One of the ways that wireless networks ensure that the networks are secure is to limit the way that devices can join the network. In order to join a wireless network, the device needs to have join key. A device wishing to join the network encrypts its join request with its join key and sends the join request to the network or system manager. If the network manager has a corresponding join key for the device wishing to join (all devices are identified by unique IDs), the network manager approves the join and responds by allowing the device into the network. The device is then issued unique session and broadcast keys for each device it wishes to communicate with. In a secure network, keys are encrypted and transferred from the network or system manager to the device. At a minimum, devices will have unique session keys for communicating with the gateway and network or system manager. A session enables private and secure communication between a pair of network addresses. Only the network manager may create or modify sessions.
Join keys are entered into devices through a process called provisioning. In WirelessHART devices can be provisioned using the FSK modem port (i.e. connects wires and writes the join key into the devices memory). In SP100, the provisioning interface is unspecified and will be the responsibility of each supplier to provide. Once joined, all communication between devices is encrypted, and all packets are protected with a message integrity code. The network is protected from replay attacks.
Greg: How do users get started?
Mark: I recommend a cyclical approach. Start with a security assessment. From this, select the places where your system and operation are most at risk, address those first and keep going. Along the way, I recommend putting in on-going measures to evaluate how well the implementations are working. This is an on-going process.
Stan: How can technical managers evaluate risk?
Mark: Before evaluating risk, it is important to ask the question, What are you protecting against? Risks include natural, technological or terrorist sources. Keeping the lights on, no matter what is a huge task, mostly performed out of public sight, except when problems arise, as with the blackout of 2003 and, of course, Hurricanes Katrina and Rita in 2005. Once you have a good idea of what you are protecting against, you need to look at your current operation and systems. System designers and operators struggle to balance the requirements of highly reliable, real-time operations against the demand of increasingly efficient and cost-effective service, where operating margins are cut to the bone in a deregulated environment. Terrorism only adds to the challenge, because attackers seek vulnerabilities, communicate with one another and learn to defeat defensive measures. Once you have determined what you are protecting against and have good information on how your systems currently are put together, start dividing your operation and systems into zones. ISAs SP99 spec is a good source of information.
Greg: Have there been any reported cases of cyber attacks in the control industry?
Mark: This is an interesting question. The majority of security breaches are internal. A study by the FBI and the Computer Security Institute on Cybercrime released in 2000 found that 71% of security breaches were carried out by insiders. Critical infrastructure security expert, Eric Byres, has a good explanation for this, Control systems have become a target of opportunity rather than a target of choice. Byres goes on to note that the transition from proprietary systems to open systems, such as Windows and Linux, has opened the door for common IT attacks, such as viruses. Herman Storey added to this, he described a real-life an actual situation where shutting down a corporate computer to install patches caused a disruption to key data required by the control system which in turn caused some equipment to shutdown.
Greg: We conclude with some comic relief from Randy Reiss who has become our ultimate resource for top ten lists.
Top Ten Reasons why the IT Guy Thinks Security is Lax
10. He found your password list written on the wall in Stall #3 of the bathroom.
9. Those stupid users keep including the password for their password-protected zip file attachment in the body of the same email.
8. Its common knowledge that the best pickup line in the bar just outside the plant entrance is Hey baby, whats your password?
7. The enforcement of password complexity has had a direct effect on the pen and paper consumption at the plant.
6. You dont have all 254 critical Microsoft security updates on your PC.
5. Youre logged in as administrator.
4. Your password never expires.
3. He thinks that all computers are connected to the Internet.
2. The DCS is not integrated into the corporate Windows domain.
1. Youre not running Vista.
Top Ten Reason Security is Lax at the Plant
10. Last Wednesday, your mother-in-law showed up in the control room wearing slippers and her pajamas with your lunch pail that you left on the kitchen table this morning. When you asked her how she got past security, she said, What security?
9. Unbeknownst to management, cell-phone texting has replaced the walkie-talkie.
8. A simple call to IT saying, I forgot my password will have your password reset to password.
7. An audit showed that 90% of the passwords are now password.
6. The UPS man has more sophisticated computer equipment than the plant.
5. The last time you were back in the tank farm, there was an auction going on.
4. The most popular text message at the plant is w@z yr pw
3. Zipping your document, password protecting it, communicating the password separately from the email to which it is attached, and hoping the recipient can unzip it is a lot harder than printing a zillions hardcopies and distributing it at meetings.
2. Look under your keyboard
1. The firewall has more holes in it than last quarters stockholders report.