comprehensive cyber security features in siprotec & … · security features in siprotec &...
TRANSCRIPT
Comprehensive Cyber Security Features in SIPROTEC & SICAM SIPROTEC Dag – 11. Mei 2017
siemens.tld/keyword Restricted © Siemens AG 20XX
Restricted © Siemens AG 20XX XX.XX.20XX Page 2 Author / Department
Bay Parallel wiring
Fault recorder Protection
RTU
Mimic board Ancient past
Parallel wiring
1st generation: Standard cabling
Recent past
Other bays
Serial connection
Parallel wiring
Bay
Substation controller
HMI
2nd generation: Point-to-point connections since 1985 ...
Changes to Substation Automation and Protection over Time Evolving Threat Landscape (tomorrow today...)
Security through Simplicity: the analog times
Minimal connectivity in substation control and protection
Clear point-to-point connections
Secured buildings
Owned communication networks
Restricted © Siemens AG 20XX XX.XX.20XX Page 3 Author / Department
3rd Generation: Digital Substations
Bay Parallel wiring
Fault recorder Protection
RTU
Mimic board Ancient past
Parallel wiring
1st generation: Standard cabling
Recent past
Other bays
Serial connection
Parallel wiring
Bay
Substation controller
HMI
2nd generation: Point-to-point connections since 1985 ...
Changes to Substation Automation and Protection over Time Evolving Threat Landscape (tomorrow today...)
Restricted © Siemens AG 20XX XX.XX.20XX Page 4 Author / Department
Connectivity with Responsibility Cyber Security must be considered holistically
Usage of public infrastructure
Remote control
Seamless interfacing between the IT world and the Process world
Increasing adoption of IT infrastructure
Security Availability, Integrity, Confidentiality & Data Protection
Developments Renewable energy resources, Pro-/ Consumer markets, Network optimization
Technological impact
RAIL & MICROGRIDS
PRIMARY EQUIPMENT
CONSUMPTION TRANSMISSION DISTRIBUTION GENERATION
COMMUNI-CATION & AUTOMATION
FIELD DEVICES SENSORS AND PROTECTION
GRID AND ENTERPRISE IT
SERVIC
E & SMAR
T GR
ID SEC
UR
ITY
COMMUNICATION
SMART TRANSMISSION RAIL & MICROGRIDS SMART DISTRIBUTION
Virtual Power Plants Demand Response
Meter Data Mgmt. eCar Operation Center
GRID APPLICATION
SMART METERS PROTECTION
SENSORS
POWER QUALITY
EMS DMS
ADMS Microgrids
GRID CONTROL
AUTOMATION HMI
BIG DATA ANALYTICS, IT INTEGRATION
Restricted © Siemens AG 20XX XX.XX.20XX Page 5 Author / Department
Attackers:
• Nation states (spy agencies)
• Criminal organizations
• Script kiddies
• Insiders / service providers …
Vulnerabilities in Digital Substations Potential Threats and Attackers
Station Level
Control Center Level
Field Level
Substation automation
Remote access
Malware
Unauthorized access
Unauthorized access
Attacks over Internet
Unauthorized access
Protection
Malware
Malware
Unauthorized access
Attacks over Internet
Restricted © Siemens AG 20XX XX.XX.20XX Page 6 Author / Department
Cyber attacks against critical infrastructure State of IT-Security in the Energy Infrastructure
May 2016 Bisale / Automation Products
Threats: • Increase in software
vulnerabilities • Cloud Computing • Hardware vulnerabilities • Cyber attacks on industrial
control systems
• More than 439 million Windows-malware variants
Source: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Lageberichte/Lagebericht2015.pdf
Source: https://ics-cert.us-cert.gov/sites/default/files/Monitors/ICS-CERT%20Monitor_Nov-Dec2015_S508C.pdf
Security Incidents in US, 2015: • Yearly report on all critical
infrastructure sectors • Energy sector reported
the second highest number of incidents
• Similar report from Australia
Restricted © Siemens AG 20XX XX.XX.20XX Page 7 Author / Department
Energy Concerns under Attack Example: Ukraine 2015
May 2016 Bisale / Automation Products
https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/
Restricted © Siemens AG 20XX XX.XX.20XX Page 8 Author / Department
Digital Substations are vulnerable to Cyber Attacks
Threat Scenarios
Substation automation threatened by DoS*
Substation automation threatened by unauthorized access, malware
Distribution automation threatened by insecure communication
Protection threatened by malware, unsecured engineering changes
Restricted © Siemens AG 20XX XX.XX.20XX Page 9 Author / Department
Field level – Protection Technology Cyber Security Risks
Unauthorized access: Risks with protection relays without adequate security features: • Unauthorized access easily possible without
password protection, in order to alter settings anonymously
Unsecured communication between device and configuration software cannot hinder sniffing / alteration of settings
Endangered Operational Security
• Without device-side validation compromised firmware can be downloaded into device, that could harm primary topology
• Neglecting operational security for deployed devices / SW endangers system vulnerability
• Increased chances for attackers to utilize vulnerabilities over remote access for attacks (no network segregation in device)
... 00001111 00000000 ... 00000000
Settings SW
Einstell. SW
PATCHES
Fehler!
Restricted © Siemens AG 20XX XX.XX.20XX Page 10 Author / Department
Field Level – Protection Technology Deny unauthorized Access with SIPROTEC 5
Risks with protection relays without secured access control: Without password control it is easily possible to
access the relays anonymously
Unencrypted / weakly encrypted password handling enables “sniffing”
Simple passwords and eternally valid passwords acquire “feet” over time
Access Control in SIPROTEC 5
Connection password as per NERC-CIP and BDEW White Paper complexity requirements
Transfer of connection password from DIGSI5 to device over secured SSL/TLS connection
Secured storage of password hash in device
Centralized management of password complexity, lifetime and access control for thousands of SIPROTEC 5 devices with Ruggedcom CrossBow
Confirmation codes for safety-critical operations with the device
All access attempts are logged securely in device and protected from being manipulated +
Restricted © Siemens AG 20XX XX.XX.20XX Page 11 Author / Department
Field Level – Protection Technology Avoid unsecured communication with SIPROTEC 5
Risks with protection relays without secured communication during engineering/operation: Unsecured communication between device and
configuration software enables the sniffing and overwriting of protection settings
Unencrypted / weakly encrypted password handling enables “sniffing”
Danger of having relays configured using disallowed tools
Secured Communication in SIPROTEC 5
Protection against sniffing and manipulation of settings / passwords: SSL/TLS encryption of the communication between DIGSI 5 and the SIPROTEC 5 device
Cryptographic, two-way authentication between DIGSI 5 und SIPROTEC 5 means:
Protection against usage of disallowed tools Protection against usage of SIPROTEC 5 like
relays that have not been manufactured by Siemens
Restricted © Siemens AG 20XX XX.XX.20XX Page 12 Author / Department
Field Level – Protection Technology Avoid Endangered Operational Security with SIPROTEC 5
Negligence of operational security for already deployed devices / SW increases cyber risks: Manipulated firmware can be loaded into device
due to missing device-side validation
Malware on PC can influence device behavior
3rd Party patches not compatible with products
Unsecured internet connectivity increases the risks
Unclear vulnerability / incident handling process
High Operational Security with SIPROTEC 5
Protection against usage of manipulated logic in device thanks to cryptographically signed firmware:
Validation of firmware signature prior to acceptance Validation of firmware signature at reboot
DIGSI 5 is compatible with Application Whitelisting
Monthly validation of DIGSI 5 compatibility with the latest 3rd party patches (e.g. Microsoft, Adobe, etc.) and antivirus patterns
Separation of process communication from management communication in device thanks to modular communication units
DIGSI 5 compatible for remote/VPN connectivity
Transparent vulnerability handling over Siemens ProductCERT
Restricted © Siemens AG 20XX XX.XX.20XX Page 13 Author / Department
Protection Technology High Future Readiness with SIPROTEC 5
Continuous Verification during Development Threat and risk analysis Product hardening Secure development process
„Ready for PKI“: integrated Crypto-Chip Secure storage of cryptographic key material Cryptographic computations Physically protected against data theft Ready for future PKI* based applications
*PKI: Public Key Infrastructure
Modularity for Tomorow Out-of-Band networks for today‘s and future
applications Distribution of communication load on the device
Restricted © Siemens AG 20XX XX.XX.20XX Page 14 Author / Department
Protection Technology Comprehensive Cyber Security with SIPROTEC 5
OPERATIONAL SECURITY
SECURED COMMUNICATION
ACCESS CONTROL
PRODUCTCERT
FUTURE READINESS
SECURED WITH SSL/TLS CLIENT/SERVER AUTHENTICATION
SIGNED FIRMWARE UPDATE APP. WHITELISTING COMPATIBILITY
COMPLEX CONNECTION PASSWORD CENTRAL PASSWORD MANAGEMENT
3RD PARTY PATCH MANAGEMENT VULNERABILITY HANDLING
READY FOR PKI MODULARITY FOR TOMORROW
Restricted © Siemens AG 20XX XX.XX.20XX Page 15 Author / Department
Thank you for your attention!
Chaitanya Bisale Product Lifecycle Manager Cyber Security & Substation Automation EM DG PRO LM SC Humboldtstr. 59 90459 Nuremberg Phone: +49 (911) 433 5546 Mobile: +49 (172) 7345783 E-mail: [email protected]
siemens.com/gridsecurity