Presentation is loading. Please wait.

Presentation is loading. Please wait.

Control Systems Security Working Group Report

Similar presentations


Presentation on theme: "Control Systems Security Working Group Report"— Presentation transcript:

1 Control Systems Security Working Group Report
Public Release Control Systems Security Working Group Report CIPC Meeting Denver, CO September 2005 Tom Flowers

2 CSSWG Activities Since D.C.
August 10, 2005 Meeting in St. Louis (20) 2005 Work Plan Review & Initiatives Review NSTB Liaison Initiatives - Mitigation of 2004 Top Ten Vulnerabilities - AGA – 12 Testing at SNL & PNNL Security Guideline Information Security - Encryption ( ) Liaison Reports CSSWG Business Processes

3 CSSWG Activities Since D.C.
2005 Work Plan Review & Initiatives Ongoing 2005 Deliverables -(SG) Information Security – Encryption ( ) -(RD) 2005 Top 10 Vulnerabilities & Mitigations 12 emerging priorities in control system security identified Top Four under consideration: -(RD) “Zero Day” event detection/correlation (2006) -(SG) Physical & Cyber Incident Response (2006) -(RD) Wireless ( ) use in SCADA (2007) -(SG) Information Security – SCADA (2007)

4 CSSWG Activities Since D.C.
Review NSTB Liaison Initiatives Mitigation Strategies for 2004 Top Ten Vulnerabilities “Potential Mitigation Strategies for the Top 10 Vulnerabilities Identified by NERC CSSWG” Discussion draft for the NERC CSSWG Meeting August 10, St. Louis, MO

5 2. Poorly designed Control System Networks that 1) fail to compartmentalize communication connectivity with corporate networks and other entities outside of the Control System electronic security perimeter; 2) fail to employ sufficient “defense in depth” mechanisms; 3) fail to restrict “trusted access” to the control system network; and 4) rely on “security through obscurity” as a security mechanism. Foundational Implement electronic perimeters. Disconnect all unnecessary network connections. Intermediate Implement concentric electronic perimeters. Use a completely autonomous network with no shared resources with non-control system networks. Advanced Implement virtual LANs, private VLANS, intrusion prevention, anomaly detection, smart switches, etc.

6 3. Misconfigured operating systems and embedded devices that allow unused features and functions to be exploited. Untimely implementation of software and firmware patches. Inadequate testing of patches prior to implementation. Foundational Conduct inventory. Ensure sufficient training of personnel responsible for component configuration and maintenance. Intermediate Evaluate and characterize applications. Patch management process: Hardware, firmware, software. Maintain full system backups and have procedures in place for rapid deployment and recovery. Maintain a working test platform and procedures for evaluation of updates prior to system deployment. Advanced Active vulnerability scans. (Caution: recommend use of development system so that on-line control systems are not compromised during the scan.) Disable, remove, or protect unneeded or unused services/features that are vulnerable.

7 CSSWG Activities Since D.C.
Review NSTB Liaison Initiatives AGA – 12 Testing at SNL & PNNL “AGA - 12 Testing by the National SCADA Test Bed Program” Discussion draft for the NERC CSSWG Meeting August 10, St. Louis, MO

8 Scope Evaluate commercial versions of devices built to the American Gas Association (AGA)-12 Part 2 standard in a laboratory setting A variety of tests will be conducted using a representative assortment of equipment Serial communication focus Not formally approving nor certifying any devices: But will publish test environment, suite of tests performed, and test results Goal is to provide an environment that represents typical electrical industry installations

9 Elements Equipment to be tested Common test elements Baseline tests
Functionality tests Interoperability tests Fail-over tests Stress tests Cryptographic security tests

10 CSSWG Activities Since D.C.
Information Security - Encryption ( ) Re-energize the effort Re-constitute the team May not be ready by December CIPC meeting

11 CSSWG Activities Since D.C.
Liaison Reports ISA (Flowers) PCSF/I3P/O&G (Flowers & Holstein) Telecom (Leffler) IEC/IEEE (Klein) Roadmap (Kenchington)

12 CSSWG Activities Since D.C.
CSSWG Business Processes Voting members Associate members Review participation over the last year - Finding (1) Asset Owner/Operator participation must be increased while preserving a quorum or (2) Relax quorum requirements

13 CSSWG Activities Since D.C.
From CIPC EC Report in Long Beach: WG/TF Chairs and EC are reviewing assignment of CIPC members to WG/TFs ensure adequate resources are in place to achieve deliverables ensure appropriate contribution of asset owners/operators balance contribution by individual CIPC members


Download ppt "Control Systems Security Working Group Report"

Similar presentations


Ads by Google