer) Openlab Major Review Report February 2012

3 Fuzzing Test Generator Openlab Major Review Report February 2012 Target Customized Peach Fuzzing Framework Grammars INPUTGEN.  Generation and forging of any kind of communication load  Translate experts’ knowledge into grammar rules  Definition of proprietary and even not-existing protocols  Scalable in terms of:  Testing files  Protocol testing behavior (state-machine, mutation strategies)

4 ISCI Communication Robustness Test certification fulfilling  Integration of the CRT test cases into the TRoIE test-bench  Extension of the CRT for not covered protocols  5 security testing phases:  Discover Protocol Functionalities and Attack Surface  Storms and Maximum Load Tests  Single Field Injection  Combinatorial Fields Injection  Cross State Fuzzing (for stateful protocols) Openlab Major Review Report February 2012

5 Test-bench Reproducibility 3-Layers Architecture Extended Peach Framework REST Web Service Reverse Proxy & Access Control Client JSON  Authentication to run a test  Built-in invariant test definitions  No specific security knowledge  OS Compatibility Openlab Major Review Report February 2012

6 PLC I/O Monitoring Target Waveforms Comparison Feedback Control System:  No synchronization issues  Reduced PLC Scan Cycle for a best timing resolution Requirements:  3 sec period:1 sec High, 2 sec Low  PLC waveform generation  20 msec resolution  Parametric threshold jitter Openlab Major Review Report February 2012

7  Test-bench release & Expertise transfer to Siemens (Dec 2011)  Installation, configuration, Documentation  Next Steps:  Proprietary Network protocols testing (S7,PROFINET), Software applications, libraries and APIs, System I/O modules  Multi-Protocols (Man-in-the-middle) layer testing  PLC internal status monitoring  Extending to the supervision level: SCADA system like PVSS, OPC-UA… Openlab Major Review Report February 2012 Conclusions

Siemens Openlab Major Review February 2012 Step7 Openness, PVSS Security, Virtualization Author: Omer Khalid Supervised by: Renaud Barillere

Step7 Deployment - I  Step 7 / Totally Integrated Automation:  Software development environment to develop software for PLC’s that interfaces with the industrial equipment.  Aim: To bring-in modern software engineering capabilities to Step7 product line:  Step7 Deployment To automate the deploy Siemens software on engineering workstations; Scalability: from small (10’s of machines) to large (100’s of machines); Easy and flexible to deploy, fast refresh rate 9Openlab Major Review Report February 2012

Step7 Deployment - II  Status: Completed  All milestones has been achieved and delivered. Verified and confirmed by Siemens.  Value for Siemens:  Final strategy is implemented by Siemens in v12 of TIA.  TIA portal can now be deployed in automated fashion using 3 rd party standard software inventory management software.  Approach:  Three strategies validated through prototyping Reported in detail in previous major review Nutshell: either using chained MSI’s or SIA engine  Meets short term, medium and long terms objectives and product development plans of Step7 software  Criteria: integration with Siemens existing software tools. 10Openlab Major Review Report February 2012

Step7 Security  Stuxnet worm  Detected in June  Attack method (0-day exploit against windows, fake certificates, rootkit, DLL replacement)  Software Security  New topic was added to the project in Jul/Aug 2010 Market survey conducted – mostly source code based analysis Binary code based analysis identified to complement existing source code based analysis –BitBlaze and Veracode selected as test candidates  Status: Completed  Initial testing/prototyping  Siemens continues in-house 11Openlab Major Review Report February 2012

PVSS Security  Objective  Improve the SCADA security and system robustness  Strategy  Identifying vulnerability areas and their associated risks – including test use cases  Determine key cyber security aspects from CERN standpoint, Taking Siemens/ETM input  Evaluate risks and use cases identified, and prototype to investigate vulnerabilities  Security Areas:  Access Control, Data Integrity and Confidentiality, Auditing and Logging, Updating and Patching, Network Resource Availability  Status: SCADA recommendation document prepared and submitted to SCADA section. Openlab Major Review Report February 2012

Virtualization  Objective:  Evaluate and deploy engineering applications on private cloud infrastructure.  Process:  Various private cloud tool kits evaluated OpenNebula, Eucalyptus, Vmware vSphere  Performance of applications benchmarked For distributed and shared storage For high and low load deployment.  Outcome:  A private cloud infrastructure deployed PVSS developers using it extensively for application development.  Results related to infrastructure performance were published in a paper in ICALEPCS 2011 conference. 13Openlab Major Review Report February 2012

14  Khalid O., Sheikh A., Copy B., “Optimizing Infrastructure for Software Testing and Deployment for Engineering Applications", 13th International Conference on Accelerator and Large Experimental Physics Control Systems, Grenoble, France. Oct  Khalid O., “OpenNebula cloud for Engineering applications, OpenNebula Blog, Nov, 2011  Tilaro F., "Cyber security analysis for industrial control systems", CERN Computing Newsletter,  Tilaro F., Copy B., "Industrial Devices Robustness Assessment and Testing against Cyber Security Attacks", 13th International Conference on Accelerator and Large Experimental Physics Control Systems, Grenoble, France. Oct  Tilaro F., "Testbench for Robustness of Industrial Equipments (TROIE)", CERN, 2009  Copy B., Tilaro F., ”Standards Based Measurable Security For Embedded Devices” ICALEPCS 2009 Publications Openlab Major Review Report February 2012