Emerson Confidential

Lessons Learned: Applying Security to new and existing Ovation systems.

2010 SCADA and Control Systems Security Summit

3-30-2010

Emerson Confidential

$20.9 Billion in sales (2009)

NYSE: EMR Diversified global

manufacturer

and technology provider

Approximately 141,000

employees worldwide

Headquarters in

St. Louis, Mo.

EmersonCompany At-A-Glance

Manufacturing and/or sales presence in more than 150 countries

255 manufacturing locations, 165 outside the U.S.

No. 94 on 2009 FORTUNE 500 list of America’s largest corporations

Founded in 1890

Emerson Confidential

Emerson Installations Exceed 375,000 MW in North America

Duke Energy 91 systems

FPL 42 systems

TVA 40 systems

Constellation 30 systems

SCE 10 systems

Ameren 14 systemsCalpine 19 systems XCEL Energy 23 systemsAES 25 systems

Southern Company 40 systems

AEP 38 systems

WE Energies 20 systems

Dynegy 27 systems

PacifiCorp 20 systems

Sierra Pacific /Nevada 12 systems

Progress 19 systems

Allegheny Energy 19 systems

And Many More!

20 new US coal plants since 2006

Sandow

Iatan

Plum PointElm RoadUnits 1 & 2

Trimble County

Spruce

Comanche

Nebraska City

Dallman Unit 4

WhelanUnit 2

Southwest Unit 2

Turk

Dry Fork

Virginia City 1 & 2

Cliffside Unit 6

SandyCreek

Prairie State Units 1 & 2

Emerson Confidential

Emerson’s Security Solutions

Products

– Domain Controller/Security Builder

– Router/firewall

– Database backup & restore

– Alarm analysis tool

– Ovation Security Center

Services

– Patch validations

– Security assessment

– SureService Guardian

– SureService OSC Support

– Training

– Evergreen Upgrades

Emerson Confidential

PCI vs. NERC-CIP -More similarities than differences

Emerson Confidential

OSC and CIP-005

Emerson Confidential

OSC and CIP-007

Emerson Confidential

Ovation Security Center Vulnerability Scan & Patch

Management (VSPM)

Malware Prevention (MP)

Security Incident & Event Management (SIEM)

Router for Ovation connections

Sized for Growth!

Ovation

DCS 8

Ovation

DCS 1

VSPM

MPID

SIEM

Ovation Security

Center

Management

Console

Ovation Security

Center

Core Switch

Ovation

DCS 16

Ovation

DCS 1

Core Switch

VSPM

MPID

SIEM

Plant LAN

Firewall

Management

Console

Emerson Confidential

Vulnerability Scan & Patch Management

Agent-less asset discovery

Non-disruptive scanning

Rapid, accurate

vulnerability assessments

Agent-based patch/update

inventory and deployment

Patches validated by

Emerson for Ovation

Air gap solution

Scheduled or on-demand

asset and patch reports

Emerson Confidential

Available Standard Reports Compliance: Network-based

Executive Summary

Frequency Summary Classic

Frequency Count Detail

Job Configuration

Job Summary

Local Services

Long Term trending

Network Inventory

Ports and Banners

Scan Summary

Short term Trending

Simple Listing

Top 20

Vulnerability Detail

Vulnerability Set Configuration

Vulnerability View

Agent Configuration

Agent Inventory

Agent Patch Status

Agent-based Vulnerability

Compliance: Agent-based

Compliance: Composite Assessment

Compliance Inventory

Deployment History

Deployment Status

Job Remediation

Emerson Confidential

Malware Prevention

Protection against malicious attacks

– Viruses, spyware, root kits, Trojan horse, buffer-overflow, etc.

White-listing allowed applications

“Trusted Change” for adding and updating applications

Kernel-level enforcement and tamper-resistance

Improving productivity and overall system performance over lifetime of support EICAR & STINGER EXECUTION BLOCKED

Emerson Confidential

Security Incident & Event Management

Combine events from multiple data sources

Normalize into a standardized format

Correlate events in real time to determine security incident

Advanced analysis and reporting: automated and customized

Advanced forensics with terabytes of log storage

Logs retained for 90+ days

Emerson Confidential

Immediate Benefits

Increasing reliability without introducing vulnerability

Minimum configuration

Online installation without plant outage

Reducing human involvement

Data mining and reporting in OSC

Accessible at the enterprise level

Emerson Confidential

Integration Challenges

Configuration Management + Patching = Difficult!

Integrating multiple Malware Prevention products on one endpoint (Blacklist + Whitelist)

Steep learning curve for plant personnel

Customizing reports – not a one size fits all approach

Emerson Confidential

Future Work

Add Intrusion Detection and/or Passive Vulnerability Sniffing at Network Layer, not just HIDS/HIPS – Should understand SCADA Protocols

Ovation Application and OS Hardening –

– 3rd Party Certification(s) (CIS, INL)

Emerson Confidential

Questions?