Beruflich Dokumente
Kultur Dokumente
Robert Alston
Principle Lead Network and Security Consultant
Over 25 years network experience including design, implementation, troubleshooting and integration of firewalls,
routers switches and infrastructure Robert has several certifications in the field of networks and security (CISSP
routers, switches and infrastructure. Robert has several certifications in the field of networks and security. (CISSP,
Cisco CCNA, Cisco CCDA, Certified Unix Engineer (CUE), Control System Security –US Department of Homeland
Security) and Robert also has a Six Sigma Green Belt . Robert is based in Duluth, Georgia USA.
2
Agenda
Secure Process Control Architecture
• Defining Secure Network Architecture
– What is a secure network architecture
– Why y a secure network architecture
– Who needs a secure network architecture
3
Defining Secure Network Architecture
4
What Is a secure Network Architecture?
• Controlled Access
• Highly
g y available ((Redundancy)
y)
5
Why a secure network architecture?
• Targeted Attacks
• Open Systems
6
Who needs a secure network architecture?
• Critical Infrastructure
• Regulated Industries
• Manufacturing
7
Designing Secure Network Architecture
8
Defense in depth
• Layers of protection
• Resilient to attack
9
Layers of security
• Physical
y
– Gates, locks, doors, etc.
Process Control
System
• Electronic
– Biometric, proximity, etc. Cyber
• Cyber Electronic
• Process control
– Application access,
access role
role-based
based access,
access etc
etc.
10
Security Assurance Levels (SAL)
11
Manufacturing automation architecture
OFFICE DOMAIIN
Level 4 4 - Establishing the basic plant schedule -
Business Planning
production, material use, delivery, and
& Logistics shipping. Determining inventory levels.
Plant Production Scheduling,
Operational Management, etc
Time Frame
O
Months weeks
Months, weeks, days
MAIN
and optimizing the production process.
p
Operations Management
g
CONTROL DOM
Time Frame
Dispatching Production, Detailed Production
Scheduling, Reliability Assurance, ... Days, Shifts, hours, minutes, seconds
ISA99
Level 2 2 - Monitoring, supervisory control and
automated control of the production process
PROCESS C
Time Frame
Batch Continuous Discrete Hours, minutes, seconds, subseconds
Control Control Control
Level 1 1 - Sensing the production process,
manipulating the production process
Level 0 0 - The actual production process
12
Typical PCS Network Topology
Enterprise Switch Comm flow
een L4 & L3
5 to L4
Level 4 L4 to
Limiited
L4
Firewall
Very
y
munications betwe
L3.5
Terminal Patch Anti PHD
eServer Limited
Level 3.5 DMZ Server Mgmt Virus Shadow
L3.5 to
Server Server Server
PHD L3.5
Limited L3
Domain ESF Experion EAS 3RD Party App Subsystem
Server
Controller Server Interface
to L3.5
No Direct comm
Veryy
L3 to
L3
Level 3 Router Optional HSRP
or L2
d L2 to
Router
mited L2
Limite
ESC ESF ACE Experion EST ESVT Safety Terminal Domain
L3.5
Server
L3
Manager Server Controller
Veryy
s between L1 & L3
3
to L
Lim
L2 to
L2
Level 2 Qualified Cisco Switches
2 to
Limite
Level 1
N communications
d L2
L1
L1 to
or L4
L1
No
o
13
Security levels
– Level 1 - Controllers and real time control
– Level
L l 2 – Servers,
S O
Operator
t Stations
St ti and
d supervisory
i control.
t l
– Level 3.5 - DMZ accessed from the Business Network and the PCN.
14
Level 4
Enterprise Switch Comm flow
een L4 & L3
5 to L4
Level 4 L4 to
Limiited
L4
Firewall
Very
y
munications betwe
L3.5
Terminal Patch Anti PHD
eServer Limited
Level 3.5 DMZ Server Mgmt Virus Shadow
L3.5 to
Server Server Server
PHD L3.5
Limited L3
Domain ESF Experion EAS 3RD Party App Subsystem
Server
Controller Server Interface
to L3.5
No Direct comm
Veryy
L3 to
L3
Level 3 Router Optional HSRP
or L2
d L2 to
Router
mited L2
Limite
ESC ESF ACE Experion EST ESVT Safety Terminal Domain
L3.5
Server
L3
Manager Server Controller
Veryy
s between L1 & L3
3
to L
Lim
L2 to
L2
Level 2 Qualified Cisco Switches
2 to
Limite
Level 1
N communications
d L2
L1
L1 to
or L4
L1
No
o
15
Level 4
– IIs the
th business
b i network
t k with
ith clients
li t ffor Hi
Historians
t i or Ad
Advanced
d
Control applications.
– Untrusted Network
– Separated by a firewall
16
Level 3.5
Enterprise Switch Comm flow
een L4 & L3
5 to L4
Level 4 L4 to
Limiited
L4
Firewall
Very
y
munications betwe
L3.5
Terminal Patch Anti PHD
eServer Limited
Level 3.5 DMZ Server Mgmt Virus Shadow
L3.5 to
Server Server Server
PHD L3.5
Limited L3
Domain ESF Experion EAS 3RD Party App Subsystem
Server
Controller Server Interface
to L3.5
No Direct comm
Veryy
L3 to
L3
Level 3 Router Optional HSRP
or L2
d L2 to
Router
mited L2
Limite
ESC ESF ACE Experion EST ESVT Safety Terminal Domain
L3.5
Server
L3
Manager Server Controller
Veryy
s between L1 & L3
3
to L
Lim
L2 to
L2
Level 2 Qualified Cisco Switches
2 to
Limite
Level 1
N communications
d L2
L1
L1 to
or L4
L1
No
o
17
Level 3.5
– Level 3
3.5
5
18
Level 3.5
Enterprise Switch Comm flow
een L4 & L3
5 to L4
Level 4 L4 to
Limiited
L4
Firewall
Very
y
munications betwe
L3.5
Terminal Patch Anti PHD
eServer Limited
Level 3.5 DMZ Server Mgmt Virus Shadow
L3.5 to
Server Server Server
PHD L3.5
Limited L3
Domain ESF Experion EAS 3RD Party App Subsystem
Server
Controller Server Interface
to L3.5
No Direct comm
Veryy
L3 to
L3
Level 3 Router Optional HSRP
or L2
d L2 to
Router
mited L2
Limite
ESC ESF ACE Experion EST ESVT Safety Terminal Domain
L3.5
Server
L3
Manager Server Controller
Veryy
s between L1 & L3
3
to L
Lim
L2 to
L2
Level 2 Qualified Cisco Switches
2 to
Limite
Level 1
N communications
d L2
L1
L1 to
or L4
L1
No
o
19
Level 3
– Level 3
• Connections for Historians and Advanced Control
• Routing
• HSRP
20
Level 2
Enterprise Switch Comm flow
een L4 & L3
5 to L4
Level 4 L4 to
Limiited
L4
Firewall
Very
y
munications betwe
L3.5
Terminal Patch Anti PHD
eServer Limited
Level 3.5 DMZ Server Mgmt Virus Shadow
L3.5 to
Server Server Server
PHD L3.5
Limited L3
Domain ESF Experion EAS 3RD Party App Subsystem
Server
Controller Server Interface
to L3.5
No Direct comm
Veryy
L3 to
L3
Level 3 Router Optional HSRP
or L2
d L2 to
Router
mited L2
Limite
ESC ESF ACE Experion EST ESVT Safety Terminal Domain
L3.5
Server
L3
Manager Server Controller
Veryy
s between L1 & L3
3
to L
Lim
L2 to
L2
Level 2 Qualified Cisco Switches
2 to
Limite
Level 1
N communications
d L2
L1
L1 to
or L4
L1
No
o
21
Level 2
– Level 2
• Supervisory control
• Connection to Level 1
• FTE capable
22
Level 1
Enterprise Switch Comm flow
een L4 & L3
5 to L4
Level 4 L4 to
Limiited
L4
Firewall
Very
y
munications betwe
L3.5
Terminal Patch Anti PHD
eServer Limited
Level 3.5 DMZ Server Mgmt Virus Shadow
L3.5 to
Server Server Server
PHD L3.5
Limited L3
Domain ESF Experion EAS 3RD Party App Subsystem
Server
Controller Server Interface
to L3.5
No Direct comm
Veryy
L3 to
L3
Level 3 Router Optional HSRP
or L2
d L2 to
Router
mited L2
Limite
ESC ESF ACE Experion EST ESVT Safety Terminal Domain
L3.5
Server
L3
Manager Server Controller
Veryy
s between L1 & L3
3
to L
Lim
L2 to
L2
Level 2 Qualified Cisco Switches
2 to
Limite
Level 1
N communications
d L2
L1
L1 to
or L4
L1
No
o
23
Level 1
Level 1
24
Zone & Conduit model
CONDUITS
25
Example – Zones and conduits
L2 to L2
LCN
Control Switch Pair
Firewall
P i
Pair NIM FSC
L1 to L1
PM
C300 C200 Family
Controller Controller
26
Malicious code – Building Blocks
Content Security and Control
27
Additional security boundaries
28
Architecture
Standards build
ISA99.03.03
29
Thank you
www honeywell com/ps
www.honeywell.com/ps
30