Upload
crmcg2007
View
88
Download
0
Embed Size (px)
Citation preview
8/20/2015
1
Protecting Critical Infrastructure
in the Design-Build Framework
…A Focus on Cybersecurity
Chuck McGregor, CISM
VP, Parsons Converged Security Team
Overview
Owner-Operator Pressures
View: Converged Security
Update: Cybersecurity Threats
Security in the Engineering Process
Call to Action
2ITAR CM.01.2014
8/20/2015
2
Owner-Operator Pressures
Resources
Operational Effectiveness
Environmental Efficiency
Regulatory Compliance
Converged
SECURITY
ITAR CM.01.2014 3
Converged Security – Critical Asset
Protection• Physical Security
– Surveillance Systems
– Access Control Systems
– Anti-trespass Systems
• Cybersecurity
– Operational Technology Security
• Industrial Control Systems
– Endpoint Security
– Configuration Change Management Systems
– Alert Warning Systems
Cyber Threats
• Espionage
• Reconnaissance
• Remote Control
• Disruption of
Critical HW
• ICS Interdiction
• Irreversible
Damage
Cyber Threats
• Espionage
• Reconnaissance
• Remote Control
• Disruption of
Critical HW
• ICS Interdiction
• Irreversible
Damage
ITAR CM.01.2014 4
8/20/2015
3
Cyber Attacks - the Numbers
Source: Symantec Internet Security Threat Report XVIII, April 2013
ITAR CM.01.2014
Source: 2014 Verizon Cybersecurity Report
5
Critical Infrastructure Attacks on the Rise• Gazprom, Bellingham Gas Pipeline
(1999)
• Maroochy Water System (2000)
• Davis-Besse Nuclear Poser Plant (2003)
• CSX Corporation (2003)
• Tehama Colusa Canal Authority (2007)
• STUXNET (2010)
• Night Dragon (2011)
• Shady RAT (2011)
• DUQU (2011) Flame (2012)
• Aramco-Shamoom (2012)
• Red October (2013)
• Carmel Tunnel (2013)
• Monju Japan Nuclear Plant (2014)
• Havex – Energetic Bear (2014)
6
DHS ICS-CERT reported a 52%
increase in reported attacks in 2012.
2013 attack number was greater
DHS ICS-CERT reported a 52%
increase in reported attacks in 2012.
2013 attack number was greater
ITAR CM.01.2014
8/20/2015
4
Threat Evolution• Change in Motives
• Sophistication & Intensity
– Viruses � Denial of Service Attacks �Malware Injection
– Advanced Persistent Threats (APTs)
• Scope Evolution – the main targets are changing…
– Military � Gov’t Actors � Defense Contractors �
– Critical Infrastructure Owners/Operators
• We are in a “New Era” of Cyber Warfare
ITAR CM.01.2014 7
Focus on ICS/SCADA Systems
8
8/20/2015
5
Cri#cal Infrastructure Defined −
SCADA/ICS Drill-Down
• Industrial Control Systems (ICS) refer to a broad
array of control systems
– SCADA (Supervisory Control and Data Acquisition)
– BMS (Building Management Systems)
– DCS (Distributed Control Systems)
– PCS (Process Control Systems)
– EMS (Emergency Management Systems)
– AS (Automation Systems)
– SIS (Safety Instrumented Systems)
– HMI (Human Machine Interface)
ITAR CM.01.2014 9
SCADA System Vulnerabilities
• Aged Technology
• Low Sophistication
• Extremely Sensitive
• Increasingly Connected to Enterprise Systems
• Increasingly Windows™ based
• Operational Mindsets– Operations and Downtime
– Competition for Investment Resources
• Increase in RF Technology Connectivity
ITAR CM.01.2014 10
8/20/2015
6
Steps to Secure Critical Asset ICS1. Lock your PLC Closets and Server Rooms!
2. Disable internet access to trusted resources
3. Maintain trusted resources at latest patch levels
4. Require two-factor combinations for all systems
5. Control contractor access
6. Use network segmentation
7. Forbid ICS protocols on corporate networks
8. Implement external media lockdown
9. Follow a standard (NIST 800-52)
10. Red Team often / Exercises
ITAR CM.01.2014 11
Focus on the Impact of Building
Information Modeling (BIM)
12
8/20/2015
7
13
Steps to Secure the Engineering Process1. Solution design � Ops & Maintenance
� Decommissioning
2. Organization, structure of data, securing the data
– Impact of Building Information Modeling (BIM data)
3. Securing communications with contractors - encryptions
4. Securing facility diagrams, pollution analysis, hazardous material data, BIM, Facility Condition Assessment data…
5. Proper destruction of project materials
ITAR CM.01.2014 14
8/20/2015
8
BIM = Increased Cyber Exposure
• Often misunderstood/poorly
designed/controlled
• Multiple parties contributing
• Database interconnectivity
• Valuable intelligence
• Multiple points of attack
Key Thought
• Data design and
structure needed
for “Big Data” is
very similar to that
of a BIM
deployment
Key Thought
• Data design and
structure needed
for “Big Data” is
very similar to that
of a BIM
deployment
15
More Systems = More Data = Larger Attack Surface
16
8/20/2015
9
Key Tips to Secure BIM Deployments
1. Push for a robust security architecture
2. Ask your Technology Director for a data
security plan
3. Engage/Involve your cybersecurity team
early – educate them
4. Don’t compromise strong security practices
to facilitate Control and OEM access
ITAR CM.01.2014 17
CALL TO ACTION! Our Responsibilities
• Education
• Situational Awareness
• Design Security into Our
Solutions
• Ask Security Engineers
Questions
• Embrace Security as a Value
ITAR CM.01.2014 18
8/20/2015
10
Thank You
• Chuck McGregor, VP – Deputy Cybersecurity Director
(704) 957-2572
@chuck_mcg
Parsons ProprietaryITAR CM.06.2014 19