Presentation is loading. Please wait.

Presentation is loading. Please wait.

Siemens Openlab Major Review February 2012 PLCs Security Author: Filippo Tilaro Supervised by: Brice Copy.

Published byBetty Washington Modified over 9 years ago

Similar presentations

Presentation on theme: "Siemens Openlab Major Review February 2012 PLCs Security Author: Filippo Tilaro Supervised by: Brice Copy."— Presentation transcript:

1 Siemens Openlab Major Review February 2012 PLCs Security Author: Filippo Tilaro Supervised by: Brice Copy

2 2 PLC Security project phases Initial Phase 2009 Security standards analysis: IT standards do not suit for PCS: different performances, availability, network architecture … ISA-99 standards as reference standard Lack of pragmatic guidelines to secure PCSs Not finished yet Design & Report 2010 Design of the test-bench tools evaluation & development Test-bench validation and report ISA-Secure Embedded Device Security Assurance Certification Development 2011 Fulfilling the ISCI-CRT requirements: Integration of the CRT tests into the ‘Test-bench for Robust of Industrial Equipments’ (TRoIE) Releasing to Siemens a complete test definition set and implementation to be deployed and reproduced in Siemens Labs Starting speaking about Codenomicon tests (Protos fuzzer) Openlab Major Review Report February 2012

3 3 Fuzzing Test Generator Openlab Major Review Report February 2012 Target Customized Peach Fuzzing Framework Grammars INPUTGEN.  Generation and forging of any kind of communication load  Translate experts’ knowledge into grammar rules  Definition of proprietary and even not-existing protocols  Scalable in terms of:  Testing files  Protocol testing behavior (state-machine, mutation strategies)

4 4 ISCI Communication Robustness Test certification fulfilling  Integration of the CRT test cases into the TRoIE test-bench  Extension of the CRT for not covered protocols  5 security testing phases:  Discover Protocol Functionalities and Attack Surface  Storms and Maximum Load Tests  Single Field Injection  Combinatorial Fields Injection  Cross State Fuzzing (for stateful protocols) Openlab Major Review Report February 2012

5 5 Test-bench Reproducibility 3-Layers Architecture Extended Peach Framework REST Web Service Reverse Proxy & Access Control Client JSON  Authentication to run a test  Built-in invariant test definitions  No specific security knowledge  OS Compatibility Openlab Major Review Report February 2012

6 6 PLC I/O Monitoring Target Waveforms Comparison Feedback Control System:  No synchronization issues  Reduced PLC Scan Cycle for a best timing resolution Requirements:  3 sec period:1 sec High, 2 sec Low  PLC waveform generation  20 msec resolution  Parametric threshold jitter Openlab Major Review Report February 2012

7 7  Test-bench release & Expertise transfer to Siemens (Dec 2011)  Installation, configuration, Documentation  Next Steps:  Proprietary Network protocols testing (S7,PROFINET), Software applications, libraries and APIs, System I/O modules  Multi-Protocols (Man-in-the-middle) layer testing  PLC internal status monitoring  Extending to the supervision level: SCADA system like PVSS, OPC-UA… Openlab Major Review Report February 2012 Conclusions

8 Siemens Openlab Major Review February 2012 Step7 Openness, PVSS Security, Virtualization Author: Omer Khalid Supervised by: Renaud Barillere

9 Step7 Deployment - I  Step 7 / Totally Integrated Automation:  Software development environment to develop software for PLC’s that interfaces with the industrial equipment.  Aim: To bring-in modern software engineering capabilities to Step7 product line:  Step7 Deployment To automate the deploy Siemens software on engineering workstations; Scalability: from small (10’s of machines) to large (100’s of machines); Easy and flexible to deploy, fast refresh rate 9Openlab Major Review Report February 2012

10 Step7 Deployment - II  Status: Completed  All milestones has been achieved and delivered. Verified and confirmed by Siemens.  Value for Siemens:  Final strategy is implemented by Siemens in v12 of TIA.  TIA portal can now be deployed in automated fashion using 3 rd party standard software inventory management software.  Approach:  Three strategies validated through prototyping Reported in detail in previous major review Nutshell: either using chained MSI’s or SIA engine  Meets short term, medium and long terms objectives and product development plans of Step7 software  Criteria: integration with Siemens existing software tools. 10Openlab Major Review Report February 2012

11 Step7 Security  Stuxnet worm  Detected in June 2010.  Attack method (0-day exploit against windows, fake certificates, rootkit, DLL replacement)  Software Security  New topic was added to the project in Jul/Aug 2010 Market survey conducted – mostly source code based analysis Binary code based analysis identified to complement existing source code based analysis –BitBlaze and Veracode selected as test candidates  Status: Completed  Initial testing/prototyping  Siemens continues in-house 11Openlab Major Review Report February 2012

12 PVSS Security  Objective  Improve the SCADA security and system robustness  Strategy  Identifying vulnerability areas and their associated risks – including test use cases  Determine key cyber security aspects from CERN standpoint, Taking Siemens/ETM input  Evaluate risks and use cases identified, and prototype to investigate vulnerabilities  Security Areas:  Access Control, Data Integrity and Confidentiality, Auditing and Logging, Updating and Patching, Network Resource Availability  Status: SCADA recommendation document prepared and submitted to SCADA section. Openlab Major Review Report February 2012

13 Virtualization  Objective:  Evaluate and deploy engineering applications on private cloud infrastructure.  Process:  Various private cloud tool kits evaluated OpenNebula, Eucalyptus, Vmware vSphere  Performance of applications benchmarked For distributed and shared storage For high and low load deployment.  Outcome:  A private cloud infrastructure deployed PVSS developers using it extensively for application development.  Results related to infrastructure performance were published in a paper in ICALEPCS 2011 conference. 13Openlab Major Review Report February 2012

14 14  Khalid O., Sheikh A., Copy B., “Optimizing Infrastructure for Software Testing and Deployment for Engineering Applications", 13th International Conference on Accelerator and Large Experimental Physics Control Systems, Grenoble, France. Oct 2011.  Khalid O., “OpenNebula cloud for Engineering applications, OpenNebula Blog, Nov, 2011  Tilaro F., "Cyber security analysis for industrial control systems", CERN Computing Newsletter, 2010.  Tilaro F., Copy B., "Industrial Devices Robustness Assessment and Testing against Cyber Security Attacks", 13th International Conference on Accelerator and Large Experimental Physics Control Systems, Grenoble, France. Oct 2011.  Tilaro F., "Testbench for Robustness of Industrial Equipments (TROIE)", CERN, 2009  Copy B., Tilaro F., ”Standards Based Measurable Security For Embedded Devices” ICALEPCS 2009 Publications Openlab Major Review Report February 2012

Download ppt "Siemens Openlab Major Review February 2012 PLCs Security Author: Filippo Tilaro Supervised by: Brice Copy."

Similar presentations

Quality Label and Certification Processes Vienna Summit 11 April 2014 Karima Bourquard Director of Interoperability IHE-Europe.

Quality Label and Certification Processes Vienna Summit 11 April 2014 Karima Bourquard Director of Interoperability IHE-Europe.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Supervision of Production Computers in ALICE Peter Chochula for the ALICE DCS team.

Supervision of Production Computers in ALICE Peter Chochula for the ALICE DCS team.
Technical Brief v1.0. Communication tools that broadcast visual content directly onto the screens of computers, using multiple channels and formats Easy.

Technical Brief v1.0. Communication tools that broadcast visual content directly onto the screens of computers, using multiple channels and formats Easy.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Developed by Reneta Barneva, SUNY Fredonia The Process.

Developed by Reneta Barneva, SUNY Fredonia The Process.
Introduction to Software Testing

Introduction to Software Testing
ICE Tea Presentation 5 th October 2012 PLCs Security Author: Filippo Tilaro.

ICE Tea Presentation 5 th October 2012 PLCs Security Author: Filippo Tilaro.
A Survey on Interfaces to Network Security

A Survey on Interfaces to Network Security
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
Personnel 500-600 hours$10,000-$12,000 Hardware Virtualization Server(?)$3000-$10,000 SIPROTEC 4 7SJ61 Relay s$0 SCALANCE S612 Security.

Personnel hours$10,000-$12,000 Hardware Virtualization Server(?)$3000-$10,000 SIPROTEC 4 7SJ61 Relay s$0 SCALANCE S612 Security.
System Design/Implementation and Support for Build 2 PDS Management Council Face-to-Face Mountain View, CA Nov 30 - Dec 1, 2011 Sean Hardman.

System Design/Implementation and Support for Build 2 PDS Management Council Face-to-Face Mountain View, CA Nov 30 - Dec 1, 2011 Sean Hardman.
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.

W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.
.NET, and Service Gateways Group members: Andre Tran, Priyanka Gangishetty, Irena Mao, Wileen Chiu.

.NET, and Service Gateways Group members: Andre Tran, Priyanka Gangishetty, Irena Mao, Wileen Chiu.
Effective Methods for Software and Systems Integration

Effective Methods for Software and Systems Integration
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.
UC Security with Microsoft Office Communication Server R1/R2 FRHACK Sept 8, 2009 Abhijeet Hatekar Vulnerability Research Engineer.

UC Security with Microsoft Office Communication Server R1/R2 FRHACK Sept 8, 2009 Abhijeet Hatekar Vulnerability Research Engineer.
Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
A sophisticated Malware Arpit Singh CPSC 420

A sophisticated Malware Arpit Singh CPSC 420

Similar presentations

Ads by Google