CLASS 2016 - Palestra Vitor Eduardo Lace Maganha

Intern / © Siemens AG 2015. Alle Rechte vorbehalten. siemens.com/answers

Segurança de acesso a dispositivos

em subestação de energia

CLASS´16- SCADA Security Conference

Intern / © Siemens AG 2015. Alle Rechte vorbehalten.

Seus dados ou dispositivos estão seguros???


Ameaças aos dados/dispositivos

Ameaças externas por vulnerabilidades:

•Sony Pictures atacada em novembro 2014

•Julho 2015 a italiana Hacking Team

•Site de encontros Ashley Madison

•Vulnerabilidade iCloud expõe celebridades

•Testes da revista Wired encontra brecha em veiculo inteligente

Necessária políticas de aplicação de “patchs” , uso conexões seguras etc


Ameaças aos dados/dispositivos

Ameaças internas:

•Engenharia social:

oE-mails infectados

oProgramas/”pen drives” com vírus

o“Pishing” de sites

•Vingança.....

Necessária políticas de controle de acesso e planos de contingencia


Alertas e padrões de segurança

Em abril de 2009, NERC emitiu anuncio publico alertando que o sistema

elétrico dos EEUU não estava adequadamente protegido contra a “guerra cibernética”

NERC (North American Electric Reliability Corporation) gerou padrões de

segurança.

Versão NERC 1300 conhecida como CIP-002-1 a CIP-009-1 (CIP=Critical

Infrastructure Protection).


Padrões NERC-CIP

CIP-002:

CIP-003:

CIP-004:

CIP-005:

CIP-006:

CIP-007:

CIP-008:

CIP-009:

Critical Cyber Asset Identification

Security Management Controls

Personnel and Training

Electronic Security Perimeter(s)

Physical Security of Critical Cyber Assets

Systems Security Management

Incident Reporting and Response

Planning Recovery Plans for Critical Cyber Assets

Intern / © Siemens AG 2015. Alle Rechte vorbehalten. siemens.com/answers

Solução Siemens para controle de

acesso

CrossBow


Background

Formerly Bow Networks, founded in 1986

Acquired by RuggedCom in November 2010

Based in Calgary; automation centre of excellence

Excellent customer references:

Duke Energy

National Grid USA

Southern California Edison

Pepco

First Energy

Manitoba Hydro

Tucson Electric


The Issue:

“How do we allow users to securely access

communications infrastructure, gateways and

remote IEDs, in compliance with NERC CIP?”

Goals for CrossBow:

Improve Security

User Authentication & Authorization, Granularity

Improve Productivity

Transparent Connection, Automated Tasks, Psswd Mgmt

Provide ALL Compliance Evidence

Audit Logs, NERC CIP Reports


Typical Architecture & Overview

CROSSBOW overview:

•Client-server architecture

•Vendor agnostic design

•Modular concept:

Main module:

Secure Access Manager (SAM)

Core of CrossBow

Optional modules:

Strong authentication using

Radius, Active Directory, RSA

Application Modules (CAMs):

Firmware version

Config. Monitoring

Data retreival

Station Access Controller (SAC)

“Runs on RX1500/RX5000”


What does CrossBow provide?

Security

•Individual user accounts with highly configurable permissions

•Two-factor authentication using RSA SecurID or RADIUS

•Audit log of all activity

•Role based user access control

•Local substation access control through Station Access Controller (ROX-based)

Enterprise integration

•Active Directory interface

•Reporting interface into Event management systems (Industrial Defender, TDi, OSIsoft)

•Microsoft SQL Server-based

•Publicly sourced or privately generated certificate structure may be used

NERC CIP compliance

•One-click compliance reports

•CROSSBOW closely follows the CIP requirements set out for access control and change management

Ease of administration

•Structured view of IEDs (region/substation/gateway)

•Grouping of devices and users

•Configurable sub-admins

Flexible architecture

•Client-server or “clientless” architecture using virtual desktops

•Available redundancy

•Dial-up or WAN


Perguntas?

Vitor Maganha, Field Application Consultant

[email protected]

Technology

CLASS 2016 - Palestra Vitor Eduardo Lace Maganha