Deterring, Protective, Delaying And Detective Application .

8m ago
46 Views
0 Downloads
1.28 MB
34 Pages
Last View : Today
Last Download : n/a
Upload by : Troy Oden
Share:
Transcription

International Conference on Physical Protectionof Nuclear Material and Nuclear Facilities13-17 November 2017, ViennaDeterring, Protective, Delaying AndDetective Application Security ControlsFor Nuclear FacilitiesMs. Deeksha GuptaAREVA GmbH, Erlangen, PhD CandidateMs. Xinxin LouBielefeld University, PhD CandidateMr. Mathias LangeMagdeburg-Stendal University of Applied Sciences,Institute of Electrical Engineering, MagdeburgDr. Karl WaedtAREVA GmbH, Erlangen

Our Main Projects.FINLANDRUSSIANovovoronesh II 1&2Leningrad II 1&2Olkiluoto 3GREAT BRITAINHinkley Point CFRANCEFlamanville 3SLOVAKIAMochovce 3&4CHINATaishan 1&2Tianwan 3&4Fuqing 5&6Incore Instrumentation forall CPR-1000 reactorsBRAZILAngra 3AREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 2All rights are reserved, see liability notice.

Our Portfolio in Security. Monitoring Equipment,e.g. SIPLUG with newestIndustry 4.0 InteroperabilityOPC Unified Architecture Optical Data Diodes Customized Nuclear & Industrial Security OffersConsulting OPANASec protection for SCADAProducts & SolutionsISMS: ISO/IEC 27000Automation SecuritySecurity SimulationsApplication NormativeFrameworksAudit SupportServicesThreat AnalysisImplementation ofCountermeasuresPhysical ProtectionSystem HardeningAwareness TrainingsForensic ReadinessSurveillance & Tests Cybersecurity R&D AREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 3All rights are reserved, see liability notice.

Outline1Introduction2Security Controls3Security Controls Model43D Modeling of Physical Components5SummaryAREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 4All rights are reserved, see liability notice.

Introduction

IntroductionTypes of Security ControlsSecurity controls are applied: To meet the main focus of security: availability and integrity To minimize the risk of physical and cyberattack to the facilityMain types of security controls: Administrative e.g., risk management, personnel security, and training Technical hardware or software components Physical fencing, lightning, doors, locks and security guards etc.AREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 6All rights are reserved, see liability notice.

IntroductionScope of Security ControlsPreventive Controls can be subdivided into: Deterring harder for attacker to come close to the target Protective strong protection, e.g., unidirectional security gateway (data diode) Delaying login protected with a password delay in second attempt of passwordDetective ControlsCorrective ControlsAREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 7All rights are reserved, see liability notice.

Safety Defense-in-Depth (Safety DiD) andSecurity Defense-in-Depth (Security DiD)Safety DiD Derived from Nuclear Safety Objectives Traditionally considered in line with the Safety CultureSecurity DiD Derived from Physical Security and Cybersecurity Objectives Basis for the Security Zone Model and Grading of Security ControlsAREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 8All rights are reserved, see liability notice.

Safety Defense-in-DepthOverall Safety TargetAcceptanceCriteriaSevere AccidentsRisk Reduction LineMain LineReliability ClaimPreventive LineDesign Basis CategoriesDBC 1/2DBC 3/4DEC A/BSevereAccidentsDesign Basis and Design Extension ConditionsAREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 9All rights are reserved, see liability notice.

Security Defense-in-DepthSecurity controls should be placed to provide a security defense-in-depth coordinated use of multiple security controls in a layered approachAREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 10All rights are reserved, see liability notice.

Security defense-in-depthDomain Based Security (DBSy) GradingAREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 11All rights are reserved, see liability notice.

Security Defense-in-DepthProtective: to assure the protection of an asset from an assumed specificPreventivesecurity threatDeterrence and delay: to avoid the attack or at least delay that for longenough to counter actDetection of attacks: initially those that were not deterred, but may includeDetectiveattempts at attacksAssessment of attacks: to find out the nature and severity of the attack.For e.g., the number of false passwords entryCommunication and notification: to make aware responsible authoritiesand/or computer systems from the attack in a timely mannerCorrective Network and system management play an important role in this workResponse to attacks: involves the actions by responsible authorities andcomputer systems to minimize the effect of an attack in a timely mannerAREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 12All rights are reserved, see liability notice.

Security Controls

Preventive ControlsTo block an intruder from successful penetration of a physical securitycontrol of the facilityExample:security guard, security awareness training, video surveillance, firewall, Biometric accesscontrol, antivirus software, etc. Example of protective Control:(a) Data Diode (High Security to Low Security Zone)(b) Data Diode (Low Security to Higher Security Zone)AREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 14All rights are reserved, see liability notice.

Detective ControlsTo increase the protection from any malicious act by monitoring theactivitiesDo not stop any malicious act to happenDetective Controls identify and log themEarly detection of a malicious act enables a quick responseEffectiveness of the security controls defined by probability of detectionExamples: Logging, e.g. card reader indication, video surveillance (assuming appropriate lighting), alarms, intrusion detection systems identifications, etc.AREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 15All rights are reserved, see liability notice.

Security ControlsModel

Security Controls ModelSecurity Controlsreduces likelihoodof success ofDeterrent ControlThreat AgentInstalls &triggersDelaying ControlExploitpromptsmakesuse ofDetective ControldeterminesExposuresCritical AssethasValuehasVulnerabilityeliminatesProtective ControlmitigatesCorrective Controlresults inImpactsAREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 17All rights are reserved, see liability notice.

3D Modeling of PhysicalComponents

Principle of 3D Modeling3D models represent virtual images with a internal hierarchical structureTo develop a 3D model, a modeling tool with a 3D engine is requiredThe 3D engine can manage multiple scenesA scene consists of one camera, a certain number of lights and severalmeshesThe meshes represent a 3D model3DEnginecan be hierarchical structuredScenesCameraLightsMeshesAREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 19All rights are reserved, see liability notice.

Principle of 3D ModelingThe hierarchical structure helps to organize the 3D objects/ meshesAnd should base on a graph with parent-child relationships:Parent Each node has: one parent array of childrenChildChildChild Each child can be: a single 3D Object another node This structure is going to help us to identify security zones and to place thesecurity controls. (Later more)AREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 20All rights are reserved, see liability notice.

1. Physical asset modeling: CabinetexampleRoot node with 2 childrengroups alldoor nodesCabinetcorpusRear doorLegend:NodeAREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 21All rights are reserved, see liability notice.3DObject

2. Room modeling:I&C room exampleNew root nodewith 5 childrenRoomcorpus Cabinet structurewas modeledin the first stepAREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 22All rights are reserved, see liability notice.

3. Floor - 4. Building - 5. Site/IslandModelingSite/Island level Building level Floor levelRoom levelSafeguardbuilding 1I&C Room(2. Floor)Safeguardbuilding 2FuelbuildingSafeguardbuilding 3Safeguardbuilding 4AREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 23All rights are reserved, see liability notice.

AutomationMLThe 3D Model with the hierarchical structure must also be stored persistentlyAutomationML (IEC 62714-x) is a exchange format for plant engineeringinformation and allows to store:Data FormatStandardGeometry/ 3D dataCOLLADAcoming soonKinematic dataCOLLADAcoming soonLogic dataPLCopenIEC 61131-xCAEXIEC 62424Topology/ Hierarchicalstructureof single components or of a complete site.AutomationML supports the combination of physical models with logicalmodels(For example: To combine the physical zones with the logical zones)AREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 24All rights are reserved, see liability notice.

Linking SecurityControlsThe security relevant assets should be protected by security controlsBy developing a 3D Model with a hierarchical structure, the securitycontrols can be placed at their effective position I&C roomAREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 25All rights are reserved, see liability notice.

Linking SecurityControlsThe security relevant assets should be protected by security controlsBy developing a 3D Model with a hierarchical structure, the securitycontrols can be placed at their effective positionTo assure the correct implementation, the security controls are linked to thedescription and implementation guidance from IEC 62443-x-x and ISO/IEC27002:2013 I&C roomISO/IEC 27002:201311.1.2 Physical Entry Controlsb) Access to areas where confidential information is processed or stored should berestricted to authorized individuals only by implementing appropriate accesscontrols, e.g. by implementing a two-factor authentication mechanism such as anaccess card and secret PIN.AREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 26All rights are reserved, see liability notice.

Linking SecurityControlsImplementation of the persistent linking: The general security standards like ISO/IEC 27002:2013are hierarchically structuredThe Standards can bemodeled as XML elementsor JSON objects.Each section of the standard should get a unique ID for the linkingAREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 27All rights are reserved, see liability notice.

Implementation ofpersistent linkingThe 3D Model is also hierarchically structured by the modelingprocedureThe file format for the 3Dmodels is typically also basedon XMLBy modeling the 3D models with a graph, each 3D object should alsoget a unique ID for the identificationAREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 28All rights are reserved, see liability notice.

Implementation ofpersistent linkingXML FileISO/IEC 27002:201311.1.2 Physical Entry Controlsb) Access to areas where confidential informationis processed or stored should be restricted toauthorized individuals only by implementingappropriate access controls, e.g. by implementinga two-factor authentication mechanism such as anaccess card and secret PIN.AREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 29All rights are reserved, see liability notice.Seite

Summary

SummaryDeterring, protective and delaying controls are comprised as preventivesecurity controls [New IEC 63096]Strong preventive security controls is very important in the nuclear domainStrong protective controls, e.g., data diodes, effectively prohibit an attackWhere strong protective security controls cannot be applied: Deterring and delaying controls will add an additional layer of Security DiD and reduce the WOP for threat agentsDevelopment of a 3D model: Great potential to support the practical implementation for the physical securityparts of the security standards 3D Model are useful to place physical security controls at the effective positionsAREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 31All rights are reserved, see liability notice.

AcknowledgementSome of the modelling-analyses are being elaborated aspart of AREVA’s participation in the “SMARTEST”Cybersecurity Testing R&D with three GermanUniversity partners, partially funded by German MinistryBMWi.AREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 32All rights are reserved, see liability notice.

Editor and Copyright [2017]: AREVA GmbH – Paul-Gossen-Straße 100 – 91052Erlangen, Germany. It is prohibited to reproduce the present publication in itsentirety or partially in whatever form without prior written consent. Legal action maybe taken against any infringer and/or any person breaching the aforementionedprohibitions.Subject to change without notice, errors excepted. Illustrations may differ from theoriginal. The statements and information in this brochure are for advertisingpurposes only and do not constitute an offer of contract. They shall neither beconstrued as a guarantee of quality or durability, nor as warranties ofmerchantability or fitness for a particular purpose. These statements, even if theyare future-orientated, are based on information that was available to us at the dateof publication. Only the terms of individual contracts shall be authoritative for type,scope and characteristics of our products and services.AREVA NPDeterring, Protective, Delaying and Detective Application SecurityControls for Nuclear Facilities– Deeksha Gupta– 2017-11-16 AREVAp. 33All rights are reserved, see liability notice.

International Conference on Physical Protectionof Nuclear Material and Nuclear Facilities13-17 November 2017, ViennaDeterring, Protective, Delaying AndDetective Application Security ControlsFor Nuclear FacilitiesMs. Deeksha GuptaAREVA GmbH, Erlangen, PhD CandidateMs. Xinxin LouBielefeld University, PhD CandidateMr. Mathias LangeMagdeburg-Stendal University of Applied Sciences,Institute of Electrical Engineering, MagdeburgDr. Karl WaedtAREVA GmbH, Erlangen

Detective Application Security Controls For Nuclear Facilities Ms. Deeksha Gupta AREVA GmbH, Erlangen, PhD Candidate Ms. Xinxin Lou Bielefeld University, PhD Candidate Mr. Mathias Lange Magdeburg-Stendal University of Applied Sciences, Institute of Electrical Engineering, Magdeburg Dr. Karl Waedt AREVA GmbH, Erlangen