1. © 2007 CH-RD MB - 1 ISA S99 – WG4 IEC 62443 Markus Brändle CHCRC.C5

2. © 2007 ABB CH-RD/M. Braendle - 2 PAS: Scope 1/2 This PAS provides guidance on security objectives to: automation system designers manufacturers (vendors) of devices, subsystems, and systems integrators of subsystems and systems automation system owners/operators (responsible for PCS operation) The PAS considers the following concerns: graceful migration/evolution for existing systems meeting security objectives with COTS technologies and products reliability/availability of the secured communications service scalability (especially down to small, low cost, low risk systems) separation of security, safety and automation functionality requirements where appropriate

3. © 2007 ABB CH-RD/M. Braendle - 3 PAS: Scope 2/2 Operational policies … specify how the provisions of corporate security policy are implemented in respective organizational areas. They define what a specific organizational area will do to achieve the objectives of corporate policy. Operational Procedures define how to perform Operational Policy. They define activities and may refer to relevant methods and references, i.e. standards. Operational practice should contain specific measurable requirements and detail the procedures by providing specific practices of the owner/operator. As these are even more specific to the organization and organizational area only examples may be provided by this PAS. The measures provided by this PAS are rather process based and general in nature than technically specific or prescriptive in terms of countermeasures and configurations.

4. © 2007 ABB CH-RD/M. Braendle - 4 PAS: Generic reference configuration Good insight into the recommendations for concrete solutions. Language of these contributions must be changed to a more normative specification with options Must be adapted to match S99 zones and conduits

5. © 2007 ABB CH-RD/M. Braendle - 5 PAS: Security Policy - Measures 8.1Availability management 8.2Integrity management 8.3Logical access management 8.4Physical access management 8.5Partition management 8.6External access management Mostly process requirements  99.03 Some technical requirements  99.04

6. © 2007 ABB CH-RD/M. Braendle - 6 PAS: Conclusions PAS written as policy statements with few concrete requirements “This PAS will provide countermeasures as processes, and this in form of a proposed policy”  more applicable to 99.03 Compliance testing for products? Document does not seem to address some of the unique issues of IACS explicitly, e.g. patch management or importance of availability Good starting point on the areas/issues to be covered

7. © 2007 ABB CH-RD/M. Braendle - 7 65/360/NP: Informative material Summary of threat actions & consequences Typical attack vectors

8. © 2007 ABB CH-RD/M. Braendle - 8 65/360/NP: Elements Structure 7. Elements for securing external network communications paths into industrial automation and process control networks, e.g. Interactive remote access to a control network (IRA) Portable engineering computer (PEC) 8. Elements for securing internal communications paths within an industrial automation or process control network 9. Elements for devices of an industrial automation or process control network Rationale given for each requirement Responsibilities assigned

9. © 2007 ABB CH-RD/M. Braendle - 9 65/360/NP: Security Levels Security levels a) NONE b) LOW c) REDUCED d) FULL e) ISOLATED Requirements given with respect to security level The remote client [SRL:{ LOW}: should, SRL:{ REDUCED,FULL}: shall] run a file system integrity checker. The file system integrity …. Appendix contains evaluation of security levels

10. © 2007 ABB CH-RD/M. Braendle - 10 65/360/NP: Conclusions Very detailed & extensive document Compliance testing possible Requirements better suited for 99.04 than PAS Style of requirement definition useful for 99.04 (rationale & security levels) Work needed to filter, restructure and adapt requirements Unfinished document