verticale

Functional Safety VS. Cyber Security – Experience & Trend

(in lingua inglese)

- Functional Safety & Cyber Security
- Safety vs Security
- Cyber Security Requirements
- Cyber Security Product Requirements
- Relation between Functional Safety and Cyber Security
- Application Program to PLC via USB stick

Scarica il PDF Scarica il PDF
Aggiungi ai preferiti Aggiungi ai preferiti


Atti di convegni o presentazioni contenenti case history
mcT Cyber Security novembre 2017 Cyber Security per i sistemi ICS - Industrial Control System

Pubblicato
da Benedetta Rampini
mcT Cyber Security 2017Segui aziendaSegui




Settori: 

Parole chiave: 


Estratto del testo
Milano, 30 novembre 2017 Gli atti dei convegni e pi di 8.000 contenuti su www.verticale.net Cyber Security Alimentare Petrolchimico Petr DNV GL 2016 SAFER, SMARTER, GREENER DNV GL 2016 DNV GL Business Assurance Functional Safety VS. Cyber Security ' Experience & Trends 1 28 Novembre 2017 DNV GL 2016 Functional Safety & Cyber Security 2 Cyber Security Defence against negligent and wilful
actions to protect devices and facilities Functional Safety Defence against random and systematic
failure to protect life and environment DNV GL 2016 Safety vs Security 3 SAFETY Constant Risk Quantitative Approach Failure -> Safe State SECURITY Evolutionary risk Qualitative Approach Threats -> Availability, Confidentiality, Integrity DNV GL 2016 Cyber Security Requirements 4 General Policy & Procedures System Components 4-1 Product development requirements 4-2 Technical Security requirement for IACS Component 3-1 Security technologies for IACS
3-2 Security Levels for zones and conduits
3-3 System Security requirements and levels 2-1 Security Management
2-2 Implementation guidance
2-3 Patch management
2-4 Installation & maintenance 1-1 Terminology
1-2 Master glossary
1-3 System Secuirty
1-4 IACS security lifecycle and use-case DNV GL 2016 Cyber Security Product Requirements 5 DNV GL 2016 Relation between Functional Safety and Cyber Security 6 7.4.2.3 If the hazard analysis identifies that malevolent
or unauthorized action, constituting a security threat, as
being reasonably foreseeable, than a security threats
analysis should be carried out
. NOTE 3 For guidance on security risk analysis, see IEC
62443 series. DNV GL 2016 Relation between Functional Safety and Cyber Security 7 7.5.2.2 If security threats have been identified, then a
vulnerability analysis should be undertaken in order to
specify security requirements. NOTE Guidance is given in IEC 62443. DNV GL 2016 Relation between Functional Safety and Cyber Security 8 Risk and Threat analysis Functional Safety Specification CyberSecurity Specification SIL 1 SIL 2 SIL 3 SIL 4 SL 1 SL 2 SL 3 SL 4 DNV GL 2016 Application Program to PLC via USB stick 9 SYSTEM REQUIREMENTS SPECIFICATION
STANDARDS
[SRS_RQ1]_FS IEC 61508:2010 [SRS_RQ2]_CS IEC 62443-4-1:2016 [SRS_RQ3]_CS IEC 62443-4-2:2016 FUNCTIONS [SRS_RQ4]_FS The process time is 500ms [SRS_RQ5]_FS Low Demand Application [SRS_RQ6]_FS SIL 3 [SRS_RQ7]_FS In case of faults, the process have to stop [SRS_RQ8]_CS Application Program will be transferred to the PLC
via USB-stick with SL2 DNV GL 2016 Security Level 10 Nessuna protezione richiesta Protezione contro violazioni casuali o non volute Protezione contro violazioni intenzionali utilizzando strumenti non evoluti e con bassa
motivazione
Protezione contro violazioni intenzionali utilizzando strumenti sofisticati con moderata
motivazione
Protezione contro violazioni intenzionali utilizzando strumenti molto sofisticati con alta
motivazione
SL 0 SL 1 SL 2 SL 3 SL 4 Definition Confidence level DNV GL 2016 Threat modelling 11 Le gend El emen t Spo of ing Tam pe ri ng R ep ud ia ti on Infor ma ti on D isc los ur e D en ial of ser vi ce El ev a ti on of pr ivi le ges Entry Point X X Data
flow X X X CPU X X X X X X Data Store X X X IEC 62443-4-1 DNV GL 2016 SW ARCHITECTURE DESIGN 12 Tampering Application program + Checksum HAZARD Information disclosure DNV GL 2016 Firmware Architecture 13 SECURE SW SAFE SW STANDARD SW SAFE SW ' Safety Function ' Diagnosis SECURE SW ' Authentication ' Encryption ' Hash Codes Segregation mechanism need to be
applied DNV GL 2016 Integration and system test validation 14 IEC 61508-3, 7.3 and IEC 62443-4-1 Functional and black-box testing ' Manipulated program ' Wrong checksum ' Boundary tests ' Interruption USB connection ' Defect USB-stick with internal short cut DNV GL 2016 We have seen that 15 ' Functional Safety and Cyber Security Standards consider the product lifecycle from specification to design, operation and maintenance ' Requires risk and threat analysis ' Need to specify safety and security levels ' Operators will push for more Cyber Security ' Regulations and law push for more Cyber Security ' No safety without security DNV GL 2016 SAFER, SMARTER, GREENER www.dnvgl.it 16 Mauro Gennaaccaro
mauro.gennaccaro@dnvgl.com +39 329 8928723 @DNVGLBA_IT DNV GL ' Business Assurance Italia


© Eiom - All rights Reserved     P.IVA 00850640186