Secure Network Design Techniques for Safety System Applications at Nuclear Power Plants
Total Page:16
File Type:pdf, Size:1020Kb
Secure Network Design Techniques for Safety System Applications at Nuclear Power Plants A Letter Report to the U.S. NRC September 20, 2010 Prepared by: John T. Michalski, Francis J. Wyant, David Duggan, Aura Morris, Phillip Campbell, John Clem, Raymond Parks, Luis Martinez, and Munawar Merza Sandia National Laboratories P.O. Box 5800 Albuquerque, New Mexico 87185 Prepared for: Paul Rebstock, NRC Program Manager U.S. Nuclear Regulatory Commission Office of Nuclear Regulatory Research Division of Engineering Digital Instrumentation & Control Branch Washington, DC 20555-0001 U.S. NRC Job Code: JCN N6116 i Abstract This report describes a comprehensive best practice approach to the design and protection of a modern digital nuclear power plant data network (NPPDN). The important network security elements associated with the design, operation, and protection of the NPPDN are presented. This report includes an examination and discussion of newer proposed designs of modern Digital Safety Systems architectures and their potential design and operational vulnerabilities. The report explains the security issues associated with a modern NPPDN design and suggests mitigations, where appropriate, to enhance network security. Reference and discussion of the application of relevant regulatory guidance for each of the topics are also included. ii Contents Executive Summary ....................................................................................................................... ix 1. Introduction .............................................................................................................................1 1.1 Background ....................................................................................................................1 1.2 Scope and Purpose of Report .........................................................................................1 1.3 Report Structure .............................................................................................................2 2. Elements of Secure Networks ..................................................................................................3 2.1 Security Policy ..............................................................................................................3 2.1.1 Regulatory Guidance Regarding Security Policy ............................................4 2.2 Physical Security ...........................................................................................................4 2.2.1 Regulatory Guidance Regarding Physical Security ........................................5 2.3 System Architecture ......................................................................................................5 2.3.1 Regulatory Guidance Regarding System Architecture ...................................8 2.4 User Management .........................................................................................................9 2.4.1 Regulatory Guidance Regarding User Management .......................................9 2.4.2 Compliance .....................................................................................................9 2.5 Safety System Lifecycle ..............................................................................................11 2.6 Federal Information Security Management Act ..........................................................14 3. Digital Safety System Instrumentation and Control ..............................................................15 3.1 Architecture Description .............................................................................................15 3.2 Process Instrumentation Communication Layer .........................................................16 3.2.1 Field Bus .......................................................................................................16 3.2.2 PROFIBUS....................................................................................................17 3.2.3 Field Bus Controllers ....................................................................................19 3.2.4 Security Observations ...................................................................................19 3.2.5 Regulatory Guidance Regarding Field Bus Communications and Access Control ..........................................................................................................22 3.3 Automated Safety Layer Communications .................................................................23 3.3.1 Multiplexers ..................................................................................................24 3.3.2 Fiber Distributed Data Interface ....................................................................25 3.3.3 Security Observations ...................................................................................31 3.3.4 Additional Observations ...............................................................................33 3.3.5 Regulatory Guidance Regarding Multiplexers and FDDI .............................34 3.4 Data Communications from the Automated Safety Layer ..........................................35 3.4.1 Ethernet .........................................................................................................36 3.4.2 Gateway Interface .........................................................................................40 3.4.3 Security Observations ...................................................................................42 3.4.4 Regulatory Guidance Regarding Ethernet and Gateway Interfaces ..............45 3.5 HMI Supervisory Layer ...............................................................................................46 3.5.1 Deterministic Ethernet and Traffic Segregation ...........................................48 3.5.2 Security Observations ...................................................................................51 3.5.3 Regulatory Guidance Regarding HMIs and Deterministic Communications54 3.6 Non-Safety Information Layer ....................................................................................54 3.6.1 Perimeter Defense .........................................................................................55 3.6.2 Security Observations ...................................................................................55 iii 3.6.3 Regulatory Guidance Regarding Modern Network Communications Security Practices ........................................................................................................58 4. Summary and Conclusions ....................................................................................................61 5. References .............................................................................................................................63 Appendix A: Bibliography ......................................................................................................... A-1 Appendix B: Site Inspections, Lessons Learned ......................................................................... B-1 Appendix C: Electricity Generation Vulnerability Observations ...............................................C-1 Appendix D: Additional Network Security Discussions ........................................................... D-1 D.1 Policy Framework Details ......................................................................................... D-1 D.2 Physical Security Details ........................................................................................... D-4 D.2.1 Essential Strategy for Effective Physical Security at the Plant .................. D-4 D.2.2 Physical Security for Critical Cyber Assets ............................................... D-8 D.2.3 Security Observations .............................................................................. D-10 D.3 Virtual Private Networks ........................................................................................ D-13 D.3.1 Network Layer Virtual Private Network .................................................. D-14 D.3.2 Application Layer Virtual Private Network ............................................. D-18 D.3.3 Security Observations .............................................................................. D-20 D.4 Ethernet ................................................................................................................... D-23 D.4.1 Ethernet Security Observations ................................................................ D-24 D.4.2 Ethernet Virtual Local Area Networks .................................................... D-31 D.4.3 Ethernet VLAN Security Observations .................................................... D-32 D.5 Programmable Logic Controller ............................................................................. D-37 D.5.1 Security Observations .............................................................................. D-37 D.6 Shared Server .......................................................................................................... D-39 D.6.1 Remote Access Servers ............................................................................ D-39 D.6.2 Security Observations .............................................................................. D-40 D.7 Wireless................................................................................................................... D-42 D.7.1 Security Observations .............................................................................. D-45 D.8 Landline