Virtualization and CIP-005 Project 2016-02 Project Update Project - - PowerPoint PPT Presentation

virtualization and cip 005
SMART_READER_LITE
LIVE PREVIEW

Virtualization and CIP-005 Project 2016-02 Project Update Project - - PowerPoint PPT Presentation

Oct 26, 2022 207 likes •413 views

Virtualization and CIP-005 Project 2016-02 Project Update Project 2016-02 CIP SDT Members Decemb er 2019 Purpose Virtualization changes to CIP standards are to ENABLE new methods/models NOT REQUIRE Them 2 RELIABILITY | ACCOUNTABILITY Agenda

slide-1
SLIDE 1

Virtualization and CIP-005

Project 2016-02 Project Update

Project 2016-02 CIP SDT Members December 2019

slide-2
SLIDE 2

RELIABILITY | ACCOUNTABILITY 2

Virtualization changes to CIP standards are to ENABLE new methods/models NOT REQUIRE Them

Purpose

slide-3
SLIDE 3

RELIABILITY | ACCOUNTABILITY 3

  • Discuss current security state and issues
  • Discuss emerging security models (Zero Trust)
  • CIP-005 changes to allow ESP plus other models

Agenda

slide-4
SLIDE 4

RELIABILITY | ACCOUNTABILITY 4

  • Network Perimeter (ESP) based
  • Castle & Moat
  • Everything inside the castle = good
  • All the bad is outside the castle
  • The moat (FW) provides separation and controlled access
  • Trust is based on your network location
  • Internet, Corporate network, DMZ, ICS network, Controller network
  • Your trust level = Which perimeter are you within
  • Security controls are mostly for North/South traffic (crossing perimeters)
  • All your network peers are same trust level (PCAs in CIP)
  • East/West traffic within the perimeter has no security controls

Current State

slide-5
SLIDE 5

RELIABILITY | ACCOUNTABILITY 5

Typical Network Model

Internet Corporate Network

Accounting Dept Desktop

DMZ Network Control System Network

Control System Engineer Desktop Data Historian Operator HMI Database Server Controller(s)

slide-6
SLIDE 6

RELIABILITY | ACCOUNTABILITY 6

  • Adversaries are intelligent, highly adaptable, often with more

resources than defenders

  • As perimeter model improved -> Attackers adapt and hack the

humans instead (phishing, watering hole attacks, etc.)

  • Result – the “inside” is also hostile and the model provides for

easy lateral movement (network access controlled at perimeter, not inside)

  • Ransomware – get on one system inside the perimeter and spread

laterally

Issues

slide-7
SLIDE 7

RELIABILITY | ACCOUNTABILITY 7

Typical Security Breach

Internet Corporate Network

Accounting Dept Desktop

DMZ Network Control System Network

Control System Engineer Desktop Data Historian Operator HMI Database Server Controller(s)

slide-8
SLIDE 8

RELIABILITY | ACCOUNTABILITY 8

  • Remote access, VPN, Cloud services, Vendor access, etc.
  • The true perimeter is dynamic
  • “Inside” and “outside” a perimeter – is there another way to

think about network security models? Other Perimeter Issues

slide-9
SLIDE 9

RELIABILITY | ACCOUNTABILITY 9

Virtualization Enables Other Models

 Virtualized environments are enabling new and

different ways to think about network security to address these issues

 Security controls – network or host  Network – isolation, but lose context  Host – context but not isolation  Enter the Hypervisor with ubiquitous context

slide-10
SLIDE 10

RELIABILITY | ACCOUNTABILITY 10

  • New and evolving security strategy that fundamentally changes

networking from implicit trust to zero trust

  • The basic premise is there is no implicit trust granted to

systems based on their physical or network location

  • Treats EVERY network as hostile (thus the zero trust name)
  • DOESN’T CARE what network address you have or where you are
  • DOES CARE who you are as a person or process, the state of your machine,

whether you are authorized RIGHT NOW for what type of access to the particular data or resource

  • ALL traffic is encrypted/protected because no network is trusted
  • ONLY authorized communications are allowed

Zero Trust Architecture

slide-11
SLIDE 11

RELIABILITY | ACCOUNTABILITY 11

Security Breaches in Zero Trust

This Photo by Unknown Author is licensed under CC BY-NC-ND

slide-12
SLIDE 12

RELIABILITY | ACCOUNTABILITY 12

  • Assumes ANY network is hostile - NO implicit trust
  • Access granted only when access needed and only for duration
  • f access
  • Authorize the user and device at the time access is needed
  • Protects resources and data, not network segments
  • Network location is no longer a prime component of security

posture

  • Attacker reconnaissance and lateral movement not allowed
  • This is a fundamentally different model than ESP

Zero Trust Model

slide-13
SLIDE 13

RELIABILITY | ACCOUNTABILITY 13

  • Network segments and perimeters replaced with policies and

zones

  • Based on “need to know” preconfigured access policies
  • Protects access to data, assets, applications, and services, not

network segments

  • Policies can include machines, users, processes, services

regardless of where they are on a network.

  • Get access control as granular as possible.

Policies and Zones

slide-14
SLIDE 14

RELIABILITY | ACCOUNTABILITY 14

  • Individuals in AD group “Historian_Access” on a device with

OS=“Windows” can only use TLS-Version =“1.2” encrypted communication to access workloads with Tag= “Control_Historian_APP”

  • This policy defines allowed communications
  • With no reference to where anything is on a network
  • An encrypted temporary “network” is established between

the user/process/app wherever they are to the historian app wherever it is

  • No other communication allowed
  • Policy is enforced end to end and everywhere in-between

Policy Example

slide-15
SLIDE 15

RELIABILITY | ACCOUNTABILITY 15

  • Current
  • 1.1 All applicable Cyber Assets connected to a network via a

routable protocol shall reside within a defined ESP.

  • 1.2 All External Routable Connectivity must be through an

identified Electronic Access Point.

  • Proposed
  • 1.1 Have one or more methods for allowing only needed and

controlled communications to and from applicable systems either individually or as a group and logically isolating all

  • ther communications.

CIP-005

slide-16
SLIDE 16

RELIABILITY | ACCOUNTABILITY 16

  • Typically not “either/or” network models
  • Hybrid environments will be the norm
  • Security objectives allow for current/future/hybrid models

Hybrid Models

slide-17
SLIDE 17

RELIABILITY | ACCOUNTABILITY 17

  • PCA
  • Current – One or more Cyber Assets connected using a

routable protocol within or on an ESP…

  • Proposed – Cyber Assets that are not logically isolated from a

BES Cyber System…

  • 4.2.3.2 Exemption
  • Current – Cyber Assets associated with communication

networks and data communication links between discrete ESPs.

  • Proposed – Cyber Assets associated with communication

links logically isolated from BES Cyber Systems or SCI. ESP Conforming Changes

slide-18
SLIDE 18

RELIABILITY | ACCOUNTABILITY 18

  • Three CIP Standard Drafting Teams
  • BCSI / Cloud
  • Supply Chain
  • CIP Modifications (Virtualization)
  • Project 2016-02 will delay posting until other SDT’s reach final

ballot

  • Outreach
  • Mini Webinars
  • NERC Technical Workshop in Spring 2020

Future Steps

slide-19
SLIDE 19

RELIABILITY | ACCOUNTABILITY 19

Questions and Answers

Jordan Mallory NERC Senior Standards Developer for Project 2016-02 CIP Modifications Jordan.Mallory@nerc.net