SIS Security
Content:
7.1 Basics
7.2 SIS Security — Design
7.3 Basic Cyber Security Principles by “Viega and McGraw”
7.4 Maintenance/Engineering Interface SecurityAloys ay} JO Sapis jUssE4IG — Ayunoag
a Le |
Aqundas |
2 : CoS
ETP la
ne
B ne
AMunoag 9 Ajayes Jo uoNejas05 ag Ajayes Jo uoleja110974 Basis Ea
Safety & Security Standards
The standard for Functional Safety The Standard for Cyber Security
in the Process Industry (IEC 61511) (IEC 62443)
Focus: Focus:
+ Management of Functional Safety «> + Management for IT Security
+ System Lifecycle +——— + Lifecycle for IT Security
+ Risk Analysis + + Risk Analysis for IT Security
+ Independent Layers of Protection «+ « Zones and Zone Conduits
+ Diversity (Separation)
+ Defense i
+ Physical Separation <«——— « Defense in Depth Concept
+ Access Control, Roles and Rights
Maintaining Safety
The likelihood of security incidents should not be underestimated
+ The probability of blocking a safety function needs to be sufficiently
low, so that the overall risk reduction is maintained.
+ In low demand mode one single security event may impair (undetected)
both, the SIS layer and the control layer simultaneously
+ In high demand mode a single security event may block a safety function and
directly lead to a dangerous situation.
7. bass |=7 ea
Security Risk Assessment (SRA)
JJ ASRA shall be carried out to identify the security vulnerabilities of the SIS
and shall address: (IEC 61511-1:2016 Clause 8.2.4)
Devices (e.g. SIS, BPCS) ~ check:
+ Operating systems
+ Network architecture
Mobile data exchange via USB drives, CDs possible?
Open protocols, e.g. HART
+ Identified threats that could result in security events
{intentional attacks on HW, AP and related software as well as unintended events resulting from
human error)
+ Consequences and the likelihood of the events occurring (= Security Risk!)
+ Plant shutdown due to operational uncertainty (operators confused)
+ Plant shutdown due to a provoked “fail safe” trip of SIS equipment
+ Equipment damage or destruction, harm and potentially loss of life
Various phases such as design, implementation, commissioning, operation and
maintenance
71 Basis Ea
Security Risk Assessment (SRA)
J) Information and control of boundary conditions needed for the SRA is
typically with the owner/operator of the facility, not with the supplier.
3) Can be included in an overall process automation SRA
and can range in focus from one SIF to all SISs within a company.
IEC 61511-1:2016 Clause 8.2.47.2818 Secu ~Dosign Ea
Objective and International Standards
3} The design of the SIS shall be such that it provides the
necessary resilience against the identified security risks.
(IEC 61511-1:2016 Clause 11.2.12)
Guidance is provided by
+ ISATR84.00.09
+ ISO/IEC 27001:2013
+ IEC 62443-2-1:2010
72815 Secuty Design Ea
Typical Measures for Preserving Security
» Awareness
Standards and publications on security deal with security awareness in detail.
This is the basis of security!
Any technical measure can only be successful if company personnel are sufficiently aware
of security.
This applies throughout the planning phase, start-up, operation and decommissioning.
» Good Engineering Practice
IT security is strictly related to the way of thinking of the parties involved.
For this reason, the basic cyber security principles presented by Viega and McGraw
(2002) are still of interest today and can be mentioned as good example. These principles
do not provide 100 % protection.
+ They should help to achieve 80% of the possible risk reduction using 20% of the
efforts.ee ee ea
“Secure the Weakest Link”
J} \dentify and reinforce the weakest link!
What is the
ues
Programmable controllers...? ... Humans? ...PCs?
7.3 Basi Cyber Secu Pines by Vega and Mora Ea
“Practice Defense in Depth”
3} Manage software risk by providing redundant security solutions.
Usually, one level of redundancy is worthwhile; if more levels are
needed depends on the particular project.
it
belt and braces...“Fail Securely”
| 3), Make sure that if the system could possibly fail, it will fail in a secure manner!
eer) Fail secu
e.g. after 3 wrong entries the system
must be locked — not open...
Big point of discussion, because
| availability is reduced!
| “Follow the Principle of Least Privilege”
9} Do not give out more privileges ( reacoroer’
than necessary, and do not extend “~
privileges longer than necessary! % ge
| fe = =
| Z—
7 Ba Oper Set Pree by "Ven and tia ea
79 asi yor Soarty Pinch by “ga and Mera j> |=)1.3 Basi Cyber Seourty Piles by ‘Vega and MoGraw Ea
“Compartmentalize”
3) Try to keep failures in one part of
a system from having an impact
on the rest of the system! (ee id
cael
7.9 Cyber Seely Pails "Veg and Mav Ea
“Compartmentalize” — Example: Firewalls
SL SL SL SL
i qt) 2") 3)
@ ow veya var
ee
*) detailed functions e.g, as per ISA TR 840009, SL = Security Level7.3 Basic Cyber Security Principles by “Viega and McGraw’
“Keep it Simple, Stupid (KISS)”
+ Reduce system complexity (e.g. segregation, defense in depth, ...)
+ Improve competency of employers (awareness, education, ...)
* Do only as much as necessary — if security measures are getting to
complex, they will not be accepted anymore and most likely bypassed...
7.8 Basie Cyber Security Principlos by "Viega and McGraw"
“Promote Privacy”
3) Don't give out any unnecessary information!‘pauinbas 4! ‘saqsed-piiyy Juspuadeput anjoaut yng ‘AuedWoD sNoA
JO yasanoX uo uaa ‘Apogdue uo ysnuj ;euoH|PUooUN jnd jou og
‘Q{qII/EJU JOU ae OJEMYJOS ayes JO SuainjoejnUeW UEAZ ff