@ abb group february 9, 2014 | slide 1 · february 9, 2014 | slide 23 . verification at fat and...
TRANSCRIPT
![Page 1: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/1.jpg)
@ ABB Group February 9, 2014 | slide 1
![Page 2: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/2.jpg)
@ ABB Group February 9, 2014 | slide 2
145,000 employees in about 100 countries
$39 billion in revenue (2012)
Formed in 1988 merger of Swiss and Swedish engineering companies
Predecessors founded in 1883 and 1891
Publicly owned company with head office in Switzerland
A global leader in power and automation technologies Leading market positions in main businesses
![Page 3: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/3.jpg)
@ ABB Group February 9, 2014 | slide 3
Power Products
Power Systems
Discrete Automation and Motion
Process Automation
$10.7 billion 36,000
employees
$7.9 billion 20,000
employees
$9.4 billion 29,000
employees
$8.2 billion 28,000
employees (2012 revenues)
Low Voltage Products
$6.6 billion 31,000
employees
Electricals, automation, controls and instrumentation for power generation and industrial processes
Power transmission
Distribution solutions
Low-voltage products
Motors and drives
Intelligent building systems
Robots and robot systems
Services to improve customers productivity and reliability
ABB’s portfolio covers:
How ABB is organized Five global divisions
![Page 4: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/4.jpg)
@ ABB Group February 9, 2014 | slide 4
Cyber Security @ ABB
![Page 5: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/5.jpg)
@ ABB Group February 9, 2014 | slide 5
Just to be clear …
A bit of ABB terminology
Internal (i.e. IT Security) Protecting ABB IT infrastructure against unauthorized access, computer based
threats and attacks
External (i.e. Cyber Security) Helping ABB customers to protect their
assets (e.g. energy networks or automation plants) against unauthorized access, computer based threats and attacks
Responsibility of Group Function Information Systems (GF-IS)
Responsibility of Group Cyber Security Council and ABB Business
![Page 6: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/6.jpg)
@ ABB Group February 9, 2014 | slide 6
Addressing a global challenge
Cyber Security demand differs
greatly around the world
ABB strives to Fulfill requirements of „advanced“ markets (e.g N.A.) Help establish cyber security in „emerging“ markets Introduce cyber security and raise awareness where
cyber security is not yet a topic
High demand Low Demand
![Page 7: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/7.jpg)
@ ABB Group February 9, 2014 | slide 7
The foundation of Cyber Security What does it mean for ABB as an organization
Corporate foundation
Awar
enes
s
Res
earc
h
Inci
dent
R
espo
nse
IT S
ecur
ity
Trai
ning
Man
agm
ent
Supp
ort
Organizational priority at top management level Global, cross-functional and long-term initiative Formally established - it is not just a side task Starts with improving operational readiness
“(Cyber) Security issues are here to stay” Joe Hogan, CEO ABB Group, ABB Automation and Power World, 2011
Exte
rnal
O
utre
ach
![Page 8: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/8.jpg)
@ ABB Group February 9, 2014 | slide 9
Group Cyber Security Council Organization
Group Head of Cyber Security
Head of Cyber Security
PS / PP Head of Cyber Security
PA Head of Cyber Security
DM Head of Cyber Security
LP
Cyber Security Manager
Substation Automation
Cyber Security Manager
Ventyx
Cyber Security Manager
Power Generation
Cyber Security Manager
Grid Systems
Cyber Security Manager
Oil, Gas & Petrochemicals
Cyber Security Manager
Control Technologies
Cyber Security Manager
Service
![Page 9: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/9.jpg)
@ ABB Group February 9, 2014 | slide 10
External Outreach and Research
Collaborations, partnerships and joint research are a must for effective cyber security solutions
• Open discussions and involvement with customers (requires a certain level of trust)
• International standardization efforts (e.g. IEC62351, IEC61850, IEEE1686)
• Joint research initiatives (e.g. EU projects VIKING or ESCoRTS)
• Information exchange initiatives (CPNI.NL, CPNI UK, ICSJWG US)
• Collaborations with 3rd party solution providers
![Page 10: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/10.jpg)
@ ABB Group February 9, 2014 | slide 11
ABB Cyber Security Approach From the Product Lifecycle to the Plant Lifecycle
Product Lifecycle
Project Lifecycle
Plant Lifecycle
Design Implemen-tation Verification Release Support
Design Engineering FAT Commissioning SAT
Operation Maintenance Review Upgrade
![Page 11: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/11.jpg)
@ ABB Group February 9, 2014 | slide 12
Goal: Implement SDL throughout ABB to increase robustness, quality and security of ABB solutions
Governance: SDL is owned by the ABB Group Cyber Security Council who mandates its use.
Implementation strategy Strategy & roadmap developed and driven based on MS-
SDL, BSIMM, OWASP and IEC62443-4-1 Implementation through ABB’s Software Development
Improvement Program Implementation according to a maturity model
SDL for ABB What is our strategy?
![Page 12: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/12.jpg)
@ ABB Group February 9, 2014 | slide 13
Security Development Lifecycle The Process
Training Requirements Design Implementation Verification Release Response
Core training Define quality gates/bug bar
Analyze cyber security risk
Attack surface analysis
Threat modeling
Specify tools
Enforce banned functions
Static analysis
Dynamic/Fuzz testing (e.g. DSAC)
Verify treat models/attack surface
Response plan
Final security review (FSR)
Release archive
Execute response plan (e.g. vulnerability handling policy)
Administer and track security
training
Education Guide product teams to meet
SDL requirements
Process
Establish release criteria and sign-off as part of G5
Accountability
Incident response
![Page 13: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/13.jpg)
@ ABB Group February 9, 2014 | slide 14
Product Lifecycle - Design & Implementation
Security Training depending on role:
SDL Introduction Training
Secure Design
Threat Modeling
Secure Coding
Security Testing
And more advanced training
Cyber Security Training for Developers
![Page 14: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/14.jpg)
@ ABB Group February 9, 2014 | slide 17
Product Lifecycle - Requirements
Intention is to protect ABB as an organization and the ABB brand
Requirements focus on items that if not properly addressed in any single product could impact all of ABB, e.g. because of negative media coverage
Requirements do not include any items that are e.g. considered requirements to enter a certain market
Approved by the TCT, now included in our Cyber Security and SDL practices/requirements.
Minimum Cyber Security Product Requirements
![Page 15: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/15.jpg)
@ ABB Group February 9, 2014 | slide 18
Graphical representation of scope and completeness of selected standards
*) source DTS IEC 62351-10 10: Security architecture guidelines
Product Lifecycle - Design & Implementation Standards and their scope
![Page 16: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/16.jpg)
@ ABB Group February 9, 2014 | slide 20
Formally established, centralized and independent security test center
Leveraging state-of-the-art open source, commercial and proprietary robustness and vulnerability analysis tools
Close collaboration with ABB developers providing in-depth analysis and recommendations
ABB Device Security Assurance Center State-of-the-art cyber security testing
![Page 17: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/17.jpg)
@ ABB Group February 9, 2014 | slide 21
ABB Device Security Assurance Center State-of-the-art cyber security testing
Qualified and experienced team of 4 full time analysts to run tests and analyze the results
Completed around 100 tests in 2011
Capable of testing standard protocols (e.g. ARP/IP/TCP/ UDP/HTTP) and industrial communication protocol (e.g. Modbus/DNP3/IEC61850)
Capable of testing any proprietary protocol using commercially available tools and internal tools developed by the center
Assures consistent approach in carrying-out robustness testing for embedded devices
![Page 18: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/18.jpg)
@ ABB Group February 9, 2014 | slide 22
Product Lifecycle - Verification ABB’s approach to system security testing
Regular system tests at INL SCADA test bed First vendor to have system tested at INL SCADA test bed Different systems Very valuable for both ABB and customers Results go back into requirements on new development and
corrections
Interoperability tests with third party solutions
Verify that solution does not interfere with control system Document configuration and setup Improve third party solutions
![Page 19: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/19.jpg)
@ ABB Group February 9, 2014 | slide 23
Verification at FAT and SAT
Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices for Vendors
Product Lifecycle
Project Lifecycle
Plant Lifecycle
Design Implemen-tation Verification Release Support
Design Engineering FAT Commissioning SAT
Operation Maintenance Review Upgrade
System Deliveries
Security Basics Adequately Trained Engineers Secure and Hardened Architecture User Management Patched System Malware Protection System Backup System Documentation
Verification at FAT and SAT
Training
Hardening
Users
Patching
Malware
Backup
Doc.
![Page 20: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/20.jpg)
@ ABB Group February 9, 2014 | slide 24
Project Lifecycle – Engineering / Commissioning Deployment Guidelines
Product Lifecycle
Project Lifecycle
Plant Lifecycle
Design Implemen-tation Verification Release Support
Design Engineering FAT Commissioning SAT
Operation Maintenance Review Upgrade
![Page 21: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/21.jpg)
@ ABB Group February 9, 2014 | slide 25
Project Lifecycle – Engineering / Commissioning NERC-CIP Statements
Product Lifecycle
Project Lifecycle
Plant Lifecycle
Design Implemen-tation Verification Release Support
Design Engineering FAT Commissioning SAT
Operation Maintenance Review Upgrade
![Page 22: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/22.jpg)
@ ABB Group February 9, 2014 | slide 26
Periodically verify System Status
Plant Lifecycle – Operation/Maintenance Cyber Security Basic Best Practices for End Users
Secure System Operation / Cyber Security Services
Security Basics Adequately Trained Operators/Engineers Periodically Verify Hardened Architecture Manage and use Personal Accounts Periodically Patch System Periodically update Malware Protection Periodically Backup and Test Restore Update System Documentation
Periodically verify System Status
Training
Hardening
Users
Patching
Malware
Backup
Doc.
Product Lifecycle
Project Lifecycle
Plant Lifecycle
Design Implemen-tation Verification Release Support
Design Engineering FAT Commissioning SAT
Operation Maintenance Review Upgrade
![Page 23: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/23.jpg)
@ ABB Group February 9, 2014 | slide 28
Plant Lifecycle - Maintenance Patch Management – Example Symphony Plus
Validation of Microsoft security updates All relevant updates are tested for compatibility Dedicated Security Test Lab covers supported S+ versions
Other 3rd party SW (e.g. Adobe Reader, McAfee ) Released from SW vendor without schedule Verified with next Microsoft Security Update Verification status published the same way a Microsoft Security
Updates
Similar process for other ABB products
Product Lifecycle
Project Lifecycle
Plant Lifecycle
Design Implemen-tation Verification Release Support
Design Engineering FAT Commissioning SAT
Operation Maintenance Review Upgrade
![Page 24: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/24.jpg)
@ ABB Group February 9, 2014 | slide 29
Plant Lifecycle - Maintenance
Minimize customer risk
This requires Cultural change: Accept that vulnerabilities exist
(having a vulnerability is acceptable, improperly handling them is not!)
Formal processes and policies Proper communication at the right time
ABB has established a formal process and
vulnerability handling has top priority To report a vulnerability:
Vulnerability handling & Incident response C
omm
unication
First Response
Initial Triage
Investigation
Remediation
Notification
Product Lifecycle
Project Lifecycle
Plant Lifecycle
Design Implemen-tation Verification Release Support
Design Engineering FAT Commissioning SAT
Operation Maintenance Review Upgrade
![Page 25: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/25.jpg)
@ ABB Group February 9, 2014 | slide 30
Contact – Cyber Security @ ABB Urgent needs – vulnerabilities, incidents, etc.
Web: http://www.abb.com/cybersecurity/
E-Mail: [email protected]
![Page 26: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/26.jpg)
@ ABB Group February 9, 2014 | slide 31
Cyber Security
ABB Corporate Research Develops forward-looking cyber security concepts and technology
Authentication, remote access, security monitoring, security engineering, product/system security assessments, tracking market trends, …
Evaluates security relevant technologies Adapts enterprise security to industrial control systems context
Research Challenges
Addressing high availability and performance requirements Simplification of security engineering Diversity in security solution approaches across the industry
ABB Motivation Develop and deploy secure systems Drive industry standards
…also a topic in ABB Corporate Research
![Page 27: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/27.jpg)
@ ABB Group February 9, 2014 | slide 32
ABB Corporate Research
Threat Modeling changed ABB’s internal processes
IEC62351 Performance Evaluation evolved a standard
Automated network security configuration created a future engineering concept
ESCoRTS was supported by the EU Commission
Selected projects
![Page 28: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/28.jpg)
@ ABB Group February 9, 2014 | slide 33
Cyber Security @ ABB …
Industrial Defender ASM
Centralized dedicated monitoring of security events from Servers, Workstations, Network equipment
Correlation, prioritization and notification of events based on customer preference and policy.
Storage for forensic analysis
Asset Management
Intel Group
McAfee Antivirus and Application Whitelisting
WindRiver RTOS security capabilities
SE46
Application Whitelisting
… strong in itself, strong with specialized partners
![Page 29: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/29.jpg)
@ ABB Group February 9, 2014 | slide 34
Cyber Security for Industrial Control Systems
![Page 30: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/30.jpg)
@ ABB Group February 9, 2014 | slide 35
Why is cyber security an issue?
Isolated devices
Point to point interfaces
Proprietary networks
Standard Ethernet/IP- based networks
Inter- connected systems
Distributed systems
Modern automation, protection and control systems leverage commercial off the shelf IT components use standardized, IP based communication protocols are distributed and highly interconnected use mobile devices and storage media are highly specialized IT systems
![Page 31: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/31.jpg)
@ ABB Group February 9, 2014 | slide 36
What are the unique challenges?
Enterprise IT Industrial Control Systems
Object under protection Information Physical process
Risk impact Information disclosure, financial loss
Safety, health, environment, financial
Main security objective Confidentiality, Privacy Availability, Privacy
Security focus Central Servers (fast CPU, lots of memory, …)
Distributed System (possibly limited resources)
Availability requirements
95 – 99% (accept. downtime/year: 18.25 - 3.65 days)
99.9 – 99.999% (accept. downtime/year: 8.76 hrs – 5.25 minutes)
System Lifetime 3 – 10 Years 5 – 25 Years
![Page 32: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/32.jpg)
@ ABB Group February 9, 2014 | slide 37
Cyber Security vs. Safety Similar but different
Cyber Security = Safety Both require(d) a culture change Both are all about processes Both require training Both require top management support
Cyber Security ≠ Safety Safety is static and predictable (threats don’t change) Cyber Security is constantly changing (threats change) For Cyber Security the attacker evolves Safety solutions can be certified
![Page 33: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/33.jpg)
@ ABB Group February 9, 2014 | slide 38
Demand for Cyber Security By industry and applications
Customers
Vendors Standards & Regulations
2 Process Automation (Oil & Gas)
4 Substation Automation
3 Power Generation DCS
2
1 Network Management (EMS, SCADA)
1
3
4
High demand
Low demand
![Page 34: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/34.jpg)
@ ABB Group February 9, 2014 | slide 40
How big is the risk?
Cyber incidents are real and cyber security for industrial control systems must be taken seriously
but it is a challenge that can be met
Stephen Cummings, director of the British government's Centre for the Protection of National Infrastructure,
“Cyberterrorism is a myth”
Denial Panic
Reality
![Page 35: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/35.jpg)
@ ABB Group February 9, 2014 | slide 41
Cyber Security Solutions Delivery for Industrial Control Systems
![Page 36: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/36.jpg)
@ ABB Group February 9, 2014 | slide 42
ABB Foundation Security Solutions User Roles, Access Control and Hardening
Establish hierarchy of Accounts (operator, tech, admin, etc)
Domain wide policy to enforce:
Password Requirements and Role Association
Define Remote Access Security
Operator Group Policy that restricts access to Desktop and Applications
Provide hardening services as applicable
Close un-necessary ports
Disable non-essential services
Establish minimum required software components
![Page 37: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/37.jpg)
@ ABB Group February 9, 2014 | slide 43
ABB Foundation Security Solutions Patch & Anti-Malware Management
Monthly distribution of patches on DVD
Optional service under ServiceGrid Software Support
On-site services to deploy and document patches
Installation of an update server for automating roll-out of both Windows Security Patches and Anti-Virus updates
Application Whitelisting
![Page 38: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/38.jpg)
@ ABB Group February 9, 2014 | slide 44
ABB Foundation Security Solutions Configuration Change Management
Enable Security Event logging
Set-Up a maintenance back-up schedule
Audit Trail Feature logs specified events and includes time stamp when changes were made, which changes were made, on which node the changes were made and who made the changes.
Installation of a security event log server for automating collection and reporting.
![Page 39: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/39.jpg)
@ ABB Group February 9, 2014 | slide 45
ABB Foundation Security Solutions Disaster Recovery
Disk Imaging and selective application Back Up/Restores are possible
Set-up scheduled back up routine
Can use Local or Network Access Storage (NAS) devices
Comprehensive documentation developed for customer use in the event of performing a recovery.
On-Line imaging software with Server Based storage array.
Server can be set-up as image backup testing bed
![Page 40: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/40.jpg)
@ ABB Group February 9, 2014 | slide 46
ABB Foundation Security Solutions Compliance Documentation Service
ABB can work to develop custom documentation for inclusion in a NERC-CIP Compliance Program
Documents compile information from multiple sources and also include project specific instructions
Examples include:
Password change procedures
Back-up and Restore procedures
Detail of node software components
User Maintenance Instructions
Detailed reporting on Ports and Services
![Page 41: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/41.jpg)
@ ABB Group February 9, 2014 | slide 47
Interviews
Data Collection
Analysis Cyber Security status
identifies strengths and weaknesses
Recommendations provide a solid foundation to build a sustainable cyber security strategy
Based on widely accepted industry standards (e.g. NERC CIP, ISA-61443)
What ABB offers – Cyber Security Services Example: Cyber Security Fingerprint
Product Lifecycle
Project Lifecycle
Plant Lifecycle
Design Implemen-tation Verification Release Support
Design Engineering FAT Commissioning SAT
Operation Maintenance Review Upgrade
![Page 42: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/42.jpg)
@ ABB Group February 9, 2014 | slide 48
ABB - Industrial Defender Partnership
Unquestioned expert in securing the systems we build. That’s
our focus – delivering inherently secure systems for
industrial and power automation
Combined know-how
True integration
Aligned technologies
Tested and verified solutions
Unified support
Efficient, effective and sustainable cyber security
solutions Leader in developing platform-
agnostic technologies that monitor, manage and protect
automation systems – centrally, and across mixed
environments
For more information visit
www.abb.com/cybersecurity & www.industrialdefender.com
![Page 43: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/43.jpg)
@ ABB Group February 9, 2014 | slide 49
Monitor – Manage – Protect Unified approach to security & compliance
• Monitor security & health activity in real-time
• Manage critical activity, including configurations, changes, policy and security events
• Protect against threats to vital automation systems
Enhancing operational excellence, sustaining security & compliance
![Page 44: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/44.jpg)
@ ABB Group February 9, 2014 | slide 53
Cyber Security Solutions Spotlight ABB Security Workplace
![Page 45: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/45.jpg)
@ ABB Group February 9, 2014 | slide 54
ABB Power Generation Cyber Security Introducing Security Workplace
Real-time Security Event Monitoring & Correlation Compliance Automation for NERC CIP Configuration Change Management Host Intrusion Prevention via Application Whitelisting Defense-in-Depth Security Automated Anti-virus/malware deployment Patch Deployment Backup and Restoration Automation Disaster Recovery
ABB can help you achieve NERC-CIP compliance with Security Workplace!
![Page 46: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/46.jpg)
@ ABB Group February 9, 2014 | slide 55
ABB Power Generation Cyber Security Introducing Security Workplace
Scalable Solution can incorporate : Patching Tool Anti-Virus update server BackUp & Restore application 3rd Party Advance Solutions (e.g.
Industrial Defender’s Automation System Management suite
Integrated with ServiceGrid program Offers consolidated terminal and
view for managing Industrial Control System Cyber Security and Compliance
![Page 47: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/47.jpg)
@ ABB Group February 9, 2014 | slide 56
ABB Power Generation Cyber Security Operating Systems Patch Tool
Works directly with monthly ServiceGrid patch DVD
Scans System nodes to determine current patch status
Reports a on per machine basis what may be missing or improrperly installed
Detail drill down for specific patch and knowledge bank information
Creates installation package for approved patches and pushes this to the endpoint
Automated install can be initiated by at each workstation to allow supervision
![Page 48: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/48.jpg)
@ ABB Group February 9, 2014 | slide 57
ABB Power Generation Cyber Security Operating Systems Patch Tool
Works directly with monthly ServiceGrid patch DVD
Scans System nodes to determine current patch status
Reports a on per machine basis what may be missing or improperly installed
Detail drill down for specific patch and knowledge bank information
Creates installation package for approved patches and pushes this to the endpoint
Automated install can be initiated by at each workstation to allow supervision
![Page 49: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/49.jpg)
@ ABB Group February 9, 2014 | slide 58
ABB Power Generation Cyber Security Operating Systems Patch Tool
Works directly with monthly ServiceGrid patch DVD
Scans System nodes to determine current patch status
Reports a on per machine basis what may be missing or improperly installed
Detail drill down for specific patch and knowledge bank information
Creates installation package for approved patches and pushes this to the endpoint
Automated install can be initiated by at each workstation to allow supervision
![Page 50: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/50.jpg)
@ ABB Group February 9, 2014 | slide 59
ABB Power Generation Cyber Security Operating Systems Patch Tool
Works directly with monthly ServiceGrid patch DVD
Scans System nodes to determine current patch status
Reports a on per machine basis what may be missing or improperly installed
Detail drill down for specific patch and knowledge bank information
Creates installation package for approved patches and pushes this to the endpoint
Automated install can be initiated by at each workstation to allow supervision
![Page 51: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/51.jpg)
@ ABB Group February 9, 2014 | slide 60
ABB Power Generation Cyber Security Operating Systems Patch Tool
Works directly with monthly ServiceGrid patch DVD
Scans System nodes to determine current patch status
Reports a on per machine basis what may be missing or improperly installed
Detail drill down for specific patch and knowledge bank information
Creates installation package for approved patches and pushes this to the endpoint
Automated install can be initiated by at each workstation to allow supervision
![Page 52: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/52.jpg)
@ ABB Group February 9, 2014 | slide 61
ABB Power Generation Cyber Security Operating Systems Patch Tool
Works directly with monthly ServiceGrid patch DVD
Scans System nodes to determine current patch status
Reports a on per machine basis what may be missing or improperly installed
Detail drill down for specific patch and knowledge bank information
Creates installation package for approved patches and pushes this to the endpoint
Automated install can be initiated by at each workstation to allow supervision
![Page 53: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/53.jpg)
@ ABB Group February 9, 2014 | slide 62
ABB Power Generation Cyber Security Operating Systems Patch Tool
Works directly with monthly ServiceGrid patch DVD
Scans System nodes to determine current patch status
Reports a on per machine basis what may be missing or improrperly installed
Detail drill down for specific patch and knowledge bank information
Creates installation package for approved patches and pushes this to the endpoint
Automated install can be initiated by at each workstation to allow supervision
![Page 54: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/54.jpg)
@ ABB Group February 9, 2014 | slide 63
ABB Power Generation Cyber Security Anti Virus Management
Based on McAfee ePolicy
Orchestrator ePO Provides reporting on node AV
status Automate distribution of DAT files Build schedules and rules for AV
operation
![Page 55: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/55.jpg)
@ ABB Group February 9, 2014 | slide 64
ABB Power Generation Cyber Security Disaster Recovery Application
Based on Acronis application software
Disking Imagining technology for rapid recovery
Allows “bare metal” restore and compensates for hardware variation
Runs in background and can be scheduled
![Page 56: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/56.jpg)
@ ABB Group February 9, 2014 | slide 65
ABB Power Generation Cyber Security Security Event Management
Based on Industrial Defender’s
Automation System Appliance ASA Provides security event
management and reporting Integrates into the Automation
System Manager platform.
![Page 57: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/57.jpg)
@ ABB Group February 9, 2014 | slide 66
ABB Power Generation Cyber Security Compliance Reporting
Based on Industrial Defender’s Automation System Management solution
Provides comprehensive system reporting
Automates the collection of required control system data
Includes NERC-CIP standards templates to quickly demonstrate compliance
![Page 58: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/58.jpg)
@ ABB Group February 9, 2014 | slide 67
Cyber Security NERC-CIP Update
![Page 59: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/59.jpg)
@ ABB Group February 9, 2014 | slide 68
NERC – CIP Update What Version of NERC CIP?
Version 4 of the CIP Standards Current Plan:
Version 4 does NOT go into effect CIP-002-4 through CIP-009-4 do not become effective.
Version 3 to remain in effect until Version 5 CIP-002-3 through CIP-009-3 remain in effect and are not retired
until the effective date of the Version 5 CIP Cyber Security Standards under this implementation plan.
Version 5 of the CIP Standards of the Cyber Security Standards is currently posted on the NERC website.
![Page 60: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/60.jpg)
@ ABB Group February 9, 2014 | slide 70
NERC-CIP Revision 4 – Bright Line replaces ambiguous approach
Transmission lines operating at greater than 300-500 KV, depending on their connectivity,
Reactive power assets larger than 1000 MVAR,
Generation sites larger than 1500 MW in a single interconnection,
Certain assets essential to Blackstart capabilities,
Assets able to automatically shed load of 300MW or more, and
A number of types of Control Centers.
NERC – CIP Update NERC CIP NEW for Version 4 & 5
![Page 61: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/61.jpg)
@ ABB Group February 9, 2014 | slide 71
NERC – CIP Update New “Levels of Impact” to Bulk Electric System for V5
High Impact Large Control Centers
CIP-003 through 009+
Medium Impact Generation and Transmission
Other Control Centers
Similar to CIP-003 to 009 v4
All other BES Cyber Systems Security Policy
Security Awareness
Incident Response
Boundary Protection
![Page 62: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/62.jpg)
@ ABB Group February 9, 2014 | slide 73
Conclusions
![Page 63: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/63.jpg)
@ ABB Group February 9, 2014 | slide 74
Conclusions
Cyber security for critical infrastructures must become a high priority item for all involved stakeholders
Modern control systems bring new challenges in the form of increased connectivity and protection privacy of end user data
Effective cyber security solutions require a joint effort by vendors, integrators, operating system providers, end users and governments
Effective cyber security will require solutions that cover both legacy and new installations
Security is about risk management - perfect security is neither existent nor economically feasible
![Page 64: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/64.jpg)
@ ABB Group February 9, 2014 | slide 75
Contact information Questions, Comments, etc.
[email protected] www.abb.com/cybersecurity
![Page 65: @ ABB Group February 9, 2014 | slide 1 · February 9, 2014 | slide 23 . Verification at FAT and SAT. Project Lifecycle – Engineering / Commissioning Cyber Security Basic Best Practices](https://reader033.vdocuments.mx/reader033/viewer/2022043010/5f9f8d893419263b920eb9ef/html5/thumbnails/65.jpg)
@ ABB Group February 9, 2014 | slide 76