ICS-Security für KMUs

Zukünftige Anforderungen für sichere industrielle Automatisierung in Österreich

Ing. DI(FH) Herbert Dirnberger, MA, CISMLeiter der Arbeitsgruppe – Sicherheit der industriellen Automation/SCADACYBER SECURITY AUSTRIAVerein zur Förderung der Sicherheit Österreichs strategischer Infrastruktur

IT-Security Community XChange, St. Pölten9. November 2012TLP:

Diese Arbeit wird unter den Bedingungen der Creative Commons Lizenz(CC BY-NC-ND) veröffentlicht. siehe http://creativecommons.org/licenses/by-nc-nd/3.0/at/

Copyright 20112 Cyber Security Austria

http://creativecommons.org/licenses/by-nc-nd/3.0/at/http://creativecommons.org/licenses/by-nc-nd/3.0/at/

Einleitung

50.000 KMUs50.000 KMUs

Industrielle Automatisierung

Sicherheit

Sicherheit

AGENDA

• Automatisierung

• Konvergenz

• Sicherheit

• Maßnahmen (KMUs, EU, Österreich)

• Cyber Security Austria

Industrielle Automatisierung

Automatisierung

http://www.youtube.com/watch?v=Kpvr2MVZjws&feature=plcp

http://www.youtube.com/watch?v=YFbBVzYaH_E

Bikinger, „Raffinerie Schwechat“, CC-Lizenz (BY 2.0)

Paul-Gerhard Koch, „Kaprun“Bikinger, CC-Lizenz (BY 2.0)

teakettle, „u1“, CC-Lizenz (BY 2.0)

http://creativecommons.org/licenses/by/2.0/de/deed.deAlle Bilder stammen aus der kostenlosen Bilddatenbank www.piqs.de

Fertigung Prozesse Gebäude

kritische Infrastruktur

Qualität Produktivität

http://www.youtube.com/watch?v=Kpvr2MVZjws&feature=plcphttp://www.youtube.com/watch?v=Kpvr2MVZjws&feature=plcphttp://www.youtube.com/watch?v=Kpvr2MVZjws&feature=plcphttp://www.youtube.com/watch?v=Kpvr2MVZjws&feature=plcphttp://www.youtube.com/watch?v=YFbBVzYaH_Ehttp://www.youtube.com/watch?v=YFbBVzYaH_Ehttp://www.youtube.com/watch?v=YFbBVzYaH_Ehttp://www.youtube.com/watch?v=YFbBVzYaH_E

Fachbegriffe der Automatisierung

Quelle: Wikipedia Quelle: Wikipedia

Quelle: Wikipedia Quelle: Wikipedia Quelle:http://produktion.de

SCADA/DCSPLC/SPS HMI

ICSIndustrial Control Systems

http://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/1/1f/s7300.jpghttp://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/1/1f/s7300.jpghttp://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/1/1f/s7300.jpghttp://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/1/1f/s7300.jpghttp://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/1/1f/s7300.jpghttp://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/1/1f/s7300.jpghttp://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/1/1f/s7300.jpghttp://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/1/1f/s7300.jpghttp://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/1/1f/s7300.jpghttp://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/1/1f/s7300.jpghttp://produktion.dehttp://produktion.de

Automatisierung in 2 min

AktorSensor

Steuerung

BedienerInnen

Bussystem

HMI

Physikalischer Prozess

Konvergenz

Konvergenz IT und AT

Netzwerke

IT StandardsCOTS

„Gebäudeleittechnik as a Service“

mobil

Cloud

offene Systemeremote

wireless

Quelle: www.automotiveit.eu

Quelle: Wikipedia

Quelle: Wikipedia

Quelle: Wikipedia

Quelle: Wikipedia

BYOD

Cyber Physical Systems

http://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/6/6f/transponder2.jpghttp://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/6/6f/transponder2.jpghttp://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/6/6f/transponder2.jpghttp://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/6/6f/transponder2.jpghttp://en.wikipedia.org/wiki/File:Intelligenter_zaehler-_Smart_meter.jpghttp://en.wikipedia.org/wiki/File:Intelligenter_zaehler-_Smart_meter.jpghttp://en.wikipedia.org/wiki/File:Intelligenter_zaehler-_Smart_meter.jpghttp://en.wikipedia.org/wiki/File:Intelligenter_zaehler-_Smart_meter.jpghttp://en.wikipedia.org/wiki/File:Intelligenter_zaehler-_Smart_meter.jpghttp://en.wikipedia.org/wiki/File:Intelligenter_zaehler-_Smart_meter.jpghttp://en.wikipedia.org/wiki/File:Intelligenter_zaehler-_Smart_meter.jpghttp://en.wikipedia.org/wiki/File:Intelligenter_zaehler-_Smart_meter.jpghttp://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/b/b6/wikipediafpandbd.pnghttp://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/b/b6/wikipediafpandbd.pnghttp://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/b/b6/wikipediafpandbd.pnghttp://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/b/b6/wikipediafpandbd.pnghttp://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/b/b6/wikipediafpandbd.pnghttp://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/b/b6/wikipediafpandbd.pnghttp://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/b/b6/wikipediafpandbd.pnghttp://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/b/b6/wikipediafpandbd.pnghttp://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/b/b6/wikipediafpandbd.pnghttp://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/b/b6/wikipediafpandbd.pnghttp://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/b/b6/wikipediafpandbd.pnghttp://file://localhost/users/hdirnber//upload.wikimedia.org/wikipedia/commons/b/b6/wikipediafpandbd.png

Folgen der Konvergenz

• „Die Zeit der getrennten Systeme ist vorbei“

• Übergangsphase

• Know How- und Fachkräftemangel

• Security und Safety

T. Brandstetter

Sicherheit

Sicherheitsparadigma

Quelle: Wikipedia

machine

Quelle: www.imdb.de

information

protect the

A Survey of Cyber-Physical SystemsJianhua Shi Jiafu Wan* Hehua Yan, Hui Suo

School of Physics and Electronics Science School of Computer Science and Engineering College of Electrical EngineeringShanxi Datong University South China University of Technology Guangdong Jidian Polytechnic

Datong, China Guangzhou, China Guangzhou, China13994390237@139.com *Corresponding Author hehua_yan@126.com

Abstract—Cyber-Physical Systems (CPSs) are characterizedby integrating computation and physical processes. The theoriesand applications of CPSs face the enormous challenges. The aimof this work is to provide a better understanding of this emergingmulti-disciplinary methodology. First, the features of CPSs aredescribed, and the research progresses are summarized fromdifferent perspectives such as energy control, secure control,transmission and management, control technique, systemresource allocation, and model-based software design. Then threeclassic applications are given to show that the prospects of CPSsare engaging. Finally, the research challenges and somesuggestions for future work are in brief outlined.

Keywords – cyber-physical systems (CPSs); communications;computation; control

I. INTRODUCTIONCyber-Physical Systems (CPSs) integrate the dynamics of

the physical processes with those of the software andcommunication, providing abstractions and modeling, design,and analysis techniques for the integrated whole[1]. Thedynamics among computers, networking, and physical systemsinteract in ways that require fundamentally new designtechnologies. The technology depends on the multi-disciplinessuch as embedded systems, computers, communications, etc.and the software is embedded in devices whose principlemission is not computation alone, e.g. cars, medical devices,scientific instruments, and intelligent transportation systems [2].Now the project for CPSs engages the related researchers verymuch.

Since 2006, the National Science Foundation (NSF) hasawarded large amounts of funds to a research project for CPSs.Many universities and institutes (e.g. UCB, Vanderbilt,Memphis, Michigan, Notre Dame, Maryland, and GeneralMotors Research and Development Center, etc.) join thisresearch project [3, 4]. Besides these, the researchers fromother countries have started to be aware of significance forCPSs research. In [5-7], the researchers are interested in thisdomain, including theoretical foundations, design andimplementation, real-world applications, as well as education.As a whole, although the researchers have made some progressin modeling, control of energy and security, approach ofsoftware design, etc. the CPSs are just in an embryonic stage.

The rest of this paper is outlined as follows. Section IIintroduces the features of CPSs. From different perspectives,the research processes are summarized in Section III. SectionIV gives some classic applications. Section V outlines the

research challenges and some suggestions for future work andSection VI concludes this paper.

II. FEATURES OF CPSSGoals of CPSs research program are to deeply integrate

physical and cyber design. The diagrammatic layout for CPSsis shown in Figure 1. Obviously, CPSs are different fromdesktop computing, traditional embedded/real-time systems,today’s wireless sensor network (WSN), etc. and they havesome defining characteristics as follows [7-10].

Closely integrated. CPSs are the integrations ofcomputation and physical processes.

Cyber capability in every physical component andresource-constrained. The software is embedded inevery embedded system or physical component, andthe system resources such as computing, networkbandwidth, etc. are usually limited.

Networked at multiple and extreme scales. CPSs, thenetworks of which include wired/wireless network,WLAN, Bluetooth, GSM, etc. are distributed systems.Moreover, the system scales and device categoriesappear to be highly varied.

Complex at multiple temporal and spatial scales. InCPSs, the different component has probably inequable

Figure 1. Diagrammatic layout for CPSs

In Proc. of the Int. Conf. on Wireless Communications and Signal Processing, Nanjing, China, November 9-11, 2011

process/system

Quelle: http://www.cps-cn.org/Conference/CPS_Survey.pdf

network IT

human

SECURTIY

SAFETY

(game)

http://www.imdb.dehttp://www.imdb.dehttp://www.cps-cn.org/Conference/CPS_Survey.pdfhttp://www.cps-cn.org/Conference/CPS_Survey.pdf

Security und Safety

Embedded Security

IT Security

Network Security

Information Security

SCADA Security

ICS Security

Cyber Security

Prozess SicherheitSafety

Sicherheit

IndustrialIT Security

Risiko MgtBCM

Physical Security

Cyber war

Security

Security by obscurity

• Insellösungen

• „Silodenken“

• unkoordiniert

• unnötig komplex

und abhängig

• angewandtes Home Office

• „Sicherheit ist zu teuer“

ka2706, „Stooop!!“, CC-Lizenz (BY 2.0)

http://creativecommons.org/licenses/by/2.0/de/deed.deBild stammt aus der kostenlosen Bilddatenbank www.piqs.de

http://creativecommons.org/licenses/by/2.0/de/deed.dehttp://creativecommons.org/licenses/by/2.0/de/deed.de

Gefahren und Risiken

GefahrenTechnische DefekteOrganisatorische MängelHöhere GewaltMenschliche FehlerInsider AttackenWirtschaftsspionageCyber Attacken

RisikenQualitätsminderungProduktionsausfallKollateralschädenÜberlastung von PersonalRechtsstreitigkeitenReputationsverlustKnow How Verlust, LeaksErpressung

Innovative Angriffsvektoren

• Passive information gathering

• meta... Tools

• Botnet as a Service

• People

Organization

Infrastructure

Timothy Krause, „Security guard“, CC-Lizenz (BY 2.0)http://creativecommons.org/licenses/by/2.0/de/deed.deBild stammt aus der kostenlosen Bilddatenbank www.piqs.de

Herbert Dirnberger, Auszug aus Screenshot der Webseite http://www.shodanhq.com

Open Source Intelligence & SCADA

http://www.shodanhq.comhttp://www.shodanhq.com

Verantwortung

Verantwortung

NormenStandardsGesetzgeber

BetreiberEndkunde

Aus- und Weiterbildung

IntegratorenDistributoren

Hersteller

Maßnahmen

10 ICS-Security Maßnahmen für KMUs

(1) Sensibilisierung und Bewusstsein schaffen, Management einbinden

(2) Verantwortung definieren

(3) Budget und Ressourcen bereitstellen

(4) Zugangskontrollen und -schutz installieren

(5) Backup erstellen und Recovery prüfen

10 ICS-Security Maßnahmen für KMUs

(6) Dokumentation laufend überarbeiten

(7) Segmentierung durchführen

(8) Anti Malwareschutz einsetzen

(9) Komplexität reduzieren

(10)Integration von ICS-Security im Managementsystem durchführen

Ausgabe 4/2012, verfügbar ab 13.11.2012http://www.automation-security.de

http://www.automation-security.dehttp://www.automation-security.de

ENISA

• Europaweite ICS Strategie

• Good Practice Guide

• ICS Security plan templates

• Stärkung von Bewusstseinund Training

• Common test bedICS Security cert. Framework http://www.enisa.europa.eu/

http://creativecommons.org/licenses/by/2.0/de/deed.dehttp://creativecommons.org/licenses/by/2.0/de/deed.de

Notwendige Maßnahmen (national + EU)

• Stärkung von Aus- und Weiterbildung

• Schaffung einer eindeutigen Terminologie

• Bildung von Standards, Gesetzen, Normen,

Richtlinien, Zertifizierungen, ...

• Berücksichtigung des Internationalen

Rahmens - ISA 99, ISO 27000, ...

Aktivitäten der Cyber Security Austria

Arbeitsgruppe SCADAIndustrial Automation

• Sensibilisieren und Bewusstsein schaffen

Management, Führungskräfte, Mitarbeiter,...

• Mitarbeit bei Standards, Gesetzen, Normen,

Richtlinien, Zertifizierungen, ...

• Entwicklung von Design Pattern

• Stärkung Aus-, Weiterbildung und Lehre

• Bildung einer eindeutigen Terminologie

DANKE

Ing. DI(FH) Herbert Dirnberger, MA, CISM

herbert.dirnberger@cybersecurityaustria.atwww.cybersecurityaustria.at

speziell auch an die Kollegen Joe, Florian, David, Rüdiger, Franz, Herbert und Paul

http://www.cybersecurityaustria.athttp://www.cybersecurityaustria.at