it-security in industrial automation by josef waclaw, ceo infotecs gmbh
TRANSCRIPT
IT-Security in Industrial Automation
Josef Waclaw, CEO Infotecs GmbH
INDUSTRIAL CONTROL
SYSTEMS
2
Cyber Attacks & Cyber Threats:
Underlying Premises
Global automation
Mass implementation of typical ICS
Internet used as communication channel
Integration of ICS with ERP and MES
Development of remote monitoring systems
Service business model come to industrial
Industry 4.0
IoT
Politics
3
4
Industry 4.0
“85% of responding
companies will have
implemented industry
4.0 technologies in
their key areas by
2020” (Source: PwC)
The capacity is used up
till Monday I must be at the
output in 2 hours I am filling the
pallet
Fill the pallet
Few on stock
Drill hole
overrange New product order:
500 pcs till Dec
Deliver 100 pcs in
2 days
Traffic jam ETA is
2 pm
New CNC program
installed on machine „X“
I perform the main-
tenance of machine „X“
Machine „X“ needs
maintenance
Quality Control Management
Storage Location
Technical Support Supplier
Engineering department
-
5
Industry and Cyber Security
“By 2020, the number of connected industrial devices will
triple”
“The underlying concept of Industry 4.0 is to connect
embedded systems and smart production facilities to generate
a digital convergence between industry, smart production
facilities to generate a digital convergence between industry,
business and internal functions and processes”
6
Cyber Attack Risks
Operational downtime
Product manipulation
Intellectual property
Product quality
Reputation
Revenue lost
7
Cyber Attack Examples
“The target for Dragonfly is the
intellectual property of
pharmaceutical organizations”,
September 2014
Target pharmaceutical
facilities
Remote access Trojan
Phishing software attachment
8
Cyber Attack Examples
Ukrainian power blackout
that affected 700k homes,
production plants in January
2016
Target Ukrainian electric
utilities MS Office
documents/Marcos SCADA
System Manipulation
Shutdown of power plant,
complex restart procedure
Source: The Telegraph
9
Cyber Attack Examples
Steal plant Germany:
Shutdown blast furnace
German nuclear plant:
Virus cyber attack
Hospital in Germany:
Virus attack “Locky”
Source: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Securitysituation/IT-Security-Situation-in-Germany-2015.pdf
10
Cyber Attack Examples
Source: Department of Homeland Security, 2015
Reported Cyber Incidents,
By Critical Infrastructure Sector
Cyber Attacks & Cyber Threats:
Statistics
©2015, ОАО «ИнфоТеКС». 12
Incidents from August 2014 to August 2015
ICS-CERT, USA
Attack on Saudi Aramco
performed by the
“Cutting Sword of
Justice” terrorist group
to stop oil production
in Saudi Arabia
Vulnerability
Vendors Statistics
Массовое
внедрение
типовых АСУ
ТП
General Electric
(31 vulnerabilities)
Advantech
(51 vulnerabilities)
Schneider Electric
(96 vulnerabilities)
Siemens
(125 vulnerabilities)
Other vendor
combine to «Other»
020406080
100120140
Critical Medium LowVulnerability
Research from Positive Technologies, 2014
13
- Data Breaches
14 Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
- IoT Attacks
15
“In the future, intelligence services might use the
internet of things for identification, surveillance,
monitoring, location tracking, […] ”
James Clapper, director of US national intelligence
Source: https://www.theguardian.com/technology/2016/feb/09/internet-of-things-smart-home-devices-government-surveillance-james-clapper
16
ERP, MES
Enterprise resource planning systems
Manufacturing execution systems
Top level
of ICS
SCADA/HMI
Operator’s workstation
Control and monitoring centers
Controller
level
PLC
Smart device
Remote Terminal Unit (RTU)
Field
level
Sensor
Actuator
Industrial Control Systems Structure
17
Particularity of ICS
Operating conditions:
Temperatures
Vibration
Dust and damp-proof
equipment
Computational environment:
Limited computational resources
Proprietary software
Low-maintenance systems
High mean time between failures
Connections:
Industrial interfaces other than
Ethernet
Industrial protocols
Real-time
Equipment specifications:
Power supply other than 220V
Limited capacity
Limited space
Limited accessibility
INDUSTRIAL CONTROL SYSTEM
Complete, Multi-Layer Security for
Industrial Systems and the Extended Enterprise
Quality Management
Administration Logistics
Maintenance & Service
ViPNet Coordinator IG:
Typical Scenarios
19
Security integration to ICS with ERP and MES
OPC-Server
SCADA Server
ViPNet HW
ERP Server
Workstation
WorkstationHMI Station
PLC
PLC
PLC
ViPNet IG
ViPNet IG
ViPNet IG
Administrator
ViPNet HW
ViPNet Coordinator IG Application (with security)
20
ViPNet VPN
HMI computers
Administrator
Engineering
Workstation
Telemetry Server
ViPNet HW1000
Communication
Service Provider
ViPNet VPN
RS-485-IEC 60870-5-101
RS-485-IEC 60870-5-101
Multifunctional Power Meter
Protective relaying and automation
Digital relay Digital relay
Electricity metering
Electricity meter
RS-485
ViPNet
Coordinator IG
Industrial Telemetry System Transmission Substation
Distribution Substation
Media Converter
Ethernet / RS-485
©2015, ОАО «ИнфоТеКС».
21
ViPNet SIES: Application (with security)
Electricity meter
Electricity metering
ViPNet SIES Core ViPNet
SIES Core Digital relay Digital relay
Protective relaying and automation
RS-485-IEC 60870-5-103/Moduls
ViPNet
SIES
Server
HMI
Engineering
Workstation
RS-485-IEC 60870-5-101
RS-485-IEC 60870-5-101
Telemetry
Server
SCADA Server
ViPNet
SIES SM
Multifunctional Power Meter
Communication
Service Provider
3G Router
Industrial
Internet Switch
Media Converter
Ethernet / RS-485
ViPNet
SIES Pack
Infotecs GmbH
Josef Waclaw, CEO
Tel: +49 30 2064366-14
Email: [email protected]
Web: www.infotecs.biz
22