Cyber Security: Differences between Industrial Control Systems and ICT Approach
4 likes3,913 views
This document discusses the differences between industrial control systems (ICS) and information technology (IT) in terms of cyber security. ICS are used in industrial production to control systems like SCADA and DCS, while IT refers to general business computing. Key differences are that ICS have stricter availability requirements, longer lifecycles, proprietary protocols and specialized software. The document also notes that modern ICS now leverage more off-the-shelf IT components and standards, making them more interconnected and vulnerable to cyber threats like hacking. Finally, it presents ABB's approach to ICS cyber security which includes assessment, first aid services, monitoring with Industrial Defender, and lifelong maintenance through assessment and training.
Cyber Security: Differences between Industrial Control Systems and ICT Approach
- 1. Marco Biancardi, Power Systems Division, BU Power Generation, October 2013 Cyber Security Differences between Industrial Control Systems and ICT approach
- 2. Introduction Definitions Information Technology (IT)* is the application of computers and telecommunications equipment to store, retrieve, transmit and manipulate data, often in the context of a business or other enterprise. The term is commonly used as a synonym for computers and computer networks Industrial Control System (ICS)* is a general term that encompasses several types of control systems used in industrial production, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other smaller control system configurations such as programmable logic controllers (PLC) often found in the industrial sectors and critical infrastructures * Source: Wikipedia
- 3. Introduction Cyber security: a definition Measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack* *Source: Merriam-Webster’s dictionary
- 4. Introduction Why is it an issue? Isolated devices Point to point interfaces Proprietary networks Standard Ethernet/IPbased networks Interconnected systems Distributed systems Modern SCADA, automation, protection and control systems : leverage commercial off the shelf IT components (i.e. MS Windows, Internet Explorer) use standardized, IP based communication protocols are distributed and highly interconnected use mobile devices and storage media Modern control systems are specialized IT systems, with multiple vulnerabilities Hacking Employee Mistake Malicious software installed via USB port
- 5. Differences Office IT vs Utilities/Industry: …they are different! Corporate/Office IT Utilities/Industry Environment Offices and «mobile» «in the field» People/Equipment Ratio # of Equipment ~= # of people Few people, many equipment. Object under protection Information Industrial process: availability Risk Impact Information disclosure, $$$ Safety (life), Health, Environment, Information disclosure, loss of production, downtime, repairing costs, $$$ Availability requirements 3,65 days) System lifetime 3-5 years 15-30 years Security focus Central Servers (CPU, memory,…) and PC Server/PC + distributed systems, Sensors, PLC,… Operating systems Windows Windows + proprietary Software Consumer Software , normally used on PC Specific Protocols Well known (HTTP over TCP/IP ,…) / mainly web Industrial (TCP/IP, Vendor specific) / polling Procedure Well known (password,…) Specific Main actors IBM, SAP, Oracle, etc. ABB, Siemens, GE, Honeywell, Emerson, etc. 95%-99% (accept. downtime/year: 18,25 – 99,9%-99,999% (accept. downtime/year: 8,76 hrs – 5,25 minutes)
- 6. Introduction A definition in the context of power and automation technology *source MerriamWebster’s dictionary Measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack* translates into Measures taken to protect the reliability, integrity and availability of power and automation technologies against unauthorized access or attack
- 7. Threats Where are attack sources? Accidents / Mistakes Rogue insider Malware Thieves / Extortionists Enemies / Terrorists Likelihood Likelihood is unknown Consequences are potentially huge
- 8. Threats What if… What if this information gets disclosed What if someone opens a breaker What if it does not open when it should What if I cannot operate a device/PLC What if someone else can operate a device/PLC What if a transformer is overloaded due to a wrong temperature reading? What if a protection is not working properly? What if a not-authorized person can access supervision/control network? What if a not-authorized person can access DSO/TSO network? What if a blackout happen in cold winter?
- 10. Solutions How can you proceed? Keeping up-to-date Awareness Check Actual Status Assessment What if… Follow-up Dedicated solutions Continuous monitoring Cyber Security Cycle Operational Security 100% Security does not exist. Security: Is not a product but a process Risk Mitigation
- 11. Solutions ABB Service Approach Different service levels, based on project status 1. ASSESSMENT Site Inventory Risk Assesment 2. FIRST-AID SERVICE Design Review HW update & Hardening SW service Analysis Report Patch management Account management Antivirus management Backup&Restore management 3. INDUSTRIAL DEFENDER Manage Monitor hardware/software 4. ACROSS-LIFE Keeping up-to-date Training Recurrent Reports/ Coursewares
- 12. Why ABB Defense in depth Strong (Secure) ABB products + Industrial Defender Solutions Defense in depth