Security of CyberPhysical systems, setting the scene Are you ready for Cyber Security?
Our Future
Our future G A F A
Our future
Hierarchy of needs
Hierarchy of needs
Society s dependence on IT Belangrijke maatschappelijke processen vallen stil als de bijbehorende ICT-systemen en analoge alternatieven niet beschikbaar zijn. Referentie: Cybersecuritybeeld Nederland 2015 CSBN 2015, Nationaal Cyber Security Centrum, 2015
Siemens Nederland N.V. Building Technologies Division Johan de Wit MSSM Solution Manager Enterprise Security Prinses Beatrixlaan 800, Den Haag Postbus 16068 2500 BB Den Haag, Nederland Mobiel: +31 6 55 76 60 29 johan.de.wit@siemens.com Johan de Wit PhD Candidate / Researcher Safety and Security Science Group j.j.dewit@tudelft.nl M +31 (0)6 55 76 60 29 Building 31 Jaffalaan 5 2628 BX Delft The Netherlands Faculty of Technology, Policy and Management
Digitalisering Fysieke wereld Siemens heeft 350.000 systemen geïnstalleerd Internet of Things Virtuele wereld Inzichten uit gemiddeld ruim 20 TB aan operationele data per maand 0101001010010110010101101101011001010 101101011001010 Autonoom foutenherstel CAx 10110010101101101011001010 Verkeersmanagement 010010110010101101101011001010 MES Analytics 11001010 Beeldvormende software 01010010110010101101101011001010 10101101101011001010 Fleet management Smart grids 0101010010100101 Elektronische tolwegen Digitale Fabriek 01101101011001010 Beeldbegeleide behandeling 01101011001010 Metergegevensmanagement 0101001010010110101000 Samenwerking in de cloud PLM 101011001010 Embedded software 010100101001011001010110 Efficiënte gebouwen 01101011001010 0101001010010110010101101101011001 Besluitondersteuning 010110010101101101011001010 Neurale netwerken
Awareness, key risks for organisations Referentie: Global CEO Survey, PWC, 2016
Awareness Referentie: Aandacht voor Business Continuity, Siemens 2017
Global Conference on CyberSpace GCCS 2015 Industrial Control Systems (ICS) and (office ) IT have historically been managed by seperate organisational units. Referentie: TNO for GCCS 2015, Cyber Security of Industrial Control Systems, 2015
Global Conference on CyberSpace GCCS 2015 ICS people do not consider their ICS to be IT. ICS People lack cyber security education. The IT department, on the other hand, is unfamiliar with the peculiarities and limitations of ICS technology. Referentie: TNO for GCCS 2015, Cyber Security of Industrial Control Systems, 2015
Protection Referentie: Aandacht voor Business Continuity, Siemens 2017
Siemens Corporate Technologies IT Security/CERT Qualification Experience Over 150 IT Security experts (all with academic degrees, 33% PhD) Certified capabilities e.g., CISSP, CISA, CISM, ISO 27x Lead Auditor, ISACA, EuroPriSe Key positions/senior staff with extensive business unit background Trend scouting at conferences and communities (e.g. SANS, BlackHat, OWASP) National, EU and international research projects and cooperation with international universities Running Siemens CERT since 1997, top-class security experts in incident handling, malware analysis and IT forensics Long-term experience in IT Security consulting and solution development for products across all Siemens sectors Over 1000 assessments of applications, products, and solutions Standardization driver e.g. anti-counterfeiting & security protocols; including ISO/IEC/IEEE Partner Service delivery through local teams in Germany, China, and the US with German, US, and Chinese security clearances Extensive knowledge of Siemens domains and products
Offering of Siemens Corporate Technologies IT Security/CERT We enable our customers to meet compliance requirements and standards. We build products and solutions to meet the security needs. We offer: Secure Communications and Applications Embedded Security Anchors Security Robustness Security Standardization (e.g. Protocols, Interfaces) We offer: Process Improvements Qualification and Training, Coaching Technical Guidelines (e.g. Hardening, Coding) Self-Assessments \ We integrate building blocks based on the requirements and architecture. We offer: Security Requirements Security Architecture Security Engineering We assess the current security level utilizing penetration tests and security guidance checks. We offer: Penetration Tests and Attestation Threat and Risk Analysis Security Test Tools Compliance Readiness Assessment (e.g. ISO2700x, IEC62443) We respond immediately with our incident and vulnerability management. We offer: Patch Management Threat Intelligence SIEM and Cyber Defense Intrusion Detection and Forensics
Vision 2020 E-A-D a complete system With our positioning along the electrification value chain, we have know-how that extends from power generation to power transmission, from power distribution and smart grids to the efficient application of electrical energy. With our outstanding strengths in automation, we re well equipped for the future and the age of digitalization.
Hartelijk bedankt voor uw aandacht! 30 years of IT-Security @ Siemens John Johan Doe de Wit Job Solution title Manager Group Enterprise / Region Security / Department XY Street Siemens 123 Building Technologies 12345 City Phone: +31 (70) 333 12 36 Phone: Mobile: +49 +31 123 (6) 55 45 76 67 60 89 29 Fax: +49 123 45 67 89 Mobile: E-mail: +49 123 45 67 89 0 johan.de.wit@siemens.com E-mail: john.doe@siemens.com www.siemens.nl/bcmonderzoek