Innovation Days Industrial Communication

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Innovation Days Industrial Communication"

Transcription

1 Innovation Days Industrial Communication Industrial Security siemens.com/industrial-security

2 London 1903 Royal Institution s lecture theatre Verdenspremiere på den trådløse telegraf Source: Page 2

3 Verdens første hackerandgreb Scientific hooliganism John Nevil Maskelyne The gentleman hacker Guglielmo Marconi Page 3

4 Cyber Security Hvorfor bekymre sig? Der er en meget høj trussel fra cyberspionage mod danske virksomheder. Flere statsstøttede t t tt hackergrupper er gået målrettet efter danske virksomheder i de seneste år. Oftere forekommer det, at svagheder hd i udstyr og software skyldes manglende kvalitet i producentens eller leverandørens processer. Source: Page 4

5 Den nye tendens Ransomware Page 5

6 En hurtig stigning Page 6

7 Industrial Cyber Security incidents in US Hvad siger ICS-CERT 2014 Number of incidents Percentage of incidents Page 7 Source:

8 Industrial Cyber Security incidents in US Hvad siger ICS-CERT 2015 Page 8 Source:

9 Er jeg ikke bare en nål i en høstak? Der er stadig SIMATIC devices der er eksponeret! lt Og Det er meget let # # %!&! # Page 9

10 Protecting Productivity Page 10

11 Industrial Security protecting Productivity Page 11

12 The Defense in Depth Concept Page 12

13 Løsninger på alle niveauer Page 13

14 Hvordan holder man sig opdateret? Abonner på Siemens RSS Feed: Eller på ICS-CERT: Page 14

15 Pareto-princippet 20% 80% Invest 20% 80% Security Page 15

16 Plant Security Physical access control Guidelines Norms and standards Security Services Page 16

17 Vi kan tilbyde services Security Assessment Workshops Page 17

18 Vi kender standarderne Page 18

19 IEC Security functions Based on IEC Security Level 1-4 Protection Level (PL) Security process Based on IEC and ISO27001 Maturity Level 1-4 Level Maturity PL 1 PL 2 PL 3 PL Security Level Page 19

20 Protection Levels cover security functionalities and processes Assessment of security functionalities Assessment of security processes SL 1 Capability to protect against casual or coincidental violation ML 1 Initial - Process unpredictable, poorly controlled and reactive. SL 2 Capability to protect against intentional violation using simple means with low resources, generic skills and low motivation ML 2 Managed - Process characterized, reactive SL 3 Capability to protect against intentional violation using sophisticated means with moderate resources, IACS specific skills and moderate motivation ML 3 Defined - Process characterized, proactive deployment SL 4 Capability to protect against intentional violation using sophisticated means with extended resources, IACS specific skills and high motivation ML 4 Optimized - Process measured, controlled and continuously improved Protection Levels Ma aturity Level Security Level Page 20 PL 1 PL 2 PL 3 PL 4 Protection against casual or coincidental violation Protection against intentional violation using simple means with low resources, generic skills and low motivation Protection against intentional violation using sophisticated means with moderate resources, IACS specific skills and moderate motivation Protection against intentional violation using sophisticated means with extended resources, IACS specific skills and high motivation

21 IEC 62443, security measures Secure Physical Access Organize Security Secure Solution Design Secure Operations Secure Lifecycle management PL 4 Revolving doors with card reader and PIN; Video Surveillance and/or IRIS Scanner at door Dual approval for critical actions Firewalls with Fail Close (e.g. Next Generation Firewall). Monitoring of all device activities Online security functionality verification + Automated backup / recovery PL 3 Revolving doors with card reader No , No WWW, etc. in Secure Cell 2 PCs (Secure Cell/outside) + Persons responsible for security within own organization Physical network segmentation or equivalent (e.g. SCALANCE ) Monitoring of all human interactions Remote access with crsp or equivalent Backup verification PL 2 Doors with card reader Continuous monitoring (e.g. SIEM) Remote access restriction (e.g. need to connect principle) + Mandatory security education PL 1 Locked building/doors with keys Awareness training (e.g. Operator Awareness Training) Mandatory rules on USB sticks (e.g. Whitelisting) Network segmentation Firewall protection (e.g. SCALANCE S) Security logging on all systems Backup / recovery system Page 21

22 Network Security Firewalls Virtual Private Networks VPN Segmentering Demilitarized zone DMZ Hardening Authentication Cell Protection Page 22

23 Network Security Jump Station og DMZ Opdeling i separate celler Secure zone DMZ zone Jump Station Unsecure zone Al kommunikation via Remote Desktop og Jump Station Backup og Restore via Jump Station Kun trådløs adgang fra Secure Zone til Jump Station Samme konfiguration i alle Firewalls (global firewall rules) Page 23

24 Network Security Cell protection Opdeling separate celler Al kommunikation ind og ud af cellern er kontroleret En decentrale Firewall struktur Page 24

25 Security Integrated Overview Page 25

26 Network Security Hvordan beskytter man gamle sårbare systemer? Access protection SCADA Ingen ændring i det eksisterende system også med Layer-2 protokoller Ghost Mode Adopterer IP-adresse og ændre MACadressen automatisk Samme konfiguration i alle Firewalls (global firewall rules) Secure zones Gamelt sårbart åb system Page 26

27 Network Security Anvend Hardning! Brug Password Anvend VLAN Disable DCP write Enable Management Access List Broadcarst limitation Disable ubrugte porte Enable SNMP V3 Page 27

28 System integrity Password protection Know-how og Copy protection Access protection Virus scanner og Whitelisting Sikker kommunikation VPN og OPC-UA Deactivation of services og hardware interfaces Windows security patch management* Page 28 *

29 Vi har sikre produkter Page 29

30 Siemens is the leading vendor of Achilles level 2 certified products Certified CPUs LOGO! S7-300 PN/DP S7-400 PN/DP S and 1505S S S7-400 HF CPU V6.0 S H Certified CPs CP343-1 Advanced CP443-1 & Advanced CP CP CP1628 Certified DP ET 200 PN/DP CPUs ET 200SP PN CPUs Certified Firewalls SCALANCE S602, S612, S623, S627-2M + Protection against DoS attacks + Defined behavior in case of attack Improved Availability International Standard Page 30

31 SCADA Controller kommunikation via OPC Et standard setup SCADA Controller Page 31

32 SCADA Controller kommunikation via OPC Implementer et VPN og Firewall koncept SCADA Via Security CP-Cards or external Firewall/VPN getaway for: Controller - S7 300 and S and ET 200SP CPU - SCALANCE S (for all Controllers) Page 32

33 SCADA Controller kommunikation via OPC Implementer et OPC-UA koncept 3. Part SCADA Via Security CP-Cards or Controller: Controller -S7-1500, 1500S, 1500T - ET 200SP CPU - PLCSIM Adv. - S7 400 via CP OPC-UA Page 33

34 OPC-UA Interoperability with openness and standardization Management -level Operator-level ERP MES Interoperability standards Controller-level SCADA Interoperability 3 rd party devices PLC HMI Field-level Interoperability openness Sensors Actuators Perfect interoperatbility on all levels of communication by openness and standards Page 34

35 OPC-UA OPC UA og PROFINET den perfekte kombination OPC UA s styrke PROFINET s styrke Leverandør uafhængig Cloud deterministisk i ti Direkte forbindelse til alle niveauer Autentificering og kryptering OPC UA interfa ace Controllerlevel Operatorlevel Managementlevel PROFINET Real-Time egenskaber Enkelt C2C-kommunikation Passer perfekt til data & management niveauet Passer perfekt til controller- &Fi Field niveauet Field- level Page 35

36 OPC-UA og TIA-Portal Read and write PLC-data easy, standardized and symbolic Easy setup Value 1 Activate the OPC UA server in the PLC properties Access possible Write access possible Individual access Level of access via OPC UA can be controlled individually for each variable 2 Confirm that you have purchased the correct license Inheritance of access rights Based upon the well known Step7 mechanisms Make PLC-variables Different ways to access accessible through Access individual variables as 3 checkboxes in the editor well as access whole structures and arrays as one object 4 Symbolic access via OPC UA OPC UA client Performance Access whole structures and arrays to achieve optimal performance Page 36

37 CP OPC UA Additional Openness for SIMATIC S7-400 Feature/ Function Benefit OPC UA Server/Client directly in the Price sensitive, standardized SIMATIC S7-400 station connection to HMI, SCADA, MES/ERP or 3 rd Party PLC As OPC UA Client Configuration via function blocks compliant to PLCOpen standard Use of the standardized OPC UA elementary security functions like authentication, authorization, encryption and signing of data Configuration in STEP7 Classic V5.5 5 as well as and STEP7 Professional V14 (TIA Portal) For use with CPU V5.3 / H-CPU V6.0 and H-CPU V8 Flexible but standardized Interface for communication to any OPC UA Server Protection of the system from unauthorized access Expansion of existing ST7 plants without Migration to TIA-Portal Investment protection Use of redundant H-system supported Page 37 Delivery release: 04/2016

38 Passwords et konkret eksempel Et Password skal være komplekst: Hvor stærkt er mit Password: numeric all space&charsetlen=77&kps= Page 38

39 Passwords Udgangspunketet er stadig ofte Admin/Admin Single Sign on Brute Force Prevention RADIUS Randomize Page 39

40 Slide 39 SBA1 Sarah Bay-Andersen; SBA2 Sarah Bay-Andersen;

41 Kan man anvende RADIUS og AD? Århus SCALANCE S615 Server SCALANCE S623 SINEMA Remote Connect Windows Active Directory RADIUS SIMATIC CPU Page 40

42 Den store løsning Siemens Ruggedcom CrossBow Wow! Det er en elegant løsning NERC-CIP og IEC kompatibel Page 41

43 endnu flere koncepter og informationer Defense-in-Depth Solution User Authentication Network Segmentation Demilitarized Zones Firewalls VPN Tunnels Virus Scanning Patch Management Application Whitelisting Super gode links All-round protection with Industrial Security Page 42

44 Opsummering Fokus er kritisk tag det alvorligt Stil krav til autentificering og brug af passwords Anvend Jump Stations og brug certificerede produkter Segmentér netværk og isolér sårbare systemer Implementer centrale Security Access Management løsninger Page 43

45 Mange tak for jeres opmærksomhed Kontakt info Navn Telefon Morten Kromann Per Krog Christiansen Lars Peter Hansen Page 44

IT-sikkerhedssystem. Rockwool International. DAu Konference: Industriel IT sikkerhed

IT-sikkerhedssystem. Rockwool International. DAu Konference: Industriel IT sikkerhed IT-sikkerhedssystem hos Rockwool International DAu Konference: Industriel IT sikkerhed DAu Konference: Industriel IT sikkerhed IT-sikkerheds-system hos Rockwool International Baggrund Siemens Security

More information

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Security for. Industrial. Automation. Considering the PROFINET Security Guideline Security for Industrial Considering the PROFINET Security Guideline Automation Industrial IT Security 2 Plant Security Physical Security Physical access to facilities and equipment Policies & Procedures

More information

Protecting productivity with Plant Security Services

Protecting productivity with Plant Security Services Protecting productivity with Plant Security Services Identify vulnerabilities and threats at an early stage. Take proactive measures. Achieve optimal long-term plant protection. siemens.com/plant-security-services

More information

Security all around. Industrial security for your plant at all levels. siemens.com/industrialsecurity. Answers for industry.

Security all around. Industrial security for your plant at all levels. siemens.com/industrialsecurity. Answers for industry. Security all around Industrial security for your plant at all levels siemens.com/industrialsecurity Answers for industry. A systematic approach to minimize threats With the increased use of Ethernet connections

More information

Securityconcept fortheprotectionofindustrialplants. Industrial Security. White PaperV1.0

Securityconcept fortheprotectionofindustrialplants. Industrial Security. White PaperV1.0 Securityconcept fortheprotectionofindustrialplants Industrial Security White PaperV1.0 June 2013 Prologue This whitepaper gives an overview of Industrial Security. It describes the threats and risks to

More information

Industrial Security for Process Automation

Industrial Security for Process Automation Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical

More information

Operational Guidelines for Industrial Security

Operational Guidelines for Industrial Security Operational Guidelines for Industrial Security Proposals and recommendations for technical and organizational measures for secure operation of plant and machinery Version 2.0 Operational Guidelines for

More information

Protecting productivity. Industrial Security. siemens.com/industrial-security

Protecting productivity. Industrial Security. siemens.com/industrial-security Protecting productivity Industrial Security siemens.com/industrial-security Defense in depth Security threats force you to take action Defense in depth As the level of digitalization increases, so too

More information

Dr. György Kálmán gyorgy@mnemonic.no

Dr. György Kálmán gyorgy@mnemonic.no COMMUNICATION AND SECURITY IN CURRENT INDUSTRIAL AUTOMATION Dr. György Kálmán gyorgy@mnemonic.no Agenda Connected systems historical overview Current trends, concepts, pre and post Stuxnet Risks and threats

More information

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323

More information

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Architecting the Internal Cloud Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Building the Internal Cloud Virtualization is the Key How Virtualization Affects

More information

Verve Security Center

Verve Security Center Verve Security Center Product Features Supports multiple control systems. Most competing products only support a single vendor, forcing the end user to purchase multiple security systems Single solution

More information

Trådløs forbindelse. Juni 2011. Peter Fuglsang Product Application Engineer Automation

Trådløs forbindelse. Juni 2011. Peter Fuglsang Product Application Engineer Automation Trådløs forbindelse Juni 2011 Peter Fuglsang Product Application Engineer Automation Trådløs kommunikation Definition af netværk Trådløse produkter fra Schneider Electric RTU moduler Trådløse Løsninger

More information

Cyber Security. Smart Grid

Cyber Security. Smart Grid Cyber Security for the Smart Grid Peter David Vickery Executive Vice President N-Dimension Solutions Inc. APPA National Conference June 21, 2010 Cyber Security Solutions For Cyber Security

More information

Security basics and application SIMATIC NET. Industrial Ethernet Security Security basics and application. Preface. Introduction and basics

Security basics and application SIMATIC NET. Industrial Ethernet Security Security basics and application. Preface. Introduction and basics Preface Introduction and basics 1 SIMATIC NET Industrial Ethernet Security Configuration Manual Configuring with the Security Configuration Tool 2 Creating modules and setting network parameters 3 Configure

More information

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

Effective Defense in Depth Strategies

Effective Defense in Depth Strategies Honeywell.com 2014 Honeywell Users Group Asia Pacific Effective Defense in Depth Strategies for Industrial Systems 1 Document control number Honeywell Proprietary Honeywell.com Chee Ban, Ngai About the

More information

DeltaV Cyber Security Solutions

DeltaV Cyber Security Solutions TM DeltaV Cyber Security Solutions A Guide to Securing Your Process A long history of cyber security In pioneering the use of commercial off-the-shelf technology in process control, the DeltaV digital

More information

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance

More information

PI Server Security Best Practice Guide Bryan Owen Cyber Security Manager OSIsoft

PI Server Security Best Practice Guide Bryan Owen Cyber Security Manager OSIsoft PI Server Security Best Practice Guide Bryan Owen Cyber Security Manager OSIsoft Agenda Security Development Lifecycle Initiative Using PI to Protect Critical Infrastructure Hardening Advice for the PI

More information

Cyber Security for NERC CIP Version 5 Compliance

Cyber Security for NERC CIP Version 5 Compliance GE Measurement & Control Cyber Security for NERC CIP Version 5 Compliance imagination at work Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security Management Controls...

More information

2 halvleg. 1 halvleg. Opvarmning. 2 halvleg. 3 halvleg. Advanced & Powerful. Basic PC-based Automation. Diagnose. Online Tools & Add-on s

2 halvleg. 1 halvleg. Opvarmning. 2 halvleg. 3 halvleg. Advanced & Powerful. Basic PC-based Automation. Diagnose. Online Tools & Add-on s Opvarmning 1 halvleg 2 halvleg 3 halvleg Basic PC-based Automation Advanced & Powerful PC-based Automation Online Tools & Add-on s PC-based Automation Diagnose PC-based Automation Mall www.siemens.dk/mall

More information

Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks

Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks A look at multi-vendor access strategies Joel Langill TÜV FSEng ID-1772/09, CEH, CPT, CCNA Security Consultant / Staff

More information

Designing a security policy to protect your automation solution

Designing a security policy to protect your automation solution Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...

More information

Industrial Security Solutions

Industrial Security Solutions Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats

More information

IP Telefoni. DHCP Options VLANs. Understanding the Cisco IP Phone Boot Process

IP Telefoni. DHCP Options VLANs. Understanding the Cisco IP Phone Boot Process IP Telefoni DHCP Options VLANs Understanding the Cisco IP Phone Boot Process The Cisco IP Phone connects to an Ethernet switchport. If the IP phone and switch support PoE, the IP phone receives power through

More information

Industrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities

Industrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities Industrial Cyber Security Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities WE HEAR ABOUT CYBER INCIDENTS EVERY DAY IN THE NEWS, BUT JUST HOW RELEVANT ARE THESE

More information

Patch Management. Is it recommended to patch an Industrial Automation Control System and, if so, why? Siemens AG 2012. All Rights Reserved.

Patch Management. Is it recommended to patch an Industrial Automation Control System and, if so, why? Siemens AG 2012. All Rights Reserved. Patch Management Is it recommended to patch an Industrial Automation Control System and, if so, why? Facts Most of the computer components of modern Industrial Automation Control System are based on standard

More information

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors March 25-27, 2014 Steven A. Kunsman i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors ABB Inc. March 26, 2015 Slide 1 Cyber Security for Substation

More information

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards SCADA Compliance Tools For NERC-CIP The Right Tools for Bringing Your Organization in Line with the Latest Standards OVERVIEW Electrical utilities are responsible for defining critical cyber assets which

More information

1B1 SECURITY RESPONSIBILITY

1B1 SECURITY RESPONSIBILITY (ITSP-1) SECURITY MANAGEMENT 1A. Policy Statement District management and IT staff will plan, deploy and monitor IT security mechanisms, policies, procedures, and technologies necessary to prevent disclosure,

More information

Meeting the Cybersecurity Standards of ANSI/ISA

Meeting the Cybersecurity Standards of ANSI/ISA Cybersecurity Solutions Since 1998 White Paper Meeting the Cybersecurity Standards of ANSI/ISA-62443-3-3 Owl Comprehensive Security Solution 38A Grove St, Ste 101, Ridgefield, CT 06877, USA Toll Free:

More information

Document ID. Cyber security for substation automation products and systems

Document ID. Cyber security for substation automation products and systems Document ID Cyber security for substation automation products and systems 2 Cyber security for substation automation systems by ABB ABB addresses all aspects of cyber security The electric power grid has

More information

Network and Security Controls

Network and Security Controls Network and Security Controls State Of Arizona Office Of The Auditor General Phil Hanus IT Controls Webinar Series Part I Overview of IT Controls and Best Practices Part II Identifying Users and Limiting

More information

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Rev 5058-CO900C Agenda Control System Network Security Defence in Depth Secure Remote Access Examples

More information

Where Smart Data meets Data Security Siemens Cloud for Industry powered by SAP HANA. April 2015

Where Smart Data meets Data Security Siemens Cloud for Industry powered by SAP HANA. April 2015 Where Smart Data meets Data Security Siemens Cloud for Industry powered by SAP HANA April 2015 Think of a Number! 13642916 Page 2 Prologue: Nineteenth-century Data Overkill Page 3 Prologue: Your Brain

More information

CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System

CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System Purpose CIP-005-5 R2 is focused on ensuring that the security of the Bulk Energy System is not compromised

More information

SECURITY MANAGEMENT IT Security Policy (ITSP- 1)

SECURITY MANAGEMENT IT Security Policy (ITSP- 1) SECURITY MANAGEMENT IT Security Policy (ITSP- 1) 1A Policy Statement District management and IT staff will plan, deploy, and monitor IT security mechanisms, policies, procedures, and technologies necessary

More information

Penetration Testing of control systems, is it a good idea?

Penetration Testing of control systems, is it a good idea? SANS Amsterdam, Netherlands September 8, 2008 Penetration Testing of control systems, is it a good idea? Managing Consultant Roelof.Klein@capgemini.com http://www.linkedin.com/in/roelofklein Definition

More information

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample

More information

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations

More information

Cover sheet. How do you create a backup of the OS systems during operation? SIMATIC PCS 7. FAQ November 2013. Service & Support. Answers for industry.

Cover sheet. How do you create a backup of the OS systems during operation? SIMATIC PCS 7. FAQ November 2013. Service & Support. Answers for industry. Cover sheet How do you create a backup of the OS systems during operation? SIMATIC PCS 7 FAQ November 2013 Service & Support Answers for industry. Question This entry originates from the Service & Support

More information

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance GE Oil & Gas Cyber Security for NERC CIP Versions 5 & 6 Compliance Cyber Security for NERC CIP Versions 5 & 6 Compliance 2 Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security

More information

Decrease your HMI/SCADA risk

Decrease your HMI/SCADA risk Decrease your HMI/SCADA risk Key steps to minimize unplanned downtime and protect your organization. Are you running your plant operations with serious risk? Most industrial applications lack recommended

More information

Three Simple Steps to SCADA Systems Security

Three Simple Steps to SCADA Systems Security Three Simple Steps to SCADA Systems Security Presented by: Gabe Shones, PE / Gilbert Kwan, PE Insert Photo Here Rockwell Automation Process Solutions User Group (PSUG) November 14-15, 2011 Chicago, IL

More information

Data Security and Healthcare

Data Security and Healthcare Data Security and Healthcare Complex data flows Millions of electronic medical records across many systems New and emerging business relationships Changing and maturing compliance frameworks Diverse population

More information

Best Practices for DanPac Express Cyber Security

Best Practices for DanPac Express Cyber Security March 2015 - Page 1 Best Practices for This whitepaper describes best practices that will help you maintain a cyber-secure DanPac Express system. www.daniel.com March 2015 - Page 2 Table of Content 1 Introduction

More information

SIMATIC Remote Services. Industry Services

SIMATIC Remote Services. Industry Services Industry Services SIMATIC Remote Services Proactive remote support for the SIMATIC automation system optimum support for the efficient operation of your plant siemens.com/siremote Proactive Virus Pattern

More information

DeltaV System Cyber-Security

DeltaV System Cyber-Security January 2013 Page 1 This paper describes the system philosophy and guidelines for keeping your DeltaV System secure from Cyber attacks. www.deltav.com January 2013 Page 2 Table of Contents Introduction...

More information

The Electronic Arms Race of Cyber Security 4.2 Lecture 7

The Electronic Arms Race of Cyber Security 4.2 Lecture 7 The Electronic Arms Race of Cyber Security 4.2 Lecture 7 ISIMA Clermont-Ferrand / 04-February 2011 Copyright 2011 Dr. Juergen Hirte List of Content Why Process Automation Security? Security Awareness Issues

More information

Innovative Defense Strategies for Securing SCADA & Control Systems

Innovative Defense Strategies for Securing SCADA & Control Systems 1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet

More information

GE Measurement & Control. Cyber Security for NEI 08-09

GE Measurement & Control. Cyber Security for NEI 08-09 GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4

More information

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network WP 1004HE Part 5 1. Cyber Security White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network Table of Contents 1. Cyber Security... 1 1.1 What

More information

SIMATIC. Security concept PCS 7 and WinCC - Basic document. Preface. Aim of the security concept 2. References 3. Definitions 4

SIMATIC. Security concept PCS 7 and WinCC - Basic document. Preface. Aim of the security concept 2. References 3. Definitions 4 Preface 1 Aim of the security concept 2 SIMATIC Security concept PCS 7 and WinCC - Basic document Whitepaper References 3 Definitions 4 Strategies of the security concept 5 Implementing the security strategies

More information

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric Challenges What challenges are there for Cyber Security in Industrial

More information

Ovation Security Center Data Sheet

Ovation Security Center Data Sheet Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations

More information

IT Security and OT Security. Understanding the Challenges

IT Security and OT Security. Understanding the Challenges IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control

More information

Are you prepared to be next? Invensys Cyber Security

Are you prepared to be next? Invensys Cyber Security Defense In Depth Are you prepared to be next? Invensys Cyber Security Sven Grone Critical Controls Solutions Consultant Presenting on behalf of Glen Bounds Global Modernization Consultant Agenda Cyber

More information

System and Product Requirements for Cyber Security

System and Product Requirements for Cyber Security System and Product Requirements for Cyber Security Walter Wutzl, Head of Energy Automation Products siemens.at/future-of-energy Security A Holistic View Human 3rd Party Networks Page 2 Security - Topics

More information

Secure, Scalable and Reliable Cloud Analytics from FusionOps

Secure, Scalable and Reliable Cloud Analytics from FusionOps White Paper Secure, Scalable and Reliable Cloud Analytics from FusionOps A FusionOps White Paper FusionOps 265 Santa Ana Court Sunnyvale, CA 94085 www.fusionops.com World-class security... 4 Physical Security...

More information

SINEMA Remote Connect SIMATIC NET. Industrial Remote Communication SINEMA Remote Connect. Preface. Requirements for operation

SINEMA Remote Connect SIMATIC NET. Industrial Remote Communication SINEMA Remote Connect. Preface. Requirements for operation Preface Requirements for operation 1 SIMATIC NET Industrial Remote Communication Installation and commissioning 2 Configuration 3 Operating Instructions 04/2016 C79000-G8976-C395-03 Legal information Warning

More information

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room MAXIMUM DATA SECURITY with ideals TM Virtual Data Room WWW.IDEALSCORP.COM ISO 27001 Certified Account Settings and Controls Administrators control users settings and can easily configure privileges for

More information

Supporting our customers with NERC CIP compliance. James McQuiggan, CISSP

Supporting our customers with NERC CIP compliance. James McQuiggan, CISSP Supporting our customers with NERC CIP compliance James, CISSP Siemens Energy Sector Energy products and solutions - in 6 Divisions Oil & Gas Fossil Power Generation Renewable Energy Service Rotating Equipment

More information

Support and Remote Dialup SIMATIC. Process Control System PCS 7. Support and Remote Dialup. Preface 1. Support and Remote Dialup.

Support and Remote Dialup SIMATIC. Process Control System PCS 7. Support and Remote Dialup. Preface 1. Support and Remote Dialup. Preface 1 2 SIMATIC Process Control System PCS 7 Dialup 3 Practical information 4 Commissioning Manual 12/2011 A5E02657554-02 Legal information Legal information Warning notice system This manual contains

More information

Validity 1. Improvements in STEP 7 2. Improvements in WinCC 3. Simatic. Readme. Readme

Validity 1. Improvements in STEP 7 2. Improvements in WinCC 3. Simatic. Readme. Readme Validity 1 Improvements in STEP 7 2 Simatic Improvements in WinCC 3 2012 Legal information Warning notice system This manual contains notices you have to observe in order to ensure your personal safety,

More information

A Decision Maker s Guide to Securing an IT Infrastructure

A Decision Maker s Guide to Securing an IT Infrastructure A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose

More information

Helping to increase your resistance to attack. Industrial Security Reale Gefahren aus dem virtuellen Raum

Helping to increase your resistance to attack. Industrial Security Reale Gefahren aus dem virtuellen Raum Helping to increase your resistance to attack Industrial Security Reale Gefahren aus dem virtuellen Raum siemens.com/industrialsecurity The age of cyberattacks The concept of Defense-in-Depth The Siemens

More information

8 Steps for Network Security Protection

8 Steps for Network Security Protection 8 Steps for Network Security Protection cognoscape.com 8 Steps for Network Security Protection Many small and medium sized businesses make the mistake of thinking they won t be the target of hackers because

More information

Security Information & Event Management (SIEM)

Security Information & Event Management (SIEM) Security Information & Event Management (SIEM) Peter Helms, Senior Sales Engineer, CISA, CISSP September 6, 2012 1 McAfee Security Connected 2 September 6, 2012 Enterprise Security How? CAN? 3 Getting

More information

PCI Requirements Coverage Summary Table

PCI Requirements Coverage Summary Table StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table December 2011 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2

More information

SCADA Cyber Security

SCADA Cyber Security SCADA Cyber Security Information on Securing SCADA systems Version: 1.0 Erik Daalder, Business Development Manager Yokogawa Electric Corporation Global SCADA Center T: +31 88 4641 360 E: erik.daalder@nl.yokogawa.com

More information

Symphony Plus Cyber security for the power and water industries

Symphony Plus Cyber security for the power and water industries Symphony Plus Cyber security for the power and water industries Symphony Plus Cyber Security_3BUS095402_(Oct12)US Letter.indd 1 01/10/12 10:15 Symphony Plus Cyber security for the power and water industries

More information

INTRUSION DETECTION SYSTEMS and Network Security

INTRUSION DETECTION SYSTEMS and Network Security INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS

More information

Hot & New in Symantec Management and Windows Protection

Hot & New in Symantec Management and Windows Protection [Technology Days 2010] Hot & New in Symantec and Windows Protection Finn Henningsen & Wael Al Assadi Hot & New in Symantec and Windows Protection AGENDA 1 2 3 Intro Storage /Wael Al Assadi Assadi Endpoint

More information

How Much Cyber Security is Enough?

How Much Cyber Security is Enough? How Much Cyber Security is Enough? Business Drivers of Cyber Security Common Challenges and Vulnerabilities Cyber Security Maturity Model Cyber Security Assessments September 30, 2010 Business in the Right

More information

RSA SecurID Ready Implementation Guide

RSA SecurID Ready Implementation Guide RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 18, 2006 Product Information Partner Name Microsoft Web Site http://www.microsoft.com/isaserver Product Name Internet

More information

SRX. SRX Firewalls. Rasmus Elmholt V1.0

SRX. SRX Firewalls. Rasmus Elmholt V1.0 SRX SRX Firewalls Rasmus Elmholt V1.0 Deployment Branch SRX Series SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650 Fokus for dette kursus Data Center SRX Series SRX1400, SRX3400, SRX3600, SRX5400,

More information

Kan standarder frembringe den fornødne sikkerhed og hvilke arbejds der på? Den europæiske process

Kan standarder frembringe den fornødne sikkerhed og hvilke arbejds der på? Den europæiske process Smart Grid hvordan beskytter vi persondata? Kan standarder frembringe den fornødne sikkerhed og hvilke arbejds der på? Den europæiske process Introduktion o S-557 (TC57 Dansk National komite) IEC TC57

More information

Birst Security and Reliability

Birst Security and Reliability Birst Security and Reliability Birst is Dedicated to Safeguarding Your Information 2 Birst is Dedicated to Safeguarding Your Information To protect the privacy of its customers and the safety of their

More information

8 Steps For Network Security Protection

8 Steps For Network Security Protection 8 Steps For Network Security Protection 8 Steps For Network Security Protection Many small and medium sized businesses make the mistake of thinking they won t be the target of hackers because of their

More information

Security Levels in ISA-99 / IEC 62443

Security Levels in ISA-99 / IEC 62443 Summary Assessment of the security protection of a plant A Security Protection Level has to be assessed in a plant in operation A Protection Level requires both: The fulfillment of the policies and procedures

More information

Compulink Advantage Cloud sm Software Installation, Configuration, and Performance Guide for Windows

Compulink Advantage Cloud sm Software Installation, Configuration, and Performance Guide for Windows Compulink Advantage Cloud sm Software Installation, Configuration, and Performance Guide for Windows Compulink Business Systems, Inc. 2645 Townsgate Road, Suite 200 Westlake Village, CA 91361 2013 Compulink

More information

Avaya G700 Media Gateway Security - Issue 1.0

Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional Enterprise

More information

WinCC Runtime Professional Readme SIMATIC HMI. WinCC V11 SP1. Readme WinCC Runtime Professional. Special considerations for Windows 7.

WinCC Runtime Professional Readme SIMATIC HMI. WinCC V11 SP1. Readme WinCC Runtime Professional. Special considerations for Windows 7. WinCC Runtime Professional Readme SIMATIC HMI WinCC V11 SP1 Special considerations for Windows 7 1 Installation 2 Runtime 3 Options 4 HMI devices 5 Readme WinCC Runtime Professional System Manual Online

More information

Ovation Security Center Data Sheet

Ovation Security Center Data Sheet Features Scans for vulnerabilities Discovers assets Deploys security patches easily Allows only white-listed applications in workstations to run Provides virus protection for Ovation Windows stations Aggregates,

More information

NERC CIP MAPPING RKNEAL, INC. VERVE SECURITY CENTER. See how the Verve Security Center addresses the requirements of NERC CIP version 5

NERC CIP MAPPING RKNEAL, INC. VERVE SECURITY CENTER. See how the Verve Security Center addresses the requirements of NERC CIP version 5 VERVE SECURITY CENTER NERC CIP MAPPING See how the addresses the requirements of NERC CIP version 5 3 NERC CIP VERSION 5 Defense In Depth Protection For ICS Systems ADOPTS NEW CYBER SECURITY CONTROLS AND

More information

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control

More information

GoodData Corporation Security White Paper

GoodData Corporation Security White Paper GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share

More information

Security concept PCS 7 & WinCC. (Basic) SIMATIC. Process Control System PCS 7 Security concept PCS 7 & WinCC (Basic) Preface 1

Security concept PCS 7 & WinCC. (Basic) SIMATIC. Process Control System PCS 7 Security concept PCS 7 & WinCC (Basic) Preface 1 Security concept PCS 7 & WinCC (Basic) SIMATIC Process Control System PCS 7 Security concept PCS 7 & WinCC (Basic) Function Manual Preface 1 Aim of the security concept 2 References 3 Definitions 4 Strategies

More information

PA-DSS Implementation Guide for. Sage MAS 90 and 200 ERP. Credit Card Processing

PA-DSS Implementation Guide for. Sage MAS 90 and 200 ERP. Credit Card Processing for Sage MAS 90 and 200 ERP Credit Card Processing Version 4.30.0.18 and 4.40.0.1 - January 28, 2010 Sage, the Sage logos and the Sage product and service names mentioned herein are registered trademarks

More information

Secure Communication Made Easy

Secure Communication Made Easy Secure Communication Made Easy Remote Access to Industrial Equipment Easy Setup Central Administration Firewall Friendly State-of-Art Security Fast Return On Investment PROGRAMMING CONTROL LOGGING INFRASTRUCTURE

More information

Securely Connect, Network, Access, and Visualize Your Data

Securely Connect, Network, Access, and Visualize Your Data Securely Connect, Network, Access, and Visualize Your Data 1 Who is Skkynet? Skkynet is the Parent company of; - Cogent Real-Time Systems Established in 1994 Focus on Industrial Automation software Cogent

More information

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security? ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security? Agenda Threats Risk Assessment Implementation Validation Advanced Security Implementation Strategy

More information

LOGIIC Remote Access. Final Public Report. June 2015 1 LOGIIC - APPROVED FOR PUBLIC DISTRIBUTION

LOGIIC Remote Access. Final Public Report. June 2015 1 LOGIIC - APPROVED FOR PUBLIC DISTRIBUTION LOGIIC Remote Access June 2015 Final Public Report Document Title LOGIIC Remote Monitoring Project Public Report Version Version 1.0 Primary Author A. McIntyre (SRI) Distribution Category LOGIIC Approved

More information

Building Secure Networks for the Industrial World

Building Secure Networks for the Industrial World Building Secure Networks for the Industrial World Anders Felling Vice President, International Sales Westermo Group Managing Director Westermo Data Communication AB 1 Westermo What do we do? Robust data

More information

Secure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco

Secure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco Secure Access into Industrial Automation and Systems Industry Best Practice and Trends Serhii Konovalov Venkat Pothamsetty Cisco Vendor offers a remote firmware update and PLC programming. Contractor asks

More information

Cover. VPN tunnel via Internet. SCALANCE S61x and SOFTNET Security Client Edition FAQ August Service & Support. Answers for industry.

Cover. VPN tunnel via Internet. SCALANCE S61x and SOFTNET Security Client Edition FAQ August Service & Support. Answers for industry. Cover SCALANCE S61x and SOFTNET Security Client Edition 2008 FAQ August 2010 Service & Support Answers for industry. This entry is from the Service&Support portal of Siemens AG, Sector Industry, Industry

More information

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Medical Image Manager (MIM) Version 6.1.

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Medical Image Manager (MIM) Version 6.1. Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak Medical Image Manager (MIM) Version 6.1.1 Part Number 1G0119 Version 1.0 Eastman Kodak Company, Health Group

More information

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams

More information