No Industry 4.0 without Security

Similar documents
Patrick van der Griendt Atos International GSI SAP SAP HANA

Plant Security Services Protecting productivity in the digital era October

How to Manage your Process Mining Analysis - Best Practices and Challenges. Willy van de Schoot Process Mining Camp June 15 th, 2015

SKA. data processing, storage, distribution. Jean-Marc Denis Head of Strategy, BigData & HPC. Oct. 16th, 2017 Paris. Coyright Atos 2017

Industrial Security Co-Sourcing: Shifting from CapEx to OpEx Presented by Vinicius Strey Manufacturing in America 03/22-23/2017

IEC A cybersecurity standard approaching the Rail IoT

Atos ARM solutions for HPC

Keys to a more secure data environment

Cyber security - why and how

Siemens view and approach on critical infrastructure resilience against cyberthreats Joint OECD-JRC Workshop, Paris September 2018

CardOS Secure Elements for Smart Home Applications

Best Practices in Securing a Multicloud World

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

Cisco Connected Factory Accelerator Bundles

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

GDPR Update and ENISA guidelines

Assessments Audits CERTIFICATION

MANAGING THE COMPLEXITY.

Cybersecurity. Securely enabling transformation and change

The Modern SOC and NOC

ISO/IEC TR TECHNICAL REPORT

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

BUILD YOUR CYBERSECURITY SKILLS WITH TRASYS INTERNATIONAL

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Secure Access & SWIFT Customer Security Controls Framework

An Introduction to the ISO Security Standards

AppPulse Point of Presence (POP)

Morgan Stanley Digital Day. London, March

Protecting productivity with Industrial Security Services

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Securing Your Digital Transformation

CYBER SECURITY AIR TRANSPORT IT SUMMIT

Cyber Security Program

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Continuous protection to reduce risk and maintain production availability

Work on NEMO optimisation

Run the business. Not the risks.

Introduction to ISO/IEC 27001:2005

Cybersecurity in Government

ISA99 - Industrial Automation and Controls Systems Security

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

locuz.com SOC Services

Symantec Security Monitoring Services

Cybersecurity for IoT to Nuclear

FOR FINANCIAL SERVICES ORGANIZATIONS

Manchester Metropolitan University Information Security Strategy

ABB Process Automation, September 2014

eplus Managed Services eplus. Where Technology Means More.

SIEMLESS THREAT DETECTION FOR AWS

Atos - For internal use

Protecting your data. EY s approach to data privacy and information security

Innovation policy for Industry 4.0

Cisco Software-Defined Access

Cisco Start. IT solutions designed to propel your business

How To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation

BHConsulting. Your trusted cybersecurity partner

ISO/IEC TR TECHNICAL REPORT. Information technology Security techniques Information security management guidelines for financial services

The cybersecurity platform for industrial small and medium-sized enterprises (SME) Andreas Harner, Head of

Data Security and Privacy Principles IBM Cloud Services

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

REALIZE YOUR. DIGITAL VISION with Digital Private Cloud from Atos and VMware

ID Synchronization for a multi-directory identity repository

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

Optimisation drives digital transformation

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

Securing Industrial Control Systems

PARTNER PROGRAM OVERVIEW

IT Consulting and Implementation Services

Illinois Cyber Navigator Program

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

From the eyes of a customer

VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe

Global Security Consulting Services, compliancy and risk asessment services

Better skilled workforce

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Company Overview. global-lynx. Version: September 30, 2015

NCSF Foundation Certification

PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1

Cyber Risks in the Boardroom Conference

Security and Architecture SUZANNE GRAHAM

Avanade s Approach to Client Data Protection

Practical Guide to Securing the SDLC

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

Your single source for a safe, secure, and sustainable airport

DIGITAL TRUST Making digital work by making digital secure

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Digital Wind Cyber Security from GE Renewable Energy

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Evidian. Web Access Authentication for Apps

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Secure energy supply Energy Automation for Infrastructure and Functional Buildings

End-to-end Safety, Security and Reliability Keys for a successful I4.0 Migration

ISO/ IEC (ITSM) Certification Roadmap

Expertise in Industrial Networks. Ian Poulett Head of Sales Siemens

Information pack. #AtosGovCloud Making the world a better place

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Transcription:

24-04-2017

No Industry 4.0 without Security 24-04-2017

Introduction to Atos and Industry 4.0

Who is Atos? At a glance Revenue 2016 (M EUR) * Employees 2016 (Global) Employees 2016 (Germany) Countries 12,000 100,000 12,000 72 European in Hybrid Cloud European in Big Data European in Cybersecurity European in High-Performance Computing In terms of hosting and storage of European data 24-04-2017 Winfried Holz: No Industry 4.0 without security Atos

Surveys concerning Industry 4.0 Barriers for Industry 4.0 Data security; more than half of the participants expressed fundamental concerns High investment costs and concerns about data security and data protection are regarded to be problematic Source: Market study Bosch Software Innovations 5 22-07-2016 Workshop Cybersecurity & Industrie 4.0 GBU Germany Atos - For internal use

The Challenge IT versus OT security IT Security Confidentiality Integrity Availability Industrial Security Availability Integrity Confidentiality Minutes are acceptable Network professionals Frequent audits, penetration tests, monitoring Active protection mechanisms Common practice Every 2-3 years Availability Installation Assessment Protection Patching Investment cycle Network disruptions < 300 ms Plant personnel Audits, pentest and monitoring no common practice Active protection mechanisms can shutdown operation Often not possible Min. 10-20 years 6 24-04-2017 Winfried Holz: No Industry 4.0 without security Atos

Developments and challenges for Industry 4.0 Developments Dynamic networks value networks further flexibility interaction Exchange of confidential data trustworthy relationships Autonomous systems components making independent decisions Challenges Globally trusted relationships independent authority standardized secure infrastructure assessment methods for trustworthiness Protection of intellectual property and personalized data secure and correct exchange of data Allocated security security by design/development holistic security staged security secure and trustworthy components 7 24-04-2017 Winfried Holz: No Industry 4.0 without security GBU Germany Atos

Hacking ICS devices is terribly easy Step 1: Identify target Step 2a: Access system: No password Set Step 2a: Access system: Use default password Source: VNCKeyhole Source: Defpass 8 24-04-2017 Winfried Holz: No Industry 4.0 without security Atos

Security Architecture for Industry 4.0

Reference architecture model for Industry 4.0 (RAMI) and security Layers: Security concerns all layers. Risks have to be assesses with a holistic approach Value stream: Security has to be assessed throughout the whole life cycle of the objects by the owner. Hierarchy levels: All objects and assets are subject to security analysis (risk analysis) and need to have security features matching their tasks and protection. 10 24-04-2017 Winfried Holz: No Industry 4.0 without security

IT in industrial facilities from communication islands to complex landscapes Office network ERP and MES systems Internet and mobile network UMTS, GPRS, etc. Control Network WLAN Ethernet WLAN Partner 11 24-04-2017 Winfried Holz: No Industry 4.0 without security Atos

Atos Siemens partnership

Atos and Siemens cooperation Aligned cybersecurity portfolio to cover both IT and OT needs Assess security Evaluation of the current security status of an ICS environment IT assessments by ATOS ISO/IEC 27001 security assessments Security maturity assessments Penetration tests & source code analysis OT assessments by SIEMENS IEC 62443 assessment ISO 27001 assessment SIMATIC PCS 7 & WinCC assessment Manage security Comprehensive security through monitoring and proactive protection: Monitor to detect indicators of compromise Manage to keep security up-to-date React fast to security-relevant threats IT by ATOS Security monitoring Emergency response Network security OT by Siemens Industrial security monitoring Remote incident handling Perimeter firewall management + Certify Certification and preparation of certification Implement security Risk mitigation through implementation of security measures for reactive protection IT by ATOS Information security Management systems Security awareness Data protection OT by SIEMENS Security awareness training Security policy and network consulting Perimeter firewall installation 13 24-04-2017 Winfried Holz: No Industry 4.0 without security Atos

Thanks For more information please contact: Winfried Holz Atos, the Atos logo, Atos Codex, Atos Consulting, Atos Worldgrid, Worldline, BlueKiwi, Bull, Canopy the Open Cloud Company, Unify, Yunano, Zero Email, Zero Email Certified and The Zero Email Company are registered trademarks of the Atos group. November 2016. 2016 Atos. Confidential information owned by Atos, to be used by the recipient only. This document, or any part of it, may not be reproduced, copied, circulated and/or distributed nor quoted without prior written approval from Atos.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback