Status Review SCADA Cyber SelfAssessment SCySAG Working Group - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

Status Review SCADA Cyber SelfAssessment SCySAG Working Group

Description:

Collaborating to Advance Control System Security. Status Review ... Ron Melton. Decisive Analytics Corporation. ron.melton_at_dac.us. Candace Sands. EMA ... – PowerPoint PPT presentation

Number of Views:48
Avg rating:3.0/5.0
Slides: 24
Provided by: maryb96
Category:

less

Transcript and Presenter's Notes

Title: Status Review SCADA Cyber SelfAssessment SCySAG Working Group


1
Status ReviewSCADA Cyber Self-Assessment
(SCySAG) Working Group
  • Brian Isle
  • March 6, 2007
  • Brian.isle_at_adventiumlabs.org
  • https//www.pcsforum.org/groups/68

2
Workshop Agenda
  • Review of the SCySAG activities and results
  • Status of requirements gap analysis for SCADA
    cyber security self assessment tools/methods
  • Gather input on priority of requirements gaps

3
Why SCySAG?
  • Pressing need to understand our SCADA cyber
    security readiness
  • What is the complete list of SCADA cyber security
    assessment requirements?
  • Which requirements are relevant to my sector?
  • How do IT and SCADA cyber security assessment
    differ?
  • What SCADA assessment requirements are unmet by
    existing tools and methodologies?

4
SCySAG Objective
  • Enable the development and use of the best
    possible next generation of self administered
    tools and methodologies for the assessment of the
    cyber security readiness of the process control
    systems.

By the term SCADA, we mean .. encompassing all
types of manufacturing plants and facilities, as
well as other processing operations such as
utilities, pipelines and transportation systems
or other industries which use automated or
remotely controlled assets.
5
SCySAG Core Team
  • Garill ColesPacific Northwest National
    Laboratory Garill.Coles_at_pnl.gov
  • Mark C. Morgen3M - Optical Systems Division
    mark.morgen_at_mmm.com
  • Carol MuehrckeCyber Defense Agency,
    LLCcmuehrcke_at_cyberdefenseagency.com
  • Matt EarleyDecisive Analytics Corporationmatt.ea
    rley_at_dac.us
  • Ron MeltonDecisive Analytics Corporationron.melt
    on_at_dac.us
  • Candace SandsEMAcsands_at_ema-inc.com
  • Brian IsleAdventium Labsbrian.isle_at_adventiumlabs
    .org
  • Cliff GlantzPacific Northwest National
    Laboratory cliff.glantz_at_pnl.gov

6
SCySAG Approach
  • Identify SCADA/PCS-unique characteristics
    Identify the set of SCADA-unique characteristics
    that one would expect to be addressed by tools or
    methodologies for cyber self assessment for these
    types of systems.
  • Select tools/methodologies Compiled a set of
    cyber security self-assessment tools/methodologies
    that we will consider as representative of the
    best available.
  • Identify Requirement Gaps Compare coverage by
    the tools/methodologies identified in Step 2 to
    Step 1 to identify gaps
  • Work to Fill Gaps Prioritize and fill the high
    priority requirement gaps

7
SCySAG Expected Impact
  • The results of this effort can be used by
  • Tool and methodology vendors to develop, deploy,
    and maintain an assessment solution
  • SCADA/PCS system vendors to create more secure
    systems
  • Standards bodies and groups
  • Owner/operators developing/validating their
    internal policies and procedures

8
Resources Reports
  • List of Source Material
  • See VA_Tool_list_v4.0.xls
  • SCySAG interim report
  • See Summary of SCADA Cyber Self-Assessment
    Methods and Tools Survey
  • Tool Methodology summary reports
  • See 9 summary reports
  • Tool Methodology coverage matrix
  • See Methodology-Tools_analysis_V01.xls
  • Ten reasons IT is different then PCS
  • See Top 10 list of the differences between IT.doc

https//www.pcsforum.org/groups/68/library/
9
List of Source Material
  • 100 entries (a pretty good list, but not
    comprehensive)
  • Tools
  • Methodologies
  • Standards
  • Reports
  • Guidelines
  • See VA_Tool_list_v4.0.xls
  • https//www.pcsforum.org/groups/68/library/

10
Sources of SCADA/PCS Unique Characteristics
11
Tools/Methodologies Summarized
12
Tool/Methodology Analysis Summary
  • Tools/methodologies are reviewed per SCADA/PCS
    Unique characteristics
  • Findings are documented in a summary format
  • Developed a Template for tools methodology
    review
  • 15 general questions
  • 19 Cyber specific questions
  • Technical coverage of SCADA/PCS unique elements
  • Planning external review by tool authors

13
Analysis Covers 15 General Questions
  • Overview
  • Assessment Process Features
  • Data Collection Approach
  • Detailed Operator Guidance
  • Results
  • Support for Ongoing Assessment Program
  • Applicability
  • Target Organization
  • Scope of Assessment
  • Coverage of Cyber Security
  • Target Audience for Results
  • Deployment Considerations
  • Learning curve
  • Cost
  • Schedule
  • Technical requirements
  • Installed base
  • Vendor support

14
Analysis Covers 19 SCADA/PCS-Cyber Topics
15
Example of Technical Coverage Summary VSAT
16
Summary Matrix Format
17
CS2SAT Initial Impressions
  • Intuitive to use (for IT tool experts)
  • Broadly applicable, including manufacturing
  • Requires multi-disciplinary assessment team (this
    is good)
  • Includes mitigation recommendations, references
    the standards
  • Self contained on CD
  • Able to select appropriate standards
  • Reports can be customized

18
CS2SAT Initial Impressions (continued)
  • Component level view point
  • Lacks system view
  • Questions can become repetitive
  • Consequences are at global level
  • Side note Consequences for cyber are difficult
    to assess
  • Doesnt provide comparison over time
  • Threat (i.e. adversaries) is not addressed
  • Less coverage for policy and planning
  • Risk Management and Implementation
  • Incident Planning and Response
  • Currently covers 3 standards

19
Gather input on priority of requirements gaps
20
Process Objective Desired Outcome
  • Objective
  • Identify the 3 to 5 highest priority cyber
    security assessment requirement gaps for each
    sector
  • water and waste water,
  • chemicals,
  • refining petrochemical,
  • oil gas,
  • cross-sector.
  • Capture the reasoning behind the prioritization

SCySAG will use the results to prioritize next
steps
21
Process -Steps
  • Five tables water and waste water, chemicals,
    refining petrochemical, oil gas, and
    cross-sector.
  • Each table has
  • Facilitator
  • Copies of the matrix with white, gray, and green
    spaces denoted
  • Large colored stickies
  • Black markers
  • Each table will
  • Discuss and prioritize the un-met requirements
    for their sector
  • Capture the reasoning behind the prioritization
  • Summarize the results
  • A spokes person for each table will
  • Briefly describe the priorities
  • Briefly describe reasoning for prioritization
  • Update the master chart with priorities

22
Process Each Table
  • Review the white gray spaces for your sector
    (10 min.)
  • Discuss and prioritize the white gray spaces
    (20 min.)
  • Which would be the most valuable to your sector
    to have covered with tools and support?
    Suggested criteria
  • 1) Perceived threat
  • 2) Impact if exploited
  • Identify the top 3 to 5 areas for your sector
  • Capture the reasoning behind the prioritization
    (20 min.)
  • Why are the top 3 to 5 the most valuable
  • Write 2-3 reasons for each on big stickies
  • A spokes person for each table will (25 min.)
  • Briefly describe the priorities and reasoning
  • Update the master chart with priorities
  • Observations, feedback, and wrap-up (5 min.)

23
Contact Information
  • Brian Isle, WG ChairAdventium Labsbrian.isle_at_adv
    entiumlabs.org
  • Tel 612-716-5604
  • Carol Muehrcke, co-ChairCyber Defense Agency,
    LLCcmuehrcke_at_cyberdefenseagency.com
  • Tel 651-770-6736
Write a Comment
User Comments (0)
About PowerShow.com