Introduction to the 2nd Control System Cyber-Security Workshop

Standards Based Measurable Security for Embedded Devices

• Brice Copy (CERN)

Control systems are now routinely connected with enterprise networks and even wide area networks, opening their components to a large array of cyber security threats. Facing threats on such a large scale can now longer solely be done through ad-hoc incident response and post-mortem activities. Defense in depth strategies are being widely adopted and advocated through emerging control systems specific cyber security standards [1]. With these strategies comes the need to accurately prioritise risks and manage system assets, in order to implement measured, tailored security restrictions and automatically assess damages to provide efficient and precise incident response. Eventually, an organization must be able to measure incidents trends and evaluate business impact to feed constant security policy reviews. CERN has implemented a control device cyber security test bench, entitled TOCSSiC [2], updated to provide standards-compliant measurements. Such measurements can be employed to automatically evaluate device vulnerabilities and security policy compliance. [1] F. Tilaro, "Control system cybersecurity standards, convergence and tools", CERN technical report, April 2009 [2] S. Lueders, "Control systems under attack !?", ICALEPCS, October 2005

A study of network vulnerability in embedded devices

• Takashi SUGIMOTO (Japan Synchrotron Radiation Research Institute)

Recently many TCP/IP devices are used in accelerator-control system. Not only computers but also embedded devices are used in the accelerator-control system. Since the embedded devices are designed with limited hardware resources, many devices are consists of subset of the TCP/IP components. The limited resources and components therefore cause many problems such as vulnerabilities of network traffic. SPring-8 is one of the largest synchrotron-radiation facilities in the world, and many embedded devices are used to control accelerator complex. Originally, the control network of SPring-8 is designed as single segment without any routers, it is the best solution for a small-scale control network from a point of high reliability by the simplification. However, by increasing the number of embedded devices in the single network, more trouble have arisen such as packet flooding, hang up of devices, and so on. We study network vulnerabilities on these embedded devices used in SPring-8. And then, we found vulnerability on iTRON-based embedded devices.[1] We also performed improvement of implementation on vulnerable devices and refinement of network into multi-segmented L3 network design. In this presentation, we report result of the refinement to improve reliability of the control system. [1] T.Sugimoto, M.Ishii, T.Masuda, T.Ohata, T.Sakamoto, and R.Tanaka, Proceedings of PCaPAC2008, THX03 (2008)

Managing Proficy iFix SCADA Nodes and Client in Technical Division at Fermilab

• Ping Wang (Fermilab/Technical Division)

Network Configuration for iFix SCADAs and Windows Terminal Server Remote Access/Control using MS Terminal Server and iFix iClient Implement iFix security along with Windows File Protection Log on at the console with domain captive accounts and lock out policy Patching and Anti-virus mechanisms Fault tolerance and disaster recovery

NSLS-II Control System Cybersecurity

• Robert Petkus (BNL)

The Control System group at the forthcoming National Synchrotron Light Source II (NSLS-II) is in the process of drafting a Cybersecurity Requirements document. This discussion will provide a general overview of the network topology with a focus on the logical flow of traffic. Security at and accessibility to the control complex and beam-lines will be explored in the context of policy, user expectations, and performance requirements with a survey of potential associated technologies (One-time-passwords, VPNs, Centrify/LDAP, NX/Citrix). Finally, providing wireless access to the control system network is viewed as an attractive and cost effective supplement if done right. A secure wireless implementation will be illustrated.

Kiosk Mode For Instruments Using Windows Platform

• Roger Lee (Brookhaven National Lab.)

Many commercial instruments -- oscilloscopes, network analyzers, spectrum analyzers -- are now using a Windows platform. Thus they provide all the features and security issues of a desk-top PC. It is necessary to connect these instruments to the Ethernet to provide remote access. At the same time it is necessary that the instrument can be operated locally without having a keyboard, mouse, or password protected screen saver. Implementing a kiosk mode -- a limited user is allowed to run one program -- provides cyber security. The steps needed to implement kiosk mode will be present along with the limitations of the kiosk mode.

Integrated Access Control for PVSS-based SCADA Systems at CERN

• Piotr Golonka (CERN EN/ICE-SCD)

The protection of the PVSS-based Human-Machine-Interface parts of the Control Systems for the LHC accelerator and the experiments at CERN is implemented using the JCOP Framework Access Control component. It allows to protect from non-malicious activity (such as misuse due to operator's mistake) by enabling/disabling the elements of the User Interface. It extends the native PVSS mechanisms for user-authentication and makes the management of the role-based authorizations easy to configure and maintain. Ultimately, it enables the synchronization of the access-control related data across distributed systems, and allows to synchronize this data with central user-management resources at CERN (such as Active Directory), and automated creation of user accounts.

Security Design of a Computer-Based Personnel Safety System Logbook

• Theo McGuckin (Jefferson Lab)

In the last year Jefferson Lab’s Personal Safety System (PSS) Logbook has been converted from a paper log to an electronic logbook. The motivation for this upgrade was to take advantage of the inherent benefits of electronic media (indexing, searching, automated information capture and parsing) as well as to make use of features of the lab’s existing electronic logbook infrastructure. This conversion posed many design challenges however, especially in balancing increased security requirements with the design of an easy-to-use interface for the Safety System Operator (SSO). The paper will explore how the security requirements for the PSS electronic logbook were addressed with both new and existing code. It will also explore how key features were implemented with a focus on meeting security requirements in such a way as to still develop an application that was functional and easily operated by the SSO.

Problems to Overcome: Implementation Experience at CERN

• Stefan Lueders (CERN)

This presentations will detail the problems during the implementation of security measures for CERN control systems. The presentation will first focus on the evolution of CERN security in the past years and discuss some security incidents related with control systems. Based on the current status, the most problematic areas in terms of user friedliness and useablity will be discussed, and potential future directions will be presented.

Discussion