IT SECURITY IN CONTEXT OF INDUSTRIE 4.0 PROTECTION OF PRODUCTION DATA

Transcription

1 IT SECURITY IN CONTEXT OF INDUSTRIE 4.0 PROTECTION OF PRODUCTION DATA IUNO Germany s National reference project for IT-Security in Industrie 4.0 Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS

2 AGENDA Fraunhofer SIT Industrie 4.0 State-of-the-art IUNO BMWI Project Research & Solutions Expertise & Competences Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS

3 FRAUNHOFER INSTITUTE FOR SECURE INFORMATION TECHNOLOGY Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS

4 FRAUNHOFER INSTITUTE FOR SECURE INFORMATION TECHNOLOGY Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS

5 FRAUNHOFER INSTITUTE FOR SECURE INFORMATION TECHNOLOGY Prof. Dr. Michael Backes Center for IT-Security, Privacy and Accountability (CISPA) Prof. Dr. Jörn Müller-Quade Kompetenzzentrum für angewandte Sicherheitstechnologie Prof. Dr. Michael Waidner Center for Research in Security and Privacy Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS

6 Idea Development Provision Recycling Order Realisation Maintenance Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS

7 Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS

8 The Three Layers of I4.0 Collection Construktion Orchestration Organisation Cloud Big Data CPS Condtion Place Identity Path History Operation Identity Integration Communication Information Fraunhofer SIT 2016 Machine 2020 Projekt, Dr. Th. Henkel SIT/ISS

9 Series 1 Product Competitive Cost Models Agile Market-Respond On Customer Demand Ergonomic Use Optimized Co2 Footprint Technology Oriented Individual Unique Product Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS

10 Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS

11 Relevant German Steal Mill Massive damage Manipulation of control-systems Bitkom Study Study over 2 year duration 51% victims of industrial espionage 51 MEUR damage p.a. 52% MA All production sites equipped with industrial firewalling, anti-virus systems, etc. Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS

12 INS2014 / ENISA-Study Protecting Industrial Control Systems, 2011 European IT-Security Maturity Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS

13 BMWI-Study IT-Security for Industrie 4.0 Production, Products, Services of Tomorrow as a part of globalised value chains Executive Summary (40 Pages) Summary of all significant results Matrix of the most important recommendations Full Document (254 Pages) Management Summary Detailed analysis of use cases Reference model Comprehensive matrix of all recommendation Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS

14 IUNO National Reference Projekt IT-Security for Industrie 4.0 Dr. Thorsten Henkel Fraunhofer SIT - Industrial Security Solutions Darmstadt,

15 IUNO combines the German expertise in IT-Security and Industrie 4.0 Software Innovations GmbH

16 Use Cases Project- & Knowledge Management Advisory Board (BSI, Industry, Research, Associations) Individual Production Secure Processes Technology Data Market Place Secure Data National Reference Implementation Request Analysis Web-based Remote Control Secure Services Models and Specification Visual Security-Dashboard Secure Interaction Tool Box

17 IUNO develops IT-Security for Industrie 4.0 Evaluation of Methods Industrial Usage Individual Production Secure Processes Basics Methodology Development Security by Design for Industrie 4.0 Technology Data Market Place Secure Data Web-based Remote Control Secure Services Visual Security-Dashboard Secure Interaction Secure Framework IT-Security-Reference Architecture Hardware-oriented Security Encryption for I4.0 Architectures Feedback of Results

18 IUNO develops IT-Security for Industrie 4.0 Evaluation of Methods Industrial Usage Solutions Individual Production Secure Processes Technology Data Market Place Secure Data Digital Identities for Productions Systems Pirate Protection Web-based Remote Control Secure Services Secure Patch-Management of Industrial Production Sites Visual Security-Dashboard Secure Interaction Secure Autonomous Configuration of CPPS Feedback of Results

19 IUNO develops IT-Security for Industrie 4.0 Evaluation of Methods Industrial Usage Solutions Individual Production Secure Processes Technology Data Market Place Secure Data Product-oriented Data Usage Control Authentication in Real Time Environments Web-based Remote Control Secure Services Secure Transmission Visual Security-Dashboard Secure Interaction Digital Rights Management Production Feedback of Results

20 IUNO develops IT-Security for Industrie 4.0 Evaluation of Methods Industrial Usage Solutions Individual Production Secure Processes Technology Data Market Place Secure Data Identity Management and Remote Control Production- Public Key Infrastructure Web-based Remote Control Secure Services Secure Ad-Hoc Networks of CPS Visual Security-Dashboard Secure Interaction Trusted Computing Standards for Embedded Systems Feedback of Results

21 IUNO develops IT-Security for Industrie 4.0 Evaluation of Methods Industrial Usage Solutions Individual Production Secure Processes Technology Data Market Place Secure Data Trust Management & Boundaries for I4.0 Secure Hardware for Production Systems Web-based Remote Control Secure Services Anomaly Notification in Production Systems Visual Security-Dashboard Secure Interaction Secure Usage of mobile Systems and Data Storages Feedback of Results

22 Hannover Fair 2015 Industrial-Rights-Management Prototype

23 Hannover Fair 2015 Industrial-Rights-Management Prototype Deployment of a PKI Infra structure Encryption on CAD premise site Decryption on printer site Limitation of printed objects Printing on dedicated printers Full data and IP control

24 German IT-Summit 2015 Berlin TPM Trusted Core Network Prototype

25 Distributed Health-Checks in Industrial Networks Peer-to-Peer mutual attestation Distributed Security-Checks Early Warning System

26 IUNO Pirate & Machine Integrity Protection

27 IUNO Pirate & Machine Integrity Protection Integrity Check of Industrial Production Systems All Components have to prove their authenticity Provision of cryptographic Identities for all compartments of a machine Usage of BSI-certified cryptographic algorithms

28 IUNO Production Line Information Management Approach

29 IUNO Production Line Information Management Approach Continuously tracking and tracing Collection of field bus data Pattern analysis and evaluation Identification of IT-Security Issues Localisation of problems Planned as a Cloud Service

30 IUNO Remote Maintenance / Managed Machine Service

31 IUNO Remote Maintenance / Managed Machine Service

32 IUNO Technology Data Market Place Purchaser Order Delivery incl. Basic amount of technology data (singular) Machine manufacturer Technology data Operator Cutting Grinding Bending Welding Technology data Marketplace Raw material supplier Plate Pipe Operating Tools/ supplies instruments Technology data Technology data Further participants in the market Quelle: H-P Bock, Trumpf

33 IUNO Technology Data Market Place Purchaser Order Delivery incl. Basic amount of technology data (singular) Machine manufacturer Technology data Operator Cutting Grinding Bending Welding Technology data Marketplace Machine operator Raw material supplier Plate Pipe Operating Tools/ supplies instruments Technology data Technology data Marketplace operator Further participants in the market Quelle: H-P Bock, Trumpf

34 IUNO Industrial Security Policy Development IT-Security Protection Goals Data- Confidentiality Data- Authenticity Data- Integrity Data- Availability

35 IUNO Industrial Security Policy Development

36 IUNO Industrial Security Policy Development

37 IUNO Industrial Security Policy Development Microsoft SDL

38 IUNO Industrial Security Policy Development - TRIKE

39 IUNO Industrial Security Policy Development - CORAS

40 IUNO Industrial Security Policy Development Model Based Approaches

41 IUNO Industrial Security Policy Development Catalogue Based Approaches

42 Empiric Evaluation 3 Analysists (1,3,8 years experience) Effort 1 Day/Project Over 30 Threats / Analyst More than 70 Threats Intersection 2

43 IUNO Industrial Security Policy Development Criteria Definition of Models Method Usability Abstraction Aggregation Re-Usability Tool Support Formal (F) / Integration Capability Capability Open (O) Capability Trike + + n/a n/a + F Attack Trees n/a n/a n/a n/a n/a n/a n/a CORAS o o n/a - + F/O + PASTA n/a n/a n/a n/a n/a n/a n/a MoRA n/a n/a n/a n/a n/a n/a n/a SecureUM L n/a n/a n/a n/a n/a n/a n/a UMLsec n/a n/a n/a n/a n/a n/a n/a Misuse Cases n/a n/a n/a n/a n/a n/a n/a SDL n/a n/a n/a n/a n/a n/a n/a VDI 2182 n/a n/a n/a n/a n/a n/a n/a ISO/IEC n/a n/a n/a n/a n/a n/a n/a CC n/a n/a n/a n/a n/a n/a n/a FMEA n/a n/a n/a n/a n/a n/a n/a

44 IUNO Industrial Security Policy Development

45 IUNO Industrial Security Policy Development IUNO Three Step Threat Modeling Approach Information Collection, Identification of components, technical functions, specifications, data, interfaces and surrounding infra structure Protection Goal Description, Development of attack classes, realization of a value catalogue, identification of protection goals Threat Analysis, Systematic identification of threats and development of e threat catalogue

46 FRAUNHOFER INSTITUTE FOR SECURE INFORMATION TECHNOLOGY Expertise & Competences Method Competences Analysis and Evaluation of Industrial Security Concepts Testing of Regulation and Control Systems Development and Evaluation of Apps Development of Information Security Concepts Secure Engineering Methods for Regulation and Control Systems Software Engineering Technology Competences Development of Technologies for Product- and Pirate Protection Development of Technologies for secure Identification of components and efficient Key Management Development of Technologies for distributed Security-Monitoring of Components Development of Secure Engineering Test-tools Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS

47 FRAUNHOFER INSTITUTE FOR SECURE INFORMATION TECHNOLOGY Dr. Thorsten Henkel Fraunhofer-Institute for Secure Information Technology Rheinstraße Darmstadt, Germany Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS