cyber security education consortium 2008...
TRANSCRIPT
![Page 1: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/1.jpg)
Critical Infrastructure and Automated Control Systems Security: A
Strategy for Securing Against Cyber Attacks
Dr. Thomas L. Pigg Dr. Thomas L. Pigg Director of the Tennessee CSECDirector of the Tennessee CSEC
![Page 2: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/2.jpg)
CSECMission
• The Cyber Security Education Consortium is a National Science Foundation ATE Regional Center of Excellence dedicated to building an information security workforce who will play a critical role in implementing the national strategy to secure cyberspace.
![Page 3: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/3.jpg)
CSEC Sites
![Page 4: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/4.jpg)
Tennessee CSEC Mission
• Phase 1– Train the trainer
• Phase 2– Develop Student
Curriculum/Courses/Concentrations • Phase 3
– Develop Partnerships with Business, Industry and Government
![Page 5: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/5.jpg)
Core Train the Core Train the Trainer Trainer
WorkshopsWorkshops• Principles of Information
Assurance• Network Security• Enterprise Security Management • Secure E-Commerce • Digital Forensics
![Page 6: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/6.jpg)
New CSEC Courses• Automation and Control Systems
– Control Systems Architecture– Control Systems Software Applications– Control Systems Security I and II
• Mobile Communications Devices– Mobile Device Architecture– Mobile Device Programming – Mobile Device Hardware
• Secure Coding– Secure Programming I and II– Software Testing – Software Security
![Page 7: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/7.jpg)
• SCADA(Supervisory Control and Data Acquisition)
• DCS (Distributed Control Systems)• ICS (Industrial Control Systems)• BAS (Building Automation Systems)• PLC (Programmable Logic
Controllers)• Smart Grid
What are What are Control SystemsControl Systems
![Page 8: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/8.jpg)
Critical Critical InfrastructuresInfrastructures
• Agriculture & Food• Banking & Finance• Chemical• Commercial Facilities• Communications• Critical Manufacturing
![Page 9: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/9.jpg)
Critical Critical InfrastructuresInfrastructures
• Dams• Defense Industrial Base• Emergency Services• Energy• Government Facilities• Healthcare & Public Health
![Page 10: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/10.jpg)
Critical Critical InfrastructuresInfrastructures
• Information Technology• National Monuments & Icons• Nuclear Reactors, Materials &
Waste• Postal & Shipping• Transportation Systems• Water
![Page 11: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/11.jpg)
Key Critical Key Critical InfrastructuresInfrastructures
• Key Sectors for Control Systems Security• Energy (Electricity, Oil, and Natural
Gas)• Water & Wastewater• Nuclear• Chemical• Dams• Transportation• Critical Manufacturing
![Page 12: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/12.jpg)
Current Trends Current Trends in Control in Control SystemsSystems• Continued move to open
protocols• Continued move to more COTS
operating systems & applications
• More remote control & management
• More network access to systems
• More widespread use of wireless
![Page 13: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/13.jpg)
Current State of Current State of SecuritySecurity
• Control Systems protocols with little or no security
• Migration to TCP/IP networks with its inherent vulnerabilities
• Interconnection with enterprise networks• Old operating systems & applications with
poor patching practices• Little monitoring of Control Systems for attacks
being done• Vendors not securing their product offerings
adequately
![Page 14: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/14.jpg)
Current State of Current State of SecuritySecurity
• Increased risk of insider attacks by outsourced IT services
• Experts seeing increased interest in Control Systems by terrorists & foreign governments
• Evidence that nation-states have been taking remote control of Control Systems
• Denial by some companies that there is a problem
• Some companies are now starting to see the need and address the issues
![Page 15: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/15.jpg)
Real Control System Security
Breaches• Diamler-Chrysler Plant Shutdown
– Zotob worm – August 2005• First Energy’s Nuclear Plant
Infestation– Slammer worm – January 2003
• Maroochy Shire Sewage– Release of millions of gallons of
sewage - January 2000 – Perpetrator accessed system 46 times
![Page 16: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/16.jpg)
Real Control System Security
Breaches• Hacking the Industrial Network
– http://www.isa.org/FileStore/Intech/WhitePaper/Hacking-the-industrial-network-USversion.pdf
• DHS Video – Idaho National Laboratory – AURORA Test– http://www.cnn.com/2007/US/09/2
6/power.at.risk/index.html#cnnSTCVideo
![Page 17: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/17.jpg)
AURORA Test
![Page 18: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/18.jpg)
Real Control System Security
Breaches• Stuxnet
– http://www.tofinosecurity.com/stuxnet-central
– http://www.exida.com/images/uploads/The_7_Things_Every_Plant_Manager_Should_Know_About_Control_System_Security.pdf
![Page 19: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/19.jpg)
Current ThreatsCurrent Threats• Internet Based Threats
• Worms• Viruses• Denial of Service Attacks• Targeted Attacks
• Terrorist• Foreign Nation• Former Insider
![Page 20: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/20.jpg)
Current ThreatsCurrent Threats• Physical Threats
• Natural Disasters• Man-made Disasters (War,
Riots, etc.)• Terrorist Attacks
![Page 21: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/21.jpg)
Current ThreatsCurrent Threats• Internal Threats
• Disgruntled employee• On-site contractor• Unintentional attack
• IT worker• Curious Employee
![Page 22: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/22.jpg)
Current ThreatsCurrent Threats• Targeted Attacks
• Can use any threat & threat agent• Internet• Internal• Physical• Social Engineering• Etc.
![Page 23: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/23.jpg)
IT Security for IT Security for Control SystemsControl Systems
• CIA• Confidentiality• Integrity• Availability
![Page 24: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/24.jpg)
IT Security for IT Security for Control SystemsControl Systems
• Technical Controls• Firewalls• IDS• Smart Cards• Access Controls
![Page 25: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/25.jpg)
IT Security for IT Security for Control SystemsControl Systems
• Administrative Controls• Security Policies &
Procedures• Security Awareness• People
![Page 26: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/26.jpg)
IT Security for IT Security for Control SystemsControl Systems
• TCP/IP• Patches & Updates• Intrusion Detection Systems
• Control Systems Monitoring• Signatures for Control
Systems• Anti-Virus Software
![Page 27: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/27.jpg)
IT Security for IT Security for Control SystemsControl Systems
• Access Control Methods• Passwords• Multi-Factor
• Smart Cards• RFID• Proximity• Biometric
![Page 28: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/28.jpg)
IT Security for IT Security for Control SystemsControl Systems
• Authentication• Active Directory
• Control Systems Integration
• Certificates
![Page 29: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/29.jpg)
IT Security for IT Security for Control SystemsControl Systems
• Authorization• Role Based• Area of Responsibility• Station Access Control
![Page 30: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/30.jpg)
Using an IDS Using an IDS with a Control with a Control
SystemSystem• Network based• Inspects all network traffic
on that segment (incoming & outgoing)
• Uses pattern based signatures
• Anomaly based uses baseline• Uses network tap or
mirrored port• Monitors multiple hosts
![Page 31: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/31.jpg)
Using an IDS Using an IDS with a Control with a Control
SystemSystem• Host based• Inspects network traffic for a
specific host• Better at protecting a
machines specific function• Misses LAN based attacks
![Page 32: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/32.jpg)
Using an IDS Using an IDS with a Control with a Control
SystemSystem• Commercial• Pre-configured fee based IDS
• CA eTrust• McAfee IntruShield & Entercept• SonicWall• StillSecure Strata Guard
![Page 33: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/33.jpg)
Using an IDS Using an IDS with a Control with a Control
SystemSystem• Open Source• Snort• Base• Sguil – Real-time GUI
interface• OSSEC (Open Source Host-
based Intrusion Detection System)
![Page 34: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/34.jpg)
Using an IDS Using an IDS with a Control with a Control
SystemSystem• IPS• Intrusion Prevention System• Automated Response
• Dynamically change firewall ruleset
• NIST IDS Guide (SP800-94)
![Page 35: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/35.jpg)
Security Security SolutionsSolutions
• Network Segmentation• DMZ Design
• Can use ISA S99 standard as guide
• Design to protect each segment
• Allows for centralized services
![Page 36: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/36.jpg)
Security Security SolutionsSolutions
• Network Segmentation• Centralized Services
• Anti-Virus• Updates & Patches• Active Directory Services• Data Historians• System Management
![Page 37: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/37.jpg)
Security Security SolutionsSolutions
• Secure Remote Access• Secured VPN connections• Escorted Access for vendors
• Require secured tokens• Call in by vendor with
request• Issue 1-time code for
access
![Page 38: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/38.jpg)
Security Security SolutionsSolutions
• IDS/IPS for Control Systems• Which one to use?• Where to use?• HIDS or Application Whitelisting?• UTM – Unified Threat
Management
![Page 39: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/39.jpg)
Security Security SolutionsSolutions
• Security Event Monitoring & Logging• Network Devices
• Switches, Routers, Firewalls, IDS
• Computing Devices• Historians, Servers, Operator
consoles
• Field Devices• RTU, PLC, Telemetry Devices,
Embedded Devices
![Page 40: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/40.jpg)
Security Security SolutionsSolutions
• Security Framework• NIPP• NERC CIP• CSSP DHS• NIST
![Page 41: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/41.jpg)
Security Security SolutionsSolutions
![Page 42: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/42.jpg)
Security Security SolutionsSolutions
![Page 43: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/43.jpg)
Control Systems Control Systems Security Security
InitiativesInitiatives• NIPP (
National Infrastructure Protection Plan)• CIPAC (
Critical Infrastructure Partnership Advisory Council)
• ICSJWG (Industrial Control Systems Joint Working Group)
• ICS-Cert (Industrial Control Systems Cyber Emergency Response Team)
• Strategy for Securing Control Systems
![Page 44: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/44.jpg)
Control Systems Control Systems Security Security
InitiativesInitiatives• CSSP (Control Systems Security Program)• Idaho National Laboratory
• National SCADA Test Bed Program• SCADA & Control Systems Procurement
Project• Smart Grid Interoperability Standards
Project• UK NISCC - Now CPNI (Centre for the
Protection of National Infrastructure)• PCSF/SCySAG (SCADA Cyber Self
Assessment Working Group) - Historical
![Page 45: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/45.jpg)
Control Systems Control Systems RegulationsRegulations
• NERC (North American Electric Reliability Council)• Develop & enforce reliability standards
• CIDX/ACC – Now ChemITC (American Chemistry Council)• CFATS guidance & assessment tools
![Page 46: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/46.jpg)
Control Systems Control Systems RegulationsRegulations
• ISA SP99 (Industrial Automation & Control System Security) – International Society of Automation• Part 1 Standard: Concepts,
Terminology & Models• Part 2 Standard: Establishing an
Industrial Automation & Control Systems Security Program
• Part 3 Standard: Technical Requirements for Industrial Control Systems (Currently in development
![Page 47: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/47.jpg)
Control Systems Control Systems RegulationsRegulations
• AGA 12 – Discontinued and used in IEEE 1711 Trial Standard• Encryption of Serial Communications• Serial Encrypting Transceivers now
available• API Standard 1164 (American Petroleum
Institute)• Standard on SCADA security for pipelines• NIST – National Institute of Standards
and Technology
![Page 48: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/48.jpg)
Control Systems Control Systems RegulationsRegulations
• SP800-82 – Guide to Industrial Control Systems (ICS) Security
• NIST initiative on Critical Infrastructure Protection (CIP)
• Uses ISO 15408 Common Criteria methodology
![Page 49: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/49.jpg)
Control System Security
Takeaway• The 7 Things Every Plant Manager Should
Know About Control System Security – John Cusimano – Director of Security Solutions for exida– http://www.exida.com/images/uploads/
The_7_Things_Every_Plant_Manager_Should_Know_About_Control_System_Security.pdf
![Page 50: Cyber Security Education Consortium 2008 Retreatcyberexpo.memphis.edu/2011/presentations/2011/Tom_Pi… · PPT file · Web viewCritical Infrastructure and Automated Control Systems](https://reader035.vdocuments.net/reader035/viewer/2022062906/5a7885227f8b9aa2448d1f26/html5/thumbnails/50.jpg)
Contact Information
Dr. Thomas L. PiggProfessor of Computer Information
SystemsJackson State Community College2046 N. ParkwayJackson, TN 38305(731) 424-3520 Ext. [email protected]