Wie OT Security Engineering eine Ingenieurwissenschaft wird

Ein Denkmodell & ein Datenmodell

  • Sarah Fluchs admeritia GmbH
  • Heiko Rudolph

Abstract

OT-Security-Engineering (Entwicklung der IT-Sicherheit für Automatisierungstechnik) wird nur selten von OT-Ingenieuren selbst übernommen. Der vorliegende Beitrag gibt ihnen das Rüstzeug, um das zu ändern. Im ersten Teil werden anhand eines methodenneutralen Denkmodells bestehende Vorgehensmodelle für OT-Security-Engineering verglichen und Lücken aufgezeigt. Der zweite Teil füllt eine dieser Lücken: die systematische Analyse und Modellierung der zu schützenden Systeme. Die Übertragung der Modellierung in ein Datenmodell, potenziell auf Basis von AutomationML, macht sowohl den Security-Engineering-Prozess als
auch die Implementierung von Lösungen effizienter.

References

  1. [1] National Institute of Standards and Technology (NIST). (2019). NIST Cybersecurity Framework. Abgerufen von: https://www.nist.gov/cyberframework
  2. [2] Bundesamt für Sicherheit in der Informationstechnik. (2013). ICS-Security-Kompendium. Abgerufen von: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/ICS/ICS-Security_kompendium_pdf.pdf?__blob=publicationFile
  3. [3] Francia III, G. A., Thornton, D., Dawson, J. (2012). Security best practices and risk assessment of SCADA and industrial control systems. In Proceedings of the international conference on security and management (SAM) (p. 1). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp).
  4. [4] NAMUR (2015). NE 153: Automation Security 2020 – Design, Implementierung und Betrieb industrieller Automatisierungssysteme Automation Security 2020 – Design, Implementation and Operation of Industrial Automation Systems. NAMUR: www.namur.net
  5. ISO/IEC 27001:2013. (2013). Information technology - Security techniques - Information security management systems - Requirements. ISO: www.iso.org
  6. [6] IEC 62443-2-1:2010. (2010). Industrial communication networks - Network and system security - Part 2-1: Establishing an industrial automation and control system security program. IEC: www.iec.ch
  7. ISO/IEC/IEEE 15288:2015. (2015). Systems and software engineering - System life cycle processes. 2015. ISO: www.iso.org
  8. Bundesanzeiger Verlag. (2015). Gesetz zur Erhöhung der Sicherheit informationstechnischer Systeme (IT-Sicherheitsgesetz). Abgerufen von: https://www.bgbl.de/xaver/bgbl/start.xav?startbk=Bundesanzeiger_BGBl&start=//*%255B@attr_id=%27bgbl115s1324.pdf%27%255D#__bgbl__%2F%2F*%5B%40attr_id%3D%27bgbl115s1324.pdf%27%5D__1554799612090
  9. Bundesamt für Sicherheit in der Informationstechnik. (2018). Orientierungshilfe zu Inhalten und Anforderungen an branchenspezifische Sicherheitsstandards (B3S) gemäß § 8a (2) BSIG - Version 1.0. Abgerufen von: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/IT_SiG/b3s_Orientierungshilfe_1_0.html?nn=11301752
  10. Shostack, A. (2014). Threat modeling: Designing for security. John Wiley & Sons.
  11. [11] Byres, E. J., Franz, M., Miller, D. (2004). The use of attack trees in assessing vulnerabilities in SCADA systems. In Proceedings of the international infrastructure survivability workshop (pp. 3-10). Citeseer.
  12. [12] Chittester, C. G., Haimes, Y. Y. (2004). Risks of terrorism to information technology and to critical interdependent infrastructures. Journal of Homeland Security and Emergency Management, 1(4).
  13. [13] Guan, J., Graham, J. H., Hieb, J. L. (2011). A digraph model for risk identification and mangement in SCADA systems. In Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics (pp. 150-155). IEEE.
  14. [14] Langner, R. (2011). Robust Control System Networks: How to Achieve Reliable Control After Stuxnet. Momentum Press.
  15. [15] The Open Group. (2012). Dependency Modeling (O-DM) - Constructing a Data Model to Manage Risk and Build Trust between Inter-Dependent Enterprises. Abgerufen von: https://publications.opengroup.org/c133
  16. [16] Henry, M. H., Layer, R. M., Snow, K. Z., Zaret, D. R. (2009). Evaluating the risk of cyber attacks on SCADA systems via Petri net analysis with application to hazardous liquid loading operations. In 2009 IEEE Conference on Technologies for Homeland Security (pp. 607-614). IEEE.
  17. [17] ISO/IEC 27000:2018. (2018). Information technology – Security techniques – Information security management systems – overview and vocabulary. ISO: www.iso.org
  18. [18] ISO 31000:2018. (2018). Risk management – Guidelines. ISO: www.iso.org
  19. [19] ISO/IEC 27002:2013. (2013). Information technology - Security techniques - Code of practice for information secuity controls. ISO: www.iso.org
  20. [20] IEC 62443-3-3:2013. (2013). Industrial communication networks – Network and system security – Part 3-3: System security requirements and security levels. IEC: www.iec.ch
  21. [21] IEC 62443-4-2:2019. (2019). Security for industrial automation and control systems - Part 4-2: Technical security requirements for IACS components. IEC: www.iec.ch
  22. [22] Bundesamt für Sicherheit in der Informationstechnik. (2018). IT-Grundschutz-Kompendium, 1. Edition 2018. Abgerufen von: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Kompendium/IT_Grundschutz_Kompendium_Edition2018.pdf?__blob=publicationFile&v=9
  23. ISO 31000:2018-02. (2018). Risk management - Guidelines. 2018. ISO: www.beuth.de
  24. [24] ISO/IEC 27005:2018. (2018). Information technology - Security techniques - Information security risk management. ISO: www.iso.org
  25. E DIN EN 62443-3-2 VDE 0802-3-2:2018-10. (2018). Sicherheit für industrielle Automatisierungssysteme - Teil 3-2: Sicherheitsrisikobeurteilung und Systemgestaltung. VDE: www.vde-verlag.de
  26. [26] VDI/VDE 2182 Blatt 1:2011-01. (2011). Informationssicherheit in der industriellen Automatisierung - Allgemeines Vorgehensmodell. 2018. VDE: www.vde-verlag.de
  27. [27] National Institute of Standards and Technology (NIST). (2012). NIST SP 800-30 Rev 1: Guide for conducting risk assessments. Abgerufen von: https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-30r1.pdf
  28. [28] National Institute of Standards and Technology (NIST). (2011). NIST SP 800-39: Managing Information Security Risk: Organization, Mission, and Information System View. Abgerufen von:
  29. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-39.pdf
  30. [29] Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., Stoddart, K. (2016). A review of cyber security risk assessment methods for SCADA systems. Computers & security, 56, (pp. 1-27).
  31. Anderson, R.(2008). Security-Engineering: A Guide to Building Dependable Distributed Systems. 2nd Edition. John Wiley & Sons.
  32. [31] Knapp, E. D., Langill, J. T. (2014). Industrial Network Security: Securing critical infrastructure networks for smart grid, SCADA, and other Industrial Control Systems. Syngress.
  33. [32] Macaulay, T., Singer, B. L. (2016). Cybersecurity for industrial control systems: SCADA, DCS, PLC, HMI, and SIS. Auerbach Publications.
  34. Freeman, Sarah G., St Michel, Curtis, Smith, Robert, & Assante, Michael. Consequence-driven cyber-informed engineering (CCE). United States. doi:10.2172/1341416.
  35. Bochman, A. (2018). The End of Cybersecurity. In: Harvard Business Review 2018(5). Abgerufen von: https://hbr.org/product/the-end-of-cybersecurity/BG1803-PDF-ENG
  36. Jacobs, S. (2015). Engineering information security: The application of systems engineering concepts to achieve information assurance. John Wiley & Sons.
  37. [36] National Institute of Standards and Technology (NIST). (2016). NIST SP 800-160 Vol. 1 und Vol. 2: Systems Security-Engineering. Abgerufen von: https://csrc.nist.gov/publications/detail/sp/800-160/vol-1/final
  38. [37] Steffens, T. (2016). Threat Intelligence – IT-Sicherheit zum Selbermachen?. Abgerufen von: https://www.heise.de/security/artikel/Threat-Intelligence-IT-Sicherheit-zum-Selbermachen-3453595.html
  39. IEC 62559-2:2015. (2015). Use case methodology - Part 2: Definition of the templates for use cases, actor list and requirements list. IEC: www.iec.ch
  40. Sindre, G., Opdahl, A. L. (2005). Eliciting security requirements with misuse cases. Requirements engineering, 10(1), (pp. 34-44).
  41. Pauli, J. J. (2014). Refining Use/Misuse/Mitigation Use Cases for Security Requirements. Journal of Software Engineering and Applications, 7(08), (p. 626).
  42. McDermott, J., Fox, C. (1999, December). Using abuse case models for security requirements analysis. In Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99) (pp. 55-64). IEEE.
  43. [42] IEC 62714-1:2018. (2018). Engineering data exchange format for use in industrial automation systems engineering - Automation Markup Language - Part 1: Architecture and general requirements. IEC: www.iec.ch
Veröffentlicht
2019-08-07
Zitieren
FLUCHS, Sarah; RUDOLPH, Heiko. Wie OT Security Engineering eine Ingenieurwissenschaft wird. atp magazin, [S.l.], v. 61, n. 8, p. 74-86, aug. 2019. ISSN 2364-3137. Verfügbar unter: <http://ojs.di-verlag.de/index.php/atp_edition/article/view/2410>. Date accessed: 18 sep. 2019. doi: https://doi.org/10.17560/atp.v61i8.2410.
Rubrik
Hauptbeitrag / Peer-Review