—

INDUSTRIAL AUTOMATION – ENERGY INDUSTRIES

Cyber Security Workplace

DECEMBER 2021
—
Current state of Global Cyber Security
—
Customer Challenges
Increased Attacks on Power Gen ICS – Unpatched systems still a major threat vector

In the news
In the second half of 2016, about 20
thousand different modifications or
malware representing over two thousand
different malware families were detected in
total in industrial automation systems
As the WannaCry pandemic has shown once
again, the up to date patching of generic
systems like Windows OS is a crucial security
measure.
The State of Industrial Cybersecurity 2017

Threat Landscape for Industrial Automation Systems, 2nd half 2016,

Kaspersky Lab ICS CERT

67% perceived severe or high levels of threat

to control systems, up from 43% in 2015.
SANS 2016 State of ICS Security Survey of 236 companies operating
ICS, (utilities = 26% of respondents)

December 13, 2021 Slide 3

—
Customer Challenges
Increased Attacks on Power Gen ICS – Unpatched systems still a major threat vector

In The News
In FY 2016, ICS-CERT coordinated 2,272 vulnerabilities. This number
is significantly greater than the number of vulnerabilities reported in
prior years. The dramatic increase is primarily due to two
vulnerability reports containing hundreds of vulnerabilities,
identified by using automated scanning tools.2 The scanning tools
expedite the detection process and make it easier to detect out-of-
date third-party software.
Annual Vulnerability Coordination Report Industrial Control Systems Cyber Emergency
Response Team, US Department of Homeland Security

December 13, 2021 Slide 4

—
Customer Challenges
It’s hard to hire and staff security related roles needed to maintain industrial control systems

State of Cybersecurity Some numbers Leading to:

– 54% of industrial organization have had
more than one cyber incident in the last
12 months.
– 1.2 million per year is the annual price of
ineffective security solutions in
industrial organizations.
– 50% of respondents find it difficult to
hire the ICS cybersecurity employees
with the right skills.
– A report fro Cisco puts the global figure
at one million cybersecurity job
openings.
– Demand is expected to rise to six
million globally by 2019, with a
projected shortfall of 1.5 million, says
Michael Brown, CEO at Symantec, the
world’s largest software vendor.
– Greater burdens on plant staff: These
security requirements create more work
for plant staff. On average, staff at power
generation facilities can spend between 15
to 40 hours per month on basic DCS
security maintenance, including system
hardening, patch management, patch and
AV application and back up.
– Greater demands on corporate security
and IT staff: Corporate teams are often
asked to track and report to auditors and
enterprise risk group metrics that reflect
patch level, frequency of back ups and
status of system hardening. These
corporate teams seek more automated
reporting tools that can make it easier to
report on the security posture of all the
plants in their fleet.

December 13, 2021 Slide 5

—
Cyber Security Workplace
A suite of security applications that offers our customers a roadmap to achieve improved
reliability and automate efforts to utilize the latest cyber security tools and techniques.
—
The Play – Cyber Security Workplace
Solution to automate, manage and provide visibility to security controls for Symphony & System 800xA

Features
– Secure & Patch/ Anti-virus deployment (applicable & tested
updates)
– Automated Backup and Restore function
– Status reports for Patch Management, Antivirus updates,
Backup & Restore, and Group Policy (Hardening)
– System hardening implementation:
• Identification of unnecessary software components
• Windows Firewall configuration to close unnecessary
communications ports
• Windows Service configuration to disable unneeded operating
system services
Benefits
– Reduce internal labor required to maintain and update ICS
security by a minimum of 24 hours or more a month
– Provide greater visibility to access ICS security status reporting
– Minimize risk of updates not being completed on a timely basis
or potential operational impacts from manual application (i.e.,
impact to communication from un approved patch being
applied)

Automated solution for security maintenance on Symphony & System 800xA

December 13, 2021 Slide 7

—
The Play - Cyber Security Workplace
Our solution
Why ABB Industrial Automation Energy Industries?
‒ “ABB recognizes the importance of cyber security in control-
based systems and solutions for infrastructure and industry,
and is working closely with our customers to address the new
challenges.” ABB CEO
‒ As the designer and service provider of the DCS, ABB is able to
assure security updates are made without impacting availability.
‒ ABB understands the demands of operating plants and has
created a system that allows operators to maintain their plants’
security posture while minimizing impacts on labor and
processes
December 13, 2021 Slide 8
Return on Investment
Cyber Security Workplace Return on Investment per power block*
assuming monthly patching & reporting:
2 hrs/ month: download applicable updates
8 hrs/month: complete back-ups before & after patching
10 hrs/month: apply patches & create audit reports
Operator
4 hr/month: reviewing patches applied & aggregating
input corporate risk reporting
Corp
Security
Total Annual Benefit = $ 43,200
24 hours per month @internal labor cost of $150/hour
*Assuming site has 2 servers + 6 nodes
—
Cyber Security Workplace
How it works
Back Ups
These validated updates delivered to the
Cyber Security Workplace through the
security update service (ABB WSUS). All
HMIs, servers, engineering work stations
and historians are backed up before
patches are applied
December 13, 2021 Slide 9
Getting Started
At installation, ABB Control System is
backed up, patched to current levels and
systems are hardened through removal of
unnecessary software components, ports
and services
Operator Engagement
Patches are applied serially based on an
operator acknowledged command and
schedule.
Monthly Updates
Each month ABB validates and tests
applicable OS security updates and Anti
Virus Signatures
Reporting
The operator can use Cyber Security
Workplace to generate a report showing all
OS and AV updates were completed. This
provides a handy artifact to show
compliance to internal standards or
national regulations
—
Cyber Security Workplace – At a glance
Network topology

December 13, 2021 Slide 10

—
Cyber Security Workplace - Supporting foundation security controls
Support for international standards, national regulations and recommended best practices

IEC/ISA Including
Solution Hardening:
– Ongoing support of system hardening, including Identification of un-
necessary software, components and unnecessary ports, services and
programs are removed or disabled
– Automated identification of missing patches
– Anti-Virus provided for Servers and nodes and capabilities for
validating/installing latest definitions
Patch Management:
– Centralized service to audit and deploy security patches
– Patches are tested in ABB labs to validate applicability and compatibility
– Procedures or patching and work arounds for unapproved patches
– Patches are developed and delivered to customer via secured supply chain,
allowing customer to meet chain of custody requirements
Backup and Recovery:
– Best practices, documentation and automation to support backup/recovery

December 13, 2021 Slide 11

—
Cyber Security Workplace – At a glance
Features
Security Patch Management
- Scans the system and reports patch status and gaps for configured nodes
- ABB validates and creates a monthly approved patch list
Anti-Virus Management (AV)
- Scans the system and reports AV status and gaps
- Updates Malware Definition Files (DAT)
System hardening status and deployment
- Scans and detects variances in the system hardening settings (aligned to the secured-
deployment status).
- Removes unused software and OS services
- Set inbound and outbound Windows firewall rules
Group Policies hardening report for Symphony Plus and 800xA systems
- Detects incongruencies in the configuration of the Group Policies of the system, and produce a
report.
Backup & Restore
- Configure backup routines and schedule them automatically
- Restore previously backed-up system data
Reporting
- Traffic light dashboards showing details for each node
- Detailed report for each node on user request

December 13, 2021 Slide 12

—
Cyber Security Workplace - Customer Use Case
DMZ
High cyber priority plant in Western USA
Customer requirement:
– Reduce compliance work load, simplify/ automate
increasing compliance and corporate risk reporting
– Improved resiliency, automate backup and restore after a
cyber/ operational incident
– Automate routine security tasks (increasing cyber work
load on small cyber focused team)
ABB solution: Cyber Security Workplace
Client Network
– Automates and enforces foundational security best
Cyber Security Workplace practices: automated patching, backup/restore and
system hardening
Benefits:
– Significant reduction of monthly manual efforts
– Reduced patch related audit prep hours by 85%
– Technology enforces and automates security best
practices, providing greater resiliency

December 13, 2021 Slide 13

—
Why ABB?
– Reduce system vulnerability while increasing system reliability
– Solutions to cost-effectively meet corporate/regulatory requirements
– Maintain system data integrity and operational availability
– Meet cyber and regulatory security requirements (NERC-CIP, NIST 800-53, ISA-99, IEC 62443)