Document Sample
Mix Powered By Docstoc
					                         Trustworthy Wireless –
                         Security-Plus Without Wires

Standards                Wayne W. Manges; Oak Ridge National Laboratory
                         Scott Mix; North American Electric Reliability Corporation
Education & Training
Conferences & Exhibits
                                May 19, 2008                                   1
• Wayne W. Manges; Program Manager
  Oak Ridge National Laboratory
  Wayne currently directs the US Department of Energy’s
  Industrial Wireless Program for UT-Battelle at the Oak Ridge
  National Laboratory (ORNL), focusing on the needs of hard
  industries from DOE’s Industrial Technologies Program. With
  30 years at ORNL, Wayne works extensively with steel, paper,
  and other industries to bring robust, wireless technology to
  their markets and is committed to the deployment of integrated
  systems that solve real problems. He has worked on systems
  from one-of-a-kind uranium enrichment processes, intelligent
  robotics, manufacturing, and is currently working on the
  application of his expertise in systems to the development and
  deployment of intelligent wireless sensors.

• Scott R. Mix; Manager of Situation Awareness and Infrastructure
  North American Electric Reliability Corporation
  Scott joined NERC in October 2006 following more than 25 years of
  experience working in various facets of the electricity industry,
  including as a consultant, Infrastructure Security Manager with the
  Electric Power Research Institute (EPRI), Senior Security Analyst at
  the PJM Interconnection, and more than ten years with Leeds &
  Northrup Co. as a programmer/analyst and systems architect. For
  the past six years, he has focused on the areas of Computer and
  Infrastructure Security for the Electric Sector. At NERC, he is
  responsible for Critical Infrastructure Protection issues, primarily as
  they relate to Real Time and Control System Security, and is a
  member of the Electricity Sector Information Sharing and Analysis
  Center (ES-ISAC) staff.

Early Adopters Lead the Way!

                          Wireless Vibration Sensor

No Inherent Flaw –
Can Wireless Be As Trustworthy As Wire?
                Marketing – sell what I have,
                 bandwidth is king
                Emotion – “Wireless scares me, I
                 can’t control it!”
                Incompetence/Laziness – Too
                 difficult to configure, too big a
                 learning curve
                Cost/Benefit/Risk – ROI in a day,
                 why bother?
                Are we expecting to much –
                 does wireless need to be more
                 trustworthy than wireline really
Trustworthiness – More Than a Feeling
• Quantifiable – When is a system
  trustworthy enough? How can
  I make it more trustworthy?
  What will it cost to achieve a
  required level of trustworthiness?
• Predictable – design trustworthiness
  into the system before it’s installed
• Verifiable – how can I be sure?
• Real-time – Can an installed system become less
  trustworthy in operation?
• Sustainable – Can an installed system keep from
  becoming less trustworthy over time?
• Forensics – can I learn from experience?

Industrial Network Topology
        Standards and Practices

                            Plant Data Network
                            •SP95 Enterprise Control Systems Integration
                            •ISA99 Control Systems Security
                            •OPC Foundation

                           Control and I/O Networks
                           •Foundation Fieldbus ext.
                           •Open Automation & Control Group (OAGC)

                            Device and sensor Networks
                            •IEEE 1451
                            •HART (WiHART)
                            Operator Interface Networks
                            •SP65 Industrial Process Measurement and Control
                            •SP50 Foundation Fieldbus

“Can You Hear Me Now?” –
May Not Be Good Enough?

IEEE 802.15.4

                ISA100.11   WiHART

Standards – Results Focus

ISA100 efforts will result in standards, recommendations, and
technical reports focused on assuring successful wireless
deployments in industrial environments

                   • ISA100 Compliance will assure:
                       – Supplier specifications are consistent
                         and easy to interpret
                       – User requirements are succinct, relevant
                         and easy to interpret
                       – Options are clear and easily differentiable
                       – Probable outcomes are quantitatively
                         evaluated against options

ISA100 - Success Oriented

ISA100 efforts will leverage other standards, as appropriate, to
produce a relevant result in as short a time frame as possible

                             • ISA100 leverages
                                 –   ISA99 – Security
                                 –   IEEE 1451 – Smart sensor
                                 –   FIPS 140-2 – Security
                                 –   ISO/OSI 7-layer model for network

                             • ISA100 encourages
                                 – New technology
                                 – Deployment
                                 – Communication among practitioners

  Interoperability – The Holy Grail!

• Universal Application
  Layer Interface – defined
  early allowing future
  development in lower
• Multiple PHY layers –
  radios develop rapidly
• Special Purpose Layers –
  Highly secure, highly
  reliable, etc.
• ISO/OSI 7-layer driven –
  leverage Internet, Web
  services, etc.
Are Current Industrial
Wireless Options Trustworthy?
• Everywhere – unlikely
• Somewhere – almost certainly
• Key – sound engineering –
  match the application,
  environment, cost to the
• ISA100 – ISA Wireless
  Industrial Automation
  Standard – check it out!
• Wireless Compliance Institute
  – supporting ISA100
                                  Proven in nuclear power plant?
• Security Compliance Institute
  – supporting ISA99
• WINA – Education, marketing,
  collaboration                                                    12#
    Wireless   Security - It’s A System
• Cyber Security – Just another
  failure mode? Like software,
  PCS engineers must learn it.
• Denial-of-Service – same impact
  whether adversary induced or
  security system induced!
• Security Aspects – availability,
  integrity, confidentiality –
  opposite order from most IT
• Engineering Solutions – PCS
  determinism makes intrusion
  detection easier                   Where is failure if password mistyped?

• Goals Well Understood – Deter,
  Detect, Delay, Deny
Wireless Wins – Just Make It Work!

PHY Layer Security – The Holy Grail?
•   No Bits – must be present to win!
•   LPI/LPD – low probability of intercept/detect
•   Stealthy – buried in the noise
•   Demonstrated – labs and DoD
•   Low Transmitted Power – easier on surrounding stuff
•   Denial Of Service Attacks – only at RF level

On the other hand:
• Requires High Process Gain – around 60 db (1000 chips/bit) vs
  12 db (15 chips/bit) today
• Export Control Issues – considered too stealthy
• Highly Complex – no currently available commercial products
• Key Management – always an issue

   Could Wireless Provide the
   Business Case for Cyber?!
• Automobiles
   – EPA provided the impetus for
     first microprocessors in
   – Now 38 per vehicle!
• Internet
   – Home computing was just a
     hobby until the first
   – Now “Google” is a verb!
• Wireless Is Enabler               Two Fuses In Entire Vehicle!
   – Enterprise visibility
   – Mobility
   – Agility
      Where Are We Headed?
  • Deliverable – key document for use by wireless industrial
    network community
       – “Trustworthiness in Wireless Industrial Automation”
  •    Lexicon – definitions
  •    Metrics – measures of success
  •    Use Cases – bound the problem
  •    Participation – sign up!!!
  •    Interface – ISA99, ISA100

Current members include participants from:
Honeywell, Emerson, NIST, DOE (ORNL,
PNL, INL, ANL), DHS, Shell, Control Chief,
NERC, Certicom, and several private
consultants                                   IAEA – An interested party!
Who Will Lead,
Who Will Follow, Who Will Whine?
• Technology is ready - driven by
  cellular personal / business /
  DOD communications
• Market is ready – over $2000/ft
  for wires in some plants
• Are we ready? – partnerships,
  consortia, standards and
  collaborations – 400 members

  “CBM Is the Next Killer App For Wireless” –
  Dr. Jay Lee, Fortune Magazine, July 2002

Shared By: