ARC INDUSTRY FORUM 2015

Transcription

1 ARC INDUSTRY FORUM PRESENTATION TOPIC: MANAGING INDUSTRIAL CYBER SECURITY RISK Tyler Williams Manager, Industrial Cyber Security Shell Global Solutions 1

2 THE TRADITIONAL APPROACH HOW IS IT GOING FOR YOU? 1. Worms/Trojans 2. Code injection 3. Drive-by Downloads 4. Exploit Kits 5. Physical Theft/Loss/Damage 6. Denial of Service 7. Botnets 8. Phishing 9. Information Leakage 10. Targeted Attacks 2

3 WHY HASN T IT WORKED? 3

4 SO WHAT DID YOU DO? START WITH A PURPOSE AND A MANDATE The Vision No HSSE damage, No unplanned disruption to project progress and No product deferment or loss as a result of cyber incidents. The Mission Shell s process control Domain (PCD) infrastructure will be procured, designed, deployed and maintained against one set of security requirements, in a standardized fashion and commensurate with risk with all projects / assets will be reporting compliance centrally. 4

5 THE JOURNEY TO DATE CHANGE RISK INTO OPPORTUNITY COST Oil & Gas Industry Industrial Automation & Control System Infrastructure Increasing push towards un-manned operations. Remote workforce and operations management a must. Need for big data infrastructure and low cost IT solutions. Increased use of advanced process control software. Further integration with IT communication protocols. Increased use of mobile applications and web infrastructure. More use of COTS infrastructure and outsourced IT suppliers. Integrated sensor networks with embedded IT. Continued integration of industrial / IT infrastructure. Integrated networking and data applications across vendors. New, Remote, Dynamic, Automated & Wireless Growing use of industrial wireless for process control. Adoption of virtualization for improved availlability. Advanced, Standardized, Integrated & Connected 5

6 THE JOURNEY TO DATE CONVERGE ENGINEERING & IT 6

7 THE JOURNEY TO DATE ESTABLISH DEFENSIBLE RULES PCD IT Security Risk Assessment & Control Selection Process PCD IT Security DEP Standard For Capital Projects PCD Risk Profile Standard For Operating Assets 7

8 THE JOURNEY TO DATE INTEGRATE SUPPORTING PROCESSES 8

9 THE JOURNEY TO DATE DEVELOP & EMPOWER THE PEOPLE 9

10 GSEL CCR PAS (DCS/PLC) HMI Control Apps Gateway Process Control Domain (PCD) Historian Fire&Gas SIS (IPS) Detection SIS (IPS) Fiscal Metering Special Monitoring Version: 2.2 MANAGING CYBER SECURITY RISK - ARC FORUM THE JOURNEY TO DATE BUILD THE TOOLS Remote 3 rd Party Access E.g. Honeywell, Yokogawa, Emerson SecurePlant SOC Security Operations Centre CSMC Threat Management Asset Inventory NextNine PCD Access Control NextNine & Firewall OS Security Patches NextNine & WSUS Security Log Collection & Mgt NextNine & ArcSight Anti-virus Symantec / McAfee SecurePlant PROCESS CONTROL NETWORK (PCN or L3) Firewall CONTROL BUS (L2) FIELD BUS (L1) L0 Site A Site B 10

11 WHERE WE ARE TODAY READY TO DEPLOY Prepare Assess Design Pre-Deploy Deploy & Stabilize Operate Site Onboarding & Readiness Review Technical & Procedural Gap Assessment Workshop PCD Network & Organizational Design 4 Establish Organizational Practices PCD Network Remediation 5 Endpoint Remediation & Cutover SecurePlant Service Activation Project Closeout SG1 SG2 SG3 SG4 SG5 SG6 11

12 Sell value/opportunity NOT security Use facts not FUD Simplify and standardize; focus on the basics. Apply the basics across the industrial product lifecycle. Involve suppliers: Expect the basics, pay for maturity Have a clear vision, mission and strategy. Beware of Shiny Objects, Chicken Little s and Workinggroupitis Integrate Engineering / IT & build hybrid capability. 12