Industrial Control Systems Security Optimizing Security Policies
Ziad Ismail Jean Leneutre Alia Fourati December 11, 2015
SMART GRID DEMAND&RESPONSE! ADVANCED&METERING! Two&way!communica'on! between!the!customer!and! the!u'lity!company!
Real&'me!pricing!informa'on!to! consumers!to!manage!power! consump'on!
Energy!generated!at!oﬀ& peak!'mes!is!stored!for! later!use!
DISTRIBUTED&ENERGY&RESOURCES! Small!power!sources!that!can!be! aggregated!to!provide!power! necessary!to!meet!regular! demand!
Workshop SEIDO - December 11, 2015 | 2
INDUSTRIAL CONTROL SYSTEMS IN A NUTSHELL ๏ A large scale management system to control equipment remotely and to process a very large number of measures in real time ๏ In general, it consists of: -
Field data interface devices (RTUs, PLCs) which interface to field sensing devices
A central host computer server or servers
A communication system to transfer data from field data interface devices to the central host computer
A Human Machine Interface (HMI)
๏ Long life cycles ๏ Legacy serial protocols (DNP3, Modbus) were adapted to be used on IP-based ICS networks Workshop SEIDO - December 11, 2015 | 3
INDUSTRIAL CONTROL SYSTEMS DISCLOSED VULNERABILITIES 250!
Improper Input Validation!
ICS Security Configuration and Maintenance! Credentials Management!
Permissions, Privileges, and Access Controls!
ICS Specific Vulnerabilities in the Public 2001-2011
0%! ICS-CERT Published Vulnerabilities!
2009-2010 CSSP ICS Product Assessments!
2004-2008 CSSP ICS Product Assessments!
Comparison of ICS software security weaknesses*
*Source: Common Cybersecurity Vulnerabilities in Industrial Control Systems, DHS 2011.
Workshop SEIDO - December 11, 2015 | 4
INDUSTRIAL CONTROL SYSTEMS CYBER INCIDENTS
Other! 12%! Nuclear! 3%! Medium! 35%!
Transportation! 5%! Water! 4%! Communications! 5%!
Hign! 65%! Critical Manufacturing! 16%!
Cyber Incidents reported to ICS-CERT 2013
Common Vulnerability Scoring System (CVSS) Severity of ICS related vulnerabilities in 2013
Workshop SEIDO - December 11, 2015 | 5
ICS SECURITY INTRODUCTION
๏ Use of off-the-shelf operating systems increases the attack surface ๏ Unsupported legacy software ๏ Number of equipment that can be accessed remotely has significantly increased ๏ Fixed maintenance schedules prevents quick preemptive actions to secure the system ๏ Sometimes, 99.999% or greater ICS uptime is required (