industrial network security for scada, automation, process control and plc systems
DESCRIPTION
This workshop will give you a fundamental understanding of security in effective industrial networking and data communications technology. It will also present you with the key issues associated with security in industrial communications networks and will assist managers, system operators and industrial data communications specialists in setting up secure systems. On completion of the workshop you will have developed a practical insight into how to achieve optimum industrial network security for your organisation. Topics covered include: introduction and terminology; firewalls; authentication, authorisation and anonymity; remote access to corporate networks; cryptography; VPN’s; data security; desktop and network security; security precautions in a connected world; and internet security. WHO SHOULD ATTEND? If you are using any form of communication system this workshop will give you the essential tools in securing and protecting your industrial networks whether they be automation, process control, PLC or SCADA based. It is not an advanced workshop – but a hands-on one. Anyone who will be designing, installing and commissioning, maintaining, securing and troubleshooting TCP/IP and intra/internet sites will benefit including: Design engineers Electrical engineers Engineering managers Instrumentation engineers Network engineers Network system administrators Technicians MORE INFORMATION: http://www.idc-online.com/content/industrial-network-security-scada-automation-process-control-and-plc-systems-8TRANSCRIPT
Technology Training that worksTechnology Training that Workswww.idc-online.com/slideshare
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems
Technology Training that worksTechnology Training that Workswww.idc-online.com/slideshare
OVERVIEW• What is a network?• Evolution of Networks• Network Security requirements• Security in Industrial Automation systems• Wireless networks• Industrial Networks and Business Networks-
similarities and differences• Organisational issues in security• Security measures• Security Testing
Technology Training that worksTechnology Training that Workswww.idc-online.com/slideshare
WHAT IS A NETWORK?
• An interconnected system of computers
• Communication through specific protocols
• Physical connectivity through copper/optical fiber or by wireless media.
• Vendor independence through standardization
• Better Return On Investment
• Local (LAN), Metro (MAN) or Wide Area (WAN) networks
• Hardware and communication path redundancies in WAN and MAN
• Dedicated links or public data communication networks
Technology Training that worksTechnology Training that Workswww.idc-online.com/slideshare
WHAT ARE INDUSTRIAL NETWORKS?
• A network of Programmable controllers (PLC)
• Distributed Control Systems (DCS)
• Supervisory control and Data Acquisition (SCADA) systems
Technology Training that worksTechnology Training that Workswww.idc-online.com/slideshare
NETWORK SECURITY• Analogous to security in the physical world• Unauthorized access• 'Loss of Integrity’ • 'Denial Of Service'• How do you ensure security?
- Prevent a break-in, put locks
- Have alarms to warn that a break-in has occurred
Technology Training that worksTechnology Training that Workswww.idc-online.com/slideshare
THE BASIC SECURITY ELEMENTS
Confidentiality
Integrity
Availability
Technology Training that worksTechnology Training that Workswww.idc-online.com/slideshare
PRESENT SECURITY SCENARIO
• Dedicated networks are safe but expensive • The Internet is cheaper but comes with security
risks• Threats from External and Internal users• Motivation is political / monetary /or ’thrills’• Widespread system knowledge • Easy availability of tools for mounting attacks. • Protocol/ OS/Application and Human
vulnerabilities
Technology Training that worksTechnology Training that Workswww.idc-online.com/slideshare
INDUSTRIAL NETWORK SECURITY ISSUES
• Proprietary hardware and software • Now giving way to open systems
Ex: HMI and Database systems • Interconnection between Industrial and business
networks• TCP/IP protocol in Industrial automation • Access to Internet from corporate networks
Technology Training that worksTechnology Training that Workswww.idc-online.com/slideshare
WIRELESS NETWORKING
• Wireless networking becoming popular• Mobile users (laptops/palmtops) within a campus• Remote monitoring and control applications
Examples: Pump control, weather data collection• EASY to intercept Wireless signals • Internet connectivity at public places through
wireless• Vulnerabilities of wireless now added to those of
Internet
Technology Training that worksTechnology Training that Workswww.idc-online.com/slideshare
SIMILARITIES BETWEEN INDUSTRIAL AND BUSINESS NETWORKS
• Same owners and general goals• Same technologies (Ethernet, TCP/IP, Windows,
etc.)• Common facilities• Interconnected at one or more points
As a result:Security approach of both types of networks have a lot
of similarities.
Technology Training that worksTechnology Training that Workswww.idc-online.com/slideshare
AND THE DIFFERENCES?
Industrial Networks:
Reliability and Response time and safety
Better security through proprietary operating systems
Business networks
Availability and delivery of service.
Different Risk management goals
Technology Training that worksTechnology Training that Workswww.idc-online.com/slideshare
ORGANIZATIONAL ASPECTS OF SECURITY
• Security is NOT just a matter of technology.
• Needed: A clearly defined organisational security policy.
• What is the probability of a security incident?
• What are its risks?
• What is the cost for security systems, training and periodic testing.
• Get the users to understand and cooperate
Technology Training that worksTechnology Training that Workswww.idc-online.com/slideshare
NETWORK SECURITY MEASURES
• Authentication, Authorization and Accounting (AAA)• Encryption of data• Routers and Firewalls for access control and filtering• Intrusion detection and response• VLANs as a security solution for LANs• Secure Virtual private Networks for remote user access
Technology Training that worksTechnology Training that Workswww.idc-online.com/slideshare
SECURITY TESTING
Testing ensures that the security implementation is effective and follows organizational security policies.
The issues: When to test?
What tests to conduct?
How frequently?
On which systems?
Who is responsible and for what?
How much will it cost?
Technology Training that worksTechnology Training that Workswww.idc-online.com/slideshare
CONCLUSION• Common aspects in the security of Industrial and
business networks
• Important: Both Organizational and technical aspects of security
• Testing of security measures at periodic intervals for continued effectiveness
Technology Training that worksTechnology Training that Workswww.idc-online.com/slideshare
DO YOU WANT TO KNOW MORE?
If you are interested in further training or information, please visit:
http://idc-online.com/slideshare