P.Charrue Slides - AB/CO Technical Committee
Download
Report
Transcript P.Charrue Slides - AB/CO Technical Committee
CNIC
Computing and Network Infrastructure for Controls
• Why CNIC?
• Technical Propositions.
• Impact on you !?
• Use Cases & Examples
Pierre Charrue AB/CO
June 2005
1
Goals of this presentation
Explain why CNIC was created
Describe CNIC mandate
Propose technical proposals and
deployment schedule
Explain what will change for the users
Get some feedback from the users
June 2005
2
CyberThreats at CERN
May 2005
January
February
March
April
2005
2005
2005
2005
::81
67
: 70
:incidents
incidents
:91
83
incidents
incidents
incidents
19 systems
36
23
20
15
Windowscompromised
systems compromised
(22 Windows,
(18
(12
(17
(4 using
1 Linux)
3
2
Linux,
VPN)1 VPN)
One
2
1
CERN
account
accounts
account
compromised
compromised
compromised
(used to originate a DoS attack)
6 PCs
14
4
2
9
PCsat
spreading
atCERN
CERNspreading
viruses/worms
spreadingviruses/worms
viruses/worms
53 PCs with unauthorized P2P activity (7
57
51
38
(9 via
(11
(13
viaVPN)
VPN)
250
#Incidents
200
150
100
50
20
05
20
04
20
03
20
02
20
01
June 2005
20
00
0
4
Control Systems are NOT safe
• O/S can not always be patched immediately
• Account passwords are known to several/many
people and not changed
• Automation devices (PLCs, SCADA) have NO
security protections
• The Controls network is entangled with the general
office network (Campus network)
June 2005
5
CERN Assets at Risk
People
Personal safety (safety alarms transmitted via the communication
network)
Equipment (in order of increasing costs)
Controls equipment: Time-consuming to re-install, configure and
test
Infrastructure process equipment: Very expensive hardware
Accelerator hardware: Difficult to repair
Process
Many interconnected processes (e.g. electricity and
ventilation)
Very sensitive to disturbances
A cooling process PLC failure can stop the particle beam
A reactive power controller failure can stop the beam
Difficult to set up
June 2005
Requires many people working, possibly out-of-ordinary hours
6
Goals of this presentation
Explain why CNIC was created
Describe CNIC mandate
Propose technical proposals and
deployment schedule
Explain what will change for the users
Get some feedback from the users
June 2005
7
The CNIC Working Group
Delegated by the CERN Controls Board
Mandate covers control systems only, not office computing
Definition of
Security policy
Networking aspects
Operating systems (Windows and Linux)
Services and support
Members cover all CERN controls domains and
activities
Service providers (Network, NICE, Linux, Security)
Service users (AB, AT, LHC Experiments, TS)
June 2005
8
CNIC Mandate
Define tools for system maintenance (“NICEFC” and “LINUXFC”).
Define tools for setting up and maintaining different
Controls Network domains.
Designate person to have overall technical responsibility.
Rules, policies and authorization procedure for what can be connected
to a domain.
Ground rules, policies and mechanisms for inter-domain
communications and communications between controls domains and
the Campus Network.
Investigate technical means and propose implementation plan.
Stimulate general security awareness.
June 2005
10
Goals of this presentation
Explain why CNIC was created
Describe CNIC mandate
Propose technical proposals and
deployment schedule
Explain what will change for the users
Get some feedback from the users
June 2005
11
CNIC Phases
Requirements
and
Definitions
I
Security Policy
Networking
Operating Systems and Tools
Services
09/2004
01/2005
Implementation
II
Operation
III
07/2005
01/2006
“Design, Setup and Operation of the
CERN Control System Environment”
Description of concepts
Definition of terms
Definition of policies
“Deliverables and Milestones”
Main Chapters
- Security Policy
- Networking
- Operating System and Tools
- Services
Definition concrete deliverables, responsibilities, and dates
June 2005
12
Security Policy
Network Domains
Hardware Devices
Physical network segregation & Functional Sub-Domains
No USB, modems, CD-ROMs, wireless access…
Operation System
Central installation of Windows or Linux
Strategy for security patches
Software
Development guidelines, installation, patching and test
procedures
June 2005
13
Security Policy (cont’d)
Logins and passwords
Traceability, no generic accounts
Following IT password recommendations
Training
Awareness Campaign (this presentation !)
User training (rules, tools)
Security Incidents and Reporting
Reporting and follow up
Disconnection if risk for others
June 2005
14
Networking
General Purpose Network
(GPN)
For office, mail, www,
development, …
No formal connection
restrictions by CNIC
Technical Network (TN) and
Experiment Network (EN)
For operational equipment
Formal connection and access
restrictions
Limited services available (e.g.
no mail server, no external web
browsing)
Authorization based on MAC
addresses
Network monitored by IT/CS
June 2005
15
Operating Systems & Tools
NICEFC and LINUXFC
Named Set of Control Computers (NSCC)
Centrally managed and distributed
Groups of computers with identical basic configuration
Responsible persons will be contacted in case
of emergency, or
if e.g. security patches need to be applied.
Configuration
Version management database
Operating System (LINUXFC or NICEFC)
User defined software packages (e.g. PVSS, …)
Rollback to previous version
Local firewalls
June 2005
16
Services
Operation, Support and Maintenance
Test Environment
Standard equipment
Network connections (24h/d, 365d/year)
Operating System installation
Security patches
Vulnerability Tests (e.g. TOCSSiC)
Integration Tests (one test bench per domain)
Hardware Support
Standard (“office”) PCs
“Industrial” PCs
June 2005
17
Activities and Deliverables
Requirements
and
Definitions
I
Security Policy
Networking
Operating Systems and Tools
Services
09/2004
01/2005
Implementation
II
Operation
III
07/2005
01/2006
• Define and deploy “LINUXFC” and “NICEFC”
• Deploy and setup Application Gateways
• Select and implement real use case with Users
• Prepare the TN and EN separation
• In the middle of 2006, when all proposed technical solutions
and support are available and supported, disable the GN to
TN/EN connectivity
June 2005
18
Goals of this presentation
Explain why CNIC was created
Describe CNIC mandate
Propose technical proposals and
deployment schedule
Explain what will change for the users
Get some feedback from the users
June 2005
19
What Does Change for YOU ?
Connection policy
Installation procedure
Must be possible outside operation (on GPN)
Procedures for
Access via application gateways (WTS, lxplus, …)
Tests & Development
O/S to be installed
Configuration
No direct access from office to control systems
Connections must be authorized by domain responsible person
Security patches
Installation scenarios
Generic accounts restrictions
June 2005
20
Use Cases
Office Connection to
Control System:
Connection to application
gateway
Open session to
application (e.g. PVSS)
with connection to
controls machine and/or
PLCs
June 2005
21
Use Cases
Sensitive Equipment :
Vulnerable devices (e.g. PLCs) must be protected against security
risks from the network
Grouped into Functional Sub-Domains
Access only possible from the host system that controls them
External access to the host system via application gateway
June 2005
22
What do YOU have to do ?
As hierarchical supervisor
As technical responsible
Make security a working objective
Include as formal objectives of relevant people
Ensure follow up of awareness training
Assume accountability in your domain
Delegate implementation to system responsible
As budget responsible
Collect requirements for security cost
Assure funding for security improvements
June 2005
23
Next Actions in AB Controls
Have an Application Gateway installed in 513
: end of June 2005
Install some client software (PVSS client,
PLC software, JAVA JRE, …) : July 2005
Run real application for the HWC via this
Application Gateway : Mid-July 2005 onwards
Make tests from wireless laptops from the
LHC tunnel to access equipment via this
Application Gateway : mid-July 2005
June 2005
24
Goals of this presentation
Explain why CNIC was created
Describe CNIC mandate
Propose technical proposals and
deployment schedule
Explain what will change for the users
Get some feedback from the users
June 2005
25
Questions ?
Domain responsibles:
GPN:
TN:
ALICE EN:
ATLAS EN:
CMS EN:
LHCb EN:
IT/CS
Uwe Epting & Søren Poulsen (TS),
Pierre Charrue, Alastair Bland &
Nicolas de Metz-Noblat (AB/AT)
Peter Chochulat
Giuseppe Mornacchi
Martti Pimia
Beat Jost
Incidents:
[email protected]
http://cern.ch/wg-cnic
June 2005
26