Zach Tudor - Security Innovation Network

advertisement
The LOGIIC Consortium
Zachary Tudor, CISSP, CISM, CCP
Program Director
SRI International
Presentation Outline
• About LOGIIC
• LOGIIC Projects
o Correlation Project
o SIS Project
o Host Protection Project
• Summary
2
Presenter
Zach Tudor is a Program Director in the Computer Science
Laboratory at SRI International, supporting operational and
R&D cyber security programs including the DHS Cyber
Security Research and Development Center (CSRDC).
For CSRDC he provides technical support, subject matter
expertise, and project management for projects including
LOGIIC and the Industrial Control System Joint Working
Group (ICSJWG) R&D working group.
Prior to his work at SRI, he led a team of cyber security
engineers and analysts directly supporting the Control
Systems Security Program (CSSP) at DHS.
3
LOGIIC Value Proposition
(Need and Approach)
• In 2004, Chevron and DHS S&T identified a need for
a framework to enable collaborative, precompetitive cybersecurity R&D in the Oil and Gas
sector
• The approach selected was to establish a
government/private partnership, leveraging
national laboratories, the research community,
security technology providers, and automation
vendors.
LOGIIC Value Proposition
(Benefits and Alternatives)
•
Benefits to O&G include accelerated security improvements in
critical networks:
o 5:1 ROI on R&D investment
o Access to leading R&D, facilities for technology integration, test, and
evaluation
o Unified voice to vendors.
•
•
•
•
DHS S&T benefits from a proactive, cooperative engagement with
industry to promote security in critical infrastructure systems
Security technology providers have an opportunity to evaluate
solutions in what may be for them new market environments
Vendors have access to leading technology and new market
opportunities
LOGIIC differs from other O&G associations and consortia in its
unique ability to fund RDT&E and enable cooperation among
stakeholder communities
The LOGIIC Model of
Government & Industry Partnership






Linking the
Oil and
Gas
Industry to
Improve
Cyber Security
• LOGIIC is an ongoing collaboration of
oil and natural gas companies and the
U.S. Department of Homeland Security,
Science and Technology Directorate.
• LOGIIC facilitates cooperative research,
development, testing, and evaluation
procedures to improve cybersecurity in
petroleum industry digital control
systems.
• LOGIIC undertakes collaborative
research and development projects to
improve the level of cybersecurity
• LOGIIC promotes the interests of the
sector while maintaining impartiality, the
independence of the participants, and
vendor neutrality
LOGIIC Broke New Ground in Consortium
Governance for Collaborative R&D
• The Automation Federation (AF) serves as the LOGIIC
host organization
o Members approved a participation agreement with AF
o Each project is covered by a Project Addendum to this agreement
• Member companies contribute financially and
technically, provide personnel who meet regularly to
define projects of common interest, and provide staff to
serve on the LOGIIC Executive Committee.
• Current members of LOGIIC include BP, Chevron, Shell,
Total, and other large oil and gas companies that
operate significant global energy infrastructure.
• The U.S. Department of Homeland Security, Science and
Technology Directorate has contracted with the
scientific research organization SRI International to
provide scientific and technical guidance as well as
project management for LOGIIC.
LOGIIC Model Adds Major Value to
the Oil & Gas Industry
• Industry gains access to Government-funded
experts and labs they would otherwise not have
easy access to.
• Participant commitment is key. This kind of
partnership is not a spectator sport – the first LOGIIC
project was a success because time and resources
were invested and people were committed to
doing great work.
• The LOGIIC Correlation Project resulted in a real and
validated solution, not just a paper product.
o Chevron Pipeline deployed the solution with some of these benefits:
• Monitor events in real-time instead of weekly
• Reduce investigation time for events by at least 85%
• Provide forensic evidence
o Many vendors are now developing their products; some are already
available in the market.
LOGIIC: A Win for All
• Government wins:
o Contributing to security of the critical infrastructure networks of the nation
o Cooperative partnership with O&G sector
• Oil and gas industry wins:
o
o
o
o
o
Improvements to the protection of their networks
Proactive engagement with government
Leveraged ROI from modest R&D investment
Unified voice in defining system security requirements
Rationale for influencing vendor product offerings
• Vendor wins:
o Access to cutting-edge research
o Vendors share ideas and build relationships with other IT security vendors,
control system vendors, research institutions and labs, and industry
participants
o Access to new markets, future programs and opportunities
The LOGIIC Correlation Project
(2005-2006)
• Industry contributed
o Requirements and operational
expertise
o Project management
o Product vendor channels
• DHS S&T contributed
o National Security Perspective on
threats
o Access to long term security
research
o Independent researchers with
technical expertise
o Testing facilities
The LOGIIC Correlation Project
• Opportunity: Reduce vulnerabilities
of oil & gas process control
environments by correlating and
analyzing abnormal events to
identify and prevent cyber security
threats
• Approach:
o Identify new types of security
sensors for process control
networks
o Adapt a best-of-breed
correlation engine to this
environment
o Integrate in testbed and
demonstrate
o Transfer technology to
industry
External
Events
Attack
Indications
and
Warnings
LOGIIC
Correlation
Engine
Business
Network
Process
Control
Network
LOGIIC SIS Project
Security of Safety Instrumented Systems
• SIS objective: bring a process plant to a safe state when
an excursion outside pre-established operating
parameters occurs
• SIS increasingly integrate with process control systems
o Traditional physical separation between control and safeguarding has
been reduced through integration of certain systems components of
control systems and safeguarding systems
• Research Question: Is the technical integrity of our
production facilities jeopardized because of
Cybersecurity issues under SIS/BPCS integration?
Challenges include:
o Prevent false trips of SIS caused by corrupted SIS configuration or false
signals to SIS
o Ensure SIS activates when required
o Prevent operator loss of view
Summary
• LOGIIC is a model for government-industry technology
integration, evaluation, and demonstration efforts to
address critical infrastructure R&D needs
• LOGIIC enables its members to leverage the collective
resources of the industry, government agencies,
researchers, and subject matter experts for collaborative
cyber-security projects
• LOGIIC successful first project produced an industryadopted solution, and validated the collaboration
• The LOGIIC SIS project delivered its findings to vendors
and standards bodies
• The LOGIIC Consortium is working on new projects and
planning on future projects
Download