iec 62443 - indat - elektrotechnische normen und … · unrestricted / © siemens ag 2015. all...
TRANSCRIPT
Unrestricted / © Siemens AG 2015. All Rights Reserved. siemens.com/industrialsecurity
IEC 62443 - INDAIndustrial Security - Protecting productivity
Unrestricted / © Siemens AG 2015. All Rights Reserved.07.10.2015Page 2 DKE-Workshop Konformitätsbewertungsbedarf IT-Sicherheit Dr. Pierre Kobes
• IEC 62443
Industrial Security
Unrestricted / © Siemens AG 2015. All Rights Reserved.07.10.2015Page 3 DKE-Workshop Konformitätsbewertungsbedarf IT-Sicherheit Dr. Pierre Kobes
IACS environment / project specific
IACS, automation solution, control system
Independent of IACS environment
Industrial Automation and Control System(IACS)
Product Supplier
SystemIntegrator
Asset Owner
develops
designs and deploys
operates
Control Systemas a combination of
Hostdevices
Networkcomponents ApplicationsEmbedded
devices
is the base for
+
4-1
2-4
3-2
3-3
2-1
2-4
3-3
4-2
Operational and Maintenancepolicies and procedures
Automation solutionBasic Process
Control System(BPCS)
Safety InstrumentedSystem (SIS)
ComplementaryHardware and
Software
Unrestricted / © Siemens AG 2015. All Rights Reserved.07.10.2015Page 4 DKE-Workshop Konformitätsbewertungsbedarf IT-Sicherheit Dr. Pierre Kobes
Actual structure of IEC / ISA-62443Main documents to be published
ComponentSystemPolicies and proceduresGeneral
1-1 Terminology, concepts andmodels
1-2 Master glossary of terms andabbreviations
1-3 System security compliancemetrics
IEC / ISA-62443
DefinitionsMetrics
Requirements to secure systemcomponents
Functional requirements Processes / procedures
Requirements placed on securityorganization and processes of the
plant owner and suppliers
Requirements to achieve asecure system
3-3 System security requirementsand security levels
3-1 Security technologies for IACS
2-3 Patch management in the IACSenvironment
4-2 Technical security requirementsfor IACS products
4-1 Product developmentrequirements
2-4 Requirements for IACS solutionsuppliers
3-2 Security risk assessment andsystem design
IS* 08/2013
IS* 06/15
DC* 3Q15
DC* 1Q15
2-1 Requirements for an IACSsecurity management system
Ed.2.0Profile of
ISO 27001 / 27002
CDV* 3Q15CDV* 3Q15
TR* 06/15
IS* 2009 TR* 2009
*DC: Draft for Comment*CDV: Committee Draft for Vote
*IS: International Standard*TR: Technical Report
*ID: Initial Draft
DTS* 1Q14Rejected
Unrestricted / © Siemens AG 2015. All Rights Reserved.07.10.2015Page 5 DKE-Workshop Konformitätsbewertungsbedarf IT-Sicherheit Dr. Pierre Kobes
Independent of IACS environment
IACS environment / project specific
Various parts of IEC / ISA-62443 are addressing Defense in Depth
2-4
3-2
2-1
2-4
3-3
4-2
4-1
Asset Owner
Operational and Maintenancespolicies and procedures
System Integrator
Policies and procedures
3-3
Product Supplier
Development process
Security capabilities of the products
Security capabilities of theAutomation Solution
Unrestricted / © Siemens AG 2015. All Rights Reserved.07.10.2015Page 6 DKE-Workshop Konformitätsbewertungsbedarf IT-Sicherheit Dr. Pierre Kobes
IACS environment / project specific
Each stakeholder can create vulnerabilitiesExample User Identification and Authentication
Independent of IACS environment
Industrial Automation and Control System(IACS)
Product Supplier
SystemIntegrator
Asset Owner
develops
designs and deploys
operates
Control Systemas a combination of
Hostdevices
Networkcomponents ApplicationsEmbedded
devices
is the base for
+
Operational and Maintenancepolicies and procedures
Automation solutionBasic Process
Control System(BPCS)
Safety InstrumentedSystem (SIS)
ComplementaryHardware and
Software
Hard coded passwords
Elevation of privileges
Default passwords notchanged
Temporary accounts notdeleted
Non confidential passwords
Passwords not renewed
Invalid accounts notdeleted
Example: User Identification and Authentication
can createweaknesses
can createweaknesses
can createweaknesses
Unrestricted / © Siemens AG 2015. All Rights Reserved.07.10.2015Page 7 DKE-Workshop Konformitätsbewertungsbedarf IT-Sicherheit Dr. Pierre Kobes
• IECEE / INDA
Industrial Security
Unrestricted / © Siemens AG 2015. All Rights Reserved.07.10.2015Page 8 DKE-Workshop Konformitätsbewertungsbedarf IT-Sicherheit Dr. Pierre Kobes
IECEE INDA / Industrial Security
IEC CB Schemes
IndustrialPOWMEAS
SecurityProduct SafetyEMC
ManagementProcesses Products
Contracts
……
……..
Systems
Organizational
ProductDevelopmentPlant Audit
Unrestricted / © Siemens AG 2015. All Rights Reserved.07.10.2015Page 9 DKE-Workshop Konformitätsbewertungsbedarf IT-Sicherheit Dr. Pierre Kobes
IEC EE INDA / Industrial Security
IEC CB Schemes
IndustrialPOWMEAS
SecurityProduct SafetyEMC
ManagementProcesses Products
Contracts
……
……..
Systems
Organizational
ProductDevelopmentPlant Audit1 2
3 4
Unrestricted / © Siemens AG 2015. All Rights Reserved.07.10.2015Page 10 DKE-Workshop Konformitätsbewertungsbedarf IT-Sicherheit Dr. Pierre Kobes
Actual structure of IEC / ISA-62443Main documents to be published
ComponentSystemPolicies and proceduresGeneral
1-1 Terminology, concepts andmodels
1-2 Master glossary of terms andabbreviations
1-3 System security compliancemetrics
IEC / ISA-62443
DefinitionsMetrics
Requirements to secure systemcomponents
Functional requirements Processes / procedures
Requirements placed on securityorganization and processes of the
plant owner and suppliers
Requirements to achieve asecure system
3-3 System security requirementsand security levels
3-1 Security technologies for IACS
2-3 Patch management in the IACSenvironment
4-2 Technical security requirementsfor IACS products
4-1 Product developmentrequirements
2-4 Requirements for IACS solutionsuppliers
3-2 Security risk assessment andsystem design
IS* 08/2013
IS* 06/15
DC* 3Q15
DC* 1Q15
2-1 Requirements for an IACSsecurity management system
Ed.2.0Profile of
ISO 27001 / 27002
CDV* 3Q15CDV* 3Q15
TR* 06/15
IS* 2009 TR* 2009
*DC: Draft for Comment*CDV: Committee Draft for Vote
*IS: International Standard*TR: Technical Report
*ID: Initial Draft
DTS* 1Q14Rejected
12
3
4
1
Unrestricted / © Siemens AG 2015. All Rights Reserved.07.10.2015Page 11 DKE-Workshop Konformitätsbewertungsbedarf IT-Sicherheit Dr. Pierre Kobes
IEC / IECEE Working Groups
IEC CAB WG 17 Group for Cyber Security• Decision 37/21 — CAB WG 17 – Cyber Security
The CAB thanked WG 17 for its report, CAB/1383/R, noted that its scope is focused onhome automation, smart devices (such as smart meters) and medical devices, and indicatedthat WG 17 should focus on all those sectors concerned with cyber security except thosecurrently being worked on in IECEE (industrial automation).
IECEE-PSC WG 3 TF 2 Task Force Cyber SecurityTerms of Reference:• To make an unique approach for conformity assessment to IEC62433 series• The initial set-up of a guidance Operational Document to describe how the conformity
assessment can be handled.• To describe the use of testing tools (start of instrument list) and test protocols.
Unrestricted / © Siemens AG 2015. All Rights Reserved.07.10.2015Page 12 DKE-Workshop Konformitätsbewertungsbedarf IT-Sicherheit Dr. Pierre Kobes
• Protection Levels / Holistic Approach
Industrial Security
Unrestricted / © Siemens AG 2015. All Rights Reserved.07.10.2015Page 13 DKE-Workshop Konformitätsbewertungsbedarf IT-Sicherheit Dr. Pierre Kobes
IECEEWG3 TF2
Assessment scopes
Productsupplier
System Integrator(Service Provider)
Operational andmaintenanceprocedures
Realized capabilitiesof the Automation
Solution
System capabilities
Policies / procedures
System capabilities
Development process
Product capabilities
Protection of an installation in operation• Assessment of the operational and maintenance policies and procedures of the asset
owner incl. people qualification• Assessment of the (realized) functional capabilities of the Automation Solution
Asset Owner
Service Provider
System Integrator
Capabilities of the system integrator• Assessment of the capabilities of a representative instance of an automation solution• Assessment of the processes of the system integrator
Capabilities of the products• Assessment of the capabilities of products and the systems• Assessment of the quality of the development process
Objective of cybersecurity
Gives a certain confidence that the system integrator can realize the requiredfunctionalities of the automation solution
Gives a certain confidence that the products and systems realize the claimedfunctionalities and have “less” vulnerabilities4-1
3-3
4-2
2-43-2
3-3
2-4
3-3
2-1
2-4
Unrestricted / © Siemens AG 2015. All Rights Reserved.07.10.2015Page 14 DKE-Workshop Konformitätsbewertungsbedarf IT-Sicherheit Dr. Pierre Kobes
Goal of governments
Operational andmaintenanceprocedures
Realized capabilitiesof the Automation
Solution
Protection of an installation in operation• Assessment of the operational and maintenance policies and procedures of the asset
owner incl. people qualification• Assessment of the (realized) functional capabilities of the Automation Solution
Asset Owner
Service Provider
System IntegratorObjective of cybersecurity
Improving Critical Infrastructure Cybersecurity,Executive Order 13636
Ø NIST Cybersecurity FrameworkLoi de programmation militaire pour les années 2014 à 2019Ø ANSSI Cybersécurité pour les systèmes industriels,
Mesures détaillées
Commission Proposal for a Directive concerning measures to ensure a high commonlevel of network
and information security (NIS) across the Union
Control System Security Center (CSSC)Ø CSS-Base6 Cybersecurity Test Bed
IT SicherheitsgesetzØ BSI
Bundesamt für Sicherheit der Informationssysteme
Goal of the governments:Protection of critical infrastructures
Scope ofProtectionLevels
Unrestricted / © Siemens AG 2015. All Rights Reserved.07.10.2015Page 15 DKE-Workshop Konformitätsbewertungsbedarf IT-Sicherheit Dr. Pierre Kobes
Basic documents of IEC / ISA-62443 are stable enough to be used
ComponentSystemPolicies and proceduresGeneral
1-1 Terminology, concepts andmodels
1-2 Master glossary of terms andabbreviations
1-3 System security compliancemetrics
IEC / ISA-62443
DefinitionsMetrics
Requirements to secure systemcomponents
Functional requirements Processes / procedures
Requirements placed on securityorganization and processes of the
plant owner and suppliers
Requirements to achieve asecure system
3-1 Security technologies for IACS
2-3 Patch management in the IACSenvironment
4-2 Technical security requirementsfor IACS products
4-1 Product developmentrequirements
3-2 Security risk assessment andsystem design
*DC: Draft for Comment*CDV: Committee Draft for Vote
*IS: International Standard*TR: Technical Report
*ID: Initial Draft
2-1 Requirements for an IACSsecurity management system
Ed.2.0Profile of
ISO 27001 / 27002
2-4 Requirements for IACS solutionsuppliers
3-3 System security requirementsand security levels Approved
Approved
ISO/IEC 27001 can be usedtill this part is approved
Unrestricted / © Siemens AG 2015. All Rights Reserved.07.10.2015Page 16 DKE-Workshop Konformitätsbewertungsbedarf IT-Sicherheit Dr. Pierre Kobes
IACS environment / project specific
Process requirements and functional requirements are linked
Protection LevelConformance Cluster 1
Related policies andprocedures
IEC 62443-2-1IEC 62443-2-4
Realizedcapabilities
of the Solution
IEC 62443-3-3
Protection LevelConformance Cluster 2
Related policies andprocedures
IEC 62443-2-1IEC 62443-2-4
Realizedcapabilities
of the Solution
IEC 62443-3-3
Protection LevelConformance Cluster n
Related policies andprocedures
IEC 62443-2-1IEC 62443-2-4
Realizedcapabilities
of the Solution
IEC 62443-3-3PS
SI
AO
Unrestricted / © Siemens AG 2015. All Rights Reserved.07.10.2015Page 17 DKE-Workshop Konformitätsbewertungsbedarf IT-Sicherheit Dr. Pierre Kobes
SL 4 Capability to protect against intentional violation using sophisticatedmeans with extended resources, IACS specific skills and high motivation
SL 3Capability to protect against intentional violation using sophisticatedmeans with moderate resources, IACS specific skills and moderatemotivation
Capability to protect against casual or coincidental violation
Capability to protect against intentional violation using simple means withlow resources, generic skills and low motivationSL 2
SL 1
Protection Levels cover security functionalities and processes
Protection Levels
Assessment of security functionalities
ML 4 Optimized - Process measured, controlled and continuouslyimproved
ML 3 Defined - Process characterized, proactive deployment
Initial - Process unpredictable, poorly controlled and reactive.
Managed - Process characterized , reactiveML 2
ML 1
Assessment of security processes
4
3
2
1Mat
urity
Leve
l
2 3 41Security Level
PL 2 Protection against intentional violation using simple means with low resources, generic skills andlow motivation
Protection against intentional violation using sophisticated means with extended resources, IACSspecific skills and high motivation
Protection against intentional violation using sophisticated means with moderate resources, IACSspecific skills and moderate motivationPL 3
PL 4
PL 1 Protection against casual or coincidental violation
Unrestricted / © Siemens AG 2015. All Rights Reserved.07.10.2015Page 18 DKE-Workshop Konformitätsbewertungsbedarf IT-Sicherheit Dr. Pierre Kobes
Assessment is conducted in 4 steps
Assess Business Risk todetermine Criticality
Assign TargetProtection Levels
AssessProtection Levels
AchievedProtection Levels
Conformance Clusters should cover all relevant security dimensions The Protection Level is assessedfor each Conformance Cluster
PL 1 Protection against casual or coincidental violation
PL 2 Protection against intentional violation using simple means with lowresources, generic skills and low motivation
Protection against intentional violation using sophisticated meanswith extended resources, IACS specific skills and high motivation
Protection against intentional violation using sophisticated meanswith moderate resources, IACS specific skills and moderatemotivation
PL 3
PL 4
ConformanceCluster 1
ConformanceCluster 2
ConformanceCluster 3
ConformanceCluster 4
ConformanceCluster 5
Conformance Clusters
Unrestricted / © Siemens AG 2015. All Rights Reserved.07.10.2015Page 19 DKE-Workshop Konformitätsbewertungsbedarf IT-Sicherheit Dr. Pierre Kobes
Process controls and functional requirements provide the framework for anholistic assessment of Protection Levels
Protection LevelConformance Cluster 1
IEC
6244
3-2-
1IS
O/IE
C27
001
IEC
6244
3-2-
4IE
C62
443-
3-3
Ass
etO
wne
rSe
rvic
ePr
ovid
erA
utom
atio
nSo
lutio
n
Protection LevelConformance Cluster 5
Protection LevelConformance Cluster 2
Protection LevelConformance Cluster 3
Protection LevelConformance Cluster 4
All controls of IEC 62443-2-1 / ISO 27001
All requirements of IEC 62443-3-3
All requirements of IEC 62443-2-4
Unrestricted / © Siemens AG 2015. All Rights Reserved.07.10.2015Page 20 DKE-Workshop Konformitätsbewertungsbedarf IT-Sicherheit Dr. Pierre Kobes
Dr. Pierre Kobes
Product and Solution Security Officer
PD TI ATS TM 2
E-Mail: [email protected]
Thank you for your attention!
siemens.com/industrialsecurity