© cyber security consulting 2318 monkton rd. monkton md 21111 usa 410.472.1588 proprietary &...

© Cyber SECurity Consulting www.cybersecconsulting.com

2318 Monkton Rd.Monkton MD 21111

USA 410.472.1588

Proprietary & Confidential

Automation and SecurityAutomation and SecurityConsulting Services forConsulting Services for

Industrial Process AutomationIndustrial Process Automation

www.industryconsulting.org



USA 410.472.1588


Mission StatementMission Statement

Cyber SECurity Consulting provides our provides our customers with information, support, customers with information, support, training, engineering and consulting training, engineering and consulting

services to enable them to create and services to enable them to create and maintain a safe and secure business maintain a safe and secure business

operating environmentoperating environment




USA 410.472.1588


Industries ServedIndustries Served

• Refining and Petro-ChemicalRefining and Petro-Chemical

• Electric Power T&DElectric Power T&D

• Electric Power GenerationElectric Power Generation

• Water/Waste-WaterWater/Waste-Water

• Chemical ProductionChemical Production

• Discrete ManufacturingDiscrete Manufacturing




USA 410.472.1588


Cyber SECcurity Consulting has on-staff senior consultants with expertise in the following industries:

• Electrical power generation, transmission and distribution

• Electrical substation automation

• Water and Waste-Water processing

• Oil and gas pipelines, distribution terminals and storage facilities

• Refining and petrochemical plants

• Specialty and intermediate chemical plants

• Regulated industries such as pharmaceutical, food/beverage

• General high-volume manufacturing

Our Consultant ExperienceOur Consultant Experience




USA 410.472.1588


Our Consultant ExperienceOur Consultant Experience

Our consulting staff includes personnel with:

• Advanced technical and Engineering degrees including PhD• CISSP – Certified Information System Security Professional• Business process analysis and re-engineering • Over 25 years of experience deploying an designing

Supervisory Control (SCADA) Systems Distributed Control (DCS) Systems PLC-based Automation Systems Substation Integration/Automation Systems

• Plant automation experience in a wide range of industries • Extensive Customer Training/Educational Experience• Knowledge of the current Cyber Security technologies• Familiarity with Government/Industry efforts in the area of

automation system/plant security (NERC, ISA, DHS, etc…)




USA 410.472.1588


Service OfferingsService Offerings

Training Services:Training Services:

• Technology Training ClassesTechnology Training Classes- Introduction to DCS and PLC Technology- Introduction to DCS and PLC Technology- Introduction to SCADA TechnologyIntroduction to SCADA Technology- Basic Process Measurement & ControlBasic Process Measurement & Control- Communications & NetworkingCommunications & Networking

• Security Training ClassesSecurity Training Classes - Introduction to Security Concepts- Introduction to Security Concepts- NERC CIP-002 to 009 - NERC CIP-002 to 009 - Understanding ISA SP99 Recommendations- Understanding ISA SP99 Recommendations

- Cyber Security & Cyber Threats- Cyber Security & Cyber Threats- Industrial Automation Security- Industrial Automation Security- Vulnerability and Risk Assessment- Vulnerability and Risk Assessment

Consulting Services:Consulting Services:• Vulnerability Assessments/Gap AnalysisVulnerability Assessments/Gap Analysis• Risk Assessments/CountermeasuresRisk Assessments/Countermeasures• Policy and Procedure DevelopmentPolicy and Procedure Development• Security Program ManagementSecurity Program Management• Disaster Recovery PlanningDisaster Recovery Planning• Compliance with NERC Requirements Compliance with NERC Requirements




USA 410.472.1588


Service OfferingsService Offerings

NERC-Specific Services:NERC-Specific Services:

• Management Briefing on CIP-001/009Management Briefing on CIP-001/009• Identification of Critical Cyber AssetsIdentification of Critical Cyber Assets• Physical and Electronic Perimeter DefinitionsPhysical and Electronic Perimeter Definitions• Vulnerability AssessmentsVulnerability Assessments• Risk and Gap AnalysisRisk and Gap Analysis• Development of Implementation PlansDevelopment of Implementation Plans• Employee TrainingEmployee Training• Policy and Procedure DevelopmentPolicy and Procedure Development• Disaster Recovery PlanningDisaster Recovery Planning• Program Auditing and Incident ReportingProgram Auditing and Incident Reporting




USA 410.472.1588


NERC Compliance ProcessNERC Compliance Process

NERC CIP Vulnerability Assessment ProcessNERC CIP Vulnerability Assessment Process

Identify and Identify and document Critical document Critical

Cyber AssetsCyber Assets

Identify and Identify and document Critical document Critical Cyber Information Cyber Information

Identify and Identify and document Physical document Physical Security Perimeter Security Perimeter

Identify and Identify and document document

communication and communication and network connections network connections

Identify and Identify and document all document all

personnel who have personnel who have access rights access rights

Identify and review Identify and review all existing cyber all existing cyber

security policies and security policies and proceduresprocedures

Information gathering phaseInformation gathering phase

PhysicalPhysicalAuditAudit

PhysicalPhysicalAuditAudit

PhysicalPhysicalInspectionInspection

PhysicalPhysicalInspectionInspection

BackgroundBackgroundcheckschecks

NERCNERCchecklistchecklist

Review findings Review findings versus NERC versus NERC requirements requirements

Develop action plan Develop action plan for addressing all for addressing all

short-comingsshort-comings

Non-Non-compliance compliance

levelslevels

Action plan formulation phaseAction plan formulation phaseKey methodology/standardKey methodology/standard

NERCNERC12001200




USA 410.472.1588



NERC CIP Compliance Attainment ProcessNERC CIP Compliance Attainment ProcessDevelop and Develop and

document document necessary policies necessary policies

and proceduresand procedures

Select methods for Select methods for creating electronic creating electronic security perimeter security perimeter

Implement and Implement and test the electronic test the electronic

perimeter perimeter

Select methods for Select methods for creating the physical creating the physical security perimeter security perimeter

Implement and test Implement and test the physical security the physical security

perimeter perimeter

Provide security Provide security training to all training to all

employees as neededemployees as needed

Plan implementation phasePlan implementation phase

Iterative Iterative reviewsreviews

Technology Technology surveysurvey

PEN PEN testingtesting

Technology Technology surveysurvey

Social Social engineering engineering

testingtesting

Awareness Awareness campaigncampaign

Test and validate Test and validate Systems Systems

Management and Management and recovery procedures recovery procedures

Test and validate Test and validate system/component system/component test/commissioningtest/commissioning

proceduresprocedures

Disaster Disaster Simulation Simulation

& audits& audits

Key methodology/standardKey methodology/standard

Structured Structured auditaudit




USA 410.472.1588



NERC CIP Compliance - OngoingNERC CIP Compliance - Ongoing

• You must maintain audit logs for a wide range of items, actions & changesYou must maintain audit logs for a wide range of items, actions & changes

• You must review your policies/procedures on a regular (annual) basisYou must review your policies/procedures on a regular (annual) basis

• You must test your procedures, especially disaster recovery, regularlyYou must test your procedures, especially disaster recovery, regularly

• You must maintain training and awareness programsYou must maintain training and awareness programs

• You must regularly re-certify/test your physical & electronic perimetersYou must regularly re-certify/test your physical & electronic perimeters

• You MUST INSURE that policies and procedures are being followed !!!You MUST INSURE that policies and procedures are being followed !!! (If not, then find out why and change them if you need to do so…)(If not, then find out why and change them if you need to do so…)




USA 410.472.1588


Security Program ManagementSecurity Program ManagementM

atu

rity

Time

1. Develop a Business Case

2. Obtain Leadership Commitment, Support,

and Funding

3. Define the Charter and Scope of IACS Security for Your

Organization

4. Form a Team of Stakeholders

6. Characterize the Key IACS

Risks

7. Prioritize and Calibrate Risks

8. Establish High-Level Policies that Support the Risk Tolerance

Level

10. Inventory IACS Devices and Networks

9. Organize for Security

11. Screening and Prioritization of IACS

13. Develop Detailed IACS Cyber Security

Policies and Procedures

14. Define the Common Set of IACS

Security Risk Mitigation Controls

15. Develop Additional Elements of the CSMS

Plan

16. Quick Fix

18. Establish, Refine and Implement the

CSMS

12. Conduct a Detailed Security Assessment

17. Charter, Design, and Execute Cyber

Security Risk Mitigation Projects

19. Adopt Continuous Improvement

Operational Measures

5. Raise Staff Cyber Security Capability through Training

Plan Phase

Do Phase

Check Phase

Act Phase

Activity MUST be completed before proceeding to next activity

Activity DOES NOT need to be completed before proceeding to next activity

Legend

Cyber SEC suggests following the recommended 19-step program delineated in the ISA’s TR-99.002 Technical report as the basis for moving forward with the initial creation of,

and long-term support for, an industrial automation security program. This program approach addresses physical,

operational [personnel] and cyber [electronic] security and provides the basis for an on-going cycle of review and

improvement.




USA 410.472.1588


Vulnerability AssessmentVulnerability Assessment

Cyber SEC uses a modified version of the DuPont DNSAM vulnerability assessment methodology. The major difference being the consideration of a range of technical, physical and administrative countermeasures when addressing probable threats.

Assessment takes the entire range of interconnected LAN and WAN ‘segments’ and identifies critical systems and assets located on each and then identifies the available connectivity onto, and accessibility of, each segment.

The critical systems could be controllers, HMIs, supervisory computers, historians, servers, ESD systems, batch managers, etc. Assets can be information, files, software, database, etc.

Segments are formed by the presence of an ‘isolation’ appliance (a firewall) that controls

traffic between the two adjacent segments

Segment connectivity could be via gateways, WAN

connections, telephone dial in/out, wireless access points,

and even through portable media or computer equipment




USA 410.472.1588


Risk AssessmentRisk Assessment

Cyber SEC uses a qualitative risk assessment methodology that assigns every threat a probability and consequence rating. A three or four level scale is used for each of the two categories. Consequences are ranked based on a range of impacts including health, safety, environmental, business, facilities and regulatory impacts.

The end result of the assessment will be a Pareto chart of vulnerabilities ranked on an A through D classification, where the priority order of the countermeasure implementation will be in that same order. Countermeasures will be recommended based on their comparative cost-performance ratio

A consequence table will be developed that reflects your business risk-tolerance and

safety requirements level and used to rank threats




USA 410.472.1588


Assessment ToolsAssessment Tools

Provides: 1. A centralized document for enumerating the

identified critical cyber assets 2. Documentation of the physical security

perimeter3. Documentation of the electronic security

perimeter4. Segment-by-segment delineation of the critical

cyber assets on each LAN and WAN (sub) network that forms the critical cyber infrastructure

5. Risk/Consequence analysis for each segment6. Documentation of the information cyber assets7. Documentation of the existing/missing policies

NERC CIP 001/009Vulnerability Assessment

Workbook




USA 410.472.1588


Assessment ToolsAssessment Tools

Provides: 1. A way to document and record the vulnerabilities and threats deemed worth of

consideration and for which countermeasures need to be put into place

2. A financial assessment of consequences with a corresponding financial budget estimate for countermeasures, based on company risk-aversion levels

3. An budget estimate for the investment level justified by the exposure reduction generated by countermeasures

Countermeasure Business Case

Justification Development Workbook




USA 410.472.1588


Gap AnalysisGap Analysis

Cyber SEC teams with Neurametrics to perform gap analysis and to gather information that is used to assess current policies and procedures and

training programs. Their web based tools enable convenient, automated data collection across the entire organization, regardless of facility locations

Consolidated ‘layers’ view gives a quick assessment

of each area of consideration

Views can be generated by

location, department, group

and topic

This version is configured to perform a NERC gap analysis based on CIPs 001 to 009www.industryconsulting.org



USA 410.472.1588


Gap AnalysisGap Analysis

This version is configured to assess process/manufacturing plant security per TR-99.001 & 002www.industryconsulting.org



USA 410.472.1588


Educational MaterialsEducational Materials

Chapter Outline: 1. The Technological Evolution of SCADA Systems2. Remote Terminal Units3. Telecommunications Technologies4. Supervisory Control Applications5. Operator Interface6. Conventional Information Technology (IT) Security7. Identifying Cyber security Vulnerabilities8. Classifying Cyber Attacks and Cyber Threats9. Physical Security10. Operational Security11. Electronic/Systems Security12. Electric Utility Industry - Specific Cyber security Issues13. Water/Wastewater Industry - Specific Cyber Security Issues14. Pipeline Industry - Specific Cyber Security Issues15. The Emerging Cyber Threat to SCADA Systems16. Commercial Hardware and Software Vulnerabilities17. Traditional Security Features of SCADA Systems18. Eliminating the Vulnerabilities of SCADA Systems

Technical Book on SCADA System Cyber Security

Issues and Approaches

Available from PennWell Publishing




USA 410.472.1588


Educational MaterialsEducational Materials

Available Topics:

1. Introduction to DCS Technology2. Introduction to PLC Technology3. Introduction to SCADA Technology4. Communications & Networking5. Introduction to Security Concepts6. Cyber Security & Cyber Threats7. Industrial Automation Security and SP998. Vulnerability and Risk Assessment

Self-Paced Courses on DVD

In addition to on-site customer training classes,

Cyber SECurity Consulting offers several

courses on DVD




USA 410.472.1588


Thank You For Your Time !Thank You For Your Time !

Questions ?Questions ?


Automation and SecurityAutomation and SecurityConsulting Services forConsulting Services for

Industrial Process AutomationIndustrial Process Automation

© cyber security consulting 2318 monkton rd. monkton md 21111 usa 410.472.1588 proprietary &...

Documents