OCR of the Document

View the Document >>

Keith Stouffer and Jim McCarthy, National Institute of Standards and Technology, Capabilities Assessment for Securing Manufacturing Industrial Control Systems, Draft, November 7, 2016. Unclassified.

PROJECT DESCRIPTION CAPABILITIES ASSESSMENT FOR SECURING MANUFACTURING INDUSTRIAL CONTROL SYSTEMS Cybersecurity for Manufacturing Keith Stouffer NIST Engineering Laboratory Jim McCarthy NIST National Cybersecurity Center of Excellence NCCoE DRAFT November 7 2016 Manufacturing_NCCoE@nist gov DRAFT The National Cybersecurity Center of Excellence NCCoE at the National Institute of Standards and Technology NIST addresses businesses’ most pressing cybersecurity problems with practical standards-based solutions using commercially available technologies The NCCoE collaborates with experts from industry academia and the government to build modular open end-to-end reference designs that are broadly applicable and repeatable To learn more about the NCCoE visit http nccoe nist gov To learn more about NIST visit http www nist gov This document describes a particular problem that is relevant across the manufacturing sector NCCoE cybersecurity experts will address this challenge through collaboration with members of various manufacturing sectors and vendors of cybersecurity solutions The resulting reference design will detail an approach that can be used by manufacturing sector organizations ABSTRACT Industrial Control Systems ICS monitor and control physical processes in many different industries and sectors Cyber-attacks against ICS devices present a real threat to organizations that employ ICS to monitor and control manufacturing processes The NIST Engineering Laboratory in conjunction with the National Cybersecurity Center of Excellence will produce a series of reference designs demonstrating four cybersecurity capabilities for manufacturing organizations Each reference design will highlight an individual capability Behavioral Anomaly Detection ICS Application Whitelisting Malware Detection and Mitigation and ICS Data Integrity This document is part one of a four-part series and addresses only behavioral anomaly detection capabilities With these capabilities in place manufacturers will find it easier to detect anomalous conditions control what programs and applications are executed in their operating environments mitigate or vanquish malware attacks and ensure the integrity of critical operational data For each of the four capabilities listed above the NCCoE will map the security characteristics to the NIST Cyber Security Framework which will provide standardsbased security controls for manufacturers In addition the NCCoE will implement each of the capabilities in two distinct but related lab settings a robotics-based manufacturing enclave and a process control enclave similar to what is being used by chemical manufacturing industries This project will result in a publicly available NIST Cybersecurity Practice Guide a detailed implementation guide of the practical steps needed to implement the cybersecurity reference design that addresses this challenge KEYWORDS behavioral anomaly control processes Cyber Security Framework CSF industrial control system s ICS manufacturing Project Description Cybersecurity for Manufacturing ii DRAFT DISCLAIMER Certain commercial entities equipment products or materials may be identified in this document in order to describe an experimental procedure or concept adequately Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology or the National Cybersecurity Center of Excellence nor is it intended to imply that the entities equipment products or materials are necessarily the best available for the purpose COMMENTS ON NCCOE DOCUMENTS Organizations are encouraged to review all draft publications during public comment periods and provide feedback All publications from NIST’s National Cybersecurity Center of Excellence are available at http nccoe nist gov Comments on this publication may be submitted to Manufacturing_NCCoE@nist gov Public comment period November 7 2016 to December 7 2016 Project Description Cybersecurity for Manufacturing iii DRAFT Table of Contents 1 Executive Summary 1 Purpose 1 Scope 1 Assumptions Challenges 1 Assumptions 2 Challenges 2 Background 2 2 Scenarios 2 Scenario 1 Robotics Enclave - Detecting anomalous conditions on a roboticbased manufacturing process 2 Scenario 2 Detecting anomalous conditions on a chemical manufacturing process 2 3 High-Level Architectures 3 Robotics Enclave 3 Process Control Enclave 4 Component List 5 Desired Requirements 5 4 Relevant Standards and Guidance 6 5 Security Control Map 7 Appendix A – References 8 Project Description Cybersecurity for Manufacturing iv DRAFT 1 1 EXECUTIVE SUMMARY 2 Purpose 3 4 5 6 7 8 9 This is the first of a four-part series designed to provide businesses with the information they need to establish an anomaly detection and prevention capability in their own environments This project will be using commercially available software deployed on an established lab infrastructure It will produce a mapping of security characteristics to the National Institute of Standards and Technology NIST Cyber Security Framework CSF to establish a baseline that can be associated with specific security controls in prominent industry standards and guidance 10 11 12 13 14 A cyber-attack directed at manufacturing infrastructure could result in detrimental consequences to both human life and property Behavioral anomaly detection and prevention mechanisms can support a multi-faceted approach to counteracting cyberattacks against Industrial Control Systems ICS devices that provide the functionality necessary to run manufacturing processes 15 16 17 18 19 20 21 22 23 24 The goal of this project is to provide businesses with a cybersecurity reference design that can be implemented or that can inform improved cybersecurity in their manufacturing processes We believe guarding against cyber-attacks will reduce costs for businesses that depend on these processes Implementing behavioral anomaly detection tools provides a key security component in sustaining business operations particularly those based on ICS One of the ways to disrupt operations is to introduce anomalous data into a manufacturing process whether deliberately or inadvertently Although the reference design will focus on cybersecurity our example solution may also produce residual benefit to manufacturers for detecting anomalous conditions not related to security 25 Scope 26 27 28 29 30 31 32 33 34 35 This use case will focus on a single cybersecurity capability behavioral anomaly detection The NCCoE will deploy commercially available behavioral anomaly detection tools in two distinct but related manufacturing lab environments a robotics enclave and a simulated chemical process enclave The security characteristics of behavioral anomaly detection will be mapped to the CSF which will point manufacturers to specific security controls found in prominent cybersecurity standards This project will result in a NIST Cybersecurity Practice Guide a detailed reference design document that will measure the performance of the behavioral anomaly detection tools and demonstrate how manufacturing companies can implement the capability in their own operational environments 36 Assumptions Challenges 37 38 The following assumptions and challenges will help shape the scope of the project and provide controlled parameters for the effort such that the focus is centered on Project Description Cybersecurity for Manufacturing 1 DRAFT 39 40 delivering a successful solution based closely on the manufacturing operational environment 41 Assumptions 42 • Manufacturing lab infrastructure is in place 43 44 • Numerous commercially available products exist in the market to demonstrate reference design 45 Challenges 46 47 • Findings may need to be extrapolated for large-scale manufacturing processes as the lab provides only a small-scale environment 48 49 • Lab environment consistency must be ensured as performance metrics of the products introduced are recorded and published 50 Background 51 52 53 54 55 56 57 58 59 The risk of cyber-attacks directed at ICS-based manufacturing infrastructures and processes is a great concern to companies who produce goods particularly those made for public consumption NIST recognizes this concern and is working with industry to solve these challenges through the implementation of cybersecurity technologies In addition to this challenge NIST provides the CSF for any manufacturing entity interested in enhancing the security of its infrastructure The CSF is a valuable resource to those determining their next cybersecurity investment This project will build an example of the implementation of a behavioral anomaly detection capability that manufacturers can adopt to achieve their cybersecurity goals 60 2 61 62 Scenario 1 Robotics Enclave - Detecting anomalous conditions on a robotic-based manufacturing process 63 64 65 66 67 68 69 The robotics enclave contains a robotic assembly system in which industrial robots work cooperatively to move parts through a simulated manufacturing operation The robots work according to a plan that changes dynamically based on process feedback The robotic enclave includes two small industrial grade robots and a supervisory Programmable Logic Controller PLC with safety processing Additional information on the robotics enclave can be found at http nvlpubs nist gov nistpubs ir 2015 NIST IR 8089 pdf 70 Scenario 2 Detecting anomalous conditions on a chemical manufacturing process 71 72 73 74 75 The process control enclave uses the Tennessee Eastman TE control problem as the continuous process model The TE model is a well-known plant model used in control systems research and the dynamics of the plant process are well understood The process must be controlled—perturbations will drive the system into an unstable state The inherent unstable open-loop operation of the TE process model presents a real- SCENARIOS Project Description Cybersecurity for Manufacturing 2 DRAFT 76 77 78 79 80 81 world scenario in which a cyber-attack could present a real risk to human and environmental safety as well as economic viability The process is complex and nonlinear and has many degrees of freedom by which to control and disturb the dynamics of the process Numerous simulations of the TE process have been developed with readily available reusable code Additional information on the process control enclave can be found at http nvlpubs nist gov nistpubs ir 2015 NIST IR 8089 pdf 82 3 83 Robotics Enclave HIGH-LEVEL ARCHITECTURES 84 85 Figure 1 Robotics Enclave Architecture Project Description Cybersecurity for Manufacturing 3 DRAFT 86 Process Control Enclave Lab Network Port4 10 100 0 40 24 Port1 172 16 1 1 24 Port3 172 16 3 1 24 Intel I217-LM 172 16 3 10 24 Enterprise Station FGS-47631EHH I5-4570 @3 2GHz Quad Core 4GB RAM Win7 64bit Stratix 8300 Port2 172 16 2 1 24 172 16 2 2 24 Stratix 5700 Killer e2200 172 16 2 3 Intel I210 172 16 2 5 Intel I210 172 16 2 4 VIRTUAL 172 16 2 14 EthernetIP 172 16 2 102 2U ControlLogix PLC Plant Simulator FGS-61338PSH i5 Quad 8G RAM Win7 64bit Local Historian FGS-47631LHH i5 Quad 8G RAM Virtual 2008 Server Win7 64bit WIN-FPVTDCDEUCR 1 Core 1G RAM 172 16 2 7 1U TwinCAT PLC OPC Server FGS-61338OSH i5 Quad 8G RAM Win7 64bit 172 16 1 2 24 87 88 Intel I210 172 16 1 4 Intel I210 172 16 1 5 HMI FGS-47631LHH i5 Quad 8G RAM Win7 64bit Controller FGS-47631LHH i5 Quad 8G RAM Win7 64bit Figure 2 Process Control Enclave Architecture Project Description Cybersecurity for Manufacturing 4 DRAFT 89 90 91 Figure 3 Tennessee Eastman process model Component List 92 • ICS behavioral anomaly detection tools 93 • ICS application whitelisting tools 94 • ICS malware detection and mitigation tools 95 • ICS data integrity validation tools 96 • Human Machine Interfaces HMIs 97 • Programmable Logic Controllers PLCs 98 • Security Information and Event Management SIEM platform 99 Desired Requirements 100 • Detection of anomalous conditions 101 • Assurance of data integrity Project Description Cybersecurity for Manufacturing 5 DRAFT 102 • Detection of unauthorized applications 103 • Detection and mitigation of malware 104 • Detection of unauthorized data modification 105 • Process and or device damage prevention 106 • Alerting alarming capability 107 4 RELEVANT STANDARDS AND GUIDANCE 108 109 110 • NIST SP 800-82 Guide to Industrial Control Systems ICS Security Revision 2 May 2015 http nvlpubs nist gov nistpubs SpecialPublications NIST SP 80082r2 pdf 111 112 • Cybersecurity Framework National Institute of Standards and Technology Web site http www nist gov cyberframework accessed 2 25 14 113 114 115 • Executive Order no 13636 Improving Critical Infrastructure Cybersecurity DCPD201300091 February 12 2013 http www gpo gov fdsys pkg FR-2013-0219 pdf 2013-03915 pdf 116 117 • NISTIR 8089 An Industrial Control System Cybersecurity Performance Testbed November 2015 http nvlpubs nist gov nistpubs ir 2015 NIST IR 8089 pdf 118 119 120 • Draft Cybersecurity Framework Manufacturing Profile September 2016 http csrc nist gov cyberframework documents csf-manufacturing-profiledraft pdf Project Description Cybersecurity for Manufacturing 6 DRAFT 121 5 SECURITY CONTROL MAP 122 Table 1 Cyber Security Framework Control Map 123 124 Project Description Cybersecurity for Manufacturing 7 DRAFT 125 126 127 128 APPENDIX A – REFERENCES R Kuhn Y Lei and R Kacker “Practical Combinatorial Testing Beyond Pairwise ” IT Professional vol 10 no 3 pp 19-23 May-June 2008 http dx doi org 10 1109 MITP 2008 54 Project Description Cybersecurity for Manufacturing 8