ABB GEBRUIKERSDAG 2019

—
INDUSTRIAL AUTOMATION

ABB Ability™ Cyber Security Services

An overview of the available and upcoming cyber security services from ABB
Kees van Overveld – Global Product Manager Cyber Security Services
—
About Me
—
Kees van Overveld
Global Product & Portfolio Manager IA-PCP

Global Product and Portfolio Manager

Technical Product Manager

Consultant

Application Engineer

2000 2008 2017 2019

25 September 2019 Slide 3

—
Scenario
—
Scenario
What?

25 September 2019 Slide 5

—
Scenario
Complicated

Analysis
– Hacker had access for several months already
• Plenty of time for information gathering and analyzing your
process

– Backups were outdated

• Some even non-functional

25 September 2019 Slide 6

—
Scenario
How

Analysis
– Employees did not know how to handle removable media
– Malware protection was disabled
– No patches were installed
– Back-ups were taken infrequently, incorrect and never tested
– Network connections were bypassing the firewall
– Service account was used for day-to-day work

25 September 2019 Slide 7

—
It is not fiction, it is real!
—
Norsk Hydro

Source:
https://www.hydro.com/en/media/news/2019/hydro-subject-to-cyber-attack/

Source:
https://www.hydro.com/en/media/news/2019/update-on-cyber-attack-april-12/
—
Asco

Source:
https://www.tijd.be/ondernemen/luchtvaart/asco-ligt-al-derde-week-stil-na-cyberaanval/10138910.html
—
—
ABB has services to help protect your assets
—
ABB AbilityTM Cyber Security Services
Portfolio aligns with NIST Cyber Security Framework

Identify Protect Detect Respond & Recover Support

Understand risks Remediate key risks Monitor for attacks Build resiliency Continued support

– Perform assessments – Provide validated
and collect inventory to updates and
identify what needs to implement custom
be protected configured solutions
for endpoint
protection
– Monitor systems to – Execute incident – ABB can provide
detect breaches and response exercises to training, assessment
vulnerabilities. Collect prepare for an incident services, strategy /
and analyze security if compromised. policy creation, and
logs Reduce impact of compliance services
incident by recovering and vulnerability
quickly testing

Cyber Security Management

Compliance. IEC 62443, ISO27000, HSE OG 86, NIST, NIS Directive, NERC CIP

25 September 2019 Slide 13

—
ABB AbilityTM Cyber Security Services
Portfolio aligns with NIST Cyber Security Framework
Identify
– Cyber Asset Inventory
– Cyber Security Fingerprint
– Threat Intelligence
– Cyber Security Risk
Assessment
– Vulnerability and
Penetration Testing
25 September 2019 Slide 14
Protect Detect Respond & Recover Support
ABB Solutions
– Malware Protection – Whitelisting – Incident Response – Cyber Solution Updates
– Security Patch – Anomaly Detection – Cyber Drills – Network Design Support
Management
– Security Log Collection – Malware Analysis
– System Hardening
– Security Event Monitoring – System Restoration
– Backup and Recovery (SIEM)
– User and Access – Network Monitoring
Management
– Network Management
ABB Consulting Services
– Compliance Services – Cyber Security Training – Strategy and Policy – Reference Architecture
Creation
– Independent Assessment
– Lifecycle Management
– Cyber Maintenance
Support
—
ABB AbilityTM Cyber Security Asset Inventory
Would have detected the unknown devices

Key functions
– Passive probing of the network
• Using SPAN/MIRROR
• New devices which communicate will be automatically
detected

– Results enhanced with information from active probing

25 September 2019 Slide 15

—
ABB AbilityTM Cyber Security Fingerprint
Would have detected the inactive malware protection, missing updates and more

Key functions
– Data collector & analysis towards KPIs
– Fingerprint following the MCS Fingerprint philosophy 800xA

– also available in Service App on Laptop 800 M

Advant
MOD 300
Freelance
Data
Satt Collector Health Cyber Security Inventory
SQL
DCI System SIX
Analysis
Symphony Plus
Harmony
Melody
PGP
P14
3rd Partys
IT Networks

25 September 2019 Slide 16

—
ABB AbilityTM Cyber Security Endpoint Protection
Would have detected the malware

Key functions
– Traditional Anti Virus
• Still a “must have”
• Current support for McAfee VirusScan Enterprise and
Symantec EndPoint Protection
– Whitelisting
• SE46 is EOS and EOL end of 2019
• Validating McAfee Application Control as replacement*
– 3rd Party EPP Validation-as-a-Service**
• New technologies for EPP change the market
• Growing variety of suppliers and solutions
• A validation service for 3rd party software allows to support
customer requests, which are not covered out of the box

* Validation ongoing
25 September 2019 Slide 17
** Scheduled to be released 2020
—
ABB AbilityTM Cyber Security Updates
Would have prevented using known weaknesses in the system

Key functions
– Online deployment Cloud My Control System
• Via local WSUS Status

• Via Service Station* Patch disc

Security Update Service download

– Offline deployment**
• Via import to a local WSUS
• Via import to the Service Station* RAP
on premise

L3 DCS

L 1-2
– Local WSUS
– Service Station*

* Covered on later slides

25 September 2019 Slide 18
** Currently in development
—
ABB AbilityTM Cyber Security Event Monitoring*
Collect events and forward to a SIEM solution

Key functions
– Collector and forwarder for events to various SIEM’s in market
• Supporting Syslog RFC 5424, LEEF and CEF formatting
• Adding the SID as unique identifier to the message
– Support active ABB control systems
– Use of on-Premise MCS for
• Preprocessing of events with correlation rules
• Log Aggregation
• Monitoring and reporting

25 September 2019 Slide 19 * In development, pilots with 800xA running

—
Hardening Services
Would have prevented usage of removable media

Key functions
– Standardization across Business Units/Countries
– Support New Windows Operating Systems
– Support Hybrid Control Systems
– Native Product Support DCS Hardening Package
contains system settings
– Hardening non-Windows devices (e.g. BIOS, USB ports, switches)

NE840 NE871
Client/Server networks

NE870

NE820

Process control Safety control

networks networks

Field network
backbone

NE801 NE802 NE810

Field network
ring

Power and
Process Equipment

25 September 2019 Slide 20

—
Service Station*
Combining multiple solutions into one station

Key functions
– Patching
• Online / Offline
ABB Ability™ ABB Ability™
– Anti malware Service Station Cloud Services
(optional)
3rd party solutions 3rd party Modules Flexible options
• Anti Virus Links to interface •
•
Patching
Endpoint
backup example
• Acronis
Protection • Quest
• Whitelisting •
•
Backup
Remote Access
• Veaam

– Local dashboard
Dashboards ABB Modules and
– Backup & Recovery solution Navigation/Search tools
• Assets • MCS On-Premise
– Remote Access • Tags
Status
•
•
Log Aggregation
SPDC ABB Ability™
• Endpoint • Event forwarder myABB/MCS/SUS
– Log aggregation •
protection
Updates
• Hardening
– SPDC • DCS health ABB Ability™
ABB Ability™ EDGE
Actions •
Initiate update Asset Inventory
– Asset Inventory
• •
• Initiate backup • Fleet management ABB Ability™
Reporting Platform

25 September 2019 Slide 21 * Scheduled to be released 2020

—
Q&A
—
Q&A

25 September 2019 Slide 23