sicurezza industrie4.0 - e m tieghi templ assintel_short
TRANSCRIPT
Industrie4.0: Security e Business
Continuity nella fabbrica digitalizzata.
Proteggiamo da incidenti cyber i Sistemi
di controllo e automazione
Andrea Zapparoli Manzoni – Coordinatore GdL Security Assintel
Enzo M. Tieghi - ServiTecno – Socio Assintel
Dove, questi sistemi? Ovunque: Industrial Internet, Processes, Buildings, Manufacturing & Infrastructures
3
ANSI/ISA95 Functional Hierarchy www.isa.org
Level 4
Level 1
Level 2
Level 3
Business Planning
& LogisticsPlant Production Scheduling,Operational Management, etc
Manufacturing
Operations ManagementDispatching Production, Detailed Production
Scheduling, Reliability Assurance, ...
Batch
Control
Discrete
ControlContinuous
Control1 - Sensing the production process,
manipulating the production process
2 - Monitoring, supervisory control and automated control of the production process
3 - Work flow / recipe control to produce the desired end products. Maintaining records and optimizing the production process.
Time FrameDays, Shifts, hours, minutes, seconds
4 - Establishing the basic plant schedule -production, material use, delivery, and shipping. Determining inventory levels.
Time FrameMonths, weeks, days
Level 0 0 - The actual production process
Level 4
Level 1
Level 2
Level 3
Business Planning
& LogisticsPlant Production Scheduling,Operational Management, etc
Manufacturing
Operations ManagementDispatching Production, Detailed Production
Scheduling, Reliability Assurance, ...
Batch
Control
Discrete
ControlContinuous
Control1 - Sensing the production process,
manipulating the production process
2 - Monitoring, supervisory control and automated control of the production process
3 - Work flow / recipe control to produce the desired end products. Maintaining records and optimizing the production process.
Time FrameDays, Shifts, hours, minutes, seconds
4 - Establishing the basic plant schedule -production, material use, delivery, and shipping. Determining inventory levels.
Time FrameMonths, weeks, days
Level 0 0 - The actual production process
Sicurezza Impianti, Security oltre alla safety (EN ISO 13849-1/2,
IEC/EN 62061, IEC/EN 61508,
IEC/EN61511)…
• valutiamo la Security?
• Life Cycle dei sistemi?
• Documentazione di progetto?
• Cambiamenti sull’impianto?
• Reti, PLC, DCS, SCADA?
• Chi? Quando? Dove? Perchè?
• Risk Analysis per rischio cyber?
• rete e sistemi di fabbrica sicuri?
• Back-up del sistema (e dei dati) ?
• Mai provato il recovery?
• E le connessioni sono «protette»?
Sicurezza in profondità: reti e sistemi senza protezione
No alle “reti piatte”: Seg/Seg Segmentare & Segregare
Zones & Conduits (ISA99/IEC62443)
Esempio di “Security Architecture” nei sistemi di automazione e controllo
Enterprise
Control
Network
Manufacturing
Operations
Network
Perimeter
Control
Network
Control
System
Network
Process
Control
Network
Source: Byres Security
Protezione di Zone & Conduits con Firewalls (multilayered defence)
Corporate Firewall
Industrial Firewall
Source: Byres - Security
Introduzione alla Security Industriale - Enzo M. Tieghi
Esempio di rete “con protezioni”
Connessioni «protette»: VPN, IPSec, OpenVPN
12
Enzo Maria Tieghi
• Amministratore Delegato di ServiTecno
(da oltre 25 anni software industriale)
• Socio Assintel, attivo in associazioni e gruppi di studio per
la cyber security industriale (ISA s99 info member)
• In Advisory Board, gruppi e progetti internazionali su
Industrial Security e CIP (Critical Infrastructure Protection)
• Co-autore ed autore pubblicazioni, articoli e memorie
14
