Intern / © Siemens AG 2015. Alle Rechte vorbehalten. siemens.com/answers
Segurança de acesso a dispositivos
em subestação de energia
CLASS´16- SCADA Security Conference
Intern / © Siemens AG 2015. Alle Rechte vorbehalten.
Seus dados ou dispositivos estão seguros???
Intern / © Siemens AG 2015. Alle Rechte vorbehalten.
Ameaças aos dados/dispositivos
Ameaças externas por vulnerabilidades:
•Sony Pictures atacada em novembro 2014
•Julho 2015 a italiana Hacking Team
•Site de encontros Ashley Madison
•Vulnerabilidade iCloud expõe celebridades
•Testes da revista Wired encontra brecha em veiculo inteligente
Necessária políticas de aplicação de “patchs” , uso conexões seguras etc
Intern / © Siemens AG 2015. Alle Rechte vorbehalten.
Ameaças aos dados/dispositivos
Ameaças internas:
•Engenharia social:
oE-mails infectados
oProgramas/”pen drives” com vírus
o“Pishing” de sites
•Vingança.....
Necessária políticas de controle de acesso e planos de contingencia
Intern / © Siemens AG 2015. Alle Rechte vorbehalten.
Alertas e padrões de segurança
Em abril de 2009, NERC emitiu anuncio publico alertando que o sistema
elétrico dos EEUU não estava adequadamente protegido contra a “guerra cibernética”
NERC (North American Electric Reliability Corporation) gerou padrões de
segurança.
Versão NERC 1300 conhecida como CIP-002-1 a CIP-009-1 (CIP=Critical
Infrastructure Protection).
Intern / © Siemens AG 2015. Alle Rechte vorbehalten.
Padrões NERC-CIP
CIP-002:
CIP-003:
CIP-004:
CIP-005:
CIP-006:
CIP-007:
CIP-008:
CIP-009:
Critical Cyber Asset Identification
Security Management Controls
Personnel and Training
Electronic Security Perimeter(s)
Physical Security of Critical Cyber Assets
Systems Security Management
Incident Reporting and Response
Planning Recovery Plans for Critical Cyber Assets
Intern / © Siemens AG 2015. Alle Rechte vorbehalten. siemens.com/answers
Solução Siemens para controle de
acesso
CrossBow
Intern / © Siemens AG 2015. Alle Rechte vorbehalten.
Background
Formerly Bow Networks, founded in 1986
Acquired by RuggedCom in November 2010
Based in Calgary; automation centre of excellence
Excellent customer references:
Duke Energy
National Grid USA
Southern California Edison
Pepco
First Energy
Manitoba Hydro
Tucson Electric
Intern / © Siemens AG 2015. Alle Rechte vorbehalten.
The Issue:
“How do we allow users to securely access
communications infrastructure, gateways and
remote IEDs, in compliance with NERC CIP?”
Goals for CrossBow:
Improve Security
User Authentication & Authorization, Granularity
Improve Productivity
Transparent Connection, Automated Tasks, Psswd Mgmt
Provide ALL Compliance Evidence
Audit Logs, NERC CIP Reports
Intern / © Siemens AG 2015. Alle Rechte vorbehalten.
Typical Architecture & Overview
CROSSBOW overview:
•Client-server architecture
•Vendor agnostic design
•Modular concept:
Main module:
Secure Access Manager (SAM)
Core of CrossBow
Optional modules:
Strong authentication using
Radius, Active Directory, RSA
Application Modules (CAMs):
Firmware version
Config. Monitoring
Data retreival
Station Access Controller (SAC)
“Runs on RX1500/RX5000”
Intern / © Siemens AG 2015. Alle Rechte vorbehalten.
What does CrossBow provide?
Security
•Individual user accounts with highly configurable permissions
•Two-factor authentication using RSA SecurID or RADIUS
•Audit log of all activity
•Role based user access control
•Local substation access control through Station Access Controller (ROX-based)
Enterprise integration
•Active Directory interface
•Reporting interface into Event management systems (Industrial Defender, TDi, OSIsoft)
•Microsoft SQL Server-based
•Publicly sourced or privately generated certificate structure may be used
NERC CIP compliance
•One-click compliance reports
•CROSSBOW closely follows the CIP requirements set out for access control and change management
Ease of administration
•Structured view of IEDs (region/substation/gateway)
•Grouping of devices and users
•Configurable sub-admins
Flexible architecture
•Client-server or “clientless” architecture using virtual desktops
•Available redundancy
•Dial-up or WAN
Intern / © Siemens AG 2015. Alle Rechte vorbehalten.
Perguntas?
Vitor Maganha, Field Application Consultant