TLP: IT-Security Community XChange, St. Pölten 9. November 2012 ICS-Security für KMUs Zukünftige Anforderungen für sichere industrielle Automatisierung in Österreich Ing. DI(FH) Herbert Dirnberger, MA, CISM Leiter der Arbeitsgruppe Sicherheit der industriellen Automation/SCADA CYBER SECURITY AUSTRIA Verein zur Förderung der Sicherheit Österreichs strategischer Infrastruktur Copyright 20112 Cyber Security Austria Diese Arbeit wird unter den Bedingungen der Creative Commons Lizenz (CC BY-NC-ND) veröffentlicht. siehe http://creativecommons.org/licenses/by-nc-nd/3.0/at/
Einleitung Industrielle Automatisierung Sicherheit 50.000 KMUs 50.000 KMUs
AGENDA Automatisierung Konvergenz Sicherheit Maßnahmen (KMUs, EU, Österreich) Cyber Security Austria
Industrielle Automatisierung
Automatisierung Fertigung Prozesse Gebäude http://www.youtube.com/watch? v=kpvr2mvzjws&feature=plcp Bikinger, Raffinerie Schwechat, CC-Lizenz (BY 2.0) teakettle, u1, CC-Lizenz (BY 2.0) kritische Infrastruktur http://www.youtube.com/watch? v=yfbbvzyah_e Qualität Produktivität Paul-Gerhard Koch, Kaprun Bikinger, CC-Lizenz (BY 2.0) http://creativecommons.org/licenses/by/2.0/de/deed.de Alle Bilder stammen aus der kostenlosen Bilddatenbank www.piqs.de
Fachbegriffe der Automatisierung Quelle: Wikipedia Quelle: Wikipedia ICS Industrial Control Systems PLC/SPS SCADA/DCS HMI Quelle: Wikipedia Quelle: Wikipedia Quelle:http://produktion.de
Automatisierung in 2 min HMI BedienerInnen Steuerung Bussystem Sensor Aktor Physikalischer Prozess
Konvergenz
Konvergenz IT und AT Quelle: www.automotiveit.eu COTS IT Standards offene Systeme Cloud remote Quelle: Wikipedia Quelle: Wikipedia Cyber Physical Systems wireless mobil Netzwerke BYOD Quelle: Wikipedia Quelle: Wikipedia Gebäudeleittechnik as a Service
Folgen der Konvergenz Die Zeit der getrennten Systeme ist vorbei Übergangsphase T. Brandstetter Know How- und Fachkräftemangel Security und Safety
Sicherheit
protect the Quelle: Wikipedia machine network IT Shanxi Datong University South China University of Technology Guangdong Jidian Polytechnic Datong, China Guangzhou, China Guangzhou, China 13994390237@139.com *Corresponding Author hehua_yan@126.com Abstract Cyber-Physical Systems (CPSs) are characterized by integrating computation and physical processes. The theories and applications of CPSs face the enormous challenges. The aim of this work is to provide a better understanding of this emerging multi-disciplinary methodology. First, the features of CPSs are described, and the research progresses are summarized from different perspectives such as energy control, secure control, transmission and management, control technique, system resource allocation, and model-based software design. Then three classic applications are given to show that the prospects of CPSs are engaging. Finally, the research challenges and some suggestions for future work are in brief outlined. Keywords cyber-physical systems (CPSs); communications; computation; control I. INTRODUCTION Cyber-Physical Systems (CPSs) integrate the dynamics of the physical processes with those of the software and communication, providing abstractions and modeling, design, and analysis techniques for the integrated whole[1]. The dynamics among computers, networking, and physical systems interact in ways that require fundamentally new design technologies. The technology depends on the multi-disciplines such as embedded systems, computers, communications, etc. and the software is embedded in devices whose principle mission is not computation alone, e.g. cars, medical devices, information (game) Sicherheitsparadigma Complex at multiple temporal and spatial scales. In CPSs, the different component has probably inequable scientific instruments, Quelle: andintelligent www.imdb.de transportation systems [2]. Quelle: http://www.cps-cn.org/conference/cps_survey.pdf Now the project for CPSs engages the related researchers very much. Since 2006, the National Science Foundation (NSF) has awarded large amounts of funds to a research project for CPSs. Many universities and institutes (e.g. UCB, Vanderbilt, Memphis, Michigan, Notre Dame, Maryland, and General Motors Research and Development Center, etc.) join this research project [3, 4]. Besides these, the researchers from other countries have started to be aware of significance for CPSs research. In [5-7], the researchers are interested in this domain, including theoretical foundations, design and implementation, real-world applications, as well as education. As a whole, although the researchers have made some progress in modeling, control of energy and security, approach of software design, etc. the CPSs are just in an embryonic stage. The rest of this paper is outlined as follows. Section II introduces the features of CPSs. From different perspectives, the research processes are summarized in Section III. Section IV gives some classic applications. Section V outlines the research challenges and some suggestions for future work and Section VI concludes this paper. II. FEATURES OF CPSS Goals of CPSs research program are to deeply integrate physical and cyber design. The diagrammatic layout for CPSs is shown in Figure 1. Obviously, CPSs are different from desktop computing, traditional embedded/real-time systems, today s wireless sensor network (WSN), etc. and they have some defining characteristics as follows [7-10]. Closely integrated. CPSs are the integrations of computation and physical processes. Cyber capability in every physical component and resource-constrained. The software is embedded in every embedded system or physical component, and the system resources such as computing, network bandwidth, etc. are usually limited. human SAFETY Networked at multiple and extreme scales. CPSs, the networks of which include wired/wireless network, WLAN, Bluetooth, GSM, etc. are distributed systems. Moreover, the system scales and device categories appear to be highly varied. Figure 1. Diagrammatic layout for CPSs process/system SECURTIY
Security und Safety Sicherheit IT Security Information Security Cyber Security Cyber war Network Security Embedded Security ICS Security SCADA Security Industrial IT Security Physical Security Safety Prozess Sicherheit Security Risiko Mgt BCM
Security by obscurity Insellösungen Silodenken unkoordiniert unnötig komplex und abhängig angewandtes Home Office ka2706, Stooop!!, CC-Lizenz (BY 2.0) Sicherheit ist zu teuer http://creativecommons.org/licenses/by/2.0/de/deed.de Bild stammt aus der kostenlosen Bilddatenbank www.piqs.de
Gefahren und Risiken Gefahren Technische Defekte Organisatorische Mängel Höhere Gewalt Menschliche Fehler Insider Attacken Wirtschaftsspionage Cyber Attacken Risiken Qualitätsminderung Produktionsausfall Kollateralschäden Überlastung von Personal Rechtsstreitigkeiten Reputationsverlust Know How Verlust, Leaks Erpressung
Innovative Angriffsvektoren Open Source Intelligence & SCADA Passive information gathering meta... Tools Botnet as a Service People Organization Infrastructure Timothy Krause, Security guard, CC-Lizenz (BY 2.0) http://creativecommons.org/licenses/by/2.0/de/deed.de Bild stammt aus der kostenlosen Bilddatenbank www.piqs.de Herbert Dirnberger, Auszug aus Screenshot der Webseite http://www.shodanhq.com
Verantwortung
Verantwortung Hersteller Aus- und Weiterbildung Normen Standards Gesetzgeber Integratoren Distributoren Betreiber Endkunde
Maßnahmen
10 ICS-Security Maßnahmen für KMUs (1) Sensibilisierung und Bewusstsein schaffen, Management einbinden (2) Verantwortung definieren (3) Budget und Ressourcen bereitstellen (4) Zugangskontrollen und -schutz installieren (5) Backup erstellen und Recovery prüfen
10 ICS-Security Maßnahmen für KMUs (6) Dokumentation laufend überarbeiten (7) Segmentierung durchführen (8) Anti Malwareschutz einsetzen (9) Komplexität reduzieren (10)Integration von ICS-Security im Managementsystem durchführen http://www.automation-security.de Ausgabe 4/2012, verfügbar ab 13.11.2012
ENISA Europaweite ICS Strategie Good Practice Guide ICS Security plan templates Stärkung von Bewusstsein und Training Common test bed ICS Security cert. Framework http://www.enisa.europa.eu/
Notwendige Maßnahmen (national + EU) Stärkung von Aus- und Weiterbildung Schaffung einer eindeutigen Terminologie Bildung von Standards, Gesetzen, Normen, Richtlinien, Zertifizierungen,... Berücksichtigung des Internationalen Rahmens - ISA 99, ISO 27000,...
Aktivitäten der Cyber Security Austria
Arbeitsgruppe SCADA Industrial Automation Sensibilisieren und Bewusstsein schaffen Management, Führungskräfte, Mitarbeiter,... Mitarbeit bei Standards, Gesetzen, Normen, Richtlinien, Zertifizierungen,... Entwicklung von Design Pattern Stärkung Aus-, Weiterbildung und Lehre Bildung einer eindeutigen Terminologie
Ing. DI(FH) Herbert Dirnberger, MA, CISM herbert.dirnberger@cybersecurityaustria.at www.cybersecurityaustria.at DANKE speziell auch an die Kollegen Joe, Florian, David, Rüdiger, Franz, Herbert und Paul