where data meets data security - swig · where data meets data security ... revolution second...

Where Data meets Data SecuritySiemens Cloud for Industry powered by SAP HANAApril 2015

April 2015

Confidential © Siemens AG 2015. All rights reserved

Prologue: Nineteenth-century Data Overkill

April 2015


Prologue: Your Brain on Story

Big DataWhat does it mean?

April 2015


Page 5 Confidential © Siemens AG 2015. All rights reserved

Our vision is a market place for industrial service applications based onconnectivity to devices

Source: Plant Cloud Services Team

A Collection of customers data.......

April 2015


Page 6 Confidential © Siemens AG 2015. All rights reserved

Provide Visualization in Dashboards

Out of the box analytics

Source: Plant Cloud Services Team

April 2015


We are at the start of the next “Industrial Revolution“

From Industry 1.0 to Industry 4.0

1800 1900 2000 Time

Degree ofcomplexity

FirstIndustrialRevolution

SecondIndustrialRevolution

ThirdIndustrialRevolution

FourthIndustrialRevolution

First mechanical loom, 1784

First conveyorbelt, Cincinnatislaughterhouse, 1870

First programmablelogic controller (PLC)Modicon 084, 1969

based on the introductionof mechanical productionequipment driven bywater and steam power

based on mass productionachieved by division oflabor concept and the useof electrical energy

based on the use ofelectronics and IT tofurther automateproduction

based on the use ofcyber-physical systems

Repair shops Standardization / Processknowledge

SoftwareUpdates

Data Driven Services

April 2015


2020it will be

45Zettabyte

2015it will be

7.4Zettabyte

2012 3.1Zettabyte

Big data / cloud applications

From machine to machine – the focus today and in the future

From person to person – that was the beginning

Machine2MachineSensors, meters, devices, industrial machines

Internet of Things/"Industrie 4.0"Enabling additional productivity levers and new business models

People2MachineMedical technology, digital TV,cameras, computers, mobile phones

People2PeopleNetwork of virtual communities

The total volume ofdata generated on

earth summed up to

Source: Oracle, 2012, Roland Berger 2015

Industry Evolution: The future of big data and cloud applications will be in theindustrial space

April 2015


Siemens and SAP collaborate to create a ‘Cloud for Industry’

Siemens and SAP are uniquely positioned to connect the world ofdistributed assets to the world of data analytics and business

A joint ‘cloud for industry’ (platform as a service) would be the basis forvalue added service applications by SAP, Siemens and others

Siemens and SAP decided to collaborate for ‘Cloud for Industry’: Positive feedback from surveying 50 customers Implemented two technological pilots G2M started with first pilot customers

April 2015


‘Cloud for Industry’ targets an application ecosystem via open APIs andeasy connectivity

0110

0110

0110

0110

0110

0110

01001100101000100100110000100010010111000010001010011001010001001001100001000100101110000100010101010101010101010000100010100101000010010001000100110010100010010011000010001001011100001000101001100101000100100110000100010010111000010001000111010010001010100010101010101001000100000100

011001

●●●

011001

011001

011001

011001

011001

011001

011001

CustomerApplications andAnalytics

OME / Solution ProviderApplications andAnalytics

Siemens Applicationsand Analytics

SAP Applicationsand Analytics

01001100101000100100110000100010010111000010001010011001010001001001100001000100101110000100010001001011100000101010010010000101010101011000100110010100010010011000010001001011100001000101001100101000100100110000100010010111000010001000100101110000010010100101001001000100101100

Ecosystem of Applications andApplication Developers

Industry Cloud with ‘Open API’ and‘Open Connectivity’

Secure and Easy Connectivityvia ISB Agents

April 2015


Example Plant Cloud Services – Pump Management and Optimization

DEMONSTRATIONPREDICTIVE MAINTENANCE

DEMONSTRATIONENERGY OPTIMIZATION

April 2015


Cloud for Industry would enable data value services based on a globalplatform and easy device connectivity

smart agent open agent protocolembedded agent lightweight agent

SAP / Siemens Cloud for Industry

Applications & Services Eco System

Device Connectivity / Agent Technology

extensibility / SDK

onboarding

status monitoring

remote access

devicemanagement

rule engine

pre/post processing

big data store

reporting

mobile UI’s

cockpit/dashboard

analytics engine

data acquisition

events / notifications

agent configuration

access authorization

device modeling

datamanagement analytics / rules visualization system

management

Fleet ServiceManagement

data &event correlation

tuning advisory

consumption modelingdevice management vibration monitoring& analytics

model-basedfailure prediction energy reportinghelpdesk & ticketing

…

…

Plant Analytics& Optimization

Energy Analytics& Optimization

PredictiveMaintenance United Utilities Apps

April 2015


A cloud structure......

Types of Cloud

Open CloudEnterprise orPrivate Cloud Hybrid Cloud

Models:

IaaS Infrastructure as a Service – The bases of Cloud models provides networking, storage etc

PaaS Platform as a Service - Combines Iaas with a set of services for software and Application development

DaaS Data as Service – Lets you connect and use the Cloud for data storage

SaaS Software as a Service – Multitennancy for business applications accessed by multiple users

April 2015


SCI will be based on ISB, HCP while Cloud Foundry integration ensures IaaSprovider independence

HANA Big Data Platform: HANA, Hadoop,IQ, HANA Streaming

HANA Cloud Platform: Platform + Multi-tenancy

SAP SDKs (Software Developer Kits) (HCP/ UI5 +)

HCP App Management

SAP App Store

SAP / Siemens / 3rd Party Applications onHCP

SAP / Siemens Backbone Integration

SAP Service and Support

April 2015


Big Data Technology Stack

Michael Walkers Blog

April 2015


Our customers start to innovate on data services - case studies

The Challenges

Some References1)

*) For details please refer to the back-up slides

• Protect intellectual property• Accelerate development pipelines and contribute

to the environment• Navigate volatile markets and intensified

competitive pace

Our Answers

Minerals

Antea Cement(ALB)Asset Analytics

EU Manufacturerof asphaltEnergy Analytics

Saint Gobain (IN)Ind. NetworkAnalytics

Pilkington (UK)Energy Analytics

Int. Oil & GascompanySecurity Services

Int. PharmacompanyEnergy Analytics

Glass Chemical Pharma

No unplannedsystem downtimes

147% RoI 100% detection ofhidden networkproblems

Over £1 millionenergy costsavings

12% energy costsavings

0 % incidentswithin18 months

Cement

April 2015


Maximize ProcessEfficiency

Visualization &recommendations

Extract new value from your existing data – Siemens Plant Data Services

Data analyticsand simulation

Enhance industrialcyber-security

Datacollection

From Data… …to Value

Optimize energyperformance

Master assetuptime

Secure storage anddata transfer

Cloud-based analyticsecosystem

Do I Need Security?Develop A Strategy

April 2015


Threat Vectors

Sneaker-Net WiFi BYOD Insider Social

Engineering Physical

April 2015


Data security is our core expertiseSecure PCS 7 solution at Sinopec Qingdao Refinery

• Protect operations from disruptions due to e.g. virus infectionChallenge

• Clean operations: 0(zero) incidents or infections after the projectwith 18 months of safe operation

Benefits

• World's largest standalone industrial security services project• Lighthouse security project for Chinese petrochemicals

By the way

April 2015


Industrial SecurityImpact on relevant vulnerabilities affecting automation products

20112010 2012 2013

April 2015


Selected IT Security Standards, Guidelines and Committees

VDI/VDE

BSI Grundschutz

NIST

Roadmap to SecureControl Systems inthe Energy Sector

IEC 62351

IEC TC 57WG15

US-CERT ControlSystems Security

Center

SACTC 124

DKE

CommitteesAssociationsGovernmental bodies

Standards

Guidelines

DHSChemSecRoadmap

NERC-CIP

ISO/IEC15408

WIB M-2784

ISO/IEC 2700x

IEC / ISA-62443Siemens Focus

April 2015


IACS environment / project specific

Independent of IACS environment

Industrial Automation and Control System(IACS)

IACS, automation solution, control system

Automation solution

Operational and Maintenancepolicies and procedures

Product Supplier

SystemIntegrator

Asset Owner

develops

designs and deploys

operates

Control Systemas a combination of

Hostdevices

Networkcomponents ApplicationsEmbedded

devices

is the base for

+

April 2015


IEC / ISA-62443covers all aspects of industrial security

Policies and procedures ComponentSystemGeneralTerminologyConceptsModelsCompliance metricsSecurity levels (SL)

System architecture, networksegmentationZones and conduitsSL for systems

Identification and authenticationcontrolUse controlSystem integrityData confidentialityRestricted data flowTimely response to eventsResource availability

Product development process

PLCs

HMI devicesPC stations

FirewallsGatewaysSwitches

FunctionsApplicationsData

‘Defense in Depth’ involves all stakeholders:Asset owner, system integrator, component supplier

IEC / ISA-62443

OrganizationTraining / awarenessPolicies, procedures Information, documentation

management

Risk management and implementation Incident planning and responseContinuity plan

Solution design and maintenance

Personnel securityPhysical securityNetwork segmentationAccount administrationAuthenticationAuthorization

April 2015


Product life cycle

Product Supplier

Phases in product and IACS life cycles

IACS life cycle

Asset Owner Asset Owner(Service provider)

SystemIntegrator

Asset Owner

Operation / MaintenanceSpecification Integration / Commissioning Decommissioning

Automation solutionProject application

Configuration, User ManagementSecurity measures and settings

Automation solutionSecurity measures and settings

Operational policies andprocedures

Securitytargets

ControlSystems

Hostdevices

Networkcomponents ApplicationsEmbedded

devices

Specification Design Commercialization / maintenance Phase Out

Automation solution

Decommissioningpolicies andprocedures

April 2015


Independentof plant environment

Plant environment

Security Levels forautomation solution and control system

IEC 62443

3-3 System securityrequirements and Security

levels

SL 1 Protection against casual or coincidental violation

SL 2Protection against intentional violation using simplemeans with low resources, generic skills and lowmotivation

SL 3Protection against intentional violation usingsophisticated means with moderate resources, IACSspecific skills and moderate motivation

SL 4

1. Part 3-2: asset owner / system integrator define zones and conduits with target SLs2. Part 3-3: product supplier provides system features according to capability SLs3. Capability SLs are deployed to match target SLs

Control System capabilities

Capabilty SLs

Automation solution

3-2 Security riskassessment and system

design

Protection against intentional violation usingsophisticated means with extended resources, IACSspecific skills and high motivation

System architecturezones, conduits

Risk assessment

Achieved SLs

Target SLs

April 2015


Industrial SecurityThe Siemens Solution

The Siemens solution reduces your risk with a well thought-out security concept.

Industrial Security Services Managed service andconsulting

Security Management Processes and policies

Products & Systems Secure PCs, controllersand networks

where data meets data security - swig · where data meets data security ... revolution second...

Documents