IPC2018 Industrial PC (IPC) Secure Deployment Guide
|
|
- Evelyn Hoover
- 6 years ago
- Views:
Transcription
1 GFK-3015 IPC2018 Industrial PC (IPC) Secure Deployment Guide June 2017
2 These instructions do not purport to cover all details or variations in equipment, nor to provide for every possible contingency to be met during installation, operation, and maintenance. The information is supplied for informational purposes only, and GE makes no warranty as to the accuracy of the information included herein. Changes, modifications, and/or improvements to equipment and specifications are made periodically and these changes may or may not be reflected herein. It is understood that GE may make changes, modifications, or improvements to the equipment referenced herein or to the document itself at any time. This document is intended for trained personnel familiar with the GE products referenced herein. GE may have patents or pending patent applications covering subject matter in this document. The furnishing of this document does not provide any license whatsoever to any of these patents. Public This document is approved for public disclosure. GE provides the following document and the information included therein as is and without warranty of any kind, expressed or implied, including but not limited to any implied statutory warranty of merchantability or fitness for particular purpose. For further assistance or technical information, contact the nearest GE Sales or Service Office, or an authorized GE Sales Representative. Issued: June General Electric Company. * Indicates a trademark of General Electric Company and/or its subsidiaries. All other trademarks are the property of their respective owners. We would appreciate your feedback about our documentation. Please send comments or suggestions to controls.doc@ge.com Related Documents Document # Title GFK-3014 RXi2-EP Industrial PC (IPC) Hardware Reference Manual GFA-2130 RXi2-EP IPC Data Sheet
3 Safety Symbol Legend Warning Indicates a procedure or condition that, if not strictly observed, could result in personal injury or death. Caution Indicates a procedure or condition that, if not strictly observed, could result in damage to or destruction of equipment. Attention Indicates a procedure or condition that should be strictly followed to improve these applications. GFK-3015 Secure Deployment Guide 3
4 Contact Information If you purchased this product through an Authorized Channel Partner, contact the seller directly. Online technical support and GlobalCare Additional information Solution Provider General Contact Information Technical Support Contact us by telephone, , or at Americas Phone International Americas Direct Dial (if toll free 800 option is unavailable) Technical Support Customer Care Primary language of support English Europe (not Germany), Middle East, and Africa (EMEA) Phone EMEA Direct Dial (if toll free 800 option is unavailable or dialing from a mobile telephone) Technical Support support.emea.ip@ge.com Customer Care customercare.emea.ip@ge.com Primary languages of support English, French, Italian, Czech, Spanish Germany Phone Technical Support support.augsburg.ip@ge.com Asia Pacific (APO) Phone Technical Support Customer Care (India, Indonesia, and Pakistan) support.cn.ip@ge.com (China) support.jp.ip@ge.com (Japan) support.in.ip@ge.com (remaining Asia customers) customercare.apo.ip@ge.com customercare.cn.ip@ge.com (China) 4 GFK-3015 IPC2018 IPC Secure Deployment Guide
5 Contents 1 Introduction Security and Secure Deployment What is Security? I have a Firewall: Isn t that Enough? What is Defense in Depth? General Recommendations Checklist IPC2018 IPC Functional Overview IPC2018 with ifix IPC2018 with CIMPLICITY Platform Configuration and Hardening Network Architecture and Secure Deployment Reference Architecture Demilitarized Zones (DMZ) Other Considerations Anti-virus software Data Execution Prevention (DEP) Patching Patching GE Proficy Software Patching third-party Software Additional Guidance Protocol-specific Guidance Government Agencies and Standards Organizations GFK-3015 Secure Deployment Guide 5
6 Notes 6 GFK-3015 IPC2018 IPC Secure Deployment Guide
7 1 Introduction This document provides information that can be used to help improve the cyber security of systems that include IPC2018 Industrial PC (IPC) products. It is intended for use by control engineers, integrators, IT professionals, and developers responsible for deploying and configuring IPC products. Secure deployment information is provided in this manual for the following IPC2018 IPC products. Product RXi2-EPxxxxxxxxxx R2Xxxxxxxxxxx IPC2018 IPC Products Product Description IPC2018 with bc6l17 IPC2018 with bc6l18 Caution The controllers and supervisory level computers covered in this document were not designed for or intended to be connected directly to any wide area network, including but not limited to a corporate network or the Internet at large. Additional routers and firewalls (such as supplied with the NetworkST* 4.0 option) that have been configured with access rules customized to the site's specific needs must be used to access devices described in this document from outside the local control networks. Introduction GFK-3015 Secure Deployment Guide 7
8 Notes 8 GFK-3015 IPC2018 IPC Secure Deployment Guide
9 2 Security and Secure Deployment This chapter describes the fundamentals of security and secure deployment. 2.1 What is Security? Security is the process of maintaining the confidentiality, integrity, and availability of a system: Confidentiality: Ensure only the people you want to see information can see it. Integrity: Ensure the data is what it is supposed to be. Availability: Ensure the system or data is available for use. GE recognizes the importance of building and deploying products with these concepts in mind and encourages customers to take appropriate care in securing their GE products and solutions. 2.2 I have a Firewall: Isn t that Enough? Firewalls and other network security products, including Data Diodes and Intrusion Prevention Devices, can be an important component of any security strategy. However, a strategy based solely on any single security mechanism will not be as resilient as one that includes multiple, independent layers of security. Therefore, GE recommends taking a Defense in Depth approach to security. 2.3 What is Defense in Depth? Defense in Depth is the concept of using multiple, independent layers of security to raise the cost and complexity of a successful attack. To carry out a successful attack on a system, an attacker would need to find not just a single exploitable vulnerability, but would need to exploit vulnerabilities in each layer of defense that protects an asset. For example, if a system is protected because it is on a network protected by a firewall, the attacker only needs to circumvent the firewall to gain unauthorized access. However, if there is an additional layer of defense, say a username/password authentication requirement, now the attacker needs to find a way to circumvent both the firewall and the username/password authentication. 2.4 General Recommendations Adopting the following security best practices should be considered when using GE products and solutions. Deploy and configure firewalls to limit the exposure of control system networks to other networks, including internal business networks and the Internet. If a control system requires external connectivity, care must be taken to control, limit and monitor all access, using, for example, virtual private networks (VPN) or Demilitarized Zone (DMZ) architectures. Harden system configurations by enabling/using the available security features, and by disabling unnecessary ports, services, functionality, and network file shares. Apply all of the latest GE product security updates, SIMs, and other recommendations. Apply all of the latest operating system security patches to control systems PCs. Use anti-virus software on control systems PCs and keep the associated anti-virus signatures up-to-date. Use whitelisting software on control systems PCs and keep the whitelist up-to-date. Security and Secure Deployment GFK-3015 Secure Deployment Guide 9
10 2.5 Checklist This section provides a sample checklist to help guide the process of securely deploying IPC2018 IPC products. 1. Create or locate a network diagram. 2. Identify and record the required communication paths between nodes. 3. Identify and record the protocols required along each path, including the role of each node. 4. Revise the network as needed to ensure appropriate partitioning, adding firewalls or other network security devices as appropriate. Update the network diagram. (Refer to the chapter Network Architecture and Secure Deployment.) 5. Configure firewalls and other network security devices 6. Enable and/or configure the appropriate security features on each module. 7. For each module, change every supported password to something other than its default value. 8. Harden the configuration of each module, disabling unneeded features, protocols and ports. 9. Test/qualify the system. 10. Create an update/maintenance plan. Note Secure deployment is only one part of a robust security program. This document, including the checklist above, is limited to only providing secure deployment guidance. For more information about security programs in general, refer to the section Additional Guidance. 10 GFK-3015 IPC2018 IPC Secure Deployment Guide
11 3 IPC2018 IPC Functional Overview The information in the chapter is intended to assist with infrastructure configuration for ifix and CIMPLICITY. 3.1 IPC2018 with ifix Currently, an ifix bundle for RXi2-EP IPC is not available and there is no plan to offer an ifix bundle for this product. 3.2 IPC2018 with CIMPLICITY Currently, a CIMPLICITY bundle for RXi2-EP IPC is not available and there is no plan to offer a CIMPLICITY bundle for this product. 3.3 Platform Configuration and Hardening GE recommends configuring operating systems, databases, and other platforms in accordance with vendor recommendations or industry standards. The following organizations publish best practices, checklists, benchmarks, and other resources for securing systems: System Security Resources Organization Center for Internet Security (CIS ) National Institute of Standards and Technology (NIST) Microsoft Website The following TCP/IP ports are enabled on Microsoft Windows by default. GE recommends disabling these TCP/IP ports to harden the operating system. TCP/IP Ports to Disable TCP/IP Port Description 135 Microsoft Windows RPC 1947 Aladdin HASP license manager mc-nmf Scotty-ft IPC2018 IPC Functional Overview GFK-3015 Secure Deployment Guide 11
12 Notes 12 GFK-3015 IPC2018 IPC Secure Deployment Guide
13 4 Network Architecture and Secure Deployment This chapter provides security recommendations for deploying remote access using ifix WebSpace. 4.1 Reference Architecture The following figure provides a reference deployment of IPC2018 IPC components. The control system network is segregated from other untrusted networks such as the enterprise network (also referred to as the business network, corporate network, or intranet) and the internet. Process control network data and applications are authenticated and exposed in a limited fashion using web-based applications and reporting capabilities. Network Architecture 4.2 Demilitarized Zones (DMZ) A DMZ architecture uses two firewalls to isolate servers that are accessible from untrusted networks. Never expose an ifix SCADA node directly to the internet. Instead, place a relay server or WebSpace in a DMZ configuration. For additional isolation, three firewalls can be deployed to create a double-hop DMZ configuration in which both the relay server and the WebSpace server can be deployed in their own DMZ. Network Architecture and Secure Deployment GFK-3015 Secure Deployment Guide 13
14 Notes 14 GFK-3015 IPC2018 IPC Secure Deployment Guide
15 5 Other Considerations This chapter provides additional recommendations and frequently asked questions (FAQ). 5.1 Anti-virus software GE encourages customers to use third-party anti-virus (AV) software of their choice and to keep it up-to-date with the latest updates. While GE does not specifically certify any particular anti-virus supplier s software, we do test our products with GE s corporate standard (currently Sophos Antivirus) installed and running on all test and system lab machines. In the event there is a Proficy product defect discovered while running any anti-virus software, GE will make all reasonable efforts to provide a solution. However, if the issue is found to be based on specific behavior of the AV software, the customer might be advised to work with the AV software vendor and/or switch to another AV software vendor to get resolution to their issue. 5.2 Data Execution Prevention (DEP) GE products function with Microsoft Windows Data Execution Prevention (DEP) enabled and GE recommends that customers enable this feature as an added protection against the exploitation of application security vulnerabilities such as buffer overflows. In the event there is a Proficy product defect discovered while running DEP, GE will make all reasonable efforts to provide a solution. 5.3 Patching Patching GE Proficy Software GE recommends that customers keep Proficy software up-to-date by applying the latest Software Improvement Module (SIM) to their deployed Proficy products. SIMs add new functionality, fix bugs, and address security vulnerabilities. Security advisories and security-related SIMs can be found on the GE Support website at Customers can also sign up for notification of new SIMs and security advisories on the website Patching third-party Software GE recommends that customers keep operating systems, databases, and other third-party software in their environment up-to-date with the latest security patches from the software vendor. GE regularly validates the compatibility of selected GE products with third-party operating system security patches. For more information on this process, refer to GE Support website at Other Considerations GFK-3015 Secure Deployment Guide 15
16 5.4 Additional Guidance Protocol-specific Guidance Protocol standards bodies may publish guidance on how to securely deploy and use their protocols. Such documentation, when available, should be considered in addition to this document Government Agencies and Standards Organizations Government agencies and international standards organizations may provide guidance on creating and maintaining a robust security program, including how to securely deploy and use Control Systems. For example, the U.S. Department of Homeland Security has published guidance on Secure Architecture Design and on Recommended Practices for cyber security with Control Systems. Such documentation, when appropriate, should be considered in addition to this document. Similarly, the International Society of Automation publishes the ISA-99 specifications to provide guidance on establishing and operating a cyber-security program, including recommended technologies for industrial automation and control systems. 16 GFK-3015 IPC2018 IPC Secure Deployment Guide
17
18 Automation & Controls GFK-3015
QuickPanel* View/Control Memory Module Quick Install Guide
IC754ACC32MEM IC754ACC64MEM QuickPanel* View/Control Memory Module Quick Install Guide April 2010 GFK-2276 GFL-002 Warnings, Cautions, and Notes as Used in this Publication Warning Warning notices are
More informationQuickPanel* View Communication Module Hardware User s Guide
PROFIBUS Slave Adapter IC754PBSS01 QuickPanel* View Communication Module Hardware User s Guide April 2010 GFK-2291B GFL-002 Warnings, Cautions, and Notes as Used in this Publication Warning Warning notices
More informationField Agents* Secure Deployment Guide
GFK-3009 Field Agents* Secure Deployment Guide Jan 2017 These instructions do not purport to cover all details or variations in equipment, nor to provide for every possible contingency to be met during
More informationPACSystems* RX3i CANopen Master Module
GE Intelligent Platforms Programmable Control Products PACSystems* RX3i CANopen Master Module User s Manual, GFK-2831A October 2013 GFL-002 Warnings, Cautions and Notes as Used in this Publication Warning
More informationPACSystems* RX7i & RX3i TCP/IP Ethernet Communications User Manual
GE Intelligent Platforms GFK-2224P PACSystems* RX7i & RX3i TCP/IP Ethernet Communications User Manual September 2015 These instructions do not purport to cover all details or variations in equipment, nor
More informationTCP/IP Ethernet Communications for PACSystems* RX3i and RX7i
GE Intelligent Platforms Programmable Control Products TCP/IP Ethernet Communications for PACSystems* RX3i and RX7i User s Manual, GFK-2224L June 2013 GFL-002 Warnings, Cautions, and Notes as Used in this
More informationQuickPanel+ Operator Interface Secure Deployment Guide
GFK-2897G QuickPanel+ Operator Interface Secure Deployment Guide Feb 2016 These instructions do not purport to cover all details or variations in equipment, nor to provide for every possible contingency
More informationQuickPanel* Control/View Communication Module Quick Installation Guide
IC754GEN001 QuickPanel* Control/View Communication Module Quick Installation Guide April 2010 GFL-002 Warnings, Cautions, and Notes as Used in this Publication Warning Warning noti ces are used in th is
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationStationPortal* IC760STA100
GE Intelligent Platforms Production Support Device StationPortal* IC760STA100 Hardware User s Guide, GFK-2522A February 2010 Warnings, Cautions, and Notes as Used in this Publication GFL-002 Warning Warning
More informationProficy * Change Management for Machine Edition
Proficy * Change Management for Machine Edition GETTING STARTED Version 8.00 2013 All rights reserved. No part of this publication may be reproduced in any form or by any electronic or mechanical means,
More informationProficy * Machine Edition
Proficy * Machine Edition GETTING STARTED Version 8.00 2013 All rights reserved. No part of this publication may be reproduced in any form or by any electronic or mechanical means, including photocopying
More informationProficy * Plant Applications
Proficy * Plant Applications G ETTING S TARTED G UIDE Version: 5.0 Release Date: August 2010 All rights reserved. No part of this publication may be reproduced in any form or by any electronic or mechanical
More informationProficy* HMI-SCADA G ETTING S TARTED. ON THE A PPLE ipad OR i P HONE C LIENT
Proficy* HMI-SCADA G ETTING S TARTED ON THE A PPLE ipad OR i P HONE C LIENT July 2014 Disclaimer of Warranties and Liability The information contained in this manual is believed to be accurate and reliable.
More informationPACSystems* RX3i RX3i Genius Dual Bus Application Guide
GE Automation & Controls Programmable Control Products PACSystems* RX3i RX3i Genius Dual Bus Application Guide Application Guide GFK-2928A Genius Dual Bus Application Guide GFK-2928A February 2018 For
More informationPACSystems RX3i RX3i Sequence of Events User Manual
GE Automation & Controls Programmable Control Products PACSystems RX3i RX3i Sequence of Events User Manual GFK-3050A Sequence of Events User Manual GFK-3050A August 2018 For Public Disclosure Legal Information
More informationPresenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.
Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationT22 - Industrial Control System Security
T22 - Industrial Control System Security PUBLIC Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 1 Holistic Approach A secure application depends on multiple layers of protection and industrial
More informationGE Intelligent Platforms Programmable Control Products. DeviceNet Modules for PACSystems* RX3i and Series 90*-30 User's Manual
GE Intelligent Platforms Programmable Control Products DeviceNet Modules for PACSystems* RX3i and Series 90*-30 User's Manual GFK-2196B October 2014 g Warnings, Cautions, and Notes as Used in this Publication
More informationSimple and Powerful Security for PCI DSS
Simple and Powerful Security for PCI DSS The regulations AccessEnforcer helps check off your list. Most merchants think they are too small to be targeted by hackers. In fact, their small size makes them
More informationRX7i, RX3i and RSTi-EP TCP/IP Ethernet. Communications User Manual GFK-2224T
GE Automation & Controls Programmable Control Products PACSystems* PACSystems* RX7i, RX3i and RSTi-EP TCP/IP Ethernet Communications User Manual GFK-2224T RX7i, RX3i and RSTi-EP TCP/IP Ethernet Communications
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationSymantec Industrial Control System Protection (ICSP) Support for DeltaV Systems
Symantec Industrial Control System Protection (ICSP) Support for DeltaV Systems This document describes the use cases and tested environment for using Symantec Industrial Control Systems Protection on
More informationConfiguring Symantec. device
Configuring Symantec AntiVirus for Hitachi File OS device Configuring Symantec AntiVirus for Hitachi File OS device The software described in this book is furnished under a license agreement and may be
More informationGE Intelligent Platforms. Programmable Control Products. VersaMax* IP. Installation Manual, GFK-2307B
GE Intelligent Platforms Programmable Control Products VersaMax* IP Installation Manual, GFK-2307B May 2013 GFL-002 Warnings, Cautions, and Notes as Used in this Publication Warning Warning notices are
More informationSecuring the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.
Securing the Smart Grid Understanding the BIG Picture The Power Grid The electric power system is the most capital-intensive infrastructure in North America. The system is undergoing tremendous change
More informationConfiguring Symantec Protection Engine for Network Attached Storage for Hitachi Unified and NAS Platforms
Configuring Symantec Protection Engine for Network Attached Storage 7.0.1 for Hitachi Unified and NAS Platforms Configuring Symantec Protection Engine for Network Attached Storage 7.0.1 for Hitachi Unified
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationRX7i, RX3i and RSTi-EP TCP/IP Ethernet Communications User Manual
GE Automation & Controls Programmable Control Products PACSystems* PACSystems* RX7i, RX3i and RSTi-EP TCP/IP Ethernet Communications User Manual GFK-2224U RX7i, RX3i and RSTi-EP TCP/IP Ethernet Communications
More informationGE Intelligent Platforms
GE Intelligent Platforms End-user details Name: Details not provided by vendor SI details Name: Ziggy Govender Designation: Director Company: RKA Consulting Phone: +27 (0)11 318 2017 E-mail: ziggy@rkaconsulting.co.za
More informationSymantec Endpoint Protection Integration Component User's Guide. Version 7.0
Symantec Endpoint Protection Integration Component User's Guide Version 7.0 The software described in this book is furnished under a license agreement and may be used only in accordance with the terms
More informationProcess System Security. Process System Security
Roel C. Mulder Business Consultant Emerson Process Management Sophistication of hacker tools, May 2006, Slide 2 Risk Assessment A system risk assessment is required to determine security level Security
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationISASecure SSA Certification for DeltaV and DeltaV SIS
ISASecure SSA Certification for DeltaV and DeltaV SIS Frequently Asked Questions This FAQ addresses questions around the scope and relevance of the ISASecure System Security Assurance certification applied
More informationPACSystems* Hot Standby CPU Redundancy User Manual
GE Intelligent Platforms GFK-2308K PACSystems* Hot Standby CPU Redundancy User Manual These instructions do not purport to cover all details or variations in equipment, nor to provide for every possible
More informationCyber Security Requirements for Electronic Safety and Security
This document is to provide suggested language to address cyber security elements as they may apply to physical and electronic security projects. Security consultants and specifiers should consider this
More informationClearPath OS 2200 System LAN Security Overview. White paper
ClearPath OS 2200 System LAN Security Overview White paper Table of Contents Introduction 3 Baseline Security 3 LAN Configurations 4 Security Protection Measures 4 Software and Security Updates 4 Security
More informationPACSystems* RX3i RX3i Genius Dual Bus Application Guide
GE Automation & Controls Programmable Control Products PACSystems* RX3i RX3i Genius Dual Bus Application Guide Application Guide GFK-2928B Genius Dual Bus Application Guide GFK-2928B June 2018 For Public
More informationPACSystems* RX3i & RSTi-EP PROFINET IO-Controller. User Manual GFK-2571H. RX3i & RSTi-EP PROFINET IO-Controller
GE Automation & Controls Programmable Control Products RX3i & RSTi-EP PROFINET IO-Controller User Manual GFK-2571H PACSystems* RX3i & RSTi-EP PROFINET IO-Controller User Manual GFK-2571H August 2017 Legal
More informationCyber Security for Process Control Systems ABB's view
Kaspersky ICS Cybersecurity 2017, 2017-09-28 Cyber Security for Process Control Systems ABB's view Tomas Lindström, Cyber Security Manager, ABB Control Technologies Agenda Cyber security for process control
More informationField Agents User Guide
GFK-2993A Field Agents User Guide Oct 2016 These instructions do not purport to cover all details or variations in equipment, nor to provide for every possible contingency to be met during installation,
More informationHikCentral V1.3 for Windows Hardening Guide
HikCentral V1.3 for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1Strict Password Policy... 2 1.2Turn Off Windows Remote
More informationThe Privileged Appliance and Modules (TPAM) 1.0. Diagnostics and Troubleshooting Guide
The Privileged Appliance and Modules (TPAM) 1.0 Guide Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in
More informationWorkstationST* Device Manager Gateway
GEI-100757G WorkstationST* Device Manager Gateway Instruction Guide Dec 2016 These instructions do not purport to cover all details or variations in equipment, nor to provide for every possible contingency
More informationCoreMax Consulting s Cyber Security Roadmap
CoreMax Consulting s Cyber Security Roadmap What is a Cyber Security Roadmap? The CoreMax consulting cyber security unit has created a simple process to access the unique needs of each client and allows
More informationFunctional. Safety and. Cyber Security. Pete Brown Safety & Security Officer PI-UK
Functional Safety and Cyber Security Pete Brown Safety & Security Officer PI-UK Setting the Scene 2 Functional Safety requires Security Consider just Cyber Security for FS Therefore Industrial Control
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationOracle Hospitality Cruise Fine Dining System Security Guide Release E
Oracle Hospitality Cruise Fine Dining System Security Guide Release 9.0.2.29 E99054-01 August 2018 Copyright 2015, 2018, Oracle and/or its affiliates. All rights reserved. This software and related documentation
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationProtecting productivity with Industrial Security Services
Protecting productivity with Industrial Security Services Identify vulnerabilities and threats at an early stage. Take proactive measures. Achieve optimal long-term plant protection. usa.siemens.com/industrialsecurityservices
More informationAdopting the following security best practices should be considered when using this application.
Overview This Field Agent* configuration Tool is used to build an installable configuration bundle for a Field Agent* that is factory fresh and enrolled with your Edge Manager. NOTE: This utility does
More informationGE Intelligent Platforms. Programmable Control Products. PACSystems RX3i. I/O Link Modules. User Manual, GFK May 2010
GE Intelligent Platforms Programmable Control Products PACSystems RX3i I/O Link Modules User Manual, GFK-2358 May 2010 GFL-002 Warnings, Cautions, and Notes as Used in this Publication Warning Warning
More informationA Measurement Companion to the CIS Critical Security Controls (Version 6) October
A Measurement Companion to the CIS Critical Security Controls (Version 6) October 2015 1 A Measurement Companion to the CIS Critical Security Controls (Version 6) Introduction... 3 Description... 4 CIS
More informationSafety. Introduction
KickStart Guide Safety Introduction Safety precautions Before using this product, see the safety precautions associated with your instrument. The instrumentation associated with this software is intended
More informationIndustrial Security - Protecting productivity. Industrial Security in Pharmaanlagen
- Protecting productivity Industrial Security in Pharmaanlagen siemens.com/industrialsecurity Security Trends Globally we are seeing more network connections than ever before Trends Impacting Security
More informationVulnerability Disclosure
Vulnerability Disclosure Rita Wells National SCADA Test Bed DoE-OE September 09, 2008 Department of Energy-Office of Electricity Delivery and Energy Reliability: National SCADA Test Bed Program Mission
More informationPotential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group
Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group Submitted on behalf of the U.S. Department of Energy National
More information5. Execute the attack and obtain unauthorized access to the system.
Describe how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about information security. Before discussing the preventive, detective, and
More informationAchieving a FIPS Compliant Wireless Infrastructure using Intel Centrino Mobile Technology Clients
Achieving a FIPS Compliant Wireless Infrastructure using Intel Centrino Mobile Technology Clients This document is provided as is with no warranties whatsoever, including any warranty of merchantability,
More informationOracle Hospitality OPERA Cloud Services Security Guide Release 1.20 E June 2016
Oracle Hospitality OPERA Cloud Services Security Guide Release 1.20 E69079-01 June 2016 Copyright 2016, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided
More informationOracle Hospitality Cruise AffairWhere Security Guide Release E April 2017
Oracle Hospitality Cruise AffairWhere Security Guide Release 2.2.5 E85968-01 April 2017 Copyright 2006, 2017, Oracle and/or its affiliates. All rights reserved. This software and related documentation
More informationIndependent DeltaV Domain Controller
Independent DeltaV Domain Controller The domain controller functionality can be de-coupled from the ProfessionalPLUS / Application stations in DeltaV systems version 14.3 and higher. Table of Contents
More informationConfiguring Symantec AntiVirus for BlueArc Storage System
Configuring Symantec AntiVirus for BlueArc Storage System Configuring Symantec AntiVirus for BlueArc Storage System The software described in this book is furnished under a license agreement and may be
More information2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.
Diageo Third Party Hosting Standard 1. Purpose This document is for technical staff involved in the provision of externally hosted solutions for Diageo. This document defines the requirements that third
More informationPACSystems* TCP/IP Ethernet Communications Station Manager
GE GFK-2225N PACSystems* TCP/IP Ethernet Communications Station Manager User Manual April 2017 These instructions do not purport to cover all details or variations in equipment, nor to provide for every
More informationSECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS
SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS PROTECT YOUR DAILY OPERATIONS FROM BEING COMPROMISED In today s data-driven society, connectivity comes with a cost.
More informationIE156: ICS410: ICS/SCADA Security Essentials
IE156: ICS410: ICS/SCADA Security Essentials IE156 Rev.001 CMCT COURSE OUTLINE Page 1 of 6 Training Description: In this five-day intensive training, participants will develop and reinforce a common language
More informationSECURITY PRACTICES OVERVIEW
SECURITY PRACTICES OVERVIEW 2018 Helcim Inc. Copyright 2006-2018 Helcim Inc. All Rights Reserved. The Helcim name and logo are trademarks of Helcim Inc. P a g e 1 Our Security at a Glance About Helcim
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationCyber Security: What s the Big Deal?
Cyber Security: What s the Big Deal? (and why it matters to you!) Debasis Bhattacharya, UHMC Jodi Ito, CISO, UH ITS maui.hawaii.edu/cybersecurity What is Cybersecurity? cy ber: adjective of, relating to,
More informationSteelGate Overview. Manage perimeter security and network traffic to ensure operational efficiency, and optimal Quality of Service (QoS)
Internet Communications Made Safe SteelGate Overview SteelGate Overview SteelGate is a high-performance VPN firewall appliance that Prevent Eliminate threats & attacks at the perimeter Stop unauthorized
More informationThe PCI Security Standards Council
The PCI Security Standards Council 2/29/2008 Agenda The PCI SSC Roles and Responsibilities How To Get Involved PCI SSC Vendor Programs PCI SSC Standards PCI DSS Version 1.1 Revised SAQ 2/29/2008 2 The
More informationBeyond the F.U.D. How to start securing your DCS network today.
Beyond the F.U.D. (Fear, Uncertainty, and Doubt) Process Systems How to start securing your DCS network today. Securing Your Process Control Network You work in the Process Control industry, so I m sure
More informationHikCentral V.1.1.x for Windows Hardening Guide
HikCentral V.1.1.x for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1 Strict Password Policy... 2 1.2 Turn Off Windows Remote
More informationSymantec Enterprise Security Manager JRE Vulnerability Fix Update Guide
Symantec Enterprise Security Manager JRE Vulnerability Fix Update Guide 2 Symantec Enterprise Security Manager JRE Vulnerability Fix Update Guide The software described in this book is furnished under
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More informationCyber security for digital substations. IEC Europe Conference 2017
Cyber security for digital substations IEC 61850 Europe Conference 2017 Unrestricted Siemens 2017 siemens.com/gridsecurity Substation Digitalization process From security via simplicity 1st generation:
More informationSymantec Enterprise Security Manager Modules for Microsoft SQL Server Databases Release Notes. Release 2.1 for Symantec ESM 6.0, 6.1, and 6.5.
Symantec Enterprise Security Manager Modules for Microsoft SQL Server Databases Release Notes Release 2.1 for Symantec ESM 6.0, 6.1, and 6.5.x For Windows 2000, Windows Server 2003, and Windows XP SQL
More informationFuture Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group
Future Challenges and Changes in Industrial Cybersecurity Sid Snitkin VP Cybersecurity Services ARC Advisory Group Srsnitkin@ARCweb.com Agenda Industrial Cybersecurity Today Scope, Assumptions and Strategies
More informationMcAfee Public Cloud Server Security Suite
McAfee Public Cloud Server Security Suite Comprehensive security for AWS and Azure cloud workloads As enterprises shift their data center strategy to include and often lead with public cloud server instances,
More informationHardware Reference Manual VME64Bus Adapters
GE Intelligent Platforms GFK-2945 Hardware Reference Manual VME64Bus Adapters Third Edition Number: 85913163 These instructions do not purport to cover all details or variations in equipment, nor to provide
More informationThe Information Age has brought enormous
Cyber threat to ships real but manageable KAI hansen, akilur rahman If hackers can cause laptop problems and access online bank accounts or credit card information, imagine the havoc they can wreak on
More informationPACSystems* RSTi DeviceNet Network Adapter
GE Intelligent Platforms Programmable Control Products PACSystems* RSTi DeviceNet Network Adapter User s Manual, GFK-2801A September 2012 GFL-002 Warnings, Cautions and Notes as Used in this Publication
More informationPGP Viewer for ios. Administrator s Guide 1.0
PGP Viewer for ios Administrator s Guide 1.0 The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Version 1.0.2.
More informationGE CIMPLICITY HMI/SCADA SECURE DEPLOYMENT GUIDE
GE CIMPLICITY HMI/SCADA SECURE DEPLOYMENT GUIDE Version 2.3 October 2017 Disclaimer of Warranties and Liability The information contained in this manual is believed to be accurate and reliable. However,
More informationProficy* Workflow. Powered by Proficy SOA GETTING STARTED
Proficy* Workflow Powered by Proficy SOA GETTING STARTED Version 1.5 SP4 February 2012 All rights reserved. No part of this publication may be reproduced in any form or by any electronic or mechanical
More informationSecurity Management Models And Practices Feb 5, 2008
TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related
More informationSubmitted on behalf of the DOE National SCADA Test Bed. Jeff Dagle, PE Pacific Northwest National Laboratory (509)
Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group (CSSWG) Submitted on behalf of the DOE National SCADA Test
More informationNetDefend Firewall UTM Services
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls (DFL-260/860/1660/2560/2560G) integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content
More informationCyber Hygiene: A Baseline Set of Practices
[DISTRIBUTION STATEMENT A] Approved for public Cyber Hygiene: A Baseline Set of Practices Matt Trevors Charles M. Wallen Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Copyright
More informationFirewalls (IDS and IPS) MIS 5214 Week 6
Firewalls (IDS and IPS) MIS 5214 Week 6 Agenda Defense in Depth Evolution of IT risk in automated control systems Security Domains Where to put firewalls in an N-Tier Architecture? In-class exercise Part
More informationGE Fanuc Automation. CIMPLICITY HMI Plant Edition. CIMPLICITY Monitoring and Control Products. Getting Started Guide
GE Fanuc Automation CIMPLICITY Monitoring and Control Products CIMPLICITY HMI Plant Edition Getting Started Guide GFK-1500C July 2001 Following is a list of documentation icons: GFL-005 Warning notices
More informationMark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services
Mark Littlejohn June 23, 2016 DON T GO IT ALONE Achieving Cyber Security using Managed Services Speaker: Mark Littlejohn 1 Mark is an industrial technology professional with over 30 years of experience
More informationAltiris Client Management Suite 7.1 from Symantec User Guide
Altiris Client Management Suite 7.1 from Symantec User Guide Altiris Client Management Suite 7.1 from Symantec User Guide The software described in this book is furnished under a license agreement and
More informationEnforcing Patch Management
VMWARE TECHNICAL NOTE VMware ACE Enforcing Patch Management This technical note explains how to use VMware ACE to enforce the patch management policies that have been adopted by your company. This document
More informationComplying with PCI DSS 3.0
New PCI DSS standards are designed to help organizations keep credit card information secure, but can cause expensive implementation challenges. The F5 PCI DSS 3.0 solution allows organizations to protect
More informationTABLE OF CONTENTS. Section Description Page
GPA Cybersecurity TABLE OF CONTENTS Section Description Page 1. Cybersecurity... 1 2. Standards... 1 3. Guides... 2 4. Minimum Hardware/Software Requirements For Secure Network Services... 3 4.1. High-Level
More information