INDUSTRIAL CYBER SECURITY
|
|
- August Singleton
- 6 years ago
- Views:
Transcription
1 Rudrajit Roy 20 October 2016 INDUSTRIAL CYBER SECURITY A Comprehensive Approach
2 Agenda 1 Global Industrial Cyber Security Journey Industry Best Practices Honeywell Industrial Cyber Security Who we are, What can we do? Honeywell Risk Manager Why Honeywell? DEMOs at the Technology Center
3 SAFETY Culture Vs CYBER Security Culture 2 On the operations floor, which scenario would be considered the more serious violation? Walking through the area without a hard hat or applicable PPE? Beginning to welding without hot work permit? I don t have time for the hazard assessment Configure without security, path of least resistance Connecting untrusted portable devices to critical networks/devices I don t have time to scan Complacency is not tolerated for safety, why Cyber? No Safety, Reliability & Availability without Cyber Security
4 Global Journey Industrial Cyber Security 3 PAST PRESENT FUTURE 2010 YOUNG & IMMATURE 1. FEAR 2. AVAILABILITY, SAFETY and RELIABILITY 3. STANDARDS and COMPLIANCE Starts MATURING 1. STANDARDS and COMPLIANCE 2. AVAILABILITY, SAFETY and RELIABILITY 3. FEAR Scientific Discipline Integral part of Control System Lifecycle Never Solved but Managed Attack Back Integral part of Control System Lifecycle
5 Industrial Cyber Security Standards 4 United Arab Emirates NESA National Electronic Security Authority Qatar ICT Qatar National Electronic Security Authority Standards organizations such as IEC International Electro technical Commission ISA International Society of Automation ISASecure ISA Security Compliance Institute ISO International Standards Organization United States of America - Government / semi-government NIST National Institute of Standards &Technology NERC CIP North American Electric Reliability Corporation / Critical Infrastructure Protection Honeywell Experience
6 Cont rol Firewal Power Status Cont rol Firewal Power Status Cont rol Firewal Power Status Cont rol Firewal Power Status Industry Best Practice Purdue model of Controls 5 IEC-62443, ISO-99, NIST, ICT Qatar, NESA, etc. - Demarcation (DMZ Deployment) - Layered structured Enterprise Zone DMZ Internet Level 4 Level 3.5 Remote Access DMZ (PROD) Proxy / Relay Server Internet Honeywell Managed Service Center IPS Sensor Firewall L3.5 Firewalls Business LAN Remote Users Proxy VPN IPS Sensor Process Control DMZ PCS Historian E-SVR / Collaboration Station Managed Industrial Cyber Security Services Threat Intelligence Next Generation Firewalls Intrusion Detection System Intrusion Prevention System Data Diode Control Zone Level 3 Level 2.5 Level 2 Honeywell Managed Services Network Monitoring Performance Monitoring Patch & Update Services Honeywell Virtualization Backup & Restore VM Monitoring Passive Vulnerability Monitoring Experion PKS EPKS R410.x EPKS R430.x Dell 01 ICS 201S Dell 02 ICS 202S Dell 03 ICS 203S ESXi hosts Dell 03 L3 Routers L2.5 Routers ICS 204S IPS Sensor Honeywell FTE Network Passive Security Monitoring Sensors Experion PKS EPKS R410.x EPKS R430.x Honeywell Virtualization Backup & Restore VM Monitoring Passive Vulnerability Monitoring Level 3 PCN Advanced Control Systems Security Management PCN Monitoring Blade Chassis ESXi hosts 3 rd Party DCS 3 rd Party DCS Systems Risk Manager Security Information & Event Management (SIEM) Network Performance and Security Monitoring Network Access Control Backup & Restore System Hardening VM Performance Monitoring Domain High Security Policy User Access Control Passive Vulnerability Monitoring OS/Application Vulnerability Management Application Whitelisting ICS USB Protection Anti-Virus / Malware Protection Security Patch Management Level 1 Controllers Honeywell C300 PLC Modbus TCP SCADA Controllers Honeywell C300 3 rd Party PLC Modbus TCP SCADA Controllers 3 rd Party PLC Modbus TCP SCADA Honeywell MODBUS/TCP Firewall Honeywell Control Firewall
7 6 Honeywell Industrial Cyber Security
8 Honeywell Industrial Cyber Security 7 Edmonton Amsterdam Bucharest Global setup to serve global organizations as well as local asset owners Houston Atlanta Dubai Pune Kuala Lumpur Santiago Perth RSC + HICS HICS Office Private LSS RSC HICS Resource(s) Global Operations with Local Focus
9 Complete Industrial Cyber Security Solutions 8 Comprehensive, Holistic and Vendor Neutral Professional Field Services - Advisory consulting - Implementation and systems integration - Operational service and support Managed Cyber Security Services - Continuous monitoring and alerting - Secure automated patch & signature updates - Cyber expert support and co-management Honeywell Cyber Security Software - Industrial Cyber Security Risk Manager - Monitoring platform and assessment tools Integrated Partner Technology Proven, Trusted and Industry Leading
10 Solutions Addressing Cyber Security End to End 9 Backup and Recovery Incident Response Planning Incident Response: On Site & Remote Forensics & Analysis Industrial Cyber Security Vulnerability & Risk Assessments Network & Wireless Assessments Cyber Security & Compliance Audits Current State Analysis Secure Design and Optimization Zone & Conduit Separation Continuous Monitoring Compliance & Reporting Cyber Security Risk Manager Industrial Security Information & Event Management (SIEM) Cyber Security Awareness & Training Policy and Procedures Development Firewall, Next Gen FW Intrusion Detection & Prevention (IDS/IPS) Access Control Industrial Patching & Anti-Virus Industrial Application Whitelisting End Node Hardening Portable Media/Device/USB Security
11 Industrial Cyber Security Solutions Lab 10 Flexible Model of Complete Process Control Network Solutions Development Training and Certification Customer Demonstrations World-Class, Industry Leading Innovation
12 Managed Industrial Cyber Security Services 11 Patch and Anti-Virus Automation Security and Performance Monitoring Activity and Trend Reporting Advanced Monitoring and Co- Management Secure Access Tested and qualified patches for operating systems & DCS software Tested and qualified anti-malware signature file updates Comprehensive system health & cybersecurity monitoring 24x7 alerting against predefined thresholds Automated inventory Monthly or quarterly compliance & performance reports Identifying critical issues and chronic problem areas Firewalls, Intrusion Prevention Systems, etc. Honeywell Industrial Cyber Security Risk Manager Highly secure remote access solution Encrypted, two factor authentication Complete auditing: reporting & video playback Monitoring, Reporting and Honeywell Expert Support
13 Honeywell Security Service Center (SSC) 12
14 Honeywell SUIT Lab Security Update Investigation Team 13 Testing & Qualification of Microsoft Patch Updates & Anti-Malware Updates for Honeywell Systems
15 Honeywell Expertise 14 Operational Technology Experience
16 Cyber Security Controls and Tools: Examples 15 Security Management Intrusion Protection & Threat Intelligence Application & Endpoint Security Next Generation Firewall Network Security
17 Roadmap 16
18 Cyber Trainings by Automation College 17 Trained people = effective Cyber Program
19 Honeywell Risk Manager 18 Risk Location WHERE IS IT COMING FROM? Risk Sources WHAT IS CAUSING THE RISK? Risk Indicators WHAT DO I NEED TO DO? Risk Trends HOW AM I DOING? No Need to be a Cyber Security Expert, made for DCS
20 19 Monitor Measure Manage Continuously & Real-time Identify & Analyze Vulnerabilities and Threats Inside and Outside attacks Employee actions Devices on Network Network Traffic Rogue Devices Immediate Notifications Time to implement security patches % of endpoints free of malware and viruses Reduction in unplanned system downtime Reduction in number of known vulnerabilities & Threats Percentage of recurring incidents Improvements in overall site risk Reactive to proactive cyber security planning Accurately track improvements Generate correct reports Trending help you gauge the impact of decisions Manage workflow and prioritize resources based on risk severity No reconfiguration of system with each upgrade Configuration data and risk settings are preserved Proven and Trusted
21 Value Proposition 20
22 Addresses Stakeholder Responsibilities 21 Control Engineers Anticipate cyber security scenarios Plan for protective measures/safe operating procedures Understand how possible attacks might disrupt operations Monitor the IACS for indicators of threats Track/monitor assets according to different zones. Plant Management Provide updates on the site s security posture Have accurate measurements of risk aligned with industry standards Help focus resources on addressing threats Maintain uptime and meet production goals and other core business objectives Gain the know-how to prioritize efforts to manage risk Assess the impact of security controls on automation performance Establish and improve metrics for out-of-date patches and antimalware. Executives Demonstrate cyber security due diligence to board of directors, investors and regulators Map key risk indicators to KPIs Demonstrate the value of cyber security investments Incorporate meaningful cyber security risk ratings into risk management frameworks and evaluate compliance efforts Proven and Trusted
23 Why Honeywell? 22 Industrial Cyber Security Experts Global team of certified Industrial Cyber Security experts 100% dedicated to Industrial Cyber Security Experts in process control cyber security Leaders in security standards ISA99 / IEC62443 / NIST Proven Experience 10+ years industrial cyber security 1,000+ successful industrial cyber projects 350+ managed industrial cyber security sites Proprietary cyber security methodologies and tools Investment and Innovation Largest R&D investment in industrial cyber security Strategic partnerships with leading cyber security product vendors Industry first Cyber Security Risk Manager State of art Industrial Cyber Security Solutions Lab Refining & Minerals, Petrochemical Oil & Gas Chemicals Power Generation Metals & Mining Pulp & Paper Proven Industrial Cyber Security Solution Provider
24 23 Technology Center
25 Industrial Cyber Security Risk Manager 24 Available Globally Easy-to-use interface and built in guidance eliminates need to be a cyber security expert Real time data collection and analytics, continuously monitors for indicators of cyber security risk Proactively identifies vulnerabilities & detects threats that could impact the ICS Internal health monitoring helps ensure the system is operating at optimum level First and only of its kind for Industrial Environments Low impact monitoring won t disrupt plant operations or cause network delays Proactively Monitor, Measure, and Manage Industrial Cyber Security Risk
26 Get updates Collect monitoring data Get updates Send data Managed Industrial Cyber Security Services 25 Industrial Site Internet Security Service Center Level 4 Corporate Proxy Server Level 3.5 eserver Terminal Server Relay Node Isolates ICS/PCN Ensures no direct communication between L3 and L4 Communication Server Application Servers Level 3 Restricts unauthorized ICS/PCN nodes from sending or receiving data Database Servers Service Node Anti malware Patch Management Monitoring Secure access Level 2 EST/ESF 3 rd Party Historian Domain Controller SSL Encrypted communication Connects to Honeywell Security Service Center ONLY! ACE EST/ ESF Experion Servers Domain Controller Level 1
27 Honeywell Industrial Cyber Security 26 Safdar Akhtar Director Business Development ME, Africa and Asia Pacific cell: Rudrajit Roy Business Development Manager India and SEA cell: Mike Spear Global Operations Manager phone: +1 (770) cell: +1 (678) Chee Ban Ngai APAC Operations Manager cell: Follow us: Blog: Bulletin Board: Website:
28 Thank You
29 28 Backup Slides
30 IT Vs OT 29 Corporate Industrial Controls Systems Risk Non life threatening Safety Availability & Reliability Architecture & Traffic type Interfaces Communication connectivity Roles & Responsibilities IT Important Down time is acceptable Voice, Video, Data over business IT infrastructure OS and applications, Unix, terminals, keyboards, web browsers, Graphical user interfaces, etc. LAN based on dynamic IP, WAN Based on optical, etc. Support and protect business applications OT Critical Downtime is not acceptable Events drive, real-time, Industrial embedded HD and SW. Controls, safety, motion, time synchronization, etc. Servers, Sensors, E/M switches, actuators, relays, PLC, DCS, SCADA, etc. Customized embedded OS Plant based on static IP over ethernet or customized twisted pair, etc. Support plant critical processes Availability, reliability and safety
Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services
Mark Littlejohn June 23, 2016 DON T GO IT ALONE Achieving Cyber Security using Managed Services Speaker: Mark Littlejohn 1 Mark is an industrial technology professional with over 30 years of experience
More informationHONEYWELL INDUSTRIAL CYBER SECURITY
Ammar Alzaher 2017 HONEYWELL INDUSTRIAL CYBER SECURITY www.becybersecure.com Agenda Introductions Why Honeywell Solutions Overview Managed Services Cyber Security Lab Risk Manager Secure Media Exchange
More informationMark Littlejohn June Improving ICS Cyber Security Consistency Using Managed Security Services
Mark Littlejohn June 2018 Improving ICS Cyber Security Consistency Using Managed Security Services 1 Common Cyber Concerns: Typical Attack Vectors* Brought in by employees, contractors, security guards,
More informationSafdar Akhtar, Cyber Director Sema Tutucu, Ops Leader 27 September CYBER SECURITY PROGRAM: Policies to Controls
Safdar Akhtar, Cyber Director Sema Tutucu, Ops Leader 27 September 2017 CYBER SECURITY PROGRAM: Policies to Controls Can You Answer These Questions? 1 What s my company s exposure to the latest industrial
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More informationT22 - Industrial Control System Security
T22 - Industrial Control System Security PUBLIC Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 1 Holistic Approach A secure application depends on multiple layers of protection and industrial
More informationIndustrial Security - Protecting productivity. Industrial Security in Pharmaanlagen
- Protecting productivity Industrial Security in Pharmaanlagen siemens.com/industrialsecurity Security Trends Globally we are seeing more network connections than ever before Trends Impacting Security
More informationCiprian Covas INDUSTRIAL CYBER SECURITY PROGRAM & SOLUTIONS FOREN 2016, Costinesti
Ciprian Covas INDUSTRIAL CYBER SECURITY PROGRAM & SOLUTIONS 13.06.2016 FOREN 2016, Costinesti Agenda 1 Cyber Security - Today Cyber Security Security Profile Cyber Security - Solutions Honeywell Risk Manager
More informationCyber security - why and how
Cyber security - why and how Frankfurt, 14 June 2018 ACHEMA Cyber Attack Continuum Prevent, Detect and Respond Pierre Paterni Rockwell Automation, Connected Services EMEA Business Development Manager PUBLIC
More informationIndustrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets
Industrial Cyber Security ICS SHIELD Top-down security for multi-vendor OT assets OT SECURITY NEED Industrial organizations are increasingly integrating their OT and IT infrastructures. The huge benefits
More informationCyber Security for Process Control Systems ABB's view
Kaspersky ICS Cybersecurity 2017, 2017-09-28 Cyber Security for Process Control Systems ABB's view Tomas Lindström, Cyber Security Manager, ABB Control Technologies Agenda Cyber security for process control
More informationIndustrial Defender ASM. for Automation Systems Management
Industrial Defender ASM for Automation Systems Management INDUSTRIAL DEFENDER ASM FOR AUTOMATION SYSTEMS MANAGEMENT Industrial Defender ASM is a management platform designed to address the overlapping
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationMike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS
Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS Can You Answer These Questions? 1 What s my company s exposure to the latest industrial cyber threat? Are my plants
More informationCyber Security Solutions for Industrial Controls
Cyber Security Solutions for Industrial Controls bhge.com OVERVIEW In a complex world of ever-changing technologies, Baker Hughes, a GE company realizes the importance of having an experienced partner
More informationPractical SCADA Cyber Security Lifecycle Steps
Practical SCADA Cyber Security Lifecycle Steps Standards Certification Jim McGlone CMO, Kenexis Education & Training Publishing Conferences & Exhibits Bio Jim McGlone, CMO, Kenexis GICSP ISA Safety & Security
More informationDigital Wind Cyber Security from GE Renewable Energy
Digital Wind Cyber Security from GE Renewable Energy BUSINESS CHALLENGES The impact of a cyber attack to power generation operations has the potential to be catastrophic to the renewables industry as well
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationSecurity Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:
Position: Reports to: Location: Security Monitoring Engineer / (NY or NC) Director, Information Security New York, NY or Winston-Salem, NC Position Summary: The Clearing House (TCH) Information Security
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationProtecting productivity with Industrial Security Services
Protecting productivity with Industrial Security Services Identify vulnerabilities and threats at an early stage. Take proactive measures. Achieve optimal long-term plant protection. usa.siemens.com/industrialsecurityservices
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationLindström Tomas Cyber security from ABB System 800xA PA-SE-XA
Lindström Tomas 2013-09-02 Cyber security from ABB System 800xA PA-SE-XA-015963 Cyber Security solutions from ABB Agenda Cyber Security in ABB: general view, activities, organization How we work with Cyber
More informationCybersecurity Training
Standards Certification Education & Training Publishing Conferences & Exhibits Cybersecurity Training Safeguarding industrial automation and control systems www.isa.org/cybetrn Expert-led training with
More informationReinvent Your 2013 Security Management Strategy
Reinvent Your 2013 Security Management Strategy Laurent Boutet 18 septembre 2013 Phone:+33 6 25 34 12 01 Email:laurent.boutet@skyboxsecurity.com www.skyboxsecurity.com What are Your Key Objectives for
More informationFunctional. Safety and. Cyber Security. Pete Brown Safety & Security Officer PI-UK
Functional Safety and Cyber Security Pete Brown Safety & Security Officer PI-UK Setting the Scene 2 Functional Safety requires Security Consider just Cyber Security for FS Therefore Industrial Control
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationCYBERVANTAGE TM SECURITY CONSULTING SERVICES
Industrial Cyber Security CYBERVANTAGE TM SECURITY CONSULTING SERVICES Where Innovation Meets Implementation to Drive Industrial Cyber Security Excellence Innovation and Implementation: Industrial Cyber
More informationSANS SCADA and Process Control Europe Rome 2011
SANS SCADA and Process Control Europe Rome 2011 Ian Buffey Director International Services Industrial Defender ibuffey@industrialdefender.com A Holistic Approach Planning, training and governance Cybersecurity
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationDEVELOP YOUR TAILORED CYBERSECURITY ROADMAP
ARINC cybersecurity solutions DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP Getting started is as simple as assessing your baseline THE RIGHT CYBERSECURITY SOLUTIONS FOR YOUR UNIQUE NEEDS Comprehensive threat
More informationLESSONS LEARNED IN SMART GRID CYBER SECURITY
LESSONS LEARNED IN SMART GRID CYBER SECURITY Lynda McGhie CISSP, CISM, CGEIT Quanta Technology Executive Advisor Smart Grid Cyber Security and Critical Infrastructure Protection lmcghie@quanta-technology.com
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationCyber security for digital substations. IEC Europe Conference 2017
Cyber security for digital substations IEC 61850 Europe Conference 2017 Unrestricted Siemens 2017 siemens.com/gridsecurity Substation Digitalization process From security via simplicity 1st generation:
More informationSECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS
SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS PROTECT YOUR DAILY OPERATIONS FROM BEING COMPROMISED In today s data-driven society, connectivity comes with a cost.
More informationInternet of Things. The Digital Oilfield: Security in SCADA and Process Control. Mahyar Khosravi
Internet of Things The Digital Oilfield: Security in SCADA and Process Control Mahyar Khosravi makhosra@cisco.com Critical infrastructures worldwide not ready to battle cyber attacks, claims new study.
More informationENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE
ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE INTRODUCTION In line with commercial industry standards, the data center used by EndNote employs a dedicated security team to protect our
More informationProtection Levels, Holistic Approach. ISA-99 WG 3 TG 3 Protection Levels
Protection Levels, Holistic Approach Security is about technology, processes and people Policies and procedures Functional security measures Competency A holistic security protection concept has to include
More informationNebraska CERT Conference
Nebraska CERT Conference Security Methodology / Incident Response Patrick Hanrion Security Center of Excellence Sr. Security Consultant Agenda Security Methodology Security Enabled Business Framework methodology
More informationCyber Criminal Methods & Prevention Techniques. By
Cyber Criminal Methods & Prevention Techniques By Larry.Boettger@Berbee.com Meeting Agenda Trends Attacker Motives and Methods Areas of Concern Typical Assessment Findings ISO-17799 & NIST Typical Remediation
More informationPresenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.
Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic
More informationWelcome to the webinar! We will start within a few minutes
Welcome to the webinar! We will start within a few minutes Agenda Introduction Solarplaza Presentations Threat assessment - Tom Tansy SunSpec Alliance Cyber Security & Solar A consultant s view - John
More informationISE North America Leadership Summit and Awards
ISE North America Leadership Summit and Awards November 6-7, 2013 Presentation Title: Presenter: Presenter Title: Company Name: Embracing Cyber Security for Top-to-Bottom Results Larry Wilson Chief Information
More informationIndustrial Cyber Security. INDUSTRIAL CYBER SECURITY Safely embrace the digital age with advanced solutions and services to reduce cyber risk.
Industrial Cyber Security INDUSTRIAL CYBER SECURITY Safely embrace the digital age with advanced solutions and services to reduce cyber risk. THE RISKS TO INDUSTRIAL OPERATIONS HAVE CHANGED HAVE YOU? DIFFERENT
More informationIEC A cybersecurity standard approaching the Rail IoT
IEC 62443 A cybersecurity standard approaching the Rail IoT siemens.com/communications-for-transportation Today s Siemens company structure focusing on several businesses Siemens AG Power and Gas (PG)
More informationKonstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS
Konstantin Rogalas 19.11.2015 CYBER SECURITY PROGRAM & SOLUTIONS Focus: Up to But Not Including Corporate and 3 rd Party Networks 1 Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance Connections
More informationCisco Secure Ops Solution
Brochure Cisco Secure Ops Solution Cisco Secure Ops Solution supports cyber-security risk management and compliance for industrial automation environments. It is a combination of on premise technology,
More informationFuture Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group
Future Challenges and Changes in Industrial Cybersecurity Sid Snitkin VP Cybersecurity Services ARC Advisory Group Srsnitkin@ARCweb.com Agenda Industrial Cybersecurity Today Scope, Assumptions and Strategies
More informationAT&T Endpoint Security
AT&T Endpoint Security November 2016 Security Drivers Market Drivers Online business 24 x 7, Always on Globalization Virtual Enterprise Business Process / IT Alignment Financial Drivers CapEx / OpEx Reduction
More informationFFIEC Cyber Security Assessment Tool. Overview and Key Considerations
FFIEC Cyber Security Assessment Tool Overview and Key Considerations Overview of FFIEC Cybersecurity Assessment Tool Agenda Overview of assessment tool Review inherent risk profile categories Review domain
More informationAn Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist
An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist Standards Certification Education & Training Publishing Conferences & Exhibits Speakers: Bryan L. Singer, CISM, CISSP, CAP
More informationIndustrial Security Co-Sourcing: Shifting from CapEx to OpEx Presented by Vinicius Strey Manufacturing in America 03/22-23/2017
Industrial Security Co-Sourcing: Shifting from CapEx to OpEx Presented by Vinicius Strey Manufacturing in America 03/22-23/2017 Unrestricted Siemens 2017 usa.siemens.com/mia Table of contents Industrial
More informationK12 Cybersecurity Roadmap
K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the
More informationCOMPASS FOR THE COMPLIANCE WORLD. Asia Pacific ICS Security Summit 3 December 2013
COMPASS FOR THE COMPLIANCE WORLD Asia Pacific ICS Security Summit 3 December 2013 THE JOURNEY Why are you going - Mission Where are you going - Goals How will you get there Reg. Stnd. Process How will
More informationNW NATURAL CYBER SECURITY 2016.JUNE.16
NW NATURAL CYBER SECURITY 2016.JUNE.16 ADOPTED CYBER SECURITY FRAMEWORKS CYBER SECURITY TESTING SCADA TRANSPORT SECURITY AID AGREEMENTS CONCLUSION QUESTIONS ADOPTED CYBER SECURITY FRAMEWORKS THE FOLLOWING
More informationSOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE
SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE SECURE AIRBORNE CONNECTIVITY: OVERVIEW Gogo Business Aviation realizes the ever-pressing need to be vigilant in staying ahead of potential
More informationSecuring Your Digital Transformation
Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,
More informationPlant Security Services Protecting productivity in the digital era October
Plant Security Services Protecting productivity in the digital era October2017 Restricted www.siemens.com/plant-security-services Internet of (hacked) Things Page 2 Use case - No OT cybersecurity company
More informationIntroduction to ICS Security
Introduction to ICS Security Design. Build. Protect. Presented by Jack D. Oden, June 1, 2018 ISSA Mid-Atlantic Information Security Conference, Rockville, MD Copyright 2018 Parsons Federal 2018 Critical
More informationCyber Security. June 2015
Cyber Security June 2015 Table of contents Section Pages Introduction and methodology 3 Key findings 4 Respondent profile 5-9 Cyber security practices 10-25 Resources for monitoring cyber security events
More informationCybersecurity Overview
Cybersecurity Overview DLA Energy Worldwide Energy Conference April 12, 2017 1 Enterprise Risk Management Risk Based: o Use of a risk-based approach for cyber threats with a focus on critical systems where
More informationIndustrial Network Trends & Technologies
Industrial Network Trends & Technologies EtherNet/IP on the Plant Floor PUBLIC INFORMATION 5058-CO900F IHS Technology Industrial Internet of Things 2014, April 2014 PUBLIC INFORMATION Forecasts tremendous
More informationCyber Security Solutions Mitigating risk and enhancing plant reliability
P OW E R G E N E R AT I O N Cyber Security Solutions Mitigating risk and enhancing plant reliability 2 CYBER SECURITY SOLUTIONS MITIGATING RISK AND ENHANCING PLANT RELIABILITY Providing a roadmap to achieve
More informationABB Process Automation, September 2014
ABB Process Automation, September 2014 ABB Process Automation Services Services that add life to your products, systems and processes September 26, 2014 Slide 1 1 ABB Process Automation Services A proven
More informationTHE TRIPWIRE NERC SOLUTION SUITE
CONFIDENCE: SECURED BUSINESS INTELLIGENCE SOLUTION BRIEF THE TRIPWIRE NERC SOLUTION SUITE A TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on
More informationIPM Secure Hardening Guidelines
IPM Secure Hardening Guidelines Introduction Due to rapidly increasing Cyber Threats and cyber warfare on Industrial Control System Devices and applications, Eaton recommends following best practices for
More informationITSM SERVICES. Delivering Technology Solutions With Passion
ITSM SERVICES Delivering Technology Solutions With Passion 02 CONTENTS OVERVIEW CLIENTS SOLUTIONS WHAT WE DO PROFESSIONAL SERVICES Overview IT Pillars is a dynamic company, which has served, over the past
More informationUnderstanding Holistic Effects of Cyber Events on Critical Infrastructure
Understanding Holistic Effects of Cyber Events on Critical Infrastructure Shane Cherry Infrastructure Analysis and Technology Development National and Homeland Security Directorate March 20, 2018 INL/CON-17-42513
More informationIBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.
IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats. Enhancing cost to serve and pricing maturity Keeping up with quickly evolving ` Internet threats
More informationCyberArk Solutions for Secured Remote Interactive Access. Addressing NERC Remote Access Guidance Industry Advisory
CyberArk Solutions for Secured Remote Interactive Access Addressing NERC Remote Access Guidance Industry Advisory Table of Contents The Challenges of Securing Remote Access 3 Using CyberArk s Privileged
More informationSecurity Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response
Security Operations Flexible and Scalable Solutions to Improve Your Security Capabilities Security threats continue to rise each year and are increasing in sophistication and malicious intent. Unfortunately,
More informationCybersecurity for IoT to Nuclear
Seminar Series Cybersecurity for IoT to Nuclear Fred Cohn, Program Director Property of Schneider Electric Who Am I? Program Director, Schneider Electric Product Security Office Cybersecurity Strategy
More informationISA99 - Industrial Automation and Controls Systems Security
ISA99 - Industrial Automation and Controls Systems Security Committee Summary and Activity Update Standards Certification Education & Training Publishing Conferences & Exhibits September 2016 Copyright
More informationPosition Title: IT Security Specialist
Position Title: IT Security Specialist SASRIA SOC LIMITED Sasria, a state-owned company, is the only short-term insurer in South Africa that provides affordable voluntary cover against special risks such
More informationCYBERVANTAGE MANAGED SECURITY SERVICES
Industrial Cyber Security CYBERVANTAGE MANAGED SECURITY SERVICES 24/7 Expertise to Reduce Operational Downtime and Lower Cyber Risk Honeywell provided the cyber security knowledge base required to protect
More informationChapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS
Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power
More informationMaturity assessment on Cybersecurity for critical infrastructures
Maturity assessment on Cybersecurity for critical infrastructures 28TH SEPTEMBER 2015, AMSTERDAM DR THIEYACINE FALL www.thalesgroup.com Cyber-Security Today (Maturity assessment) Anticipate threats Perform
More informationClick to edit Master title style. DIY vs. Managed SIEM
DIY vs. Managed SIEM Meet Paul Paul Caiazzo Principal, Chief Security Architect CISSP, CISA, CEH M.S. Information Security and Assurance 15+ years of experience in Information Security Connect with me:
More informationWhat It Takes to be a CISO in 2017
What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge
More informationEnsuring Your Plant is Secure Tim Johnson, Cyber Security Consultant
Ensuring Your Plant is Secure Tim Johnson, Cyber Security Consultant 1 The Foxboro Evo TM Process Automation System Addressing the needs across your operation today and tomorrow. 2 Industrial Control Systems
More informationRansomware A case study of the impact, recovery and remediation events
Ransomware A case study of the impact, recovery and remediation events Peter Thermos President & CTO Tel: (732) 688-0413 peter.thermos@palindrometech.com Palindrome Technologies 100 Village Court Suite
More informationEC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led
EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led Certification: Certified Network Defender Exam: 312-38 Course Description This course is a vendor-neutral, hands-on,
More informationPaul Hodge Virtualization Solutions: Improving Efficiency, Availability and Performance
2012 Honeywell Users Group Americas Sustain.Ability. Paul Hodge Virtualization Solutions: Improving Efficiency, Availability and Performance 1 Experion Virtualization Solutions Overview 2 Virtualization
More informationAddressing Vulnerabilities By Integrating Your Incident Response Plans. Brian Coates Enaxis Consulting
Addressing Vulnerabilities By Integrating Your Incident Response Plans Brian Coates Enaxis Consulting Contents Enaxis Introduction Presenter Bio: Brian Coates Incident Response / Incident Management in
More informationДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT
ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT ENERGY AUTOMATION - SMART GRID Restricted Siemens AG 20XX All rights reserved. siemens.com/answers Frederic Buchi, Energy Management Division, Siemens AG Cyber
More informationCyber Security of Industrial Control Systems (ICSs)
Cyber Security of Industrial Control Systems (ICSs) February 23, 2016 Joe Weiss PE, CISM, CRISC, ISA Fellow Managing Partner Applied Control Solutions, LLC (408) 253-7934 joe.weiss@realtimeacs.com Applied
More informationCyberArk Solutions for Secured Remote Interactive Access. Addressing NERC Remote Access Guidance Industry Advisory
CyberArk Solutions for Secured Remote Interactive Access Addressing NERC Remote Access Guidance Industry Advisory Table of Contents The Challenges of Securing Remote Access.......................................
More informationDFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com
DFARS Compliance SLAIT Consulting SECURITY SERVICES Mike D Arezzo Director of Security Services Introduction 18+ year career in Information Technology and Security General Electric (GE) as Software Governance
More informationEndpoint Security for DeltaV Systems
Endpoint Security for DeltaV Systems Decrease risk with intelligent, adaptive scanning Utilize advanced anti-malware protection Identify, remediate and secure your DeltaV system from cybersecurity risks
More informationEducation Network Security
Education Network Security RECOMMENDATIONS CHECKLIST Learn INSTITUTE Education Network Security Recommendations Checklist This checklist is designed to assist in a quick review of your K-12 district or
More informationARC VIEW. Honeywell s New PLC Brings Digital Transformation to the ControlEdge. Keywords. Summary. The Edge and IIoT.
ARC VIEW AUGUST 3, 2017 Honeywell s New PLC Brings Digital Transformation to the ControlEdge By Craig Resnick Keywords IIoT, PLC, DCS, Digital Transformation, Mobility, OPC UA, Cybersecurity Summary IIoT
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationARC VIEW. Leveraging New Automation Approaches Across the Plant Lifecycle. Keywords. Summary. By Larry O Brien
ARC VIEW JUNE 22, 2017 Leveraging New Automation Approaches Across the Plant Lifecycle By Larry O Brien Keywords Operational Excellence, Cloud, Virtualization, Operations Management, Field Commissioning,
More informationDaniel Severino, Sam Wilson October 2 nd, Achieving Cyber Security Across Your Enterprise with ICS Shield and Risk Manager
Daniel Severino, Sam Wilson October 2 nd, 2018 Achieving Cyber Security Across Your Enterprise with ICS Shield and Risk Manager Security Maturity Part of Honeywell Industrial Cyber Security Portfolio 2
More informationSurprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS
Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationInformation Infrastructure and Security. The value of smart manufacturing begins with a secure and reliable infrastructure
Information Infrastructure and Security The value of smart manufacturing begins with a secure and reliable infrastructure The Case for Connection To be competitive, you must be connected. That is why industrial
More informationRansomware A case study of the impact, recovery and remediation events
Ransomware A case study of the impact, recovery and remediation events Palindrome Technologies 100 Village Court Suite 102 Hazlet, NJ 07730 www.palindrometech.com Peter Thermos President & CTO Tel: (732)
More informationPanelists. Moderator: Dr. John H. Saunders, MITRE Corporation
SCADA/IOT Panel This panel will focus on innovative & emerging solutions and remaining challenges in the cybersecurity of industrial control systems ICS/SCADA. Representatives from government and infrastructure
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More information