Versions Compared

Old Version 56

changes.mady.by.user Waters, Nick

Saved on

compared with

New Version 57

changes.mady.by.user Lori White

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Started copyedit--much more to do

...

SLAC will undergo a DOE cybersecurity assessment in June/July of this year. SLAC IT carried out some preparations for this assessment in late March and early April. These preparations included hiring a security testing company, Shorebreak, to conduct various cybersecurity-related tests of the SLAC IT systems.

These tests included attempts to gain access to and the ability to execute processes on computing devices connected to the SLAC intranet, first from the internet, then from within the SLAC network (e.g., a computer connected to a SLAC IT-managed switch or router). This process includes a variety of attack methods including port scanning and attempts to exploit known vulnerabilities in IT equipment and software.

It was somewhat unsettling to learn about the upcoming assessment incidentally and the ongoing testing after it had begun. ECS has experienced control system disruption disruptions due to SLAC Cybersecurity's standard and regular port scanning activities in the past. This disruption has manifested resulted in the form of outages as some network-connected components may could not handle port-scanning traffic gracefully. On multiple occasions ECS has requested on multiple occasions to be notified anytime any time these kinds of probing activities are taking place so we can prepare to recover affected systems and coordinate with operations. Effects can include COTS devices becoming non-communicative until power-cycled, but there are also more dramatic possibilities which may affect physical systems, causing equipment and human hazards.

Our system security and robustness is generally addressed by designing the network to be completely closed off except for a small number of explicitly identified ports. Network configuration is complex and occasionally due to misconfiguration and lack of coordination we have experienced issues as a result of the security testing. To be perfectly clear, ECS appreciates the importance and necessity of what SLAC Cybersecurity does and we understand their methodology. Together we have experienced a learning curve to get to a place where the testing can be performed and the impact to operations can be mitigated, but there is still room for improvement.

In the case of the recent assessment by Shorebreak, ECS and AD EED became aware of testing after it began. After becoming aware of the ongoing assessment, the Control System (Software) Working Group (CSWG) engaged with SLAC Cybersecurity to identify especially sensitive networks which would be off-limits during these tests, as well as networks which would require advance notice from Shorebreak before they began their tests, so we could inform operations Operations and prepare to recover systems. Greg White helped to ensure the SLAC Cybersecurity and relevant control system experts met to coordinate and raised awareness of these activities. McCullough, Mark became an excellent point of contact from SLAC Cybersecurity, patiently working with us to balance preparation for the DOE assessment and preventing excessive disruption.

Given the present environment at SLAC with regards to work planning and control, it is somewhat surprising that this activity would proceed without a wider broadcast and approval process. Our control systems are designed and built to operate nominally within a network environment consisting of known types of traffic. Testing during installation and commissioning confirms to confirms—to the extent possible that possible—that our systems are robust in the ways we designed them to be. The introduction of cybersecurity testing, which is an aspect we don't strictly consider in our designs, is risky. That risk is compounded with poor communication. These are lessons we must learn from. On the positive side, we now have a stronger relationship with SLAC Cybersecurity than we have had before. Also, while system security was a growing concern for the CSWG, these assessments have increased our attention and perhaps motivated us to more seriously consider the topic.

...

We want to remind everyone that anything ordered for integration or inclusion in the control system needs to be listed in the Supported Device List Supported Devices: Long Term Support. There is a process for adding new component components to this list but there is no guarantee a component you order will be accepted and integrated. Furthermore, ordering an unlisted component before preliminary evaluation is is strongly discouraged. If a nearly equivalent part already exists in the SDL, and there is not a very strong case and specific reason to use the new part number you ordered, then ECS will insist that you return the unlisted component and use a standard, already supported component. If a component is rejected or receives an unfavorable evaluation the same will apply. 

The process for new component evaluation can take at least a month, depending on competing priorities, so please plan accordingly. You can begin the process of component evaluation here: Submit a Proposal for New Supported Device.

...