Cyber Security Assessments

Global Instrumentation and Control Network Architecture and Cyber Security: Westinghouse Security Platform (WSP)

Background WSP Capabilities Every day, the number and sophistication level of cyber threats for systems is growing. Industrial control The WSP fulfils the resolution of regulatory compliance systems have been a prime target for threat actors in demands for control systems. The security products recent years. As a result, Westinghouse has created that are implemented address the security controls, but the Westinghouse Security Platform (WSP). The WSP are not limited to, the following: consists of a suite of cyber security hardware and software monitoring products that integrate with a plant WSP Capabilities system, to provide centralized cyber security functionality and administer safeguards against cyber- Audit and Accountability attacks. The WSP has the tools available to secure control systems and comply with cyber security Heterogeneity regulations. Removal of Unnecessary Services and Programs Description Host Intrusion Detection System

The WSP is an All-in-One centralized security Changes to File System and Operating System Permissions monitoring solution, comprised of physical and virtual Hardware Configuration system components. The WSP can be deployed as an integrated cyber security solution with the control Installing Operating Systems, Applications, and Third Party system, or in a standalone configuration to comply with Software Updates customer requirements. System and Information Integrity The WSP utilizes a suite of cyber security products Flaw Remediation configured and validated for use with Critical Digital Assets (CDA) in an Instrumentation and Control (I&C) Malicious Code Protection environment. Westinghouse also uses the WSP for Monitoring Tools and Techniques legacy systems adapting newer technology to secure CDAs. The WSP can be adapted to hardening Software and Information Integrity configurations based on custom settings of systems CDA Backups and licensee requirements. Recovery and Reconstitution The WSP is the security platform that provides system integrity assurance, protection from an array of security Baseline Configuration threats including malware and zero-days, and Configuration Change Control monitoring of the network infrastructure for malicious activity. Access Restrictions for Change Configuration Settings

Least Functionality

Component Inventory Centralized Security Management Enterprise Threat Detection Data Loss Prevention

Benefits • User Interface Server – Component of the WSP that interfaces with physical and virtual With Westinghouse, there is a comprehensive solution components. This option provides a central for solving security vulnerabilities and the expertise to location of access. implement the safeguards. Westinghouse provides • Domain Controller – Both physical and virtual for detailed configurations for all products to in accordance centralized domain management making the WSP with customer requirements. Solutions are centrally easy to manage. managed or standalone. These solutions include: • Unidirectional Gateway, Interface Switch, • Security Information and Event Management Security Switch, and Firewall – Networking (SIEM) – Collects, stores and correlates system components of the WSP architecture to provide and security asset event logs. The Westinghouse segmentation and mitigate system intrusion. SIEM product includes incident handling and replicates logs across a data diode. Westinghouse Security Platform • Application Control – Prevents unauthorized

applications from running on the system, such as 42 42

malware and zero-day threats. 41 41

40 40

• Antivirus Software – Quarantines system files if 39 39 Interface Switch they match signatures of known malware as well 38 38 Cisco ASA 5515-X

37 37 BO OT AL ARM Adaptive AC TIVE VP N Security Appliance as non-signature software that can detect PS HD Firewall 36 36

CONSOLE SYST XPS STAT SPEED DUPLX MODE NETWORK FN S-PWR MAST STACK BLANK C3KX-NM-1G MMOODDUULLEE malicious code. 1X 11X 13X 35 35

2X 12X 14X Security Switch 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Catalyst 3750-X Series G1 G2 G3 G4 • Patch Management – Manages and installs 34 34 33 33 Network Intrusion Detection System operating system and some application patches 32 32

from a central server mitigating known 31 31 vulnerabilities. 30 30 Unidirectional Gateway Transmitter

29 29

• Backup and Recovery – Backs up each client 28 28 host to a storage server and provides the ability to 27 27 restore. This is critical for I & C systems that need 26 26 25 25

to be restored on a moment’s notice. 24 24 KVM Drawer

23 23

• Network and Attached Storage – Provides 22 22

high-performance storage to share and protect 21 21 critical data and backups. Provides support for 20 20

19 19 regulatory reporting of logs. Cyber Security Server Hypervisor 18 18 • Antivirus • Vulnerability Scanning – Offered as a service, 17 17 • Patch Management scans system assets for insecure configurations. 16 16 User Interface • Application Control 15 15 • Device Control • Configuration Management This will report any products that require patches 14 14 • Network Intrusion Detection to maintain compliance and security. 13 13 Primary Domain Controller Management

12 12 • System Backup & Recovery • Secondary Domain Controller • Device Control – Monitors the use of devices 11 11 Network Attached Storage such as removable media. Restricts access to 10 10 devices based on user, computer or device type. 09 09 08 08 Security information & • Network Intrusion Detection System (NIDS) – 07 07 Event Management Monitors and analyzes system network traffic for 06 06 05 05

indications of malicious activity. 04 04

03 03

• File Integrity Monitoring (FIM) / Configuration 02 02

Management– Monitors certain system files, 01 01 folders and configuration settings for changes. Provides notification of changes that occur to demonstrate if the CDA was modified.

• System Hardening – Configuring systems and network components to a known secure benchmark to safeguard against vulnerabilities. • Cyber Security Server – Component that houses the Virtual Machines (VM) of the software cyber security components. Reduces the foot print of the WSP which provides flexibility for deployment.