![Page 1: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/1.jpg)
Thanks for joining!
We will begin in just a few minutes as more people come on line.
![Page 2: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/2.jpg)
IoT Security Talks –Industrial Protocols andSecurity Implications2016 May 12
Robert Albach – Product Line Manager IoT Security
Sunil Maryala – Technical Marketing Engineer IoT Security
![Page 3: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/3.jpg)
Agenda
:00
Welcome to Tech Talks
:03
Industrial Protocols
@ :45
Question and Answer
Mechanics of Tech Talks Protocol Diversity
Security state of OT
Protocols
Where the protocols are
found in the network
Security for OT Protocols
![Page 4: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/4.jpg)
Tech Talk MechanicsHow these events will operate
• With many people on-line we will mute all but the presenters
• We will try to answer questions at the end
• Please use the “Question and Answer” feature for questions
• If we don’t get to your question, we will try to answer them off-line
• The presentation and recording will be placed on the Community support site:
https://supportforums.cisco.com/
![Page 5: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/5.jpg)
Who This Presentation is For:
• Cisco customers, partners, employees
• Assumption:
• Your background is primarily in classic IT environments
• OR
• You are an OT practitioner with security responsibility
• You have some amount of security background / responsibility
• You are likely to have some responsibility in OT in the future or do so already.
![Page 6: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/6.jpg)
What is the OT Thing?• Operations Technology
• “Industrial” NW and Compute
• Working with electronic endpoints (IEDs) where the end point generally has no people involved
• Autonomous but highly limited
• More than SCADA
• …and what is that SCADA(Supervisory Control and Data Acquisition) thing?
• Or is that ICS (Industrial Control Systems)?
• Literally Different / Frequently used Interchangably
• Depends on your POV
![Page 7: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/7.jpg)
![Page 8: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/8.jpg)
Some Quick IT vs. OT Differences
• How Networks were built
• Network / Device Attributes
• Network traffic differences
![Page 9: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/9.jpg)
IT Networks – Data Flows
End points are smart –independently driven.
If data leaves – it goes far…
Web – data center / internet
File / Print shares
Nearby devices largely unrelated
When the end points talk:
Short conversations
Lots of connections
Short TCP sessions – SYN SYN/ACK ACK
– a few secs max
Largely egalitarian – anybody talk to anybody
![Page 10: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/10.jpg)
OT Networks – Data Flows
End points are not smart – repetitive.
If data leaves – it goes to same places
…or not far at all
Interaction is largely local
Movement not very visible
if it does leave – streams out
Not a conversation usually
When the end points talk:
Long conversations
Few connections
Long TCP sessions – lots of keep alives– hours / days!
![Page 11: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/11.jpg)
11
Most of the “things” in IoT:Won’t have an IP Address
![Page 12: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/12.jpg)
How to Wire a PLC
![Page 13: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/13.jpg)
Sample Assets to ProtectAsset Description Examples and Notes
IEDs
Intelligent Electronic Device – Commonly used within
a control system, and is equipped with a small
microprocessor to communicate digitally.
Sensor, actuator, motor, transformer,
circuit breaker, pump
RTUs
Remote Terminal Unit – Typically used in a substation
or remote location. It monitors field parameters and
transmit data back to central station.
Overlap with PLC in terms of capability
and functionality
PLCs
Programmable Logic Controller – A specialized
computer used to automate control functions within
industrial network.
Most PLCs do not use commercial OS,
and use “ladder logic” for control functions
HMIs
Human Machine Interfaces – Operator’s dashboard or
control panel to monitor and control PLCs, RTUs, and
IEDs.
HMIs are typically modern control
software running on modern operating
systems (e.g. Windows).
Supervisory
Workstations
Collect information from industrial assets and present
the information for supervisory purposes.
Unlike HMI, a supervisory workstation is
primarily read-only.
Data Historians
Software system that collects point values and other
information from industrial devices and store them in
specialized database.
Typically with built-in high availability and
replicated across the industrial network.
Other AssetsMany other devices may be connected to an industrial
network.
For example, printers can be connected
directly to a control loop.
Less
Complexity
More
Less
Threat
Vectors
More
2%
40%
40%
8%
10%
![Page 14: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/14.jpg)
![Page 15: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/15.jpg)
![Page 16: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/16.jpg)
Modbus
• Created by Modicon (now Schneider) – first PLC Vendor – 1970s
• Control Body – Modbus Organization - modbus.org
• Technology and Organization Variants:
• Modbus RTU / Modbus ASCII / Modbus TCP / Modbus Plus / others
• Modbus PEMEX / Enron Modbus
• Transport varies – some serial, some IT network types
• Some variants require special hardware for PC communications
![Page 17: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/17.jpg)
Profibus / Profinet
• Created by German Consortia (Siemens Primary Adopter) –– 1989s
• Control Body – PROFIBUS & PROFINET International-profibus.com
• Technology Variants:
• PROFIBUS / PROFINET / PROFIsafe / PROFIdrive / PROFIenergey
• RT / IRT /
• Fieldbus and modern networking transport
• Special chips for protocol acceleration (optional)
![Page 18: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/18.jpg)
CIP – Common Industrial Protocol
• Predecesor Allen-Bradly (Rockwell) (Bosch CAN chip base) 1994
• Control Body – Open DeviceNet Vendor Association odva.com
• Technology Variants:
• DeviceNet / EtherNet/IP / ControlNet / CompoNet
• CIP Safety / CIP Energy / CIP Synch / CIP Motion / CIP Security
• Fieldbus and and modern networking transport
![Page 19: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/19.jpg)
DNP – Distributed Network Protocol
• Created by Weston – GE-Harris Canada – 1993
• Control Body – Distributed Network Protocol User Group dnp.org
• Technology Variants:
• DNP / DNP3 / opendnp3
![Page 20: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/20.jpg)
Other Manufacturing* Protocols
• HART – Highway Addressable Remote Transducer) <Fieldbus>
• OPC - Open Platform Communication – was OLE for Process Control
• CAN / CANBUS – Controller Area Network – serial bus system
• PTP – Precision Timing Protocol (highly precise / requires special HW)
![Page 21: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/21.jpg)
IEC 60870-5-104
• International standard for telecommunications in utilities – 2000
• Focus on communication between control and substations
• Runs over TCP / IP
![Page 22: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/22.jpg)
ICCP - Inter-Control Center Communications Protocol
• ICCP or IEC 60870-6/TASE.2 - 1992
• Focus on communication between control and substations / utilities
![Page 23: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/23.jpg)
ICS Specific ProtocolsCompany Protocols Company Protocols
ABB ABB Time Sync Multicast,
MI – Multisystem Integration Protocol
RNRP – Redundant Network Routing Protocol
RemSys – Show Remote System Protocol
Honeywell Honeywell CDA
Honeywell FTE
Honeywell safety Manager
PLANTSCAPE
Allen- Bradley Ethernet/IP – CIP
Rockwell CSP (TCP & UDP)Schneider Modbus/TCP
Modbus/UDP
HIMA HIMA HiMAX-HIMatrix-(X)OPC
HIMA HiMatrix RIO
HIMA HiQuad-OPC-DA
HIMA ELOP II
HIMA X-OPC Computer
Siemens PROFINet Context Manager
PROFINet Multicast
PROFINet Unicast
S7Com
Emerson DeltaV Wago Wago CoDeSys
Generic Industrial ICCP
DNP3
FF Fieldbus Message Specification
FF System Management
GOOSE - IEC61850 Interface
IEC MMS
IEC 60870-5-104
IEEE 1588 precision time prorocol
ISO Network Layer Protocol
MRP – Media Redundancy Protocol, OPC – Classic TCP
Yokogawa Yokogawa Stardom
Vnet/IP
Belden HiPER Ring Protocol
Hirschmann Redundant Ring Coupling
Tofino CMP
GE GE QuickPanel Configuration Protocol
GE SRTP
MOST/PAC8000 API
![Page 24: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/24.jpg)
Participating in 58 industrial standards efforts
IEEE / IEC / ISA / ISO / IETF / AVnu / HART / ETSI / Heathrow / OPC / ProfiNET / OMG – DDS / OIC / IIC / FDT / ODVA / OASIS / AllSeen / OneM2M / Wi-Sun / LORa / SiGFOX / ETSI / SAE / ITU / UCA / CIGRE(T) / COW / HomePlug / G3 / AIOTI
Cisco Industrial Standards Participation
IEC
61850 Utility, Industrial, Transportation (Data)
62351 Utility, Industrial, Smart City (Security)
62357 Utility, Smart Cities (Architecture)
62443 Energy Et Al, Industrial (PCS Security)
61508 Industrial, Utility, other energy (Safety)
![Page 25: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/25.jpg)
![Page 26: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/26.jpg)
Industrial Protocols - General Security Concerns
• Early developments of many protocols made few provisions for security
• Focus was on interoperability and continuity
• Master / Slave relationships within serial communications
• No encryption (but there are reasons not to in some cases)
• Authentication in particularly commonly lacking
• Some protocols utilize broadcasting for communications
• Legacy devices built on assumption of limited communication complexity
![Page 27: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/27.jpg)
Modbus Legacy Security Issues
• Endpoint authentication not a default operation
Endpoint authentication not a default operation
Nothing more needed than address and function call
Modbus message content is not validated by application
Dependent on network stack
No real integrity checking
• DOS easily initiated
More a function of the end-points inability to handle processing
![Page 28: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/28.jpg)
Profibus / Profinet Legacy Security Issues
• Endpoint authentication lacking in older Profibus
Assumption of master to slave exclusivity – slave has a single master
Some revs could allow for slave to slave comms or slave to master
Modbus message content is not validated by application
Dependent on network stack
No real integrity checking
• DOS easily initiated
More a function of the end-points inability to handle processing
![Page 29: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/29.jpg)
DNP / DNP3 Legacy Security Issues
• Abuse of unsolicited messaging
Feeding masters with spoofed status
Suppressing of potential alarms by suppressing unsolicited messaging
• Ready acceptance of unauthorized commands
• DOS easily initiated
More a function of the end-points inability to handle processing
![Page 30: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/30.jpg)
ICCP Legacy Security Issues
• Lack of encryption
ICCP’s use in WANs make this a greater area of concern
• MITM / Spoofing / Masquerade
WAN use introduces more potential physical points of intercept
• DOS easily initiated
More a function of the end-points inability to handle processing
![Page 31: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/31.jpg)
![Page 32: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/32.jpg)
32
Where are these Protocols Found?Manufacturing Protocols
FieldBus
TCP/IP
![Page 33: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/33.jpg)
33
Where are these Protocols Found?Utility Protocols
DNP
ICCP
![Page 34: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/34.jpg)
IT Boxes for OT OR OT Boxes for OT
The right box for the right place.
Location in the NW Determines Traffic Visibility
![Page 35: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/35.jpg)
![Page 36: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/36.jpg)
Simple Solution (In a Perfect World)
• Update to the Most Recent Version
Modern equivalents are more secure
Vulnerabilities are patched
• Encrypt Communications Everywhere
BUT..
How much of the legacy system will support it
What kind of latency might encryption introduce
• Remember – Industrial Equipment is Expected to Last for Decades
![Page 37: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/37.jpg)
Real World Solution
• 1. Proper network design
• 2. Secure End-Points
Not really a protocol solution
• 3. Encrypt at higher Levels of Network / WANs
• 4. Protocol Control and Inspection
![Page 38: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/38.jpg)
Evolve to Security:Phased Security Architecture
First Level –
Secured Connectivity
Second Level –
Secured Visibility &
Control
Third Level –
Converged Security &
Depth
Level 5
Level 4
Level 3
Level 2
Level 1
Enterprise Network
Site Business Planning & Logistics Network
Enterprise Zone
DMZ
Manufacturing Zone
Cell/Area Zone
Site Manufacturing Operationsand Control
Area Supervisory Control
Basic Control
ProcessSensors Drives Actuators Robots
FactoryTalk
ClientHMI Magelis
HMI
Engineering
Workstation
Operator
Interface
Batch
Control
Discrete
Control
Drive
Control
Continuous
Process
Control
Safety
Control
FactoryTalk
App Server
FactoryTalk
Directory
Engineering
Workstation
Domain
Controller
Terminal Server RDP Server App Server Patch Mgmt.
E-Mail, Intranet, etc.
Zone Segmentation
Controlled Conduits
Application Control
Threat Control
Policy Driven
Response
Deeper Vision /
Control
Level 0
v v
![Page 39: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/39.jpg)
Zone Design to Mitigate:Potential Broadcast / AuthZ
• Design your networks
• Physical / Logical Organization
• Mostly Physical
• Remember the OT NW Traffic Profile?
• Intra-”cell” traffic is dominant
• Little cell to cell communication
• Lends itself to the zone / conduit model
![Page 40: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/40.jpg)
Conduits Design to Mitigate:Broadcast / AuthZ
• Controlled Communications
• Think ACLs
• DACLs?
• Or perhaps Security Group Tags (SGTs)?
• Think VLANs
• Secured Communications
• Think VPNs
![Page 41: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/41.jpg)
![Page 42: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/42.jpg)
Viewing Industrial Protocols -Proximity
First Level –
Secured Connectivity
Second Level –
Secured Visibility &
Control
Third Level –
Converged Security &
Depth
Level 5
Level 4
Level 3
Level 2
Level 1
Enterprise Network
Site Business Planning & Logistics Network
Enterprise Zone
DMZ
Manufacturing Zone
Cell/Area Zone
Site Manufacturing Operationsand Control
Area Supervisory Control
Basic Control
ProcessSensors Drives Actuators Robots
FactoryTalk
ClientHMI Magelis
HMI
Engineering
Workstation
Operator
Interface
Batch
Control
Discrete
Control
Drive
Control
Continuous
Process
Control
Safety
Control
FactoryTalk
App Server
FactoryTalk
Directory
Engineering
Workstation
Domain
Controller
Terminal Server RDP Server App Server Patch Mgmt.
E-Mail, Intranet, etc.
Zone Segmentation
Controlled Conduits
Application Control
Threat Control
Policy Driven
Response
Deeper Vision /
Control
Level 0
v v
![Page 43: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/43.jpg)
ISA 3000 – SW Architecture
Industrial
Security
Appliance
ASA Firewall
Access Control – Device / User
VPN
Quality of Service
Packet Storms
FirePower Services
Application FW
Threat Control
Device ID
Behaviour Control
ASDM – OnBox Managment
![Page 44: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/44.jpg)
• IPS based Rules
• Industrial Protocol specific parsers
• 200+
• Growing rapidly 100+ in last 12 months
• Threats
• Application Control
• Can control parameter ranges
• Customizable
• Automation vendor created rules
• Application Identification
• OpenApp ID
• App ID
• Coarse ID + Control
• Capable of much more
Industrial Protocol Specific Coverage
ISO MMS 608701-04 GOOSE
GSE COSEM BACnet
OPC-UA Honeywell –
Control /
Experion
Emission
Control
Protocol
![Page 45: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/45.jpg)
Industrial Protocol Identification
RA = Rockwell Automation
ODVA – CIP / EIP
![Page 46: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/46.jpg)
Protocol Parser -Modbus
Parameter Value (Data)
Function
Unit
![Page 47: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/47.jpg)
Summary
• Multiple Non-Interoperable protocols in same location doing the same thing
• Many legacy devices working well, but requiring older insecure protocols
• IF viable move to more modern and secure protocol equivalents
• Look to put the right security equipment in the right place that truly understand the protocol
• <Look for the follow up session on how to phase in industrial security>
![Page 48: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/48.jpg)
Before the Q&A Session
• Thanks for attending.
• Let us know:
• Was this session worth while to you?
• What future topics would you like to see?
• How might we improve these events?
• Send an email to:
• Robert Albach
•
![Page 49: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/49.jpg)
Q&APlease use the Question and Answer section of WebEx
![Page 50: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/50.jpg)
THANKS!
![Page 51: We will begin in just a few minutes as more people come on ... · RNRP –Redundant Network Routing Protocol RemSys –Show Remote System Protocol Honeywell Honeywell CDA Honeywell](https://reader030.vdocument.in/reader030/viewer/2022040405/5e96b83de03c1c67a24bebb8/html5/thumbnails/51.jpg)