![Page 1: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/1.jpg)
Practical Operational Environment SecurityJ O E P E T E R S ON, P EWA R R E N L A P L A N T EA L L E T E/ MN P O W E R
![Page 2: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/2.jpg)
Topics• What is an Operational Environment?
• Basic Approach
• Considerations
• Cyber Security
• Physical Security
• Questions
• Resources
![Page 3: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/3.jpg)
Operational Environment• Control Centers
• Generation Plants
• Substations
• Industrial/Manufacturing Control Systems
• Building Automation Systems
![Page 4: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/4.jpg)
Different Technology Environments
I N F O R M ATI ON ( I T )
• Focus is Information
• Servers, Printers, Routers…
• Technology/Skillsets Align
• Devices/Software Last ~3-5 Years
• Devices are Complex/Adaptable
• Primarily Networked
• Cyber Security ~35 years
O P E R AT I ONA L (OT )
• Focus is Physical Interaction
• Relays, RTU, PLC, Meters…
• Technology/Skillsets Do Not Align
• Devices Last ~10-25 Years
• Devices are Simple/Rigid
• Can Be Air-Gapped/Isolated
• Cyber Security is a Growing Focus
![Page 5: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/5.jpg)
Basic Approach
•“Crown Jewels”•Perimeter
Defense Systems•Safety
What to Protect
•Impact/Damage•Applicable to
Your System
Determine Threat/Risk •Impact/Risk
•Compliance•Budget
Prioritize
•Plan 2-5 Years•Document Key
Characteristics
Plan Your Defenses •Address the
Threat•Modify if Needed
Implement
•Keep Current•Re-Evaluate
Adapt and Improve
![Page 6: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/6.jpg)
Collaboration• IT/OT
• Cyber Security
• Firewall
• Network
• Communications
• Physical Security
• Management
• Engineering
• Operations
• Field Personnel
• Safety
• Project Management
• Purchasing
• Compliance
![Page 7: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/7.jpg)
Considerations• Know Your Devices, System, and Environment!
• Risk -> Threat x Vulnerability x Potential Impact x Likeliness
• Layers of Defense – Prevent, Detect, Deter, Delay, Alert/Alarm
• Resiliency/Recovery
• Simplicity
• Compliance does not Equal Security
![Page 8: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/8.jpg)
Cyber Security – Why We Need to Care• Stuxnet
• Ukraine• Crash Override/Industroyer
• Energetic Bear/DragonFly• Havex/Backdoor.Oldrea
• Safety• Triton/Trisis
• Backdoor:W32/BlackEnergy
• WannaCry
• Eternal Blue
• Petya and NotPetya
• Conficker
![Page 9: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/9.jpg)
Cyber SecurityDevice Risks
• Firmware vs OS Devices
• Diversify Brands (as Needed)
• Serial vs Dial-Up vs Ethernet
• Communication Converters – Use Caution
• Virtualization – Use Caution
![Page 10: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/10.jpg)
Cyber SecurityRemote Access Risks
• Airgap
• Minimize Remote Access and Connected Devices
• Secure Local Gateway/Proxy Device
• Minimize Unencrypted Communications – Telnet, FTP, DNP, etc.
• Enable/Disable Network Port, Modem/etc.
![Page 11: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/11.jpg)
Cyber SecurityNetwork Architecture Risks
• WIFI – Proceed with Caution
• Separate Trust Levels• Physical/Hardware
• Logical/Virtual
• Encryption – SSL VPN/VPN Tunnel
![Page 12: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/12.jpg)
Cyber SecurityAlerts and Awareness
• RTU, PLCS, or Other Remote I/O• Inputs – Monitor Alerts/Alarms
• Outputs – Switch Power or Enables (Consider Consequences)
• Locks/Locking Racks
• Tamper Tape
![Page 13: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/13.jpg)
Cyber SecurityGeneral Good Practices
• Password Management
• Multi-Factor Authentication
• Security Patch Management
• Spares/Backups
• Change Management
• Use Logs
![Page 14: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/14.jpg)
Physical Security
Source: 101clipart.com
![Page 15: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/15.jpg)
Why We Need to Care
• Copper thefts
• Equipment thefts
• Property Damage
• Suspicious Activity
• Metcalf Substation
![Page 16: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/16.jpg)
Methodology • Traditional Security Engineering
• Crime Prevention Through
Environmental Design (CPTED)
Source: corpsrisk
![Page 17: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/17.jpg)
Traditional SecurityDETER
DETECTDELAY
RESPOND
ANALYISSource: montaukgirl.wordpress
Source: SpoterRF
Source: safezoneballistics
COMM
Source: shycom
Source: unknown
Source: Warren
![Page 18: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/18.jpg)
Traditional Security Engineering• What are you trying to protect
• What is the threat
• What are the vulnerabilities
• What is the risk (R=TxVxC)
• Prioritize and Develop Mitigation
Source: DHS
![Page 19: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/19.jpg)
Traditional Security Engineering Examples
Source: seton
Soucre: montaukgirl.wordpress
Source: tindallsecurity
Source: spsfence
Source: midstatelockandsafe
Source: libertyunyielding
Source: racomtel
Source: psxgroup
Source: lightloc
PhysicalSecurity Plan
Source: unknown
![Page 20: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/20.jpg)
Collaboration Examples (???)
Source: wallpaper4me.com
Source: Pinterest
Source: Pinterest
Source: CISSP Common Body of Knowledge Review PPT, V 5.10
Source: unknown
Source: Warren LaPlante
![Page 21: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/21.jpg)
CPTED• Is a considerations guide
• Natural lighting
• Open areas
• Natural avenues of travel
• Easy Up-keep
• Augmented with traditional
security concepts
Source: cityoftacoma.org
![Page 22: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/22.jpg)
CPTED Examples
Source: blog.conversion.comSource: powerinn.org
Source: Warren LaPlante
![Page 23: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/23.jpg)
Source: Easyplanettravel.com
![Page 25: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/25.jpg)
Resources - Cyber• Websites
• Wired
• Ars Technica
• Dark Reading
• NIST (Intro to Information Security, Guide to ICS Security, Framework)
• Info Security Magazine
• National Vulnerability Database
• Industrial Internet Consortium
![Page 26: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/26.jpg)
Resources - Cyber• Government
• E-ISAC• ICS CERT (ICS JWG, Recommended Practices, CSET, Training, Defense-In-Depth)• US CERT (C3 VP)• NERC (Alerts, Lessons Learned)
• NERC Regional Reliability Organizations (WECC, MRO, ReliabilityFirst, etc.)
• Conferences (YouTube has some videos)• Black Hat• DEF CON• DerbyCon• Bsides
![Page 27: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/27.jpg)
Resources - Cyber• Podcasts
• SANS StormCast
• GRC Security Now
• Defensive Security
• The CyberWire
• Recorded Future
• Training• SANS (Secure Architecture, CIS Critical Security Controls)
![Page 28: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/28.jpg)
Resources – Physical• Government
• E-ISAC
• NERC (Alerts, Lessons Learned)• NERC Regional Reliability Organizations (WECC, MRO, ReliabilityFirst, etc.)
• National Institute of Crime Prevention
• www.usacearmy.mil
• DHS
• FEMA
• Department of Defense (DoD, all branches)
![Page 29: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/29.jpg)
Resources - Physical• Private/Other
• www.asisonline (American Society for Industrial Security)
• www.CPTED.net
• www.cptedtraining.net
![Page 30: Practical Operational Environment SecurityBasic Approach •“Crown Jewels” •Perimeter Defense Systems •Safety. What to Protect •Impact/Damage •Applicable to Your System](https://reader036.vdocuments.site/reader036/viewer/2022071117/6002ea73160e1a2e163d3aa2/html5/thumbnails/30.jpg)
Practical Operational Environment SecurityJoe Peterson, Warren LaPlante, Minnesota Power
The operational world has evolved to an integrated network of intelligent devices that requires attention to physical and cybersecurity measures to operate effectively, safely, and reliably. Practical approaches and available resources will be discussed.