and Compliance Management for Dynamic EDS Carlos Rubio-Medrano , - - PowerPoint PPT Presentation

and compliance management for dynamic eds
SMART_READER_LITE
LIVE PREVIEW

and Compliance Management for Dynamic EDS Carlos Rubio-Medrano , - - PowerPoint PPT Presentation

Apr 13, 2023 484 likes •897 views

A RIZONA S TATE U NIVERSITY Fall 2016 Robust and Scalable Security Monitoring and Compliance Management for Dynamic EDS Carlos Rubio-Medrano , Josephine Lamp , Ziming Zhao and Gail-Joon Ahn 11/18/2016 1 A RIZONA S TATE U NIVERSITY Background

slide-1
SLIDE 1

ARIZONA STATE UNIVERSITY

Robust and Scalable Security Monitoring and Compliance Management for Dynamic EDS

Fall 2016

Carlos Rubio-Medrano, Josephine Lamp, Ziming Zhao and Gail-Joon Ahn

11/18/2016 1

slide-2
SLIDE 2

ARIZONA STATE UNIVERSITY

Background

2 11/18/2016

  • The Center for Cybersecurity and Digital Forensics at ASU:

– Identity management and access control, – Formal models for computer security, – Network and distributed systems security including web, mobile, SDN and cloud computing, – Vulnerability, risk assessment and cyber crime analysis – Digital Forensics

slide-3
SLIDE 3

ARIZONA STATE UNIVERSITY

ASU-CDF Team

3

  • Prof. Gail-Joon Ahn
  • Dr. Ziming Zhao

Carlos Rubio-Medrano Josephine Lamp

slide-4
SLIDE 4

ARIZONA STATE UNIVERSITY 4 11/18/2016

  • Security compliance in EDS gets complicated due to:
  • The distributed, high-interconnected and heterogeneous

nature of EDS, e.g., monitoring software, meters, etc.

  • Continuous reconfigurations due to on-demand changes
  • The existence of multiple, large, dense (and sometimes

conflicting) documents on security compliance

  • E.g., existence of subjective interpretations, non-standard

implementations, and breakdowns among stakeholders

Research Challenges

slide-5
SLIDE 5

ARIZONA STATE UNIVERSITY 5 11/18/2016

  • Compliance as seen by CREDC participants*:
  • Requires considerable organizational effort
  • Does not necessarily advance security: seen mostly as a

legal exercise

  • Varies significantly from state to state: adopting standards

may not be straightforward

  • Must be addressed since design/installation time
  • Evidence must be collected for audits

Challenges for Compliance Management

* Highlights from Session on Compliance at CREDC Annual Industry Workshop, March 2016

slide-6
SLIDE 6

ARIZONA STATE UNIVERSITY 6 11/18/2016

  • We must assess if particular EDS implementations comply

with well-defined security requirements

– Filling in the gap between high-level requirements and real-world practical implementations

  • We propose a framework for the verification, validation and

attestation (VV&A) of EDS that is:

– Automated, well-defined, and configurable (theoretically-justifiable) – Systematic (repeatable to validate) – Practical (deployable to organizations) – Non-intrusive (minor overhead/reconfiguration as possible)

Proposed Solution

slide-7
SLIDE 7

ARIZONA STATE UNIVERSITY 7 11/18/2016

1. We gather the most relevant documents

  • n best practices for EDS

2. Next, we obtain a description of such best practices by leveraging ontologies 3. We then introduce software-based modules for automated monitoring and compliance analysis 4. Data from EDS infrastructure (5) is collected and forwarded for further processing

A Security M&C Framework for EDS

slide-8
SLIDE 8

ARIZONA STATE UNIVERSITY 8 11/18/2016

A Security M&C Framework for EDS (II)

Requirements Repository EDS Discovery Information Integration

...

Process-driven Workflow

P1 P2 P3

Pn-1

Pn

...

Populating Browsing Searching and Editing the Requirements Repository Natural Language Requirements + Domain Knowledge Analysis of Reports obtained from various tools Creation of EDS-Related Documentation

Information Discovery and Collection Tool Software Process Module

P:

EDS Infrastructure

1 2 5 4 6 7 3

Data Collection from EDS Infrastructure Data Processing and Sharing among dedicated processes

slide-9
SLIDE 9

ARIZONA STATE UNIVERSITY 9 11/18/2016

  • Leveraging our approach involves:

– Creating dedicated compliance workflows based on analyzing ontology-based requirements – Collecting evidence on security-relevant data directly from EDS infrastructure – Creating customized processing modules implementing such workflows

A Security M&C Framework for EDS (III)

slide-10
SLIDE 10

ARIZONA STATE UNIVERSITY 10 11/18/2016

  • Our proposed framework is intended to:

– Encourage the rigorous analysis of security requirements by leveraging ontologies – Continuously monitor the security of EDS infrastructure by leveraging emerging technologies, e.g., software-defined networks (SDN) – Automatically perform security compliance checks and management on EDS deployments – Promote the development of objective, traceable, justifiable and repeatable security metrics and measures for EDS

A Security M&C Framework for EDS (IV)

slide-11
SLIDE 11

ARIZONA STATE UNIVERSITY 11 11/18/2016

A Security Framework for EDS: Requirements

3

Data Collection from EDS Infrastructure Data Processing and Sharing among dedicated processes

Requirements Repository EDS Discovery Information Integration

...

Process-driven Workflow

P1 P2 P3

Pn-1

Pn

...

Populating Browsing Searching and Editing the Requirements Repository Natural Language Requirements + Domain Knowledge Analysis of Reports obtained from various tools Creation of EDS-Related Documentation

Information Discovery and Collection Tool Software Process Module

P:

EDS Infrastructure

1 2 5 4 6 7

slide-12
SLIDE 12

ARIZONA STATE UNIVERSITY 12 11/18/2016

Ontology Representation: Onto-ArcRE*

1 2 3 4 5

Document Gathering: NIST, IEEE, etc. Identification of Requirements, Stakeholders, Security controls, etc. Classification and Categorization of Concepts and their relationships Hierarchical grouping on common characteristics Creation of monitoring / compliance tools

*Lee SW and Gandhi RA. Ontology-based active requirements engineering framework. APSEC’05. 2005. IEEE.

slide-13
SLIDE 13

ARIZONA STATE UNIVERSITY 13 11/18/2016

  • Communication channels must be secured:

– Security Principles: Integrity1 – Security Threat: System Tampering1 – Attack Vector: Network Communications1,2 – Attacks: Intercept, Man in the Middle, Masquerade3 – Security Features: Protected Channel1 – Security Techniques: Secure Sockets Layer (SSL)4 – EDS Infrastructure: MTU, IED, RTU4

Ontology Representation: Example

1) Cybersecurity Procurement Language for Energy Delivery Systems 2) NERC CIP-005 3) IEC62351 4) NIST SP 800-82

slide-14
SLIDE 14

ARIZONA STATE UNIVERSITY 14 11/18/2016

Ontology Representation: Example (IV)

Attack Threat

Deliberate Threat System Tampering

Cybersecurity

Security Principle Security Feature Integrity Protected Channel

Counteracts Protects Cybersecurity Procurement Language for Energy Delivery Systems

slide-15
SLIDE 15

ARIZONA STATE UNIVERSITY

IEC62351

15 11/18/2016

Ontology Representation: Example (IV)

Unauthorized Modification

Attack

Intercept Man in the Middle Masquerade Repudiation

Threat

Deliberate Threat System Tampering

Cybersecurity

Security Principle Security Feature Integrity Protected Channel

Counteracts RealizedAs Protects Cybersecurity Procurement Language for Energy Delivery Systems

slide-16
SLIDE 16

ARIZONA STATE UNIVERSITY

IEC62351

16 11/18/2016

Ontology Representation: Example (IV)

Unauthorized Modification

Attack

Intercept Man in the Middle Masquerade Repudiation

Threat

Deliberate Threat System Tampering

Cybersecurity

Security Principle Security Feature Integrity Protected Channel

Counteracts RealizedAs Protects Cybersecurity Procurement Language for Energy Delivery Systems

Security Technique Secure Sockets Layer (SSL)

ImplementedBy NIST SP 800-82

SCADA System Component Control Server (MTU) IED RTU

slide-17
SLIDE 17

ARIZONA STATE UNIVERSITY

IEC62351

17 11/18/2016

Ontology Representation: Example (IV)

Unauthorized Modification

Attack

Intercept Man in the Middle Masquerade Repudiation

Threat

Deliberate Threat System Tampering

Cybersecurity

Security Principle Security Feature Integrity Protected Channel

Counteracts RealizedAs Protects Cybersecurity Procurement Language for Energy Delivery Systems

Security Technique Secure Sockets Layer (SSL)

ImplementedBy NIST SP 800-82

SCADA System Component Control Server (MTU) Electronic Access Point Network Communication IED RTU

IntendedFor Utilizes NERC CIP-005 Utilizes

slide-18
SLIDE 18

ARIZONA STATE UNIVERSITY

SPARQL Query – Security Principle

SELECT ?secTech ?prnpl WHERE { eds:protectsIntegrity rdfs:domain ?secTech ; rdfs:range ?prnpl. }

18 11/18/2016

| SecurityTechnique | Principle | Access Control Integrity Credentials Integrity DMZ Integrity Encryption Integrity Firewall Integrity NetworkMonitoring Integrity PKI Integrity SSL Integrity | | | | | | | | | | | | | | | | | | | | | | | |

slide-19
SLIDE 19

ARIZONA STATE UNIVERSITY

SPARQL Query – Documentation

SELECT ?secTech ?doc WHERE { eds:specifiedBy rdfs:domain ?secTech ; rdfs:range ?doc. }

19 11/18/2016

| SecurityTechnique | Principle | Access Control CyberProc Lang Credentials NIST800-82 DMZ CyberProc Lang Encryption NERC_CIP Firewall IEC62351 NetworkMonitoring IEC62351 PKI NIST800-82 SSL NIST800-82 | | | | | | | | | | | | | | | | | | | | | | | |

slide-20
SLIDE 20

ARIZONA STATE UNIVERSITY

SPARQL Query – Properties

SELECT ?attack ?property ?sysComp WHERE { ?property rdfs:domain+ ?attack ; rdfs:range+ ?sysComp . eds:Attack (^rdfs:domain/rdfs:range)* ?attack . ?attack (^rdfs:domain/rdfs:range)* ?sysComp . }

20 11/18/2016

slide-21
SLIDE 21

ARIZONA STATE UNIVERSITY

SPARQL Query - Properties

21 11/18/2016

| Domain | Property | Range ControlBypass targets MTU PrivilegeEscalation targets AccessControlMech ManInTheMiddle targets RTU Intercept targets NetworkComm Masquerade targets IED TrafficAnalysis targets NetworkTraffic Repudiation targets Software Virus targets Application | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |

slide-22
SLIDE 22

ARIZONA STATE UNIVERSITY 22 11/18/2016

Ontology Representation: Onto-ArcRE*

Problem Domain Ontology

Universe of Discourse

Security Officials Software, System & Practitioners

Business Environment System Organization Goals/ Objectives *Lee SW and Gandhi RA. Ontology-based active requirements engineering framework. APSEC’05. 2005. IEEE.

slide-23
SLIDE 23

ARIZONA STATE UNIVERSITY 23 11/18/2016

  • Well-defined: provide an unambiguous representation of

requirements knowledge depicting common vulnerabilities and exposures (CVEs) * synthesized cohesively

  • Multi-dimensional: represents multiple dimensions and

viewpoints, i.e., relevant information for engineers vs vendors

  • Link analysis: identifies interdependencies, missing and

conflicting information among diverse knowledge sources

Ontology Representation: Benefits

* https://cve.mitre.org/

slide-24
SLIDE 24

ARIZONA STATE UNIVERSITY 24 11/18/2016

A Security Framework for EDS: SDN

3

Data Collection from EDS Infrastructure Data Processing and Sharing among dedicated processes

Requirements Repository EDS Discovery Information Integration

...

Process-driven Workflow

P1 P2 P3

Pn-1

Pn

...

Populating Browsing Searching and Editing the Requirements Repository Natural Language Requirements + Domain Knowledge Analysis of Reports obtained from various tools Creation of EDS-Related Documentation

Information Discovery and Collection Tool Software Process Module

P:

EDS Infrastructure

1 2 5 4 6 7

slide-25
SLIDE 25

ARIZONA STATE UNIVERSITY 25 11/18/2016

Leveraging SDN for Security Monitoring

EDS Security Monitoring Framework

EDS Control Software (SCADA) SDN-Controlled Network

EDS Discovery Process Workflow

EDS Infrastructure

slide-26
SLIDE 26

ARIZONA STATE UNIVERSITY 26 11/18/2016

  • PLCs and IEDs must not talk to each other directly:

– Security Threat: Inter-device Network Communication2 – Attacks: Recipe or Instruction Change, System Configuration Modification, False Information Distribution1,2 – Security Features: Network Security Zone1 – Security Techniques: Device Network Communication Segregation2 – EDS Infrastructure: ICS Control Network, IED, PLC2

SDN Example

1) Cybersecurity Procurement Language for Energy Delivery Systems 2) NIST SP 800-82

slide-27
SLIDE 27

ARIZONA STATE UNIVERSITY 27 11/18/2016

Ontology Representation: SDN Example

Unauthorized Modification Recipe or Instruction Change System Configuration Modification

Threat

Network Security Zone

Cybersecurity Procurement Language for Energy Delivery Systems NIST SP 800-82

Inter-device Network Communication

Attack

Targets Utilizes

False Information Distribution

Counteracts ImplementedOn

Device Network Communication Segregation

Cybersecurity

Security Technique Security Feature SCADA System Component IED PLC ICS Control Network Network Component Corporate Network

ImplementedBy Restricts

System Component

Targets

slide-28
SLIDE 28

ARIZONA STATE UNIVERSITY 28 11/18/2016

Leveraging SDN for Monitoring Traffic

SCADA PLCs IEDs

slide-29
SLIDE 29

ARIZONA STATE UNIVERSITY 29 11/18/2016

Leveraging SDN for Monitoring Traffic (II)

SCADA PLCs IEDs

slide-30
SLIDE 30

ARIZONA STATE UNIVERSITY 30 11/18/2016

Leveraging SDN for Monitoring Traffic (III)

SCADA PLCs IEDs

slide-31
SLIDE 31

ARIZONA STATE UNIVERSITY 31 11/18/2016

Leveraging SDN for Monitoring Traffic (IV)

EDS-SDN App SCADA

SDN Controller

PLCs IEDs

slide-32
SLIDE 32

ARIZONA STATE UNIVERSITY 32 11/18/2016

Leveraging SDN for Monitoring Traffic (V)

EDS-SDN App SCADA

SDN Controller

PLCs IEDs

Traffic Policy

PLCs → PLCs PLCs → SCADA IEDs → IEDs IEDs → SCADA

slide-33
SLIDE 33

ARIZONA STATE UNIVERSITY 33 11/18/2016

Leveraging SDN for Monitoring Traffic (VI)

EDS-SDN App SCADA

SDN Controller

PLCs IEDs

Traffic Policy

PLCs → PLCs PLCs → SCADA IEDs → IEDs IEDs → SCADA

slide-34
SLIDE 34

ARIZONA STATE UNIVERSITY 34 11/18/2016

Leveraging SDN for Monitoring Traffic (VII)

EDS-SDN App SCADA

SDN Controller

PLCs IEDs PLCs → PLCs PLCs → SCADA IEDs → IEDs IEDs → SCADA

Traffic Policy Traffic Policy

PLCs → IEDs IEDs → PLCs

X X

slide-35
SLIDE 35

ARIZONA STATE UNIVERSITY 35 11/18/2016

Leveraging SDN for Monitoring Traffic (VIII)

EDS-SDN App SCADA

SDN Controller

PLCs IEDs PLCs → PLCs PLCs → SCADA IEDs → IEDs IEDs → SCADA

Traffic Policy Traffic Policy

PLCs → IEDs IEDs → PLCs

X X

slide-36
SLIDE 36

ARIZONA STATE UNIVERSITY 36 11/18/2016

  • Benefits of using an SDN-based solution:

– Customizable: new SDN applications may be added – Non-Intrusive: no need to modify existing EDS infrastructure, e.g., SCADA, physical meters, etc. – Scalable: new network nodes should be accommodated – Platform Independent: may support different components and configurations

Security Monitoring Using SDN

slide-37
SLIDE 37

ARIZONA STATE UNIVERSITY 37 11/18/2016

  • We are currently working on the following:

– Ontology-based engine: several documents parsed, 1324 logical axioms, 425 classes, 214 properties, 441 subclass relationships – SDN infrastructure developed, working on testing and refinement – Supporting backbone framework in progress, as well as in a proof-of-concept module depicting automated monitoring for compliance

Ongoing Work

slide-38
SLIDE 38

ARIZONA STATE UNIVERSITY 38 11/18/2016

  • We are actively looking for industry partners for:

– Getting input/feedback on current security compliance requirements and best practices

  • Relevant documents, conflicts, use cases, experience, etc.

– Implementing a proof-of-concept software module leveraging a realistic EDS scenario:

  • Defining a customized workflow based on requirements
  • Defining data that can be collected using our SDN approach

Industry Involvement

slide-39
SLIDE 39

ARIZONA STATE UNIVERSITY 39 11/18/2016

  • Future Work:

– Support for friendly visualization techniques, e.g., graphical user interfaces (GUIs) for ontology queries in SPARQL – Support for the rigorous study of security risks and assessments by means of the simulation of attacks

  • Broader Impact:

– Improvement of the public’s confidence on mission- critical EDS infrastructure

Conclusions

slide-40
SLIDE 40

ARIZONA STATE UNIVERSITY 40 11/18/2016

  • Thank you all for listening!
  • CDF Website: https://globalsecurity.asu.edu/cdf
  • Carlos Rubio-Medrano: crubiome@asu.edu

Contact

Q A