Agenda

Transcription

Agenda
Agenda
1.
2.
3.
4.
5.
Alliance Automation Overview
Actual Cases in the Industry
Discussion on Improvements
Live Practical Demo
Questions
Alliance
Automation
Our Mission
To provide quality, value adding solutions to our customers
that not only meet but exceed their expectations, needs and
requirements.
Partners in Automation
www.allianceautomation.com.au
Brisbane – Sunshine Coast – Dalby
Our Company Values
Our Culture
•
TEAM
–
–
–
•
Mutual respect, support and development
Taking ownership and responsibility
Work hard and play hard
Excellence
–
–
•
Passion for quality & continual improvement
Differentiate with innovative value adding solutions
Enjoy and celebrate success
Our Values
•
People
–
–
–
•
Customers
–
–
–
•
Our People are our most valued asset
Equality and open communication
Invest in development and training
Our customers are our highest priority
Relationship and trusted partnership
Exceed expectations
Integrity
–
Trust, Honesty, Ethics
Our People
Our Services
•
–
–
–
•
System Design
–
–
–
•
Project planning & control
Cost & Risk management
Vendor / third party management
•
–
–
–
Concept to
Completion
•
Power Analysis, load and fault studies
MV / LV design
MCC and Panel Design.
Control Panels
MCC Construction
Skid Fabrication
Electrical Installation
–
–
–
•
Instrumentation, Control & Electrical
Integration & implementation
Commissioning & 24/7 support
Manufacturing
–
–
–
Scope & requirements definition
Solution design
DCS, PLC, SCADA, MIS standards and design
Electrical Design
Project Engineering
–
–
–
Executive & stakeholder workshops
Best practice assessment
Business case and ROI assessment
Project Management
–
–
–
•
•
Consultancy
Construction Management
Power, panel, MCC, lighting installation
System commissioning.
Systems Support
–
–
–
Support level agreements
Spares management
24/7 support
Our Approach – Project Delivery
Market Focus and Customers We Serve
MMM
OIL & GAS
WWW
Infrastructure
Industry
What value can
we add
Your Challenges…?
Business Challenges
Volatile economy
Tighter compliance regulations
Demand for shareholder returns
Changing market needs
Rising Costs
Balance operating and maintenance
budgets
Maximise production efficiency
Improve quality
Ensure operations are safe and reliable
Typical Project Requirements
Deliver Business Requirements
Optimise project workflows
Ensure delivery and process is safe and reliable
Minimise risk
Ensure quality
Delivery on schedule and on budget
Lifecycle Management – Design, Install, Maintain, Upgrade
Lower total cost of ownership
RISK
Typical View of Projects
Management, standards, networking, interfaces, coordination, schedule
Power
Distribution
Motor Control
R
I
S
K
Automation
R
I
S
K
Performance
Management
Instrumentation
R
I
S
K
R
I
S
K
Multiple Vendors, often viewed in isolation. Increases risk to cost, quality and schedule
Best Practice
Best Practice
•
Hardware is <30% of the project cost but
attracts the most focus.
•
Automation Best Practice contributes
directly to:
–
–
–
–
–
–
Project Risk
Schedule & Cost
Commissioning time
Plant performance
Maintenance operation
Cost of ownership
Integrated Solution to decrease risk and cost
Engineering
SINGLE VENDOR
Consultancy
Project Management
Third Party Vendor
Management
System Design
Electrical Design
System Integration
Switchboards, MCCs,
Panel manufacture
Site Installation
Commissioning
SLA 24/7 support
MIS
HMI
Maintenance
/ Support
Energy
Management
Power
Distribution
DCS
Networking
Control
System
Telemetry
Devices &
Instrumentation
Alliance Automation offers Single Source – Single Design Responsibility,
third party vendor management and Seamless integration
Motor
Control
Project Lifecycle – alternate approach
Typical Lifecycle Stages and Engagement
Feasibility Conceptual
Design
EPC
EPC
Approval
EPC
Front End
Design
EPC
Functional
Design
Alliance
“Detailed
Design”
EPC
Detailed
Engineering
Alliance
Contractor
Engagement
EPC
Build &
Install
Alliance
Commission
Alliance
Operational
Support
Alliance
Opportunity to improve schedule whilst reducing overlap, duplication, risk and cost
Feasibility Conceptual
Design
Alliance
Alliance
Approval
EPC
Functional
Design
Alliance
Detailed
Engineering
Alliance
Build &
Install
Alliance
Commission
Alliance
Operational
Support
Alliance
Control Systems
Cyber Security Approach
Mistakes and Improvements
Jasenko Sabljić
Partners in Automation
www.allianceautomation.com.au
Brisbane – Sunshine Coast – Dalby
Are we aware of
the risks
Repository of Industrial Security Incidents
Internal Incidents - 2010
© 2010 The Security Incidents Organisation http://www.securityincidents.net/index.php/products/indepth/risi_online_access/
Repository of Industrial Security Incidents
Accidental Incidents - 2010
44% of all incidents reported in the RISI are accidental cyber incidents
© 2010 The Security Incidents Organisation http://www.securityincidents.net/index.php/products/indepth/risi_online_access/
Repository of Industrial Security Incidents
Incident Types - 2010
© 2010 The Security Incidents Organisation http://www.securityincidents.net/index.php/products/indepth/risi_online_access/
Repository of Industrial Security Incidents
Who is getting attacked - 2010
© 2010 The Security Incidents Organisation http://www.securityincidents.net/index.php/products/indepth/risi_online_access/
Security by Obscurity is sufficient ?
Schoolboy hacks into city’s tram system - 2008
A teenage boy who hacked into a Polish tram system used it like “a giant train set”, causing
chaos and derailing four vehicles
The 14 year old, described by his teachers as a model pupil and an electronics “genius”,
adapted a television remote control so it could change track points in the city of Lodz.
12 People injured in one derailment
4 Trams derailed
Numerous emergency stops
Changed the points for a prank
http://www.telegraph.co.uk/news/worldnews/1575293/Schoolboy-hacks-into-citys-tram-system.html
How to mitigate the risk?
Implement Adequate Train Control Systems
Ensure Interlocks are accurately designed and implemented as part of the system
Use a Train Describer to plan, track and monitor Tram movements through energised tracks
Inform Operators and Drivers of the
situation in the field on SCADA and Field
Signalling
Alarm Operators and Drivers of Abnormal
situations
Secure the communications channels
Example of a Invensys Rail – SystematICS Platform
http://wrsa.com.au/DEPT/Marketing/common/datasheets.nsf/96dcdd1c8dd4d06d4a2567c4000fd98e/c1b8e39637ec308cca2570c10081065c/$FILE/SystematICS%20brochur
e.pdf
What are the Motives?
Zombies Ahead - 2009
In Austin Texas signs changed at night
Left unlocked with default passwords
Opportunistic event without harm
For Entertainment only
http://www.foxnews.com/story/0,2933,484326,00.html
What are the Motives?
Maroochy Incident - 2001
Disgruntled employee releases up to 1 million
litres of sewerage
Site RTUs
Site Radios
Access to Telemetry Control System via stolen
radio, SCADA Software and RTU Software
Changing Control Variables from his car in the
field with a mobile radio antenna
Radio
Repeater
Master Radio
Jailed for 2 years for the incident
Did not get a job that he was expecting from
the Council
Master RTU
SCADA Server
http://www.theage.com.au/articles/2003/06/21/1056119529509.html
http://www.theregister.co.uk/2001/10/31/hacker_jailed_for_revenge_sewage/
How to mitigate the risk?
Secure the Communications Channels - Telemetry
Radio network can be encrypted to decrease visibility
Decreased visibility reduces maintainability and troubleshooting for owners
Encryption (DNP3 Secure for ex.) reduces communications performance
Implement current standard protocols (Limited to hardware platform compatibility)
Maintainability over Security
Implement SCADA user access view/acknowledge/change setpoint on PCS
Discourage automatic login of generic full access user to PCS
Implement automatic daily event checks of critical site control values
Implement Version Control software for RTU/PLC/SCADA Code
Investigate the use of encrypted communications across radio channels
Air Gap Security?
Virus Infects International Space Station Laptops - 2008
Not a first time incident
Spread aboard the ISS on multiple computers
No Direct internet access
Expected spread by a USB drive
http://www.guardian.co.uk/technology/2008/aug/28/spacetechnology.spaceexploration/
Air Gap Security?
Stuxnet Virus infects Iranian Nuclear Program - 2010
2 x Zero Day Exploits
Stolen Valid Signatures
Specific Target
Spread by a USB drive
http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet
ICT Patching Approach in PCS Space?
Software Update shuts down Hatch Power Plant - 2008
ICT Updates computer on plant business network
Reboot after update causes a Control System Reset
Plant in Emergency Shutdown for 48 Hours
Costs of $1 Million per day incurred
http://articles.washingtonpost.com/2008-06-04/news/36929595_1_systems-computer-nuclear-regulatory-commission
How to mitigate the risk?
Implement Adequate Bench Testing Environments
Use of Virtualisation Technologies to minimize the cost of system implementation
Expand Virtualisation in Production Environments
Raise awareness of ICT staff on the PCS Systems requirements through system training
Implement Operating System Patching Procedure
Utilise the Bench Testing environment to prove the Patching impact on Production systems
Considerable effort to be spent on identifying all PCS related assets on the network
Carefully design automated patching to not impact live production environments
Availability, Integrity, Confidentiality
Host Intrusion Detection Systems (HIDS)
HIDS can be used to monitor the mainly static PCS Systems for any change
Will not stop the infection but will notify the administrator of a change
Works in conjunction with a Whitelisting approach
Other Intrusion Detection Systems (IDS) Categories
Network Intrusion Detection Systems (NIDS)
Intrusion Prevention Systems (IPS)
Anti-Virus/BOT Scanners (AVS)
ICT Networking Approach in PCS Space?
180 Data Logging Instruments on public WAN - 2013
Data loggers connected to a well known carrier’s public network unprotected
Simple Shodan search revealed the devices connected on the internet
Carrier notified of the issue in May
Discussed at the AusCERT 2013 Conference at the Control Systems Forum (by members of the SCADA Community of Interest (SCADA COI)
http://www.shodanhq.com/
ICT Networking Approach in PCS Space?
Data Loggers still on public WAN
Still found today
Shows Location
Shows device type
Provides web interface
ICT Networking Approach in PCS Space?
Data Loggers still on public WAN
Plug & Play access
SCADA Entry Point
Potential “Easy” Target
Cost Savings by Remote Operation?
Integrated Control Centers (BHP and Rio Tinto)
Large FIFO Workforce cost prohibitive
Integrated Control more efficient
Knowledge Sharing increased
Improved Operator Work/Life Balance
http://www.afr.com/p/business/companies/rio_tinto_puts_autopilot_to_work_fhAAKq8KDpTm9gj2KdcrPI
http://www.itnews.com.au/Gallery/348722,photos-inside-bhp-billitons-iroc-control-centre.aspx/4#pic
Cost Savings by Remote Operation?
Driverless Trains in the Pilbara
Loss of jobs – Potential for Disgruntled employees
Automation & remote operations of large equipment increases safety risks
http://www.brisbanetimes.com.au/queensland/automation-drives-workers-out-of-mining-jobs-20130726-2qph4.html
How to mitigate the risk?
Re-educate Network Access Best Practices
Phase out technologies with potential security implications (PC Anywhere, VNC)
Discourage Screen Sharing approach
Use of client remote access machines in DMZ instead of direct access to SCADA LAN Servers
Encourage use of DMZ jump box’s where performance is not impeded
Implement restricted user access via a two factor authentication
Lock down access to specific protocols and IP addresses
Implement a Defence in Depth Strategy
Stakeholder Awareness of Risks?
Operators and Owners Active Participation
Since early 2000’s a program in place between Computer Emergency Response Team (CERT)
Australia and the US Department of Homeland Security (DHS) Idaho National Laboratories (INL)
SCADA Community of Interest active from early 2000’s with participants from Industry sharing
experiences and contributing to raise awareness to PCS Security best practices
35 Operators & Owners sent twice a year for a week to get practical experience
Large scale training exercise (40 people) over a 12 hour period (Blue Team / Red Team)
Queensland University Of Technology Program created in 2013 to replicate the PCS vulnerability /
hacking aspect of the INL Training
ABC1 Catalyst Program on 30th of June had a 30 minute special on the Control System security and
coverage of the Queensland University of Technology Program.
http://www.inl.gov/scada/training/advanced_scada.shtml
http://ics-cert.us-cert.gov/Calendar
Stakeholder Awareness of Risks?
Reduced investment in a Downturn
CERT Australia cooperation with DHS INL postponed in 2013 until further notice
SCADA Community of Interest (COI) meetings postponed in 2013 until further notice
Queensland University Of Technology Program held only once in 2013. Second event cancelled due
to lack of participation.
Training budgets across the industry drastically reduced
Engineering Design scoped down to bare minimum
Practical Presentation
Back Track 5 Tools
http://www.backtrack-linux.org/
Network Topology Implementations
Legacy Designs
Operations Department Managed Fibre, Microwave, Radio, ADSL, VPN, Remote Access
implementation
Local VPN Logins or Operations Managed Radius RSA Authentications
No or minimal monitoring of firewall logs
No or minimal reviews of firewall rules and user access restrictions
Network Topology Implementations
Network as a Service Designs
Primarily ICT Managed and Designed Networks
Preference of “Non Static” Implementations (BGP, Dynamic Routes, …. )
Provision of “a SLA Service Agreement” – Questionable if adequate
Split between provision of network connectivity and user access restrictions
Unawareness of Control Systems network sensitivities (NAT, Segmentation)
Network Topology Implementations
Inherent Control System Limitations on Topologies
CitectSCADA Web Server design limitations
ClearSCADA Web Server design without the limitations (Same supplier as CitectSCADA)
Historian design Limitations
Reports Server design without the limitations (Same supplier as CitectSCADA)
Questions