Plant Security Services Protecting productivity in the digital era October

Similar documents
Industrial Security Co-Sourcing: Shifting from CapEx to OpEx Presented by Vinicius Strey Manufacturing in America 03/22-23/2017

IEC A cybersecurity standard approaching the Rail IoT

Protecting productivity with Industrial Security Services


Continuous protection to reduce risk and maintain production availability

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen


How to use a project file with an out of date firmware with actual firmware version


SIMATIC. SIMATIC Energy Manager V1.0 App for ios and Android. Preface. SIMATIC Energy Manager app. Establish connection to SIMATIC Energy Manager PRO

T22 - Industrial Control System Security

SIMATIC. Industrial PC Microsoft Windows 7 (USB stick) Safety instructions 1. Initial startup: Commissioning the operating system

Firewall Settings for SIMATIC B.Data

Strengthen your network security with Industrial Security Appliances SCALANCE S siemens.com/scalance-s


No Industry 4.0 without Security



SIMATIC. Process Control System PCS 7 Configuration McAfee Endpoint Security Security information 1. Preface 2.

Application example 02/2017. SIMATIC IOT2000 Connection to IBM Watson IoT Platform SIMATIC IOT2040

Application example 12/2016. SIMATIC IOT2000 OPC UA Client SIMATIC IOT2020, SIMATIC IOT2040


SIMATIC. SIMATIC Logon V1.6. Security information 1. Conditions for secure operation of SIMATIC Logon 2. User management and electronic signatures 3

ABB Ability Cyber Security Services Protection against cyber threats takes ability

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.



RiskSense Attack Surface Validation for IoT Systems

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

SIMATIC. Process Control System PCS 7 Configuration Symantec Endpoint Protection V14. Security information 1. Preface 2.

SIMATIC. Industrial PC Microsoft Windows 7. Safety instructions 1. Initial startup: Commissioning the operating. system

How do you establish MODBUS-RTU communication?

Single Message Report for the Information Server. SIMATIC PCS 7, SIMATIC Information Server Siemens Industry Online Support


ACM Retreat - Today s Topics:

COMPUTER SECURITY DESIGN METHODOLOGY FOR NUCLEAR FACILITY & PHYSICAL PROTECTION SYSTEMS

Industrial Security Getting Started

Determination of suitable hardware for the Process Historian 2014 with the PH-HWAdvisor tool

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

How do you access an SQL database in WinCC Runtime Advanced using a script?

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Siemens Industrial SIMATIC. Process Control System PCS 7 Configuration Trend Micro OfficeScan Server XG. Security information 1.

Rugged communications for the digital substation usa.siemens.com/ruggedcom

Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

SIMATIC. Process Control System PCS 7 Advanced Process Functions Operator Manual. Preface. Security information 1. Overview 2. Material management 3

SIMATIC. PCS 7 Process Control System Support and Remote Dialup. Security information 1. Preface 2. Support and Remote Dialup 3.

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002


Digital Wind Cyber Security from GE Renewable Energy

Bringing Cybersecurity to the Boardroom Bret Arsenault

CYBER RESILIENCE & INCIDENT RESPONSE

SINAMICS G/S: Integrating Warning and Error Messages into STEP 7 V5.x or WinCC flexible

align security instill confidence

CYBER SECURITY AND MITIGATING RISKS

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Remote networks. Easy remote access to machines and plants. Industrial Remote Communication. Edition 03/2017. Brochure. siemens.com/remote-networks

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS


SOLUTION BRIEF Virtual CISO

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Configuration of an MRP Ring and a Topology with Two Projects

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

ANATOMY OF AN ATTACK!

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

Cyber Security Solutions Mitigating risk and enhancing plant reliability

The SANS Institute Top 20 Critical Security Controls. Compliance Guide


SIMATIC. PCS 7 Process Control System SIMATIC Logon Readme V1.6 (Online) Security information 1. Overview 2. Notes on installation 3.

SIMATIC NET. Industrial Ethernet Security SCALANCE S615 Getting Started. Preface. Connecting SCALANCE S615 to the WAN 1

ABB Process Automation, September 2014

Cyber Security Stress Test SUMMARY REPORT

Protect Your End-of-Life Windows Server 2003 Operating System

Data Storage on Windows Server or NAS Hard Drives

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

Message Cycle Report for the Information Server. SIMATIC PCS 7, SIMATIC Information Server Siemens Industry Online Support


EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

Defense in Depth Security in the Enterprise

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

SIMATIC. Industrial PC Microsoft Windows Embedded Standard 7. Safety instructions 1. Initial startup: Commissioning the operating.

CYBERSECURITY MATURITY ASSESSMENT


Kaspersky Security. The Power to Protect Your Organization

Are we breached? Deloitte's Cyber Threat Hunting

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Protection Levels, Holistic Approach. ISA-99 WG 3 TG 3 Protection Levels

Configuration of an MRP ring with SIMOCODE and SIMATIC S SIMOCODE pro V PN, SIMATIC S Siemens Industry Online Support


The Information Age has brought enormous

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

External Supplier Control Obligations. Cyber Security


Designing and Building a Cybersecurity Program

SIMATIC NET. Industrial Remote Communication - Remote Networks SINEMA Remote Connect - Client. Preface. Requirements for operation 1

SIMATIC PDM - Central access to MODBUS RTU devices

APF report templates based on data from the WinCC User Archive

Transcription:

Plant Security Services Protecting productivity in the digital era October2017 Restricted www.siemens.com/plant-security-services

Internet of (hacked) Things Page 2

Use case - No OT cybersecurity company standard - Legal compliance - Existing OT cybersecurity company standard Page 3

Defense in Depth The Siemens security concept for Industrial Security The Siemens security concept Siemens products and systems offer integrated security Defense in Depth Know how and copy protection Authentication and user management Firewall and System VPN (Virtual hardening Private Network) Siemens Plant Security Services Page 4

Plant Security Services Portfolio aligned with Risk Management methodology Assess Security Evaluation of the current security status of an ICS environment Manage Security Comprehensive security through monitoring and proactive protection: Monitor to detect indicators of compromise Manage to keep security up-to-date React fast upon security relevant threats Implement Security Risk mitigation through implementation of security measures for reactive protection Page 5

Success Stories Pohjolan Voima (PVO) IEC 62443 assessment to patch cyber security gaps Challenge Solution Existing system does not meet modern cyber security standards No regular updates of routines in the old systems when new systems have been deployed Avoidance of intentional and unintentional malfunctions caused by security threats Protection against phishing of valuable information and espionage Deploy the assessment to identify security gaps and measures for risk mitigation based on IEC 62443 Investigation of the system s technological cyber security properties (e.g. user and access management, operation logs, level of back-up procedures, data encryption) Analysis of cyber security processes and instructions, such as the ability to react to threats Profile Pohjolan Voima was established in 1943 and produces electricity and heat to its shareholders with hydropower and thermal power. Customer benefit Different perspective than in-house assessments through an external expert Compliance with security requirements set for the business Achieving the desired higher maturity level of Industrial Security Page 6

Assess Security following a risk-based approach Assess Security covers a holistic analysis of threats and vulnerabilities, the identification of risk and recommendations of security measures to close the identified gaps Page 7

Patch & Vulnerability Management Managing vulnerabilities and critical updates in Microsoft products? = X Customer s challenge In 90% of attacks in 2014, old vulnerabilities that already had patches available were leveraged some of which were more than decade old 1 Patches contribute toward stable system operation and/or eliminate known security vulnerabilities. Regular and prompt installation of patches represents a vital element of a comprehensive security concept Patching with an incompatible patch can cause unplanned downtimes Common approach Customer has to release the Microsoft patches manually on a WSUS, based on Siemens SIMATIC PCS 7 compatibility excel sheet or No patching is performed at all or No WSUS server is used, but patches are downloaded directly by the endpoints Other customer specific solutions (e.g. usage of 3rd party software) are possible Weak points of common approach Possibility of system disruption due to missing consideration of compatibility Possibility of security incident due to obsolete patch status Possibility of failures due to manual work Need to manual check for updated excel sheet on Siemens Website Labor intensive process (monthly occurring) Goal Support customers by testing SIMATIC PCS 7 with Microsoft security and critical patches when new patches are released in order to check the compatibility of the PCS 7 software with these patch classifications 2 and providing metadata about approved patches at the customer site 1) Source CNN Money 2) Only "Security Patches" and "Critical Patches" are necessary to ensure that SIMATIC PCS 7 operation is secure and stable Page 8

Security Information Siemens provides products and solutions with industrial security functions that support the secure operation of plants, systems, machines and networks. In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement and continuously maintain a holistic, state-of-the-art industrial security concept. Siemens products and solutions only form one element of such a concept. Customer is responsible to prevent unauthorized access to its plants, systems, machines and networks. Systems, machines and components should only be connected to the enterprise network or the internet if and to the extent necessary and with appropriate security measures (e.g. use of firewalls and network segmentation) in place. Additionally, Siemens guidance on appropriate security measures should be taken into account. For more information about industrial security, please visit http://www.siemens.com/industrialsecurity. Siemens products and solutions undergo continuous development to make them more secure. Siemens strongly recommends to apply product updates as soon as available and to always use the latest product versions. Use of product versions that are no longer supported, and failure to apply latest updates may increase customer s exposure to cyber threats. To stay informed about product updates, subscribe to the Siemens Industrial Security RSS Feed under http://www.siemens.com/ industrialsecurity. Page 9

Thank you for your attention! Siemens AG Digital Factory DF CS DS Postbox 3240 91050 Erlangen GERMANY siemens.com/plant-security-services Page 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback