sharing plant data with phones, tablets and the cloud (englsh)

Sharing Plant Data With Phones, Tablets and the

Cloud

Dale PetersonDigital Bond, Inc.

peterson@digitalbond.comTwitter: @digitalbond.com

Two Reasons

Why would a remote user or application need access to an ICS?

1. Monitor or use the ICS dataPotential Impact: Loss of confidentiality of ICS data

2. Control the ICSPotential Impact: Loss of availability and integrity of ICS

Big Data in The Cloud

• GE On Site Monitoring (OSM)• 15 Terabyte Database• 93 Million Fleet Operation Hours• More than 30,000 Hours Every Day• More than 1500 Turbines (now 1800+)• Early warning of 60+ Failures• $70M Customer Savings in 2011

Source: 2012 GE Data Sheet

GE Security

• Two-factor authentication• VPN tunnel• Firewall• IDS/IPS and anti-virus• Background checks

But … it is an extremely high value target because it can shut down 1800 power plants

Vendors As Targets / Watering Holes

Google Finds Everything

How can we get the benefits of this type of monitoring and data analysis

without putting the availability andintegrity of the ICS at risk?

Push the ICS Data Out!

GE Security

ICS Data On Mobile Devices

• Same as the cloud example

PUSH IT OUT

PI Server Examples

• OSIsoft PI is market leader in Historian by far

• Accepts almost any type of ICS data

• Other solutions are GE Proficy and vendor specific solutions

PI Coresight

Transpara Visualization

• http://demo.transpara.com

I Need The ICS Data!

• Answer … yes, we can provide that without risking the integrity or availability of the ICS– Here is how we do it– Here is what it costs to provide the data in the

format you requested– Business decision if the benefit of the data is

worth the investment

Control

• Almost every ICS has the need for emergency remote access with a control capability– It will be done poorly and insecurely if not

available– There are times where the risk of not having

immediate access is greater than the risk of allowing remote access

– Keyword: Emergency

Emergency Remote Access

• Create ICS Remote Access DMZ• Deploy a Jump Server

– Many solutions available• Physical disconnection• Require Operator to enable connection

– Build process around establishing connection– Have physical connection timeout– Review logs for “emergency” use

Assertion

A motivated and moderately skilled attacker could easily gain continuous access to the

ICS from the Internet.

How? Compromise an enterprise network computer or mobile device

that accesses the ICS.

ICS Spear Phishing

• Three pipeline companies participated• Only company name provided to

researchers• Goal: Compromise PC’s with remote access

to the control system (SCADA)

Why Remote Access to ICS

• Convenience and Cost• Convenience

– People don’t want to go to a control area– Easy to change if risk is understood

• Cost– Reduced staffing, necessary people are not on

site– Partial solution: make data available and have

remote support call in operational changes

Don’t Give Up

• ARC Advisory Group on Iconics App

HMI in The Cloud?

• Will we see Operator Stations / HMI and other ICS components run in the cloud?

• What are the security implications of this?

• One thought – If an ICS owner/operator is not going to secure and maintain the ICS, the risk of the HMI in the Cloud may be less than the owner/operator hosting and running the ICS– Think small organizations with limited IT &

security

Questions