Advanced Services Cyber Security 101 ABB February 18

Advanced Services Cyber Security 101 © ABB February, 18 2013 | Slide

Cyber Security What is Cyber Security? “Measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack” Merriam-Webster’s dictionary © ABB Group | Slide ‹#›

Cyber Security breaches Personal computer Hacking © ABB Group | Slide ‹#› Control System Malicious software Unauthorized use

Cyber Security Stuxnet: The first malware targeting industrial control systems © ABB Group | Slide ‹#›

Cyber Security Bill Would Have Businesses Foot Cost Of Cyber war © ABB Group | Slide ‹#›

Cyber Security Vulnerability disclosure growth by year 10000 8000 6000 vulnerability every hour, every day. 1 new 4000 2000 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 0 Source: IBM X-Force® © ABB Group | Slide ‹#›

Cyber Security Cost § The cost of security measures should be balanced the achieved risk reduction § Risk = (probability of successful attack) x (potential consequences) Optimal security for minimum cost against Cost of security Cost According to a study by the Ponemon Institute, the cross-industry average cost of a cyber security breach Probable cost of a in 2011 was security breach $5. 9 MUSD Security Level © ABB Group | Slide ‹#›

Cyber Security Enterprise IT vs. Industrial Control Systems Enterprise IT Primary risk impact Enterprise IT Industrial Control Systems Information disclosure, financial Safety, health, environment, financial Confidentiality Availability Integrity © ABB Group | Slide ‹#› Industrial Control Systems Availability 95 – 99% 99. 9 – 99. 999% (accept. downtime/year: 18. 25 - 3. 65 days) (accept. downtime/year: 8. 76 hrs – 5. 25 minutes) Availability Integrity Confidentiality Typical System Lifetime 3 -5 years 15 -30 years Problem response Reboot, patching/upgrade Fault tolerance, online repair

Cyber Security Why traditional approaches don’t work Action Consequence Lock out accounts after three bad password tries Operator has no control over process for 10 minutes Install patches as soon as they are released and reboot A control system reboot means shutting down the whole plant, and it might take days to get everything running again Frequently update antivirus scan engine and virus definitions False positives might have fatal consequences Use of crypto functions to protect data in transit Real time constraints cannot be met due to limited resources on embedded devices Use of firewalls and intrusion detection systems Do you speak IEC 60870 -5 -104, IEC 61850, OPC, HART, Profi. Net, Modbus. . . Use of intrusion prevention systems One false positive might have fatal consequences Information Systems Security is a good starting point, but approaches and technologies need to be applied with care © ABB Group | Slide ‹#›

Cyber Security If it’s worth having it’s worth stealing § Source Code § Diagrams, Plans and Blueprints § Design documents and Metrics data § Mechanisms for infrastructure improvements § Certificates and Credentials Source: MSI Microsolved Inc. © ABB Group | Slide ‹#›

Cyber Security Aurora Project § © ABB Group | Slide ‹#› The generator room at the Idaho National Laboratory was remotely accessed by a hacker and a $1 Million dieselelectric generator was destroyed.

Cyber Security Iranshahr © ABB Group | Slide ‹#›

Cyber Security Damage from within © ABB Group | Slide ‹#› § Companies are really just people—and most people fear being labeled “the bad guy. ” That fear puts the company at risk. § No one person should have enough power to completely destroy company assets or infrastructure. § Regular security audits are a key to protecting the company. § Security audits should include simulations that cover dealing with disgruntled or terminated employees.

Procedures and Protocols Shamoon § Destroyed 30. 000+ computers. § Insider § "Not a single drop of oil was lost. “ CEO Khalid Al-Falih § "In our experience in conducting hundreds of vulnerability assessments in the private sector, in no case have we ever found the operations network, the SCADA system or energy management system separated from the enterprise network. On average, we see 11 direct connections between those networks. ” Source: Sean Mc. Gurk, The Subcommittee on National Security, Homeland Defense, and Foreign Operations May 25, 2011 hearing. © ABB Group | Slide ‹#›

Cyber Security Airgaps Source: Tofino Sercurity. © ABB Group | Slide ‹#›

Cyber Security Protection Basic Advanced Procedures and Policies Whitelisting Update management Intrusion detection Antivirus Intrusion prevention Account management Firewalls Services and ports … Software management © ABB Group

Cyber Security Share information © ABB Group | Slide ‹#›

Cyber Security Remote access Support Center Service Center Internet Virtual Support Engineer © ABB Group September 24, 2021 | Slide 18

9 AKK 105713 A 6280 A Cyber Security www. abb. com/cybersecurity © ABB Group

© ABB Group September 24, 2021 | Slide 20