Transcript Eric Winsborrow.Real Life Challenges and

Real Life Challenges
and Solutions for
IIoT Security for
Oil and Gas
Justin Hogue, LEC
Eric Winsborrow, Distrix Networks
2016 ENTELEC Fall Seminar
LEC provides industrial automation and control engineering
services, Industrial IoT communications services and cloud
platform solution development. Through Client and Partner
engagement, technical innovation and ongoing research
and development, we strive to develop better solutions to
achieve the complete satisfaction of those we serve. With
each project, our goal is to establish a new standard of
quality and professionalism.
• Nearly 30 years in industrial automation, controls and
engineering
• Privately held and self funded
• National Sales and Support Channels
• Process driven and highly scalable
2016 ENTELEC Fall Seminar
Common Deployment and Related Concerns
Oil and Gas Block Valve
Challenges
• Extremely remote locations
• No commercial power availability
• No existing monitoring/controls
• Weak cellular connectivity
• Cost of truck-roll to operate and maintain
Security Concerns and Challenges
• Remote location and physical security
• Unauthorized access to network
• Connectivity loss and related control/monitor
capabilities
2016 ENTELEC Fall Seminar
Common Deployment and Related Concerns
Custody Transfer and Metering
Challenges
• Diverse data types
• No remote access to flow data
• Inability to remotely troubleshoot and support
operations
• Truck-roll/travel costs to Support in-field
Security Concerns and Challenges
• Data accessed by diverse users and groups
• Secure access for technicians for troubleshooting
• Exposure of proprietary information
2016 ENTELEC Fall Seminar
Common Deployment and Related Concerns
Command Center/Operational Data Network
Challenges
• Different operational networks (Offshore,
Nearshore, Onshore)
• Different operational teams
• Inconsistent security layers and related
technologies
Security Concerns and Challenges
• Data accessed by diverse users and groups
• Secure access for technicians for
troubleshooting
• Exposure of proprietary information
• Enterprise level risk
ABOUT DISTRIX
Founded 2006 as Spark Integration –
DARPA and DoD funded deployments
2014 Distrix created to focus on
Commercial IIoT Market

Predator Drone, ADAPT, other DoD for secure,
resilient device connectivity and communications
•
Simple, Secure connectivity for existing industrial
devices to other operational and IT networks

Reliable SDN meshed control networks for Base
Smart Grids using existing infrastructure
•
Advanced, future proof and reliable SDN based
networking using existing industrial equipment

Data manipulation in flight for advanced data
analytics and automated edge controls
•
Device metadata addition, manipulation, filtering
for Big Data Analytics and Edge Control
OLD CENTRIFUGE
PLANT
UNDERGROUND
BUILDINGS
ADMINISTRATION
BUILDING
NUCLEAR FUEL
CENTRIFUGES
ADMINISTRATION
BUILDING
NUCLEAR FUEL
CENTRIFUGES
ADMINISTRATION
BUILDING
NUCLEAR FUEL
CENTRIFUGES
ADMINISTRATION
BUILDING
NUCLEAR FUEL
CENTRIFUGES
COMMAND &
CONTROL
ADMINISTRATION
BUILDING
NUCLEAR FUEL
CENTRIFUGES
COMMAND &
CONTROL
ADMINISTRATION
BUILDING
NUCLEAR FUEL
CENTRIFUGES
COMMAND &
CONTROL
ADMINISTRATION
BUILDING
NUCLEAR FUEL
CENTRIFUGES
COMMAND &
CONTROL
ADMINISTRATION
BUILDING
NUCLEAR FUEL
CENTRIFUGES
COMMAND &
CONTROL
ADMINISTRATION
BUILDING
NUCLEAR FUEL
CENTRIFUGES
ADMINISTRATION
BUILDING
NUCLEAR FUEL
CENTRIFUGES
ADMINISTRATION
BUILDING
NUCLEAR FUEL
CENTRIFUGES
ADMINISTRATION
BUILDING
Understanding Cyber Threats
Why Are Current Attacks So Successful
1
Reconnaissance
2
Attack
and
Infiltrate
3
Run Malware
and Escalate
Privileges
4
Pivot and
Laterally
Propagate
5
Continuous
Exfiltration
Attacker Methods?
 Know Target User
 Phishing
 SAM Extraction
 New Accounts
 Asset Login
 Shared Info
 OMS
 New Accounts
 Move To Target
 Aggregate Data
 Equipment Search
 Cloud
 Back Doors
 Monitor Admins
 Password Encrypt
 Corp Structure
 Mobile
 Harvesting
 Flag Detection
 Zip Data & Encrypt
 Person Profile
 Laptop
 Scanning
 Set Plumbing
 Use Proxies
2016 ENTELEC Fall Seminar
Examples of Advanced ICS Attacks
E.g. Dragonfly Attack on eWON
• Key employee spearphishing and RAT to take admin controls
Command
& Control
• HAVEX/Watering Hole attack redirects customers visiting website
• Infects ICS vendor systems and extracts data from customers
Internet
Web Servers
App Servers
Database
E.g. Shamoon Attack on Saudi Aramco
• Target employees via spearphishing
• Lateral progagation to key systems
• Destroyed 35,000 hard drives during Ramadan holiday
ICS
Systems
Data
Centers
2016 ENTELEC Fall Seminar
Challenges to Securely Connecting IIoT
•
•
•
•
IT vs Operations priorities (and culture)
Costs and Risk of “upgrading” to IP systems
Complexity creates security risks
Data Exposure
•
•
•
Protecting data at the source
Exposure across 3rd Party networks and in the Cloud
Reducing attack surface (access to just what is needed)
SOURCE: Industrial Internet Consortium (IIC) Security Working Group
2016 ENTELEC Fall Seminar
How are the Challenges Addressed?
•
•
•
•
•
•
•
•
Prioritizing your assets (what matters most)
Understanding the threat
Identifying current risk (Assets/Threat)
Creating standards
Roping in the rogue
Getting and staying current
Creating a proactive security culture
Implementing the right technology
Security is NOT an IT domain (it’s Operations, C-level etc.)
2016 ENTELEC Fall Seminar
Recommendations to Management
Top 10 Questions to Ask
1. Who is in charge of your Cybersecurity plan and who is involved? (Operations?)
2. What is the role of board and Management oversight in Cybersecurity?
3. Who are your likely adversaries (state sponsored, competitive, criminal, etc.)
and what crown jewels do you most need to protect?
4. Do you have an incident response plan? Have you done a tabletop exercise?
5. What does your network map look like (physical assets, cloud resources, physical
and digital security tools and protocols, etc.)?
6. Who has access to sensitive data, and what is the risk of an insider event?
7. What are your physical and digital security protocols following employee termination?
8. How do you interconnect with and share data with your supply chain and other
business partners and does your company have a vendor risk management program?
9. Does your company receive and share information about Cybersecurity threats?
10. What kind of insurance do you have to deal with potential security incidents?
SOURCE: www.dlapiper.com/en/us/insights/publications/2014/01/cybersecurity-and-the-duty-of-care
2016 ENTELEC Fall Seminar
Common Deployment and Related Concerns
Oil and Gas Block Valve
Challenges
• Extremely remote locations
• No commercial power availability
• No existing monitoring/controls
• Weak cellular connectivity
• Cost of truck-roll to operate and maintain
Security Concerns and Challenges
• Remote location and physical security
• Unauthorized access to network
• Connectivity loss and related control/monitor
capabilities
2016 ENTELEC Fall Seminar
Common Deployment and Related Concerns
Oil and Gas Block Valve
Solution
• Physical Security via limited access
• Solar Power System
• Added I/O for monitoring and control
• Utilized amplification and directional antennas
• Disabled un-used physical interfaces
• Allow user access at multiple levels
• Allow encrypted connectivity for technicians
• Private, encrypted connectivity from NOC to the
PLC/RTU
• Provide tools/platform for monitoring and alerting
communication status and overall performance
2016 ENTELEC Fall Seminar
Common Deployment and Related Concerns
Custody Transfer and Metering
Challenges
• Diverse data types
• No remote access to flow data
• Inability to remotely troubleshoot and support
operations
• Truck-roll/travel costs to Support in-field
Security Concerns and Challenges
• Data accessed by diverse users and groups
• Secure access for technicians for troubleshooting
• Exposure of proprietary information
2016 ENTELEC Fall Seminar
Common Deployment and Related Concerns
Custody Transfer and Metering
Solution
• Protocol conversion (300+ protocols)
• Securely poll PLC/RTU
• Allow user access at multiple levels
• Allow encrypted connectivity for technicians
• Private, encrypted connectivity from NOC to the
PLC/RTU
2016 ENTELEC Fall Seminar
Common Deployment and Related Concerns
Command Center/Operational Data Network
Challenges
• Different operational networks (Offshore,
Nearshore, Onshore)
• Different operational teams
• Inconsistent security layers and related
technologies
• Redundancy
Security Concerns and Challenges
• Data accessed by diverse users and groups
• Secure access for technicians for
troubleshooting
• Exposure of proprietary information
• Enterprise level risk
2016 ENTELEC Fall Seminar
Common Deployment and Related Concerns
Command Center/Operational Data Network
Solution
• Utilize SDN to bridge networks
• Device access based on credentials
• Comprehensive security strategy
• Redundancy at multiple levels
• Allow user access at multiple levels
• Allow encrypted connectivity for technicians
• Private, encrypted connectivity from NOC to
the PLC/RTU
2016 ENTELEC Fall Seminar
Questions?
Contact Info
Justin Hogue: Vice President, LEC
http://www.LECINC.com
Toll-Free: 1.800.439.8535
Phone: 601.906.1212
Eric Winsborrow: CEO, Distrix Networks
www.Distrix.com
Email: [email protected]
Phone: 604.736.6675