4th Control System Cyber-Security Workshop (CS)2/HEP

Sunday 6 Oct 2013, 09:30 → 17:10 US/Pacific

Seacliff D, Bayview Level (The Hyatt Regency Embarcadero Center)

Stefan Lueders (CERN)

Since Stuxnet in 2010, attacks against industrial control systems are regularly reported in the media; new vulnerabilities are regularly published and exploited; and politicians become more and more concerned about the resilience of the control systems controlling a nations critical infrastructure...

Modern accelerator and detector control systems do not differ significantly from the control systems used in industry. Modern Information Technologies (IT) are commonly used, control systems are based more and more on common-of-the-shelf hardware/software (VME, PLCs, VxWorks, LynxOS, network switches, networked controls hardware, SCADA, commercial middleware, etc.) or Windows/Linux PCs. Furthermore, due to the academic freedom in the High Energy Physics community, control systems are produced in a wide, decentralized community, which leads to heterogeneous systems and often necessitates remote access. However, with this adoption of modern IT standards, control systems are also exposed to the inherent vulnerabilities of the corresponding hardware and software. The consequences of a security breach in an accelerator or detector control system might be severe, and attackers won't ignore HEP systems just because it's HEP.

Presentations by several HEP institutes worldwide on the application of Cyber-Security in Control Systems were given at the 3rd ICALEPCS conference. This new (CS)2/HEP workshop is intended to continue sharing and discussing counter-measures, to review configuration and development procedures for secure control systems, and to review the progress since the last (CS)2/HEP workshop.

Potential Keywords and topics are:

• Security, vulnerabilities and protective measures of front end devices (e.g. VME, LynxOS, VxWorks, PLCs, power supplies, networked controls hardware);
• Control network security, network architectures, network segregation, firewalling and intrusion detection;
• SCADA security, PC installation and management schemes;
• Secure ("Kiosk") operation in multi-user environments (e.g. at light-sources, where users change quite frequently);
• Authentication & Authorization on control systems;
• Remote operations and expert interventions;
• Software development and system configuration management;
• Security policies, best practices, security events and lessons learned.

1 Introduction to the 4th Control System Cyber-Security Workshop

Speaker: Dr Stefan Lueders (CERN)

Slides Control_System_Cyber-Security_@_CS2HEP_(2013).pdf Control_System_Cyber-Security_@_CS2HEP_(2013).pptx

2 Controls Cyber Security at PSI

At PSI the Controls section is responsible for the delivery and maintenance of the control system for large accelerator facilities. These are the High Intensity Proton Accelerator (HIPA), the Accelerator for the Proton Therapy Facility (PROSCAN), the Swiss Light Source (SLS), the SwissFEL 250MeV Injector Test Facility (SITF) and the RF C-band test facility for SwissFEL (TRFCB). The control system security is one of the important efforts of the Control section. The presentation will give an overview about security rules for Control System computers on the PSI facilities private networks, concepts for the control system network architecture, authentication and authorization, computers installation and configuration, as well as rules for software configuration and deployment.

Speaker: Renata Krempaska (PSI)

Slides ControlsCyberSecurity02102013_short.pdf ControlsCyberSecurity02102013_short.ppt

3 IEC 61850 industrial communication standards under test

IEC 61850, as part of the International Electro-technical Commission's (IEC) Technical Committee 57 (TC57), defines an international and standardized methodology to design electric power automation substations. It specifies a common way of communicating and integrating heterogeneous systems based on multivendor intelligent electronic devices (IEDs); these devices play a fundamental role in the control architecture of these electric power systems. IEDs are connected to Ethernet network and according to IEC 61850 their abstract data models have been mapped to the following communication protocols: MMS (Manufacturing Message Specification), GOOSE (Generic Object-Oriented Substation Event), SV (Sampled Values), and possible in the future Web Services. All of these protocols can run over TCP/IP networks, so they can be easily deployed and integrated with Enterprise Resource Planning (ERP) network; if this continuous integration on one hand provides economical and functional benefits for the companies, on the other hand it exposes the industrial infrastructure to the external existing cyber-attacks; so it is necessary to face with the changing threats and vulnerabilities of the entire cyber world. Within the Openlab collaboration between CERN and Siemens, a test-bench has been developed specifically to evaluate the robustness of industrial equipment (TRoIE). This paper describes the design and the implementation of the testing framework and in particular of that part used to evaluate the robustness of the IEC 61850 previously mentioned protocols implementations.

Speaker: Filippo Maria Tilaro (CERN)

Slides ICALEPCS_2013_Presentation_IEC-61850_Communication_Standards_under_test.pdf ICALEPCS_2013_Presentation_IEC-61850_Communication_Standards_under_test.pptx

10:35 Coffee Break

4 Remote Access to Experiment Controls

(to come)

Speaker: Peter Chochula (CERN)

Slides CHOCHULA_Security.pdf CHOCHULA_Security.pptx

5 Renewal of the remote maintenance system for the SPring-8 control system

We present renewal of the remote maintenance system for the SPring-8 control system, named "WARCS" (Wide Area Remote Control System). The WARCS (version 1, WARCSv1) was assembled using open-sourced database and tunneling applications in 2003.[1] However, we had faced problem of connectivities, blocked by the recent network policies. We also found that the WARCSv1 has Man-In-The-Middle vulnerability in the authentication process. Therefore, we decided to renew the WARCS using standard AAA framework and VPN technologies. In 2012, we installed the new WARCS (version 2, WARCSv2) in both the SPring-8 control system and the SACLA control system. In this talk, we present overview of the WARCSv2 compared with the WARCSv1, with special emphasis on the vulnerability of the WARCSv1. [1] A. Yamashita and Y. Furukawa. "WARCS: WIDE AREA REMOTE CONTROL SYSTEM IN SPRING-8". In Proceedings of ICALEPCS 2005, Geneva, Switzerland, 2005.

Speaker: Dr Takashi SUGIMOTO (Japan Synchrotron Radiation Research Institute)

Slides CS2HEP_sugimoto-47.pdf CS2HEP_sugimoto-47.pptx

6 Authentication and Authorization for the ESS Control System

Role Based Access (RBAC) developed at CERN provides access control for the LHC controls system. It has been deployed for a few years, and is a mature and tested implementation of access control for a large and complex system with many users. The LHC control system is based on a proprietary protocol. Channel Access, the protocol for the EPICS control system, has grown in popularity and is used for many scientific sites including ESS. This presentation is a proposal to adapt CERN’s RBAC to Channel Access in the context of the European Spallation Source (ESS) control system. ESS includes a linear proton accelerator, a heavy-metal target station, a large array of state-of-the-art neutron instruments, a suite of laboratories, and a supercomputing data management and software development center. The ESS control system is to provide an integrated approach to the site including all components and conventional facilities, making role based access control essential.

Speaker: Suzanne Gysin (ESS)

Slides ESS_A&A_2013_Gysin.ppt

12:35 Lunch Break

7 IT Security for the LHCb experiment

(to come)

Speaker: Enrico Bonaccorsi (CERN)

Slides icalepcs_cyber_security_workshop_-_2013.pdf icalepcs_cyber_security_workshop_-_2013.pptx

8 Disconnecting controls --- implications and findings

This is a presentation on the CERN "TN Disconnection Test" which separated the CERN Computer Centre from the technical infrastructure for half a day. After introduction of the overall layout, results, findings and implications are given.

Speaker: Dr Stefan Lueders (CERN)

Slides Disconnecting_Controls_@_CS2HEP2013.pdf Disconnecting_Controls_@_CS2HEP2013.pptx

9 Technical, Legal, and Social Issues in Control Systems: Past, Present, Future

Control systems in physics, as well as non-scientific arenas, have been targeted for attack by governmental and non-governmental entities alike. The move toward use of a network bus architecture, concomitant with the opening of networks to commercial, private, and public access, increases security, safety, and privacy issues immensely. Protocols and systems developed for a sandbox environment frequently did not take into account the opening of networks to world-wide access. Private networks are no longer private; NAT can be easily bypassed; the need to transfer source code, configurations, firmware, opens up multiple attack vectors, at least some of which can not be eliminated. Risk analysis is frequently used to determine local policies. Legal and financial issues introduce additional factors into those policies. Even so, recent revelations about governmental and private coordination of network traffic monitoring and attacks introduce new factors not previously considered in this risk analysis. Quality management techniques such as RIPE (http://www.langner.com/en/wp-content/uploads/2013/09/The-RIPE-Framework.pdf) can be applied to suggest best practices. However, even those do not always allow for deep technical analysis. We discuss legal, technical, and social issues involved in dealing with the difficult situation of modern networked control systems, with examples from our clinical accelerator.

Speaker: Stefani Banerin (UW School of Medicine)

Slides 2013_Banerian_ICALEPCS.1.2.ppt

15:55 Coffee Break

10 Integrating Controls Cyber Security with Corporate IT: a management perspective

(to come)

Speaker: Dr Enzo Carrone (SLAC)

Slides Cybersecurity_and_Corporate_IT_-_E._Carrone_-_ICALEPCS_2013.pdf Cybersecurity_and_Corporate_IT_-_E._Carrone_-_ICALEPCS_2013.pptx

11 Discussion

Speaker: Dr Stefan Lueders (CERN)

Slides Discussion_@_CS2HEP_(2013).pdf Discussion_@_CS2HEP_(2013).pptx