adaptive and proactive security assessment on energy
play

Adaptive and Proactive Security Assessment on Energy Delivery - PowerPoint PPT Presentation

Adaptive and Proactive Security Assessment on Energy Delivery Systems Carlos Rubio-Medrano, Vu Coughlin , Josephine Lamp, Ziming Zhao, Gail-Joon Ahn and Anna Scaglione Outline Activity Current/ OntoEDS ExSol EDSGuard Refresher Future Work


  1. Adaptive and Proactive Security Assessment on Energy Delivery Systems Carlos Rubio-Medrano, Vu Coughlin , Josephine Lamp, Ziming Zhao, Gail-Joon Ahn and Anna Scaglione

  2. Outline Activity Current/ OntoEDS ExSol EDSGuard Refresher Future Work Motivation A Risk Analysis Status of Prototypes Goals Framework for Papers Published Approach EDS Papers in the Making An Ontology- An SDN-based based Repository Firewall App for and Engine Tool EDS Networks for Security Requirements 2

  3. Activity Refresher Activity Refresher Current/ OntoEDS ExSol EDSGuard Future Work 3

  4. Motivation • Security assessment in EDS gets complicated due to: • The distributed, highly-interconnected and heterogeneous nature of EDS, e.g., monitoring software, meters, etc. • Continuous reconfigurations due to on-demand changes, • The existence of multiple, large, dense (and sometimes conflicting) documents on security requirements, • E.g., subjective interpretations, non-standard implementations, and breakdowns among stakeholders 4

  5. Goals • Assess if particular EDS implementations meet security requirements, • Filling in the gap between high-level requirements and field implementations, • A framework for security assessment and monitoring: • Well-defined (theoretically-justifiable), • Systematic and automated (repeatable to validate), • Practical and configurable (deployable to organizations), • Non-intrusive (minor overhead/reconfiguration as possible) 5

  6. Our Approach (Big Picture) 1. We gather the most relevant documents on best practices for EDS 2. Next, we obtain a description of such best practices by leveraging ontologies 3. We then introduce software-based modules for security monitoring and risk analysis 4. Data from EDS infrastructure (5) is collected and forwarded for further processing 6

  7. The EDS-SAT Security Assessment Framework EDS-SAT 1 Encourages the • 3 7 rigorous analysis of Security ... Requirements Ontology P 1 P 2 P 3 P n security Creation of + Requirements EDS-Related requirements, Repository / Engine Domain Documentation Knowledge Data Processing Modules Continuously • monitors the security of EDS infrastructure, Data Collection Modules Analysis of 2 Reports from Promotes the ... • Data Collection development of 4 6 objective, traceable, justifiable and repeatable security P i Data Processing Module EDS metrics Infrastructure Data Collection Module 5 7

  8. OntoEDS : Modeling Security Requirements for EDS Using Ontologies OntoEDS Activity Current/ ExSol EDSGuard Refresher Future Work 8

  9. The OntoEDS Security Requirements Engine EDS-SAT • Unambiguously represents common vulnerabilities and exposures (CVEs) *, ... Ontology P 1 P 2 P 3 P n Requirements Repository / Engine • Identifies interdependencies, Data Processing Modules missing and conflicting information among diverse Data Collection Modules knowledge sources, ... • Supports multiple dimensions and viewpoints , e. g., relevant EDS information for operators vs Infrastructure vendors 9

  10. OntoEDS : Modeling Security Requirements 1 Security Attack System Agent Develop supporting foundation structure of ontology Req Threat Doc 2 Cyber Identify and collect key documents NIST NERC IEC NISTIR IEC IEEE Proc CIP 61850 800-82 7628 62351 C37 Lang 3 “A technique to prevent integrity violations of data is the use of firewalls , For each document, extract key such as application-level firewalls that employ application filtering ” entities from sentences or paragraphs Entities: Firewall, Integrity, Application Filtering 4 Categorize each entity within the Security Net Sec Security Firewall Technique Technique hierarchy structure of the ontology Repeat for each paragraph within 5 each document “A technique to prevent integrity violations of data is the use of firewalls, Identify relationships for the defined such as application-level firewalls that employ application filtering” entity Relationships: prevent, employ 6 Protects Implements Model the relationships based on Integrity Firewall App Filtering predefined characteristics/definitions 10

  11. OntoEDS : Current State of Ontology • Comprises more than 300 pages of source documents and includes 600 entities with over 1,700 relationships, • Currently models the following: • Cybersecurity Procurement Domain Goal Language for Energy Delivery Systems developed by the Energy Sector Control Systems Working Group (ESCSWG), Viewpoint • NIST 800-82 Special Publication, Scenario • North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards, • NISTIR 7628 document, • IEEE C37 standards, • IEC 61850 and 62351 standards 11

  12. OntoEDS : Analyzing Requirements with Projections • Goal Projection: Contains objectives the system must Firewall achieve to enter into a state of Restricted Base Rule Set Deny All Permit Traffic from security: Control to None Implements Business Net Protocol No Internet Translation for Control and Access for Firewall Control Devices Business Nets • Protect system components, Rules Requirements Outbound • Implement security Traffic Packet Termination in Allowance techniques/features, DMZ Specification Traffic • Defend against an attack type, Permissions Restriction to IP Address and Specific IP Granted On TCP/UDP Port • Identify purposes or properties Address Case by Case Specific Permit Rules of system components, • Protect security principles 12

  13. OntoEDS : Analyzing Requirements with Projections (II) Remote • Scenario Projection: Facts Access Firewall describing a system that Basic Backup Config Access include agent behavior and Contains Includes environmental context: Application Firewall Filtering Rules Implements Implements Firewall • Identifies dependencies Includes Implements Periodic Firewall between the system and its Testing of Management Firewall Specification Policies environment, Uses Contains • Storyline of events describing Network Logically Filtering Separated system operation, Monitoring Includes Control Rules Network • Enables the understanding of Minimal Access Points between a broad picture of ontology ICS and Corporate Network elements and their relationships 13

  14. OntoEDS : Analyzing Requirements with Projections (III) • Domain Projection: Describes a domain taxonomy relative to a Network Security Techniques specific topic, • May support knowledge Firewall exploration, • Combined with Goal Projection Application - Host - Rule Network Deep-packet Layer Based Configs Filtering Inspection helps identifying inter- dependencies and missing requirements, • Viewpoint Projection: Retrieves specific responsibilities of an Firewall Procured By Provided By agent, Exceptions Specified By Supplier Acquirer • May support knowledge acquisition, 14

  15. OntoEDS : Analyzing Requirements with Projections (IV) Security Filtering Network Rules Access • Risk Analysis Projection: Application DMZ Filtering Contains Use a series of goal Network Traffic Confidentiality Monitoring Mediates Implemented Connected projections to elucidate On To Contains Protects threats, attack types, Lack of security countermeasures Unauthorized Compliance Access with Protocols Targets Counteracts and requirements Attacks Threats Privilege Man-in-the- Firewall Middle Escalation surrounding an asset , Improper Unauthorized Firewall Modification Configuration • Retrieves specific Implements Includes concepts in risk analysis Periodic Firewall Contains Uses Testing of methodologies (to be Management Firewall Specification Includes Network Logically Policies shown later), Filtering Separated Monitoring Control Minimal Access Rules Network Points between ICS and Corporate Network Requirements 15

  16. ExSol : A Risk Analysis Framework based on Security Requirements for EDS ExSol Activity Current/ OntoEDS EDSGuard Refresher Future Work 16

  17. The Exploitation-Solution ( ExSol ) Framework EDS-SAT • Leverages OntoEDS and EDS-SAT for risk analysis and mitigation, ... Ontology P 1 P 2 P 3 P n Requirements Repository / Engine Data Processing Modules • Elucidates metrics that are cohesively combined in a mathematical model, Data Collection Modules ... • Risk = the probability that a particular threat will exploit a particular vulnerability of a EDS system* Infrastructure *Vaughn, Rayford B., Ronda Henning, and Ambareen Siraj. "Information assurance measures and metrics-state of practice and proposed taxonomy." In System Sciences, 2003. Proceedings of the 36th Annual Hawaii International Conference on , pp. 10-pp. IEEE, 2003. 17

  18. The ExSol Risk Score ExSol • Combines different metrics into a single score to understand the risk of a system, Exploit Solution • Exploitation metrics and Solution metrics Score Score are matched up against one another, Threat/Attack Req/Solution • Each metric’s sub-score is calculated on a Metrics: Metrics: scale from 1 (least) to 5 (greatest), Impendence Effectiveness • • • Severity • Relevance • Relevance* • Implementation* • Scores determined collaboratively by global and/or local experts, * Sub-scores calculated using EDS-SAT processing modules • Calculated for an asset, but can be done for threats and attacks as well, 18

Recommend


More recommend