Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

Similar documents
Protecting Productivity. Industrial Security

Industrial Security - Protecting productivity IEC INDA

Continuous protection to reduce risk and maintain production availability

Protecting productivity with Industrial Security Services

Functional. Safety and. Cyber Security. Pete Brown Safety & Security Officer PI-UK

Securityconcept fortheprotectionofindustrialplants. Industrial Security. White PaperV1.0

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

IEC A cybersecurity standard approaching the Rail IoT

Plant Security Services Protecting productivity in the digital era October

Industrial Security Getting Started

Operational Guidelines for Industrial Security

Industrial Security Co-Sourcing: Shifting from CapEx to OpEx Presented by Vinicius Strey Manufacturing in America 03/22-23/2017

Strengthen your network security with Industrial Security Appliances SCALANCE S siemens.com/scalance-s

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

ATS 2017 June 8. Do you need security incidents to come to a good design of your industrial automation network?

Cyber Security for Process Control Systems ABB's view

IC32E - Pre-Instructional Survey

Digital Wind Cyber Security from GE Renewable Energy

Addressing Cyber Threats in Power Generation and Distribution

RIPE RIPE-17. Table of Contents. The Langner Group. Washington Hamburg Munich

Industrial Network Trends & Technologies

Cyber security for digital substations. IEC Europe Conference 2017

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

Industrial Defender ASM. for Automation Systems Management

AUTHORITY FOR ELECTRICITY REGULATION

Securing Industrial Control Systems

An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist

Cyber Security Requirements for Electronic Safety and Security

T22 - Industrial Control System Security

Security for Industry 4.0 Trends -- Challenges -- Opportunities

Siemens view and approach on critical infrastructure resilience against cyberthreats Joint OECD-JRC Workshop, Paris September 2018

Ensuring Your Plant is Secure Tim Johnson, Cyber Security Consultant

Process System Security. Process System Security

How Industrial Communication paves the way to Digitalization and what benefits coming along with it

Cybersecurity Training

Cyber Security of Industrial Control Systems (ICSs)

Designing and Building a Cybersecurity Program

Oracle Data Cloud ( ODC ) Inbound Security Policies

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

Security analysis and assessment of threats in European signalling systems?

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

ABB Process Automation, September 2014

Cyber Security Audit & Roadmap Business Process and

K12 Cybersecurity Roadmap

Cyber Criminal Methods & Prevention Techniques. By

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Who Goes There? Access Control in Water/Wastewater Siemens AG All Rights Reserved. siemens.com/ruggedcom

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Industrial control systems

Connectivity 101 for Remote Monitoring Systems

LESSONS LEARNED IN SMART GRID CYBER SECURITY

Safety System Cyber Security A Practical Approach

Triconex Safety System Platforms

Cyber Security Standards Developments

SANS SCADA and Process Control Europe Rome 2011

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Industrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets

Expanding Cyber Security Management for Critical Infrastructure

ANATOMY OF AN ATTACK!

Just How Vulnerable is Your Safety System?

ASERCOM cyber-security guideline for connected HVAC/R equipment

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Cybersecurity Framework Manufacturing Profile

How can I use ISA/IEC (Formally ISA 99) to minimize risk? Standards Certification Education & Training Publishing Conferences & Exhibits

Cyber Security. June 2015

Methods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment

Industry Best Practices for Securing Critical Infrastructure

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

DoD Guidance for Reviewing System Security Plans and the NIST SP Security Requirements Not Yet Implemented This guidance was developed to

GUIDE. MetaDefender Kiosk Deployment Guide

Cyber Security Solutions for Industrial Controls

align security instill confidence

Security Issues and Best Practices for Water Facilities

SIMATIC. PCS 7 Process Control System Support and Remote Dialup. Security information 1. Preface 2. Support and Remote Dialup 3.

CCISO Blueprint v1. EC-Council

Technical Reference [Draft] DRAFT CIP Cyber Security - Supply Chain Management November 2, 2016

CYBERSECURITY IN THE INDUSTRIAL INTERNET OF THINGS

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

SIMATIC. Process Control System PCS 7 PCS 7 Documentation (V8.1) Options for Accessing Documentation 1. Documentation for the Planning Phase 2

Kaspersky Industrial CyberSecurity. Cybersecurity for Electric Power Infrastructure. #truecybersecurity

Effective Strategies for Managing Cybersecurity Risks

INDUSTRIAL CYBER SECURITY

The Common Controls Framework BY ADOBE

Education Network Security

Remote networks. Easy remote access to machines and plants. Industrial Remote Communication. Edition 03/2017. Brochure. siemens.com/remote-networks

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

IE156: ICS410: ICS/SCADA Security Essentials

Total Security Management PCI DSS Compliance Guide

Protection Levels, Holistic Approach. ISA-99 WG 3 TG 3 Protection Levels

About the company. What we do? Cybersecurity solutions adapted to protect enterprise business applications (SAP & Oracle).

THE TRIPWIRE NERC SOLUTION SUITE

Secure Access & SWIFT Customer Security Controls Framework

Minewide Convergence of Control and Information

Comprehensive Cyber Security Features in SIPROTEC & SICAM. SIPROTEC Dag 11. Mei 2017

Standard CIP Cyber Security Systems Security Management

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Standard CIP Cyber Security Systems Security Management

How CyberArk can help mitigate security vulnerabilities in Industrial Control Systems

Transcription:

- Protecting productivity Industrial Security in Pharmaanlagen siemens.com/industrialsecurity

Security Trends Globally we are seeing more network connections than ever before Trends Impacting Security Cloud Computing approaches Increased use of Mobile Devices Wireless Technology Reduced Personnel Requirements Smart Grid The worldwide and remote access to remote plants, remote machines and mobile applications The Internet of Things Source: World Economic Forum, 50 Global Risks Page 2 2016-03-10

The corporate security chain is only as strong as its weakest link Security Can Fail at Any of these Points Employee Smartphone Laptops PC workstations Network infrastructure Mobile storage devices Tablet PC Computer center Policies and guidelines Printer Production systems Page 3 2016-03-10

Cyber vulnerabilities can affect your plant at many level The Need to Act Because of Cyber Security Vulnerabilities Loss of intellectual property, recipes, Sabotage of production plant Plant downtime e.g. caused by virus and malware Manipulation of data or of application software Unauthorized use of system functions Regulations and standards for industrial security require Controls Regulations: FDA, NERC CIP, CFATS, CPNI, KRITIS Standards: ISA 99, IEC 62443 Page 4 2016-03-10

IEC 63443, Defense-in-Depth The Siemens Approach Page 5 2016-03-10

IACS, automation solution, control system Industrial Automation and Control System (IACS) Asset Owner Service Provider operates and maintains Operational policies and procedures Maintenance policies and procedures + 2-1 2-4 2-3 System Integrator designs and deploys Basic Process Control System (BPCS) Automation solution Safety Instrumented System (SIS) Complementary Hardware and Software 2-4 3-3 3-2 IACS environment / project specific is the base for Product Supplier develops control systems develops components Embedded devices Control System as a combination of components Network components Host devices Applications 3-3 4-2 4-1 Independent of IACS environment Page 6 2016-03-10

Various parts of IEC / ISA-62443 are addressing Defense in Depth IACS environment / project specific AO SP SI PS Independent of IACS environment Page 7 2016-03-10

Each stakeholder can create vulnerabilities Example User Identification and Authentication Asset Owner Service Provider System Integrator IACS environment / project specific operates and maintains can create weaknesses designs and deploys can create weaknesses Industrial Automation and Control System (IACS) Operational policies and procedures Maintenance policies and procedures Basic Process Control System (BPCS) + Automation solution Safety Instrumented System (SIS) is the base for Complementary Hardware and Software Invalid accounts not deleted / deactivated Non confidential passwords Passwords not renewed Temporary accounts not deleted Default passwords not changed Product Supplier Independent of IACS environment develops control systems can create weaknesses develops components Embedded devices Control System as a combination of components Network components Example: User Identification and Authentication Host devices Applications Elevation of privileges Hard coded passwords Page 8 2016-03-10

IACS, automation solution, control system Industrial Automation and Control System (IACS) Asset Owner Service Provider operates and maintains Operational policies and procedures Maintenance policies and procedures + 2-1 2-4 2-3 System Integrator designs and deploys Basic Process Control System (BPCS) Automation solution Safety Instrumented System (SIS) Complementary Hardware and Software 2-4 3-3 3-2 IACS environment / project specific Siemens is product and solution supplier is the base for Product Supplier develops control systems develops components Embedded devices Control System as a combination of components Network components Host devices Applications 3-3 4-2 4-1 Independent of IACS environment Page 9 2016-03-10

IEC 63443, Defense-in-Depth The Siemens Approach Page 10 2016-03-10

The Defense in Depth Concept Plant security Physical access protection Processes and guidelines Security service protecting production plants Security threats demand action Network security Cell protection, DMZ and remote maintenance Firewall and VPN System integrity System hardening Authentication and use administration Patch management Detection of attacks Integrated access protection in automation Security solutions in an industrial context must take account of all protection levels Page 11 2016-03-10

The Siemens solution for plant security Plant Security Network security System integrity Page 12 2016-03-10

Security Management Security Management Process Risk analysis with definition of mitigation measures 1 Risk analysis Setting up of policies and coordination of organizational measures Coordination of technical measures Regular / event-based repetition of the risk analysis 4 Validation & improvement 3 Technical measures 2 Policies, Organizational measures Security Management is essential for a well thought-out security concept Page 13 2016-03-10

Siemens Plant Security Services Complete service portfolio aligned with Risk Management methodology Step 1: Assess Information about the security status and development of a security roadmap Step 2: Implement Planning, development and implementation of a holistic cyber security program Step 3: Manage Continuous security through detection and proactive protection Vulnerability analysis Gap analysis Threat analysis Risk analysis Cyber security training Development of security strategies and procedures Implementation of security technology Continuous operations Detection and resolution of incidents Fast adaptation to changing threats Page 14 2016-03-10

Siemens Cyber Security Operations Center Continuous & proactive protection for your ICS environment Analysts proactively monitor vulnerability and cyber threat activity globally, to deliver real-time communication alerts and advisories When global threat intelligence indicates an elevated risk, A Cyber Security Operations Center defines and delivers the appropriate proactive defensive measures If an incident is detected on your ICS environment, the Cyber Security Operations Center will coordinate the incident response consisting of investigation, forensic analysis, and remediation Subscribed Customer Subscribed Customer Cyber Security Operations Center (CSOC) Patch & Vulnerability management support; mitigation analysis Monitoring Next-Generation Firewall Management Quarterly Firewall Rule Review On-demand Incident Handling Remediation support by a security engineer tailored to severity of incident, impact on your environment, and your business needs Subscribed Customer Plants Page 15 2016-03-10

The Siemens solution for network security Plant security Network Security System integrity Page 16 2016-03-10

Network Security Essential Network Security use cases Demilitarized zone (DMZ) Network services for secure and unsecure network Prevent direct connections A security module controls the access Unsecure zone DMZ zone Secure zone Remote access Remote programming, and monitoring Access via internet and mobile networks Encryption and secured access via VPN Secure redundancy Higher reliability and availability of secure connection Security modules in synchronized standby mode MRP ring (CU or fiber optic) Cell protection System is divided into separated cells All communication into the cells is controlled Communication is secured by firewall mechanisms Page 17 2016-03-10

Security Integrated Overview Siemens products with Security Integrated provide security features such as integrated firewall, VPN communication, access protection, protection against manipulation. Page 18 2016-03-10

Introduction 3 Application Examples 20 Page 19 2016-03-10

Overview: Application Examples Network Security Adapted measures for production Network Access Control Interface to IT networks: Secure architecture with DMZ (SCALANCE S623) Secure Remote Access via Internet Local network access (port security) via device and user authentication (SCALANCE S) Redundancy Protection of redundant network topologies and secure redundant connection of underlying networks or rings with S627-2M Cell Protection Risk mitigation through network segmentation Extension of the cell protection concept with Security PC- and S7-CPs (CP1628, CP343-1 Adv., CP443-1 Adv., CP1543-1) Use of secure communication protocols (e.g. https) prevent espionage and manipulation Products with firewall or VPN functionality Page 20 2016-03-10

Protection and segmenting through firewalls with SCALANCE S Task Parts of the system, which represent a logical unit and sometimes even come from different suppliers, should have only as many connections to one another as are absolutely necessary. Solution SCALANCE S is placed before an automation cell, thereby segmenting the network and reducing communication through firewall rules on the permitted connections. Page 21 2016-03-10

Construction of a demilitarized zone (DMZ) e.g. for data server access with SCALANCE S623 Task Network users (e.g. MES servers) should be reachable from the secure and nonsecure network without creating a direct connection between the networks. Solution A DMZ can be established on the yellow port with the SCALANCE S623, in which the aforementioned server can be placed. Page 22 2016-03-10

The Siemens solution for network security Plant security Network security System integrity Page 23 2016-03-10

SIMATIC S7-1200, S7-1500 and the TIA Portal Security Highlights The SIMATIC S7-1200 V4, S7-1500 and the TIA Portal provide several security features: Increased Know-How Protection in STEP 7 Protection of intellectual property and effective investment: Password protection against unauthorized opening of program blocks in STEP 7 and thus protection against unauthorized copying of e.g. developed algorithms Password protection against unauthorized evaluation of the program blocks with external programs from the STEP 7 project from the data of the memory card from program libraries Increased Copy Protection Protection against unauthorized reproduction of executable programs: Binding of single blocks to the serial number of the memory card or PLC Protection against unauthorized copying of program blocks with STEP 7 Protection against duplicating the project saved on the memory card Page 24 2016-03-10

SIMATIC S7-1200, S7-1500 and the TIA Portal Security Highlights The SIMATIC S7-1200 V4, S7-1500 and the TIA Portal provide several security features: Increased Access Protection (Authentication) Extensive protection against unauthorized project changes: New degree of Protection Level 4 for PLC, complete lockdown (also HMI connections need password) * Configurable levels of authorization (1-3 with own password) For accessing over PLC and Communication Module interfaces General blocking of project parameter changes via the built-in display Expanded Access Protection Extensive protection against unauthorized project changes: Via Security CP1543-1 by means of integrated firewall and VPN communication Increased Protection against Manipulation Protection of communication against unauthorized manipulation for high plant availability: Improved protection against manipulated communication by means of digital checksums when accessing controllers Protection against network attacks such as intrude of faked / recorded network communication (replay attacks) Protected password transfer for authentication Detection of manipulated firmware updates by means of digital checksums * Optimally supported by SIMATIC HMI products and SIMATIC NET OPC Server Page 25 2016-03-10

SIMATIC S7-300, S7-400 and the TIA Portal Security Highlights For SIMATIC S7-300 and S7-400 the TIA Portal provides several security features to protect your investment against unauthorized reading and copying: Download STEP7 Program block Upload Increased Know-how Protection for Programs Prevents reading, content copying and unnoticed changes of program blocks Protects program blocks in the engineering project and in the controller Program block protection in projects and libraries S7-Controller Program block Programmable Copy Protection Know-how protected programs can be expanded by copy protection Comparison with a given serial number of a memory card or CPU Page 26 2016-03-10

SIMATIC PCS 7 Security you trust Potential Attack DCS/ SCADA* Customer Requirement Protection against: Loss of Control Plant Downtime Product Quality Environmental Impact Our Solution SIMATIC PCS 7 Reducing Your Risk Defense-in-Depth Strategy Segmentation / Security Cells Secure Access Points User Authentication Secure Communication Patch Management System Hardening Virus Scanner Whitelisting *DCS: Distributed Control System SCADA: Supervisory Control and Data Acquisition Page 27 2016-03-10

Siemens Vertical Expertise: Pharmaceutical Pharmaceutical Environment Product Quality Reduced Time-to-Market Production Flexibility Different Equipment Suppliers Meeting Regulations (FDA) Industrial Security provides Increased Plant Availability Secure User Access Secure Plant Communications Industrial Security to keep your plant running securely Page 28 2016-03-10

Thank you for your attention! Dr. Pierre Kobes Product and Solution Security Officer PD TI AT E-Mail: pierre.kobes@siemens.com siemens.com/industrialsecurity Page 29 2016-03-10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback