5th Control System Cyber-Security Workshop (CS)2/HEP

Sunday 18 Oct 2015, 09:20 → 17:30 Pacific/Auckland

Room 108 (Melbourne Convention and Exhibition Centre (MCEC))

Stefan Lueders (CERN)

Since Stuxnet in 2010, attacks against industrial control systems are regularly reported in the media; new vulnerabilities are regularly published and exploited; and politicians become more and more concerned about the resilience of the control systems controlling a nations critical infrastructure...

Modern accelerator and detector control systems do not differ significantly from the control systems used in industry. Modern Information Technologies (IT) are commonly used, control systems are based more and more on common-of-the-shelf hardware/software (VME, PLCs, VxWorks, LynxOS, network switches, networked controls hardware, SCADA, commercial middleware, etc.) or Windows/Linux PCs. Furthermore, due to the academic freedom in the High Energy Physics community, control systems are produced in a wide, decentralized community, which leads to heterogeneous systems and often necessitates remote access. However, with this adoption of modern IT standards, control systems are also exposed to the inherent vulnerabilities of the corresponding hardware and software. The consequences of a security breach in an accelerator or detector control system might be severe, and attackers won't ignore HEP systems just because it's HEP.

Presentations by several HEP institutes worldwide on the application of Cyber-Security in Control Systems were given at the 4th ICALEPCS conference. This new (CS)2/HEP workshop is intended to continue sharing and discussing counter-measures, to review configuration and development procedures for secure control systems, and to review the progress since the last (CS)2/HEP workshop.

Potential Keywords and topics are:

• Security, vulnerabilities and protective measures of front end devices (e.g. VME, LynxOS, VxWorks, PLCs, power supplies, networked controls hardware);
• Control network security, network architectures, network segregation, firewalling and intrusion detection;
• SCADA security, PC installation and management schemes;
• Secure ("Kiosk") operation in multi-user environments (e.g. at light-sources, where users change quite frequently);
• Authentication & Authorization on control systems;
• Remote operations and expert interventions;
• Software development and system configuration management;
• Security policies, best practices, security events and lessons learned.

CS2HEP @ ICALEPCS (2015).pdf

CS2HEP @ ICALEPCS (2015).pptx

09:30 → 09:45 Introduction to the 4th Control System Cyber-Security Workshop

Speaker: Dr Stefan Lueders (CERN)

Control System Cyber-Security @ CS2HEP (2015).pdf

Control System Cyber-Security @ CS2HEP (2015).pptx

09:45 → 10:30 Centralized configuration of Role-Based authentication in JCOP Framework

The access control for the Human Machine Interfaces (HMIs) of CERN control systems is based on the access control component of the CERN-developed Joint Controls Project Framework. This component ensures the protection from non-malicious actions at the UI level and provides a role-based authorization mechanism to define the level of access for different users. In large control systems the access control configuration becomes complex, requiring the integration of additional tools to assist with the setup and storage of the configuration data. We present a method to automate the configuration of the authorization data, including user accounts, roles, domains and privileges from central CERN user-management resources. Following this approach, authorization, authentication and user management are completely delegated to existing identity management tools that are shared with other applications outside the control system.

Speaker: Lorenzo Masetti (CERN)

AccessControlSync.pdf

10:30 → 11:00 Coffee Break

11:00 → 11:30 DAQ control system for multi-beamline simultaneous experiments at SACLA

SACLA is an X-ray free electron laser facility in Japan. In spring of 2011, the first beamline (BL3) opened door for scientific experiments. The another beamline (BL2) is also available for scientific use in autumn of 2014. Fast-switched beam delivery to BL2 and BL3 is planned in fiscal year 2015, then we will provide more opportunity to perform experiments at SACLA. Since the experimental procedure of beamlines are different, we must segregate these DAQ control system each other. In summber of 2014, we recomposed computing and network system for the simultaneous experimental use. In this talk, we present the overview of the beamline network of SACLA with comparison of that of SPring-8. We also show some security trouble after the recomposition of the network system.

Speaker: Takashi SUGIMOTO (Japan Synchrotron Radiation Research Institute)

CS2HEP2015_SUGIMOTO_44.pdf

CS2HEP2015_SUGIMOTO_44.pptx

11:30 → 12:00 Cyber Security Assessment of the Spallation Neutron Source at Oak Ridge National Laboratory

Amid regular news reports of cyber breaches at power plants, wastewater treatment facilities and other industrial control systems used for critical infrastructure, the Office of Internal Assessment at Oak Ridge National Laboratory (ORNL) was directed to evaluate the cyber security posture of industrial control systems implemented at ORNL nuclear and accelerator facilities. The assessment focused on the two ORNL neutron user facilities: the accelerator based Spallation Neutron Source (SNS) and the High Flux Isotope Reactor (HFIR). The assessment considered both the internal and external technical controls for protecting mission critical assets. This report will discuss the approach used for the audit, SNS preparations for the audit and lesson learned.

Speaker: Karen White (Oak Ridge National Laboratory)

SNS Cyber for CS Workshop.pdf

SNS Cyber for CS Workshop.pptx

12:00 → 12:30 Testing device robustness with fuzzing

In the past few years, the landscape of cyber threats against critical infrastructures has dramatically changed, with the advent of sophisticated and targeted attacks backed by large and extremely well organized teams. Vendors and asset owners have been implementing the required policies and best practices to reduce the chances of a disaster reoccurring, but we can argue that the foundations are still shaky, as actual devices are still not subject to rigorous robustness testing. In this talk, we will take a look at initiatives launched by the French National Agency for Information Systems Security (ANSSI) and the German Federal Bureau for Cybersecurity (BSI) to offer an open-source fuzzing platform that will support both a black-box, fire-at-will testing approach and a much more surgically precise way of testing network-enabled industrial control devices.

Speaker: Brice Copy (CERN)

CS2HEP Workshop - Open source fuzzing.pdf

CS2HEP Workshop - Open source fuzzing.pptx

12:30 → 13:45 Lunch Break

13:45 → 14:15 Finding Our Skeletons: Information Security Assessment of CERN Access and Safety Systems

Access and safety systems are considered critical in organizations, and they are therefore usually well isolated from the rest of the network. However, recent years have seen a number of cases, where such systems were compromised even when supposedly well protected. The tendency has also been to increase information exchange between these systems and the outside world to facilitate operation and maintenance. In order to gain insight on the overall level of information security of CERN access and safety systems, we carried out a security assessment of two of the most visible ones, LHC and PS access systems. In addition to a purely theoretical evaluation of their architecture and implementation, we carried out active probing and penetration testing of the various subsystems and devices on our test bench installations. The results were interesting, to say the least, and served to emphasize the need to question even things normally taken for granted.

Speaker: Timo Hakulinen (CERN)

CSSS_Cyber_security_ICALEPCS15.pdf

CSSS_Cyber_security_ICALEPCS15.pptx

14:15 → 14:45 5 Challenges Securing the LHC

The Large Hadron Collider (LHC) at the European Organization for Nuclear Research is a unique one-off prototype within the particle physics community. The accelerator itself and its attached experiments are development, managed and operated from a world-wide community of physicists, engineers and technicians. As such, "one-off prototype" and "world-wide community" plus the general attitude of an academic environment present particular challenges in securing the multitude of different control systems deployed for running the LHC and its experiments. This presentation will focus on the five most serious challenges and how they were overcome.

Speaker: Stefan Lueders (CERN)

5 Challenges to Secure the LHC @ CS2HEP (2015).pdf

5 Challenges to Secure the LHC @ CS2HEP (2015).pptx

15:00 → 15:30 Coffee Break

15:30 → 16:30 Discussions

Potential discussion topics: - Implementing Multi Factor Authentication - Reduction of "privileged users" on controls devices - How to have a QA process for software development and a secure software development life-cycle - The fallout of Windows XP's death - Virus scanning on control PCs and other cyber Security tools which can benefit (e.g. Firewall, IDS/IPS, white listing software, patch management, system hardening) - Maintaining private networks with consumer-grade equipment - The buying and selling of 0-day vulnerabilities, with the participation of governments. - Governments sabotaging good standards (e.g. encryption) - Specific Policy & Standards and Governance on Control System Cyber Security – Are there any organisation that has them, at the control system level?, or the IT ones are used instead? - Cyber security audits/ KPI/metrics. Is it common to have specific audits on Control System Cyber security? What do organisations audit/report on? - Are security incidents being logged or tracked, are we experiencing an increase over the last few years? - Would people in the workshop be interested in creating a Survey around Control system Cyber Security? Organisations could opt to participate in completing the survey and then we could get a good picture where our community is heading to and what are the main areas of interest/concern.

Speaker: Dr Stefan Lueders (CERN)

Discussion @ CS2HEP (2015).pdf

Discussion @ CS2HEP (2015).pptx