siemens ag - corporate technology - it security it ... · page 2 november 2014 corporate technology...
TRANSCRIPT
© Siemens AG 2014. All rights reserved
IT Security ChallengesDr. Rolf Reinema,
Head of Technology Field IT-Security, Siemens AG
Siemens AG - Corporate Technology - IT Security
Page 2 November 2014 Corporate Technology © Siemens AG 2014. All rights reserved
Not a single day without an IT security disaster
Page 3 November 2014 Corporate Technology © Siemens AG 2014. All rights reserved
The threat level is rising –
attackers are targeting critical infrastructures
Hacking against
physical assetsPolitics and Critical
Infrastructure
Cybercrime and
Financial Interests
The Age of
Computerworms
Code Red Slammer Blaster Zeus SpyEye Rustock Aurora Nitro Stuxnet
"Hacking for fun" "Hacking for money""Hacking for political and
economic gains"States Criminals
Hobbyists Organized CriminalsHacktivists
State sponsored ActorsTerrorists Activists
BackdoorsWorms
Anti-Virus
Hackers
BlackHatViruses
Responsible Disclosure
Credit Card Fraud
BotnetsBanker Trojans
PhishingSPAMAdware
WebSite Hacking
AnonymousSCADA
RSA BreachDigiNotar
APT
Targeted Attacks
Sony Hack
Cyberwar
Hacking against critical
infrastructure
Identity theft
Loss of privacy
# of published exploits
# of newmalwaresamples
# of published vulnerabilities
2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
Data sources:IBM X-Force Trend and Risk ReportHP Cyber Risk ReportSymantec Intelligence Report
Page 4 November 2014 Corporate Technology © Siemens AG 2014. All rights reserved
Incidents on critical infrastructure are taken seriously
by governments
The US government runs the ICS CERT 1) to monitor the increasing number of incidents in critical infrastructure
From ICS-CERT Monitor January–April 2014ICS CERT reports 257 incidents in critical
infrastructure in 2013
• Internet Accessible Control Systems At Risk
"Tools, such as SHODAN, Google and other search
engines, enable researchers and adversaries to
easily discover and identify a variety of ICS
devices that were not intended to be Internet facing.
Adding to the threat landscape is the continued
scanning and cataloguing of devices known to be
susceptible to emerging vulnerabilities such as the
OpenSSL Heartbleed."
• Public Utility Compromised
"A public utility was recently compromised when a
sophisticated threat actor gained unauthorized access
to its control system network. After notification of the
incident, ICS-CERT validated that the software used
to administer the control system assets was
accessible via Internet facing hosts. The systems
were configured with a remote access capability,
utilizing a simple password mechanism; however,
the authentication method was susceptible to
compromise via standard brute forcing techniques."
Data sources:ICS-CERT Report "ICS-CERT Year-in-Review – 2013" ICS-CERT Monthly Monitor January–April 2014
ICS CERT = Industrial Control Systems Cyber Emergency Response Team
9
1
13
12
1
4
1
12
1
10
38
10
Commercial Facilities
Financial
Healthcare
145
Communications
Critical Manufacturing
Energy
Government Facilities
Emergency Services
Water
Information Technology
Transportation
Dams
Nuclear
Page 5 November 2014 Corporate Technology © Siemens AG 2014. All rights reserved
Different factors are driving the research demand
for IT Security
Example
• Integrated solutions
• Device connectivity
Examples
• Robust and easy to use
• Long term security
Examples
• Know-how protection
• Industry 4.0 scenarios
New Functionality Quality of SecuritySecurity Use Case
Page 6 November 2014 Corporate Technology © Siemens AG 2014. All rights reserved
Real World
Virtual World
Yesterday Today Tomorrow
SW
Multi-Core
Embedded System
SWOpen Source
Cloud
Computing
Ambient
Intelligence
Intermodal
Interaction
Standalone
embedded
systems
Closed network of
distributed
embedded systems
Social
Networks
and
Platforms
Cyber
Security
IT Security
Open network of
systems of systems
of embedded systems
Data
Know-
ledge
From standalone embedded systems to secure and
intelligent Cyber-Physical Systems
In-memory
computing/
real-time DA 1)
1) Data Analytics
Page 7 November 2014 Corporate Technology © Siemens AG 2014. All rights reserved
Future Trends will
increase the need for Product and Solution Security
Tech
cycles
1-2 yrs
3-5 yrs
20 yrs
System
life
3-5 yrs
5-15 yrs
15-40 yrs
HW/SW
changes
Day/Week
Mth/Yr
Decade
Patching/
Virus scan
Standard
Case by
case
Contradicts
safety case
?
!
Information
technology
Operation
technology
Safety
technology
SWOff-site IT
Cloud
Increased software use makes IT security more relevant
Closed IT systems often not prepared against hostile external access
Operational efficiency requires more and more open and interconnected systems (mobile
devices, cloud, remote maintenance, always-connected …)
Long system life cycles increase vulnerability and demands specific solutions, e.g.
Security will make a difference in competitive environments..
Page 8 November 2014 Corporate Technology © Siemens AG 2014. All rights reserved
IT-Security Challenges & Hacking Trends
Open connectivity
Every device is network enabled
Everything runs IP and is cloudified with easy access & interpretation of data
Internet, office & production networks are becoming one flat network (with some separation in between)
Remote access, maintenance & adminstration to reduce costs
Many multi-national subcontractors & OEM vendors with non-fitting securityachitectures and legal issues
Attackers get more sophisticated
Embedded hardware hacking, reverse engineering, fuzzing, concolic testing
Attacks shift to the application layer
Attacks are (almost?) impossible to distinguish from normal user behavior
How to reduce the attack surface?
Right level of segmentation?
End-to-end secure authentication, encryption & integrity protection?
Secure against physical attacks, also on embedded device level?
How much money to spend on securitycontrols?
Effective disaster recovery?
Application level security includingdetection mechanisms?
Clear understanding of worst casescenarios and consistant controls?
Page 9 November 2014 Corporate Technology © Siemens AG 2014. All rights reserved
Industrial and office IT have
different management & operational characteristics
Regular / scheduled
Medium, delays accepted
Scheduled and mandated
High (for critical IT)
High
Common / widely used
3-5 years
Slow
Very high
Occasional
Very much varying
Increasing
Uncommon / hard to deploy
Up to 20 years
Application of patches
Availability requirement
Security testing / audit
Physical Security
Security Awareness
Anti-virus
Component Lifetime
Office ITIndustrial IT
Delays acceptedCriticalReal time requirement
Security Standards ExistingUnder development
Page 10 November 2014 Corporate Technology © Siemens AG 2014. All rights reserved
Industrial and office IT
have different functional security requirements
Confidentiality (Data)
Integrity (Data)
Availability /
Reliability (System)
Non-Repudiation
“Office“ security concepts and solutions are
not directly applicable for industrial control systems
High
Medium
Medium, delays accepted
Medium
Low – Medium
High
24 x 365 x …
High
Office ITIndustrial IT
Page 11 November 2014 Corporate Technology © Siemens AG 2014. All rights reserved
Industrial Security
Defense-in-Depth-Conzept
Plant Security
• Access Control
• Security Management
Network Securiy
• Controlled Access between IT
and OT networks, industrial firewalls
• Segmentation of OT networks
System Integrity
• Antivirus- and Whitelisting-Software
• Systemhardening
• Maintenance and Patching
• Identification and Access Management
Security solutions in the context of industrial IT-security have to consider all protection layers
Plant Security
NetworkSecurity
System IntegrityProduction
Plant
Page 12 November 2014 Corporate Technology © Siemens AG 2014. All rights reserved
We proactively address the paradigm shift
towards open, interconnected industrial IT systems
Security questions
• Authentication of a device
What is it?
• Authorization of a device
What is the device allowed to do?
• Trust in device
Is it sufficiently secure?
• Interaction between systems
How do devices communicate
in a secure, reliable way
Project goals
for industrial environment
• Lean management of identities,
access rights and keys for
industrial devices and users
• Trust within the device:
unforgeable identity, protection of
credentials, authenticated access
to data and commands
• Confidential, authenticated and
integrity-checked information flow,
reliable and in time
Deliverables
• Managed Identities & Access
• Public Key Infrastructure (PKI)
• Identity and Access
Management (IAM)
• Trust Anchor within the device
• Security Kernel for Embedded
Systems (ESK)
• Modular Crypto Library
• Secure, reliable communication
• Embedded Security Protocol
Library
• Secure industrial Gateway
Paradigm shift towards open,
interconnected IT systems
rising complexity
Overall goals:
improving usability,
reducing complexity and
optimizing the cost structure of secure products & solutions
Page 13 November 2014 Corporate Technology © Siemens AG 2014. All rights reserved
Common situation today
Secure, reliable communication is the key for the
interaction between distributed systems
Limits of current practices
• Many solutions build upon similar external
secure protocol stacks. Integration within
(embedded) platforms as well as updates of
distinct security solutions are costly and of
limited flexibility.
• Coupling between low security networks with
high security networks preserving security,
safety, availability and reliability only partly
addressed.
• Solutions use products and services that build
on communication. They often apply generic
security communication stacks, were an
internal coordination (integration options,
licensing, testing, etc.) is missing.
• Business innovations demand that formerly
isolated networks are opened and
interconnected for enhanced services.
Paradigm shift towards open, interconnected
IT systems
We address the challenges in secure reliable communication in vertical and
horizontal IT systems by supporting:
Embedded Security Protocol Library
Secure Industrial Gateway
Page 14 November 2014 Corporate Technology © Siemens AG 2014. All rights reserved
A trust anchor in the device as basis for
customized cryptographic security mechanisms
Examples and limits of available
HW trust anchors
• High integration effort
• No long-term availability
• High dependency on supplier
In-house solution required
• HW-based solutions
• Function within main
CPU
• Integration within
system-on-chip / ASIC*
• Separate security chip
on platform
• Add-on solution to
system
• SW-based solution
Realization options
for trust anchors
• Provide secure key
storage and protect
security related
calculations against
manipulation and
compromise
• HW based trust anchors
provide the trustful means
for cryptographic
supported security
operations
• Pure SW solutions provide
only limited protection
within the device
What is a trust anchor?
ASIC: Application Specific Integrated Circuit
Page 15 November 2014 Corporate Technology © Siemens AG 2014. All rights reserved
Embedded hardware security kernel realizes
a trust anchor for devices
• Current Pilots : Rail Automation, Industry Automation
Consulting during design, product evaluation, realization, deployment and operation
Security Kernels within embedded systems consist of
protected data and protected execution environments.
• They support attack-resistant processing of
sensitive applications.
• The proposed implementation of a security kernel
realizes a security anchor for embedded devices
• The result is a Siemens in-house realization of a security kernel implemented as customizable
VHDL*/C design IP for FPGAs (and also ASICs*)
• Develop modular library for HW/SW-based security kernels
• Integrate customized solutions on embedded product platforms
• Realize prototypes within pilot projects
• Provide support for product developments
*FPGA: Field Programmable Gate Array
VHDL: Very High Speed Integrated Circuit Hardware Description Language
ASIC: Application-Specific Integrated Circuit
© Siemens AG 2014. All rights reserved
Thank you for your attention!
Siemens Corporate Technology 2014