The LOGIIC Consortium Zachary Tudor, CISSP, CISM, CCP Program Director SRI International Presentation Outline • About LOGIIC • LOGIIC Projects o Correlation Project o SIS Project o Host Protection Project • Summary 2 Presenter Zach Tudor is a Program Director in the Computer Science Laboratory at SRI International, supporting operational and R&D cyber security programs including the DHS Cyber Security Research and Development Center (CSRDC). For CSRDC he provides technical support, subject matter expertise, and project management for projects including LOGIIC and the Industrial Control System Joint Working Group (ICSJWG) R&D working group. Prior to his work at SRI, he led a team of cyber security engineers and analysts directly supporting the Control Systems Security Program (CSSP) at DHS. 3 LOGIIC Value Proposition (Need and Approach) • In 2004, Chevron and DHS S&T identified a need for a framework to enable collaborative, precompetitive cybersecurity R&D in the Oil and Gas sector • The approach selected was to establish a government/private partnership, leveraging national laboratories, the research community, security technology providers, and automation vendors. LOGIIC Value Proposition (Benefits and Alternatives) • Benefits to O&G include accelerated security improvements in critical networks: o 5:1 ROI on R&D investment o Access to leading R&D, facilities for technology integration, test, and evaluation o Unified voice to vendors. • • • • DHS S&T benefits from a proactive, cooperative engagement with industry to promote security in critical infrastructure systems Security technology providers have an opportunity to evaluate solutions in what may be for them new market environments Vendors have access to leading technology and new market opportunities LOGIIC differs from other O&G associations and consortia in its unique ability to fund RDT&E and enable cooperation among stakeholder communities The LOGIIC Model of Government & Industry Partnership Linking the Oil and Gas Industry to Improve Cyber Security • LOGIIC is an ongoing collaboration of oil and natural gas companies and the U.S. Department of Homeland Security, Science and Technology Directorate. • LOGIIC facilitates cooperative research, development, testing, and evaluation procedures to improve cybersecurity in petroleum industry digital control systems. • LOGIIC undertakes collaborative research and development projects to improve the level of cybersecurity • LOGIIC promotes the interests of the sector while maintaining impartiality, the independence of the participants, and vendor neutrality LOGIIC Broke New Ground in Consortium Governance for Collaborative R&D • The Automation Federation (AF) serves as the LOGIIC host organization o Members approved a participation agreement with AF o Each project is covered by a Project Addendum to this agreement • Member companies contribute financially and technically, provide personnel who meet regularly to define projects of common interest, and provide staff to serve on the LOGIIC Executive Committee. • Current members of LOGIIC include BP, Chevron, Shell, Total, and other large oil and gas companies that operate significant global energy infrastructure. • The U.S. Department of Homeland Security, Science and Technology Directorate has contracted with the scientific research organization SRI International to provide scientific and technical guidance as well as project management for LOGIIC. LOGIIC Model Adds Major Value to the Oil & Gas Industry • Industry gains access to Government-funded experts and labs they would otherwise not have easy access to. • Participant commitment is key. This kind of partnership is not a spectator sport – the first LOGIIC project was a success because time and resources were invested and people were committed to doing great work. • The LOGIIC Correlation Project resulted in a real and validated solution, not just a paper product. o Chevron Pipeline deployed the solution with some of these benefits: • Monitor events in real-time instead of weekly • Reduce investigation time for events by at least 85% • Provide forensic evidence o Many vendors are now developing their products; some are already available in the market. LOGIIC: A Win for All • Government wins: o Contributing to security of the critical infrastructure networks of the nation o Cooperative partnership with O&G sector • Oil and gas industry wins: o o o o o Improvements to the protection of their networks Proactive engagement with government Leveraged ROI from modest R&D investment Unified voice in defining system security requirements Rationale for influencing vendor product offerings • Vendor wins: o Access to cutting-edge research o Vendors share ideas and build relationships with other IT security vendors, control system vendors, research institutions and labs, and industry participants o Access to new markets, future programs and opportunities The LOGIIC Correlation Project (2005-2006) • Industry contributed o Requirements and operational expertise o Project management o Product vendor channels • DHS S&T contributed o National Security Perspective on threats o Access to long term security research o Independent researchers with technical expertise o Testing facilities The LOGIIC Correlation Project • Opportunity: Reduce vulnerabilities of oil & gas process control environments by correlating and analyzing abnormal events to identify and prevent cyber security threats • Approach: o Identify new types of security sensors for process control networks o Adapt a best-of-breed correlation engine to this environment o Integrate in testbed and demonstrate o Transfer technology to industry External Events Attack Indications and Warnings LOGIIC Correlation Engine Business Network Process Control Network LOGIIC SIS Project Security of Safety Instrumented Systems • SIS objective: bring a process plant to a safe state when an excursion outside pre-established operating parameters occurs • SIS increasingly integrate with process control systems o Traditional physical separation between control and safeguarding has been reduced through integration of certain systems components of control systems and safeguarding systems • Research Question: Is the technical integrity of our production facilities jeopardized because of Cybersecurity issues under SIS/BPCS integration? Challenges include: o Prevent false trips of SIS caused by corrupted SIS configuration or false signals to SIS o Ensure SIS activates when required o Prevent operator loss of view Summary • LOGIIC is a model for government-industry technology integration, evaluation, and demonstration efforts to address critical infrastructure R&D needs • LOGIIC enables its members to leverage the collective resources of the industry, government agencies, researchers, and subject matter experts for collaborative cyber-security projects • LOGIIC successful first project produced an industryadopted solution, and validated the collaboration • The LOGIIC SIS project delivered its findings to vendors and standards bodies • The LOGIIC Consortium is working on new projects and planning on future projects