Slide 1 Using Models Introduced in ISA-d99.00.01 Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Lecture 1: Overview modified from slides of Lawrie Brown.
Security Controls – What Works
Computer Security: Principles and Practice
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Stephen S. Yau CSE , Fall Security Strategies.
Annex I: Methods & Tools prepared by some members of the ICH Q9 EWG for example only; not an official policy/guidance July 2006, slide 1 ICH Q9 QUALITY.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Systems Engineering Approach to MPS Risk Management Kelly Mahoney Presented at the Workshop for Machine Protection in Linear Accelerators.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Introduction to Network Defense
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Storage Security and Management: Security Framework
HIPAA COMPLIANCE WITH DELL
Security Risk Assessment Applied Risk Management July 2002.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
Computer Security: Principles and Practice
Security Architecture
NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Chapter 6 of the Executive Guide manual Technology.
INFORMATION SECURITY & RISK MANAGEMENT SZABIST – Spring 2012.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
© 2007 CH-RD MB - 1 ISA S99 – WG4 IEC Markus Brändle CHCRC.C5.
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control.
Information Security What is Information Security?
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Introduction to Information Security
McGraw-Hill/Irwin © 2013 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 11 Computer Crime and Information Technology Security.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
TMS - Cooperation partner of TÜV SÜD EFFECTIVE SERVICE MANAGEMENT based on ISO/IEC & ISO/IEC
ISA99 - Industrial Automation and Controls Systems Security
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
IS3220 Information Technology Infrastructure Security
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 16 – IT Security.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XIV)
Standards Certification Education & Training Publishing Conferences & Exhibits 1 Copyright © ISA, All Rights reserved ISA99 - Industrial Automation and.
Information Security Management Goes Global
Information Systems Security
Risk management.
ISSeG Integrated Site Security for Grids WP2 - Methodology
Chapter Three Objectives
CMGT 431 STUDY Lessons in Excellence--cmgt431study.com.
IS4680 Security Auditing for Compliance
Cybersecurity Threat Assessment
Presentation transcript:

Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting in Scottsdale, AZ June 26, 2007

Slide 2 Example Approach to IACS Security using Models Introduced in ISA-d Identify IACS components and develop architecture drawing Group IACS components into Zones and Conduits Conduct risk assessment and assign target Security Level to Zones and Conduits Identify technical and administrative countermeasures to achieve the target Security Level Implement technical and administrative countermeasures to achieve the target Security Level Maintain effectiveness of implemented technical and administrative countermeasures

Slide 3 Identify IACS Components and Develop Architecture Drawing Engr. Stn Controller + I/O Fieldbus HMIApp. Stn Engr. Stn Controller + I/O Fieldbus App. StnHMI Plant A Plant B Data Historian Analysis Tools MES Applications Example architecture of a site with multiple plants

Slide 4 Zone is a grouping of logical or physical assets that share common security requirements Conduit is a logical grouping of communication assets that protects the security of the channels it contains in the same way that a physical Conduit protects cables from physical damage Channel is a specific communication link established within a communication conduit Group IACS components into Zones and Conduits

Slide 5 Example Zones and Conduit for a Site with Multiple Plants

Slide 6 Example of Multiple Zones within a Single Plant

Slide 7 The level of granularity used to identify Zones and Conduits will depend on various factors which include: Size of IACS Location of IACS components Company policy and organization Type of assets associated with IACS Criticality of assets associated with IACS Granularity of Zones and Conduits

Slide 8 The Security Level model proposed in the standard provides the ability to categorize risk associated with a Zone or Conduit Security Level corresponds to the required effectiveness of technical or administrative countermeasures and inherent security properties of IACS components within a Zone or Conduit Security capabilities of IACS components and implemented technical and administrative countermeasures must function with each other to achieve a desired Security Level A minimum of three Security Levels have been proposed in the ISA-99 standard. Each organization should establish a definition of what each SL represents Security Levels

Slide 9 SL(Target) – Target SL is assigned to a Zone or Conduit during risk assessment Factors that influence determination of SL(Target) for a Zone are: –Network architecture with defined zone boundaries and conduits –SL(Target) of the zones with which the zone under consideration will communicate with –SL(Target) of conduit, if assigned, used for communication by the zone –Physical access to devices and systems within the zone Target Security Level for Zone or Conduit

Slide 10 Qualitative approach - Example using a Risk Matrix Quantitative approach using risk measures based on consequence and incident frequency estimation In both cases, target SL determines the required effectiveness of technical and administrative security countermeasures that will reduce the incident frequency and thereby the risk to an acceptable level Conduct Risk Assessment and Assign Target Security Level to Zone or Conduit

Slide 11 Take into consideration all possible scenarios, considering all internal and external threats, that can lead to an incident –Internal threats: Untrained or disgruntled employees –External threats: Connection to the Internet or allowing partner companies to access IACS components Identify Incident Scenarios for each Zone or Conduit Typical DCS Connections

Slide 12 Qualitative approach – Selection from a combination of prescriptive technical and/or administrative counter- measures corresponding to each SL Quantitative approach – Conduct an analysis taking into consideration event frequencies and probability of failure of countermeasures Identify countermeasures to Achieve Target Security Level for Zone or Conduit Example quantitative analysis for an Windows based HMI

Slide 13 SL(Achieved) depends several factors: –SL(Capability) of countermeasures associated with zone or conduit and inherent security properties of devices and systems within the zone or conduit –SL (Achieved) by the zones with which communication is to be established –Type of conduits and security properties associated with the conduits used to communicate with other zones (zones only) –Effectiveness of countermeasures –Audit and testing interval –Attacker expertise and resources available to attacker –Degradation of countermeasures and inherent security properties of devices and systems over time –Available response time on intrusion detection Security Level Achieved for Zone or Conduit

Slide 14 SL(Capability) is a measure of the effectiveness of the countermeasure, device, or system for the security property that they address Example security properties: –proving peer entity authenticity –preserving authenticity and integrity of messages –preserving confidentiality of messages/information/communication –ensuring accountability –enforcing access control policies –preventing denial-of-service attacks –maintaining platform trustworthiness –detecting tampering –monitoring security status Security Level Capability of Devices, Systems, and Countermeasures

Slide 15 SL(Capability) – Qualitative measure until sufficient quantitative data on probability of failure is available An evaluation of the effectiveness of technical countermeasures shall take into consideration: –Development process – Availability of written procedures, quality management plan etc, which help reduce systematic errors such as software bugs, memory leaks etc. that may impact security –Testing – Level of testing for each security property addressed by the countermeasures, device or system. Test data may also be inferred from previously assessed systems. –Data Collection – Number of times a zone or conduit was compromised due to a flaw in a similar countermeasure, device or system. Rate and criticality of vulnerabilities discovered for the countermeasure, device or system Administrative countermeasures shall be used when technical countermeasures are not feasible Security Level Capability of Devices, Systems, and Countermeasures …

Slide 16 Maintain Effectiveness of Technical and Administrative Countermeasures Countermeasures and inherent security properties of devices and systems will degrade over time due to –discovery of new vulnerabilities –improved attackers skills –attacker familiarity with existing countermeasures, –availability of better resources to attackers The effectiveness of countermeasures and inherent security properties of devices and systems shall be audited and/or tested at regular intervals and whenever new vulnerabilities are discovered based on procedures that will audit and/or test at least the security properties relevant to the zone. Countermeasure shall be updated and upgraded based on audit and testing results to maintain SL(Achieved) equal to or better than SL(Target)

Slide 17 Security Level Lifecycle Model

Slide 18 Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.