Ensuring Your Plant is Secure Tim Johnson, Cyber Security Consultant

Similar documents
Cyber Security Solutions Mitigating risk and enhancing plant reliability

GEN-14 Cyber Security Solutions for Less Regulated Industries

Cyber Security for Process Control Systems ABB's view

ACM Retreat - Today s Topics:

Lindström Tomas Cyber security from ABB System 800xA PA-SE-XA

Changing face of endpoint security

THE TRIPWIRE NERC SOLUTION SUITE

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

Standard CIP Cyber Security Systems Security Management

Securing Industrial Control Systems

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

Securing Plant Operation The Important Steps

CS 356 Operating System Security. Fall 2013

GUIDE. MetaDefender Kiosk Deployment Guide

Training for the cyber professionals of tomorrow

White Paper April McAfee Protection-in-Depth. The Risk Management Lifecycle Protecting Critical Business Assets.

Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

The Common Controls Framework BY ADOBE

Functional. Safety and. Cyber Security. Pete Brown Safety & Security Officer PI-UK

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

The Evolution of Data Center Security, Risk and Compliance

T22 - Industrial Control System Security

An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

Protecting productivity with Industrial Security Services

Digital Wind Cyber Security from GE Renewable Energy

Cyber security - why and how

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Industrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets

Interactive Remote Access FERC Remote Access Study Compliance Workshop October 27, Eric Weston Compliance Auditor Cyber Security.

Addressing Cyber Threats in Power Generation and Distribution

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

ABB Ability Cyber Security Services Protection against cyber threats takes ability

NERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks

Standard Development Timeline

A. Introduction. Page 1 of 22

Security Fundamentals for your Privileged Account Security Deployment

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Secure Access & SWIFT Customer Security Controls Framework

Mark Littlejohn June Improving ICS Cyber Security Consistency Using Managed Security Services

McAfee Public Cloud Server Security Suite

CIP Cyber Security Configuration Change Management and Vulnerability AssessmentsManagement

Standard CIP Cyber Security Systems Security Management

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Better Practices to Provide Reasonable Assurance of Compliance with the CIP Standards, Part 2

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

SAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts

Cyber Security Solutions for Industrial Controls

Veritas Provisioning Manager

Best Practices for PCI DSS Version 3.2 Network Security Compliance

MEETING ISO STANDARDS

HIPAA 2017 Compliancy Group, LLC

Industry Best Practices for Securing Critical Infrastructure

Standard CIP 007 4a Cyber Security Systems Security Management

What s new in PI System Security?

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

IPM Secure Hardening Guidelines

2017 Annual Meeting of Members and Board of Directors Meeting

RIPE RIPE-17. Table of Contents. The Langner Group. Washington Hamburg Munich

Critical Cyber Asset Identification Security Management Controls

Endpoint Security for DeltaV Systems

SANS SCADA and Process Control Europe Rome 2011

Leveraging ITIL to improve Business Continuity and Availability. itsmf Conference 2009

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

PCI DSS Compliance. White Paper Parallels Remote Application Server

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Industrial Defender ASM. for Automation Systems Management

AUTHORITY FOR ELECTRICITY REGULATION

Metso Automation Services. business solution. Safety and security. Securing business

Tech Advantage Benchmarking Your Cyber Security Program. March 5, 2014

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

McAfee Embedded Control

Canada Life Cyber Security Statement 2018

Juniper Vendor Security Requirements

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

Cyber security for digital substations. IEC Europe Conference 2017

Triconex Safety System Platforms

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Networking and Operations Standard

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

About NitroSecurity. Application Data Monitor. Log Mgmt Database Monitor SIEM IDS / IPS. NitroEDB

Education Network Security

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

10 FOCUS AREAS FOR BREACH PREVENTION

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

Recommendations for Implementing an Information Security Framework for Life Science Organizations

Launching a Highly-regulated Startup in the Cloud

Cisco Secure Ops Solution

Security Architecture

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE

Transcription:

Ensuring Your Plant is Secure Tim Johnson, Cyber Security Consultant 1

The Foxboro Evo TM Process Automation System Addressing the needs across your operation today and tomorrow. 2

Industrial Control Systems Why Cyber Security Why Now 3

Industrial Control System Cyber Security Headlines 4

Industrial Control System Cyber Security In a post-stuxnet world, a lot of attention is being given to the Industrial Control Systems running task for critical infrastructure and important manufacturing processes. Much of this attention is caused by a new wave of security research being performed on the security vulnerabilities that many of these systems possess. It is one thing to say that a system has security vulnerabilities, but it is something entirely different to say that the system is insecure, http://www.securitybistro.com 5

Industrial Control System Cyber Security Impact More Corporate/Regulatory Compliance Requirements to Reduce Environmental and Financial Risk Decreases Plant Safety Non-Secure Plant to the Enterprise Network Connections Increased Downtime Decreased Network Performance 6

Industrial Control Systems Protect 7

Industrial Control System Cyber Security Basics Seven Building Blocks Required for Cyber Security 1. Identify what should be protected Identify what is Critical to the Process 2. Electronic Access Controls Firewall Network Segmentation 3. User Access Controls Least Privilege Methodology for Users 4. Patching OS and Software 5. Anti-Virus Advanced Anti-Virus technologies i.e. Device Control 6. Disaster Recovery (Backups) Backup & Recovery Planning 7. Logging & Alerting Failed and Successful Logins 8

Industrial Control Systems Best Practices *Network Segregation *Electronic Access Point Access Controls *System Hardening 9

Industrial Control Systems Best Practices - Continued *Network Segregation *Electronic Access Point Access Controls *System Hardening *User Access Controls *Malicious Software Prevention - Antivirus - Device Control *Patching Server *Backups *Performance Monitoring & Alerting *Logging Server 10

Industrial Control Systems Maintain 11

Industrial Control Systems Centralized Cyber Management Management Server *Malicious Software Prevention - Antivirus - Device Control *Patching Server *Backups *Performance Monitoring & Alerting *Centralized Backups *Malicious Software Prevention *Malicious Software Prevention *Patching Server 12

Foxboro Evo TM Process Automation System Cyber Security 13

Foxboro Evo TM Enabling Cyber Security Product Features for Secure Deployments: McAfee epo Centralized Management and configuration for: Anti-Virus Settings and DAT updates based on Computer memberships Advanced protections based on users, security groups and computer memberships Data Loss Prevention (Removable Media/USB device controls) Whitelisting Centralized Account Management for Operating System (Active Directory) Ability to utilize single or shared user account methodologies Operating System GUI set based on user login Computer Security Settings set by simple drag and drop methodogy System Access Controls for Users and Computers Management (Active Directory GPOs) Locked Windows GUI Preliminary Operating System Hardening System configuration Baseline and Reports (Station Assessment Tool SAT ) Backup and Recovery (BESR) 14

Foxboro Evo TM Looking to the Future Adopting New Technologies: Virtualization for Foxboro Stations: Helps lower cost for maintain cyber security programs Less hardware to track, maintain and warrantee Snapshot recovery facilitates patching programs Snapshot recovery reduces dependence on similar hardware and reduces system recovery times Single Active Directory Deployment Methodologies Off MESH and Existing Active Directory Integration support as standard product feature Leverage existing DCS Active Directory Installations Create new Active Directory deployments for managing user access controls across your whole plant McAfee epo Advanced Threat Management Mitigitations Application Whitelisting File Integrity Control 15

Industrial Control Systems Critical Infrastructure Security Practice (CISP) 16

CISP Operation Technology Experienced with IT technologies but with a Industrial Control System mindset Bridge technology gap for today s heavily technology based Process Automation Systems Providing Cyber Security and Technology services for Industrial Control Systems since 2001 CISP Consultants are focused on Critical Infrastructure Market Cyber Security implementations across varying industries Cyber Security and Technology solutions covering your whole Plant Vendor Independent Cyber Security Solutions 17

CISP Services & Solutions Expanding Cyber Security for Foxboro Evo TM Foxboro Evo TM Cyber Security integration into Non-Foxboro systems Advanced Active Directory integration Network Alarming and Event Management Patching solutions for Foxboro and Non-Foxboro systems Technology Assessments and Remediation Cyber Security Assessments and Remediation NERC CIP Workshops Services and Solutions for meeting Corporate Cyber Security requirements placed on Industrial Control Systems 18

Ensuring Your Plant is Secure Putting it all together 19

Ensuring Your Plant is Secure *Cyber Security implementation capable of supporting other Vendors *Ability to Integrate Active Directory (Plant Wide Active Directory Solution) *Network Segmentation *MGT Server for Centralized Server Dedicated to Cyber Security Task (Plant Wide Solution) - epo Server, Patching Server, Logging Server, Centralized Backup Repository, Performance Monitoring and Alerting *Thin Clients lowering Management and Maintenance cost *Relay Zone Server Creates a Bastion Host limiting Direct Access from Un-Trusted Networks to DCS Trusted Networks - Dedicated to RDP access only - View only or Engineering Server Options - Additional Active Directory security measure may be implemented 20

Ensuring Your Plant is Secure Schneider Electric Cyber Security CISP Cyber Solutions Asset Identification User Access Controls Electronic Access Controls Logging Network Design & Management Backup and Restoration Anti Malware Patching Platform Hardening Foxboro Evo TM Cyber Security Your Plant is Secure 21

2014 Schneider Electric. All Rights Reserved. All trademarks are owned by Schneider Electric Industries SAS or its affiliated companies or their respective owners. 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback