cyber security - how to optimize your plant production? mark bakker.pdf · technology every day. at...
Post on 15-Oct-2020
0 Views
Preview:
TRANSCRIPT
© 2013 Invensys. All Rights Reserved. The names, logos, and taglines identifying the products and services of Invensys are proprietary marks of Invensys or its subsidiaries. All third party trademarks and service marks are the proprietary marks of their respective owners.
© Invensys 04/09/13 Invensys proprietary & confidential Slide 2
Cyber Security - How to optimize your plant production?
Safety Event 2013
Mark Bakker (Sr. CSE)
05/14/13
Who is Mark Bakker?
Lectures/articles:
• Safety Event (NL) – 14 May 2013
• Cyb.Sec. workshop PMA – Mar 2013
• Aandrijftechniek (NL) – Oct 2012
• Alfa Laval (S) – Sept 2011
• Rockwell (D) – June 2011
• Cyb.Sec. workshop PMA – Mar 2011
Memberships:
Slide 3
Career:
1 What is the impact of Cyber Crime?
Slide 4
Cisco Confidential © 2012 Cisco and/or its affiliates. All rights reserved. 5
“Our lives are becoming more and more connected to
technology every day. At the same time, the threat to our
information systems from hackers and bad actors is increasing just as rapidly.”
National Security Agency, December 2010
Threats are nearer than we expect
1. March 2000, Australia - raw sewage spilled out into environment
2. January 2003, USA – First energy (OH): Slammer worm
3. January 2008, Poland – 4 trams in Lodz got off track
4. January 2009, USA – Carrell Memorial Hospital hacked
5. December 2010, USA – MasterCard website down by DoS
6. March 2011, USA – RSA: Hackers stole security data
7. April 2011, JPN – SONY: Hackers stole data from gaming site
8. November 2011, WW – Duqu virus destroyed Word files
9. August 2012, NL – “Dorifel” malware infected >3000 PCs in NL
Slide 6
Virus 2.0 – ex. 1: Stuxnet
Iran, December 2010
• Stuxnet is a sophisticated worm that
selectively targets ICS from Siemens
• Sabotage - Natanz
Slide 7
Virus 2.0 – ex. 2: Shamoon
Saudi Arabia & Quatar, August 2012
• Modular computer virus
• Windows OS
• Cyber espionage – energy sector
• Middle-East focus
• 30,000 pcs infected
• 1 week restoring services
Slide 8
Critical National Infrastructure
Slide 9
Cyber Security Agency - NL
• Information Center Cybercrime
(NCSC) – part of TNO
• National Trend Report Cybercrime:
– Process Automation is more at risk
Slide 10
Loss to cyber crime in NL:
2010: $ 1.8b Source: security.nl
Cost of cyber crime – USA only
Slide 11
Cost of cyber crime – data loss
Slide 12
Ponemon Institute, 2010
Do you have a Cyber Security Plan?
Slide 13
• “Our production systems are completely isolated from outside access”
• “Our system is secure as it would be impossible for an outsider to understand it.”
• “We’re not a likely target. We’re not important or interesting enough to attract hackers.”
• “We’ve never had a problem: no intrusion or disruption in our production network.”
• “We can’t justify the expense and manpower.”
Objections to protect systems
Pre-warning
Pro-ACT:
It is always best to take measures to
prevent the house from burning.
Re-ACT in case there is a Cyber
Security Attack:
call our Computer Incident Response
Team to reduce the impact.
Slide 15
IT vs. IA
Slide 16
2 Cyber Security Plan
Slide 17
How to protect your systems 1
Policy & Organisation:
• Priority
• Responsibility
• Collaboration
• Software
Risk Management:
• Security Audit
• Recovery plan
• External Expertise
Slide 18
How to protect your systems 2
Secure Access:
• Secure Mobility
• Secure User Identity
• Internet / Intranet
• Overall network security
Threat Protection:
• Back-up data
• Encrypt Data
Slide 19
How to protect your systems 3
Monitoring & Control:
• Identify
• Information
• Membership
Slide 20
The Security Challenge
How do I secure?
• Any device, anywhere
• New collaboration and social media
applications
• Data moving to the cloud
• Data center and virtualization
• Against increasing complex threats
Slide 21
3 Secure Architecture
Slide 22
ISA-99 Guidelines
Security for Industrial
Automation and Control
Systems
Establishing an IACS Security
Program
Slide 23
Guidelines
Typical architecture
for Security for
Industrial Automation
and Control Systems
Slide 24
AW
Factory Application Servers • SCADA/HMI • Historian • AssetCentre • Transaction Manager
Factory Services Platform • Directory • Security/Audit
Data Servers
Gbps Link for Failover Detection
Firewall (Active)
Firewall (Standby)
DIO
Levels 0–2
HMI
Cell/Area #1 Redundant Star Topology Flex Links Resiliency
Cell/Area #3 Bus/Star Topology
Cell/Area Zones
Demilitarized Zone (DMZ)
Demilitarized Zone (DMZ)
Enterprise Zone Levels 4 and 5
Enterays Layer 2 Access Switch
Switch
Manufacturing Zone Site Manufacturing
Operations and Control Level 3
Remote Access Server
Firewall
Patch Management Terminal Services Application Mirror AV Server
ERP, Email,
Wide Area Network (WAN)
Network Services • DNS, DHCP, syslog server • Network and security mgmt
Drive
Controller
HMI
DIO
Controller
Drive
Controller
Drive
HMI
Cell/Area #2 Ring Topology Resilient Ethernet Protocol (REP)
DIO DIO
4 Time to optimize
Slide 25
Lipman Report, October 2010
“We can no longer afford to ignore the threat from these increasingly advanced governments or terrorist groups aiming to disarm us or fund their activities, to individual hackers looking for money and information.
The time for urgency is now.”
Slide 26
Invensys can help you!
Q&A
Slide 27
Confucious, 551 – 479BC
Slide 28
“I hear, I know.
I see, I remember.
I do, I understand.”
Thank you,
Let’s secure
Our offerings
Cyber Security
Assessment
Security Architecture
And Policy Development
Cyber Security Implementation
Cyber Security Management
And Optimization
Site Security Design
System Security Design
Managed Site Security
IOM Cyber Security
Serv
ices
Ele
men
ts
So
luti
on
s
Installation & Configuration
Secure Design Implementation
Knowledge Transfer
Procedure Creation
Security Policy Creation
System Hardening System Assessment
Vulnerability Scanning
Incident Response
Security Planning Workshop
Penetration Testing
Penetration Testing
Compliance Evaluation
Managed System Security
Policy Assessment
Procedure Assessment
Site Assessment
Compliance Assessment
Vulnerability Assessment
Risk Assessment
Security Baseline testing
top related