Download as pdf
Download as pdf
You are on page 1of 14
SIS Security Content: 7.1 Basics 7.2 SIS Security — Design 7.3 Basic Cyber Security Principles by “Viega and McGraw” 7.4 Maintenance/Engineering Interface Security Aloys ay} JO Sapis jUssE4IG — Ayunoag a Le | Aqundas | 2 : CoS ETP la ne B ne AMunoag 9 Ajayes Jo uoNejas05 ag Ajayes Jo uoleja1109 74 Basis Ea Safety & Security Standards The standard for Functional Safety The Standard for Cyber Security in the Process Industry (IEC 61511) (IEC 62443) Focus: Focus: + Management of Functional Safety «> + Management for IT Security + System Lifecycle +——— + Lifecycle for IT Security + Risk Analysis + + Risk Analysis for IT Security + Independent Layers of Protection «+ « Zones and Zone Conduits + Diversity (Separation) + Defense i + Physical Separation <«——— « Defense in Depth Concept + Access Control, Roles and Rights Maintaining Safety The likelihood of security incidents should not be underestimated + The probability of blocking a safety function needs to be sufficiently low, so that the overall risk reduction is maintained. + In low demand mode one single security event may impair (undetected) both, the SIS layer and the control layer simultaneously + In high demand mode a single security event may block a safety function and directly lead to a dangerous situation. 7. bass |= 7 ea Security Risk Assessment (SRA) JJ ASRA shall be carried out to identify the security vulnerabilities of the SIS and shall address: (IEC 61511-1:2016 Clause 8.2.4) Devices (e.g. SIS, BPCS) ~ check: + Operating systems + Network architecture Mobile data exchange via USB drives, CDs possible? Open protocols, e.g. HART + Identified threats that could result in security events {intentional attacks on HW, AP and related software as well as unintended events resulting from human error) + Consequences and the likelihood of the events occurring (= Security Risk!) + Plant shutdown due to operational uncertainty (operators confused) + Plant shutdown due to a provoked “fail safe” trip of SIS equipment + Equipment damage or destruction, harm and potentially loss of life Various phases such as design, implementation, commissioning, operation and maintenance 71 Basis Ea Security Risk Assessment (SRA) J) Information and control of boundary conditions needed for the SRA is typically with the owner/operator of the facility, not with the supplier. 3) Can be included in an overall process automation SRA and can range in focus from one SIF to all SISs within a company. IEC 61511-1:2016 Clause 8.2.4 7.2818 Secu ~Dosign Ea Objective and International Standards 3} The design of the SIS shall be such that it provides the necessary resilience against the identified security risks. (IEC 61511-1:2016 Clause 11.2.12) Guidance is provided by + ISATR84.00.09 + ISO/IEC 27001:2013 + IEC 62443-2-1:2010 72815 Secuty Design Ea Typical Measures for Preserving Security » Awareness Standards and publications on security deal with security awareness in detail. This is the basis of security! Any technical measure can only be successful if company personnel are sufficiently aware of security. This applies throughout the planning phase, start-up, operation and decommissioning. » Good Engineering Practice IT security is strictly related to the way of thinking of the parties involved. For this reason, the basic cyber security principles presented by Viega and McGraw (2002) are still of interest today and can be mentioned as good example. These principles do not provide 100 % protection. + They should help to achieve 80% of the possible risk reduction using 20% of the efforts. ee ee ea “Secure the Weakest Link” J} \dentify and reinforce the weakest link! What is the ues Programmable controllers...? ... Humans? ...PCs? 7.3 Basi Cyber Secu Pines by Vega and Mora Ea “Practice Defense in Depth” 3} Manage software risk by providing redundant security solutions. Usually, one level of redundancy is worthwhile; if more levels are needed depends on the particular project. it belt and braces... “Fail Securely” | 3), Make sure that if the system could possibly fail, it will fail in a secure manner! eer) Fail secu e.g. after 3 wrong entries the system must be locked — not open... Big point of discussion, because | availability is reduced! | “Follow the Principle of Least Privilege” 9} Do not give out more privileges ( reacoroer’ than necessary, and do not extend “~ privileges longer than necessary! % ge | fe = = | Z— 7 Ba Oper Set Pree by "Ven and tia ea 79 asi yor Soarty Pinch by “ga and Mera j> |=) 1.3 Basi Cyber Seourty Piles by ‘Vega and MoGraw Ea “Compartmentalize” 3) Try to keep failures in one part of a system from having an impact on the rest of the system! (ee id cael 7.9 Cyber Seely Pails "Veg and Mav Ea “Compartmentalize” — Example: Firewalls SL SL SL SL i qt) 2") 3) @ ow veya var ee *) detailed functions e.g, as per ISA TR 840009, SL = Security Level 7.3 Basic Cyber Security Principles by “Viega and McGraw’ “Keep it Simple, Stupid (KISS)” + Reduce system complexity (e.g. segregation, defense in depth, ...) + Improve competency of employers (awareness, education, ...) * Do only as much as necessary — if security measures are getting to complex, they will not be accepted anymore and most likely bypassed... 7.8 Basie Cyber Security Principlos by "Viega and McGraw" “Promote Privacy” 3) Don't give out any unnecessary information! ‘pauinbas 4! ‘saqsed-piiyy Juspuadeput anjoaut yng ‘AuedWoD sNoA JO yasanoX uo uaa ‘Apogdue uo ysnuj ;euoH|PUooUN jnd jou og ‘Q{qII/EJU JOU ae OJEMYJOS ayes JO SuainjoejnUeW UEAZ ff

You might also like