Embed Size (px)
Citation preview
Utility Modernization Cyber Security City of Glendale, California
Cyber Security Achievements
Cyber Security Achievements (cont)
1. Deploying IT Security Awareness training program Q4 2012
2. Purchased QualysGaurd Vulnerability Scanner Q4 2012
3. Upgrading Industrial Defender SEM Q4 2012
4. Updated Mcafee ePO and Websense web filter
5. Governance documentation
a) Acceptable use policy, O/S STIGS, Data classifications
6. Performed Security review of SCADA networks
a) Palo Alto next gen firewall
b) Increased access controls , password complexity etc
c) Reviewed and modified current firewall rules
Cyber Security Achievements (cont)
1. McGladrey Audit and PCI compliance activities
2. Full Disk Encryption (FDE) for all laptops in 2013
3. AD2008 upgrade and network rework (DNS, IPAM, DHCP, RBAC)
4. Created CoG perimeter firewall egress rules for outbound traffic
5. Patch Management Policy and Unified patch management program – server and workstation
6. Removing “administrator” rights to most workstations
Status of GWP CSP Action Items
Action Item 1: Review and apply NERC-CIP standards
GWP Cyber Security Plan is based upon established industry cyber security standards and frameworks
1. AMI -SEC AMI System Security Requirements
2. North American Electrical Reliability (NERC) Critical Infrastructure
3. ISO/IEC 27002 series
4. NIST Special Publication 800 series
5. NIST-EPRI Smart Grid Interoperability Standards
6. DOE Cyber Security Program, Cyber Security Strategic Plan
7. DOE Cyber Security Awareness and Training Program Plan
8. DOE: 21 Steps to Improve Cyber Security of SCADA Networks
9. Sandia Report SAND2007-7327: Advanced Metering Security
10. Federal Information Technology Security Assessment Framework
Action Item 1: Review and apply NERC-CIP standards
Train Key Security Staff in those Standards and Frameworks
1. Attended NERC –CIP specific training
2. Attended DOE Smart Grid Cyber Security Exchange in Chicago, July 2011
3. Attended Idaho National Labs Industrial Control Systems training (ICS) training in May, 2012
4. Attending DOE Smart Grid Cyber Security Exchange in Washington DC, December 2012
GWP has partnered with Itron, Industrial Defender and other key partners to implement and validate industrial security measures throughout the AMI system
Action item 2: Ensure that all hardware and software selected for the GWP Smart Grid Initiative meets the highest security standards applicable to that system
Action Item 3: Re-engineered the Perkins Data Center and network
1. Environmental upgrades to HVAC and electrical capacity
2. UPS replacement
3. Installation of SAN with remote site fail-over SAN for Smart Grid DB’s
4. AMI environments have been segmented into multiple firewalled networks: servers on one network, meters on a separate “backhaul” network, with a third firewalled segment connecting the AMI environments to the “City” network
5. Implemented Remote backup site (Burbank)
Action Item 4: Enhanced the Physical Security of the Perkins Data Center
1. Proximity key-card reader system w/ logging on all DC entrances
2. System cabinet (rack) locks w/ logging
3. Security camera with motion sensor (feed is recorded and logged)
Action Item 5: Installed state of the art security appliances and software to implement advanced internal and external intrusion detection and protection
1. Certicom AMI 7100 Signing and Encryption Server 2. Industrial Defender 300B Security Event Monitoring 3. Threshold , Capacity and Security monitoring (Agilysys) 4. Alert logic Network intrusion detection appliance, remote sys-
logging, traffic monitoring on the wire 5. Cisco ACS VPN (ASA) offloaded VPN account management to ACS:
able to track login to routers and switches. 6. Implementing a dedicated Palo Alto next generation Firewall on the
SCADA network for enhanced deep traffic inspection 7. Created firewall ingress/egress rules at the network perimeter to
block inbound/ outbound known malicious traffic
Action Item 6: Encrypt all sensitive Smart Grid traffic on the network
1. Encryption of data in flight (DIF) between the power meters and the IEE head-end systems (128 bit SSL encryption w/ Certicom smart cards)
2. Protecting all DIF to external networks in 2013
3. Deploying a Data Loss Prevention (DLP) solution in 2013
4. Implementing DIF (to internal and external networks) and Data at Rest (DAR) in 2014
Action Item 7: Use Virtual Local Area Networks (VLANs) to Segregate Data on the Network
1. AMI environments have been firewalled from the city network
2. AMI environments are segmented into multiple networks:
a. Servers on one network
b. Meters on a separate “backhaul” network with a third firewalled segment connecting the AMI environment to the “city” network
Action Item 8: Enhance Access Control and Authentication Methods
1. GWP uses Active Directory groups as a preferred method for assigning users to “roles” which are then used by applications to enforce access control rules. Active Directory is being upgraded to AD2008 (can use RBAC)
2. All users authenticate with a domain username and password
3. Strong password rules: minimum password length, password age, number of tries before lock-out, and session timeout are all settable options
4. Data level security ensures the user can only view information and data associated with his or her account (least privilege)
5. All user passwords are stored in the database in encrypted format using a hashing algorithm. Users can change their password through the web application. Support staff can change a user's password but cannot view a user's password.
The current Active Directory environment consists of 28 Domains with a complex set of trust and 890 File Shares.
After: three domains with approximately 270 shares
Action Item 9: Document and Institute IT Security Policies and Procedures
Security Documentation for 2012 delivery
1. City Cyber Security plan Annual Review
2. IT Security Policies Plan
a. Acceptable Use Policy, Data Classification Policy, Patch Management Policy
3. IT Security Procedures Plan
a. O/S Security Implementation Guides (STIGS)
4. IT Security Risk Management Plan
a. SCADA and Project reviews
b. RM plan is currently being rewritten
Action Item 10: Train all staff in IT Security Policies and Procedures
1. CoG has purchased SANS: Securing the Human IT Security Awareness training program. This program is going live November, 2012
2. This Annual training program is CBT based with automated compliance metrics and is mandatory for all staff
3. Includes posters, book marks and other IT Security centric hand outs to reinforce lessons learned
Action Item 11: Annual Review and Update of the GWP Cyber Security Plan
1. Review status of previous years Cyber Security initiatives
2. Check plan alignment with current environment as well as the IT Security five year plan
3. Determine new security initiatives and strategies
4. Management review and sign off
Moving forward…
1. Improved NIDS, HIDS, IPS 2. Application scanning (Appscan) 3. Improved Patch and Vulnerability Management 4. Multi-factor authentication 5. Encryption of data in flight (DIF) and data at rest (DAR) 6. Proactively Build IT Security into Project Design
Questions?
