gettozero stealth industrial

DatePresenter Name, Title

Innovative Cyber-Security for the Industrial Sector

Unisys Stealth™ Protects Your

Critical Infrastructure from Cyber-Attack

© 2014 Unisys Corporation. All rights reserved. 2

Industrial Organizations are in the Cross-Hairs of Cyber-Attacks

Accelerating frequency Greater sophistication

When it comes to critical infrastructure, there can be no compromise.

You must maintain 100% reliabily, 24/7 operations.


Global government

mandates and

regulations

Risk assessments

show high levels of

vulnerability

Act now…

or it will cost

more later

Regulatory are Fueling the Need for Action



• Current defenses are vulnerable and reactive

• Legacy technologies must continually be patched and upgraded

• Modernization poses greater risks in the future

• IP theft is on the rise

Bigger fortresses and air-gaps are too weak and too costly.

Today’s Security Approach Is Not Good Enough

Industrial organizations need stronger protection.


• Protect critical industrial automation systems

• Secure data-in-motion across any network

• Prevent multiple threats with one solution

• Safeguard intellectual property

• Protect the enterprise, not just SCADA endpoints

There is a more secure and cost-effective wayto protect your data and systems.

Innovative Security Can Help You ‘Get to Zero’

Go invisible. Reduce your attack surface.

Incidents


You can’t hack what you can’t see…

Stealth is What Innovative Security Looks LikeWhat a Hacker Sees When Enabled

• Layered security for mission-critical protection

• Scalable and incrementally implemented – with no disruption

• Makes endpoints invisible, tightens access control, protects data-in-motion


Stealth is Truly Innovative Security Technology

COMMUNICATING SPLIT PORTIONS OF A DATA SET

ACROSS MULTIPLE DATA PATHS

WORKGROUP KEY WRAPPING FOR COMMUNITY OF INTEREST MEMBERSHIP

AUTHENTICATION

GATEWAY FOR SECURING DATA TO/FROM A PRIVATE NETWORK

SECURING AND PARTITIONING DATA-IN-MOTION USING A COMMUNITY-OF-INTEREST KEY

INTEGRATED MULTI-LEVEL SECURITY SYSTEM

SECURING MULTICAST DATA

PATENTS

World-class intellectual propertyUnisys Stealth is protected by more than 60 issued or pending U.S. patents and patent applications.


Crypto-Module

JFCOM JILTestbed IO Range

DIACAP – DoD Information Assurance Certification and Accreditation ProcessMAC – Mission Assurance Category (Level 1 is Highest) DISA – Defense Systems Information Agency EUCOM – European CommandSOCOM – Special Operations Command JFCOM – JOINT Forces Command JIL – Joint Intelligence Laboratory

CWID – Coalition Warrior Interoperability DemonstrationJUICE – Joint User Interoperability Communications Exercise CECOM – Communications Electronics Command (US Army)GTRI – Georgia Tech Research InstituteDJC2 – Deployable Joint Command and ControlNIST – National Institute of Standards and TechnologyNIAP – National Information Assurance Partnership

2005 2006 2007 2008 2009 2010 2011

CWID 08DISA

CWID 09

DISA

JUICE 09CECOM

Combined

Endeavour EUCOM

CWID 05USAF

CWID 10

SOCOM

GTRI DJC2 PMO

SPAWAR

Private LabSSVT Validation:

Failed to compromise

“Large

Integrator”Tests and fails

to break Stealth

IV&VNational Center for

Counter-terrorism and

Cybercrime SOCOM

Export LicenseDept of Commerce

FIPS 140-2

Certification

NIST

EAL4+

Certification

NIAP

Unisys Stealth

DIACAP MAC-1

CertificationCWID 10

Network Risk Assessment

CWID 05AF Comm Agency

DIACAP MAC-1

CertificationJFCOM

SOCOMR&D Prototype

2012

Emerald

Warrior ‘12

SIPRNet

IATT

2013

Independent

Test Client-hired

3rd party: Failed to

compromise

And again… Different client,

different tester:

Failed to

compromise

And again…

Commercial

& Pub Sector

Stealth Has Been Tested by the Best in the World

https://www.niap-ccevs.org/


MobileApps

SCADA

ICS

HMI

How Stealth Protects Industrial Controls

Cloaked Endpoints

256-bit Encryption

Communities of Interest

Reduce Your Attack SurfaceYou Can’t Hack

What You Can’t See


Sample Use Cases: Protect What Matters Most

Manufacturing

Guard ERP and

shop-floor integration

Chemical Processing

Improve safety,

prevent ICS damage

and IP theft

Oil and Gas Production

Keep pipelines,

well heads, IP, and remote

operations secure



Business Risk Challenges

• Good Enough

• Non-compliant

• Security profile varied

Business Cost Challenges

• Complex hardware deployment

• Financial impact of breach

• Private networks

Operational Challenges

• Afraid to change anything

• Management by location

• Integrating multiple solutions

Risk Convenience CostSecurity AgilityCost

Reduction

Stealth Security

• Reduces attack surface

• Facilitates compliance

• Contained compromise

Stealth Cost Reduction Potential

• Leverage cost benefits of cloud

• Prevent rather than remediate

• Significantly reduce IT costs

Stealth Agility

• Software-defined networking

• Incremental, non-disruptive

• No application changes

Why Stealth Now?



A non-US department of defense agency uses Stealth

in a secure virtual desktop infrastructure solution

A US government agency uses Stealth for secure

telecommuting

Large science company is implementing Stealth to protect its process control environment

and safeguard its IP

A healthcare organization is using Stealth to verify secure transmission of data between

multiple hospitals

Industry leader in graphical processors securing remote access to virtual desktops,and segmenting the internal network with COI to secure

to sensitive data

Brazil service provider to Public Sector social services

using Stealth to securely transmit copies of disk images

between multiple sites

PCI DSS compliance for point of sale environment;

conventional approach buying new switches and firewalls

was too expensive

Unisys uses Stealth to secure and protect our high-value application and database servers, for secure remote

telecommuting and regional isolation

Clients with Zero Tolerance for Breaches Use Stealth


Don’t Just Take Our Word For It

“Unisys markets the product with

the tag line, “you can’t hack what

you can’t see,” and we have

to agree with them.”

“Stealth is an interesting product

that might just be a great

way to hide from

hackers.”

- David Strom, editor-in-chief, Network World

Finalist: announcement Sept 2014

Click to view May 2014 Stealth product review

Winner: Cybersecurity Product of the Year 2014

http://www.networkworld.com/reviews/2014/050514-unisys-test-281247.html

http://www.networkworld.com/reviews/2014/050514-unisys-test-281247.html

http://www.techamericafoundation.org/content/wp-content/uploads/2013/05/ATA-2014-Image-V5.jpg

http://www.techamericafoundation.org/content/wp-content/uploads/2013/05/ATA-2014-Image-V5.jpg

© 2014 Unisys Corporation. All rights reserved.

Thank you.


Sub-Vertical Slides


How to use this deck

Replace slide #10 of the main presentation (Sample Use Cases) with the appropriate set of sub-vertical slides

• Industrial has three sub-verticals to choose from :– Manufacturing

– Chemical Processing

– Oil and Gad Production

© 2014 Unisys Corporation. All rights reserved.© 2014 Unisys Corporation. All rights reserved.

Manufacturing Cyber Threats Section

DELETE the Use Case slide from the

Industrial Core PPT Deck and insert the

Manufacturing slides from this deck


Top Three Manufacturing Cyber Targets

1. ICS/SCADA: New controls and all-digital infrastructures create vulnerabilities

2. Command and control software: Hackers and malicious code target Human-Machine Interfaces (HMI) and Machine Execution Systems (MES)

3. Intellectual property: Backdoor hacks can steal valuable industrial assets


Recent Events

600%+ increase in ICS/SCADA

vulnerabilities from 2010 to 2013

Over 25% ICS/SCADA

cyber-attacks on Industrial sector in 2013

In 2013, a major ICS/SCADA supplier

infected with malware

http://arstechnica.com/security/2012/09/hack-attack-on-energy-giant-highlights-threat-to-critical-infrastructure/

http://arstechnica.com/security/2012/09/hack-attack-on-energy-giant-highlights-threat-to-critical-infrastructure/

http://ics-cert.us-cert.gov/ICS-CERT-Year-Review-2013


http://resources.infosecinstitute.com/scada-security-of-critical-infrastructures/



Command and Control Software Vulnerabilities

HMI and MES Advantages

for Manufacturing

• Can help tie shop floor

visibility to ERP systems

• Result is reduced

time-to-market and greater operational

efficiencies

Vulnerabilities

• Runs on off-the-shelf OSs, known

hacker targets

• MES-Enterprise software gaps

• Hackers and viruses have multiple

entry points



• Intelligent Control Circuit (ICC)

• Supervisory Control and Data Acquisition (SCADA)

• Remote Terminal Unit (RTU)

• In field ICS/SCADA: most never designed for IP-connectivity

• Mixture of old (analog) and new devices in field

• Connectivity to control center via cell, radio, wireless, Ethernet and fiber

Industrial Control Attack Surfaces

exploitable vulnerabilities

in 1,330 models of

control devices1

More than 2,600

© 2014 Unisys Corporation. All rights reserved. 211 SCADA and Security of Critical Infrastructure. InfoSec Institute. |

http://resources.infosecinstitute.com/scada-security-of-critical-infrastructures





Go to the MANUFACTURING Core PPT Deck

Continue with the Stealth value proposition slides


Chemical Processing Cyber Threats



Chemical Processing slides from this deck


Top Three Chemical Processing Cyber Targets

1. ICS/SCADA: Increased vulnerabilities as more and newer devices enter market

2. Command and control software: Human-Machine Interface (HMI) and Machine Execution System (MES) software targets

3. Theft of intellectual property: Proprietary processes and formulas at risk


Recent Events



277 ICS/SCADA cyber-attacks

voluntarily reported in 2013

48 chemical and defense plants

breached with Nitro virus in 2014

http://www.huffingtonpost.com/2011/10/31/nitro-attacks-china-hacker-chemical-firms-symantec_n_1067978.html

http://www.huffingtonpost.com/2011/10/31/nitro-attacks-china-hacker-chemical-firms-symantec_n_1067978.html







Human-Machine Interface (HMI) Programs for

Chemical Processing Command and Control Centers

• Proprietary software (supply chain compromise,

bugs, questionable security measures)

• Runs on off-the-shelf OS, known hacker target

• Must be patched and maintained






• Mixture of old (analog) and new devices

• Moving from analog to digital systems

Chemical Processing Control Attack Surfaces


in 1,330 models of

control devices1

More than 2,600







Go to the Industrial Core PPT Deck



Oil and Gas Cyber Threats



Oil and Gas slides from this deck


Pipeline Cyber Attack

“Cyberspies linked to China’s military targeted nearly two dozen US natural gas pipeline operators over a recent six-month period, stealing information that could be used to sabotage US gas pipelines, according to a restricted US government report and a source familiar with the government investigation.”

– Christian Science Monitor

February 27, 2013

http://www.csmonitor.com/Environment/2013/0227/Exclusive-Cyberattack-leaves-natural-gas-pipelines-vulnerable-to-sabotage/

http://www.csmonitor.com/Environment/2013/0227/Exclusive-Cyberattack-leaves-natural-gas-pipelines-vulnerable-to-sabotage/


Recent Events



Data Theft besiegesOil Industry

Compromising industrial facilities from

40 milesaway



https://media.blackhat.com/us-13/US-13-Apa-Compromising-Industrial-Facilities-From-40-Miles-Away-WP.pdf

https://media.blackhat.com/us-13/US-13-Apa-Compromising-Industrial-Facilities-From-40-Miles-Away-WP.pdf

http://www.cnet.com/news/data-theft-attacks-besiege-oil-industry-mcafee-says/

http://www.cnet.com/news/data-theft-attacks-besiege-oil-industry-mcafee-says/



Human-Machine Interface (HMI)

Programs for Oil and Gas

Production Command and

Control Centers

• Proprietary software (supply chain

compromise, bugs, questionable

security measures)

• Runs on off-the-shelf OSs,

known hacker targets

Mobile Controls

• Remote operation of gas and oil

rigs/well-heads at risk from hacks

and viruses






• In field ICS/SCADA: most never designed for IP-connectivity

• Mixture of old (analog) and new devices in field

• Connectivity to control center via cell, radio, wireless, Ethernet and fiber

Oil and Gas Production Control Attack Surfaces


in 1,330 models of

control devices1

More than 2,600







Go to the Industrial Core PPT Deck



AppendixTechnical Slides


Info Dispersal

Algorithm and Data

Reconstitution

Virtual Communities

of Interest (COI)

Cryptographic

Service Module

AES 256 Encryption

You can’t hack what you can’t see…

Protect Data-in-Motion Make Endpoints Invisible

Executes Low in the

Protocol Stack

Stealth Shim

7. Application

6. Presentation

5. Session

4. Transport

3. Network

1. Physical

2. Link

NIC

Stealth: Four Key Elements


How We Cloak

TCP UDP

DHCP ARPIP

Stealth Driver credentials

authorized into COI

MACLayer 2

Layer 3

Layer 4

Message from COI member processed

Message from COI member discarded

Message from non-Stealth endpoint discarded

Unisys Stealth Endpoint Driver


Stealth for Critical Infrastructure

EAL4+ FIPS 140-2

Internet

Control Bus

Terminal Bus

EnterpriseNetwork

HMI

EWS

CCTV ServerHistorianOPC ServerDomain Controller

Plant Firewall

Corporate Firewall

Control Firewall

Alarm Aggregation

EPA DatabaseERPRTU

HMI

Application Server

Plant Bus

Hardwired Instrumentation

Field Bus to Instrumentation

Hardwired Instrumentation

PLC PLC PLC PLC

• Identify the most sensitive endpoints in the critical infrastructure and who should have access

• Create compartmentalized security model based on need-to-access

• Protect and enforce the security model with strong end-to-end encryption, properly managed keys and CLOAKED endpoints

http://www.niap-ccevs.org/

http://www.niap-ccevs.org/


Unisys Stealth protects critical app processing environments through cloaking techniques—effectively rendering them invisible and providing protection from internal and external threats

Unisys Stealth for Mobile extends the protection of these mission-critical assets to mobile environments—providing only the right mobile users access to the right environments

Email

Server

Unprotected ProtectedServer

(Phys or VM)

ProtectedApp

Server

ProtectedDatabase

Server

Mobile Security starts in the data center and extends out to your mobile devices

Unisys Stealth for Mobile


Application

Wrapping Software

Stealth Data Center

Segmentation

Email

Server

UnprotectedProtected

Server(Phys or VM)

ProtectedApp

Server

ProtectedDatabase

Server

Stealth for

Mobile Gateway

vDR

vDR

Broker

Wraps individual applications on a device—enabling fine-grained security controls to be applied to individual applications

Provides secure passage for mobile data to application processing environments—connects authenticated mobile application users into Stealth Communities of Interest

Compartmentalizes data center using Communities of Interest instead of physical infrastructure


Three Components


Stealth for

Mobile Software

Legal

Finance

Stealth Authorization

Service

Stealth Appliance

VPN Server

DMZ(Audit, IDS)

Broker

vDR

vDR

Enterprise

Identity Store

Internet

Wrapped applications

Stealth-Enabled Mobile App• Captures user credentials• Wrapped for security

IPsec Connection Gateway• Off-the-shelf IPsec VPN gateway

Mobile Stealth Gateway• Broker

– Authorizes users– Manages vDRs’ COIs

• Virtual Device Relay (vDR)– Relays data between

app and Stealth network

Stealth

Network

DMZ• Clear-text network segment• Allows monitoring, firewalling, etc.


Architecture