AUP28. Implementing Security In Integrated Architecture Practical security solutions for Industrial Control System (ICS)

Size: px
Start display at page:

Download "AUP28. Implementing Security In Integrated Architecture Practical security solutions for Industrial Control System (ICS)"

Transcription

1 AUP28 Implementing Security In Integrated Architecture Practical security solutions for Industrial Control System (ICS) Clive Barwise, Rockwell Automation European Product Manager Networks and Security 9 th and 10 th September 2014 PUBLIC INFORMATION Copyright 2014 Rockwell Automation, Inc. All Rights Reserved.

2 Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 2 Agenda Trends in Security of Industrial Control Systems Rockwell CISCO Panduit Partnership for Industrial Security Defense in Depth Remote Access Conclusion

3 Cyber Security in the News? Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. Copyri 3

4 Cyber Security in the News Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 4

5 Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 5 Recently reported by customer New Havex malware variants target industrial control system and SCADA users During the spring, attackers began distributing new versions of a remote access Trojan (RAT) program called Havex by hacking Following into the websites the discovery of industrial of control the Stuxnet system (ICS) manufacturers and poisoning their legitimate software industrial downloads sabotage malware in 2010, which is believed to have destroyed up to 1,000 F-Secure did not name the affected vendors, but said that two of them develop ICS remote management uranium enrichment centrifuges in Iran, software and the third supplies high-precision industrial cameras and related software. According to the security researchers sounded the alarm security firm, the vendors are based in Germany, Switzerland and Belgium. about the insecurity of industrial control The attackers modified systems the legitimate and software the ease installers with which to drop they and execute can an additional file on computers. The file is called be targeted mbcheck.dll by and attackers. is actually Despite the Havex those malware. That conclusion is also supported concerns, by widespread the existence of malware a new malicious attacks Havex component whose purpose is to scan local area networks against for ICS devices and that SCADA respond systems to OPC (Open never Platform Communications) requests. became a reality, making the new Havex campaigns a rare occurrence, but possibly The Havex component leverages the OPC standard to gather information about industrial control devices an indication of things to come. and then sends that information back to its command-and-control (C&C) server for the attackers to analyze, the F-Secure researchers said. It appears that this component is used as a tool for intelligence gathering. So far, we have not seen any payloads that attempt to control the connected hardware.

6 Security Why is it so critical now? Source: ARC Survey of Control System Engineers 2009 Nearly 65% of facilities allow remote access to their control systems. Source: ARC Strategies, Dec 2013 Source: 2011 Annual Report on Cyber Security Incidents And Trends Affecting Industrial Control Systems. Industrial Control Systems are part of the Enterprise and no longer islands of automation. Copyright 2014 Rockwell Automation, Inc. All Rights Reserved.

7 Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 7 It is becoming the LAW Many countries are enacting laws to protect their Critical Infrastructure

8 Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 8 Security Threat Actors Human Malicious Ignorant System Misconfiguration Lack of Privilege Control

9 What is Industrial Cyber Security Risk Management? Reduce risks associated with unintended or malicious actions Improve ability to be free from danger, injury or loss Enhance protection of key assets from disruption, loss or damage The use of proven technologies, policies & procedures to RISK = Threat Vulnerability Consequence Protect & limit potential exposure or damage to key assets Protect of People, Property & Proprietary Information from unintended or malicious actions taken against it Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 9

10 Partners Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 10 Rockwell Automation Focus on Industrial Cyber Security Reduce risks to safe and reliable operation Control system architecture with layered security to help maintain operational integrity under threat Data Protection and Confidentiality Network IP protection Role-based Security Data Protection Anti- Tamper and Detection Remote Access Supply-chain Protect assets & information Product and system features to help control access, tamper-proof and limit information exposure Government and Standards Alignment Responsible disclosure with control system solutions that follow global standards and help fulfill independent & regulatory security requirements

11 Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. Industrial Network Security Trends Established Industrial Security Standards International Society of Automation ISO/IEC (Formerly ISA-99) Industrial Automation and Control Systems (IACS) Security Defense-in-Depth IDMZ Deployment National Institute of Standards and Technology NIST Industrial Control System (ICS) Security Defense-in-Depth IDMZ Deployment Department of Homeland Security / Idaho National Lab DHS INL/EXT Control Systems Cyber Security: Defense-in-Depth Strategies Defense-in-Depth IDMZ Deployment

12 Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 12 Collaboration of Partners Wireless, Security, Switching/Routing Leader in Industrial Network Infrastructure The Established #1 Industrial Ethernet Physical Layer Network Infrastructure Reduce Risk Simplify Design Speed Deployment

13 Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 13 Defense-in-Depth No single product, technology or methodology can fully secure Industrial Automation and Control System (IACS) applications. Protecting IACS assets requires a defense-in-depth security approach, which addresses internal and external security threats. This approach utilizes multiple layers of defense (physical, procedural and electronic) at separate IACS levels by applying policies and procedures that address different types of threats.

14 Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 14

15 Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 15 Agenda Trends in Security of Industrial Control Systems Rockwell CISCO Panduit Partnership for Industrial Security Defense in Depth Remote Access Conclusion

16 Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 16 Defense-in-Depth Industrial Security Policies Drive Technical Controls Physical limit physical access to authorized personnel Cells/Areas, control panels, devices, cabling, and control room Network security framework e.g. firewall policies, access control list (ACL) policies for switches and routers, AAA, intrusion detection and prevention systems (IDS/IPS) Computer Hardening patch management, Anti-X software, removal of unused applications/ protocols/services, closing unnecessary logical ports, protecting physical ports Application authentication, authorization, and accounting (AAA) software Device Hardening change management, communication encryption, and restrictive access

17 Defense-in-Depth Computer Hardening - Examples Security Patch Management: establish and document a security patch management program for tracking, evaluating, testing, and installing applicable cyber security software patches Keep computers up-to-date on service packs and hot fixes Disable automatic updates Check software vendor website Test patches before implementing Schedule patching during downtime Deploy and maintain Anti-X (antivirus, antispyware, etc.) and malware detection software Disable automatic updates and automatic scanning Test definition updates before implementing Schedule manually initiated scanning during downtime Uninstall unused Windows components Protocols and Services Protect unused or infrequently used USB, parallel or serial interfaces 17 Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. Funda

18 Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 18 Computer Hardening Examples Software Restriction Policies (SRP) Software Restriction Policies (SRP) is Group Policy-based feature that identifies software programs running on computers in a domain, and controls the ability of those programs to run. Software restriction policies are part of the Microsoft security and management strategy to assist enterprises in increasing the reliability, integrity, and manageability of their computers. You can also use software restriction policies to create a highly restricted configuration for computers, in which you allow only specifically identified applications to run. Software restriction policies are integrated with Microsoft Active Directory and Group Policy. You can define these policies through the Software Restriction Policies extension of the Local Group Policy Editor or the Local Security Policies snap-in to the Microsoft Management Console (MMC).

19 Computer Hardening Examples Windows Firewall Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 19

20 Computer Hardening Examples Registry Setting to Disable USB Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 20 Start Value = 4 to disable HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor

21 Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 21 Network Security Framework Physical Port Security Keyed solutions for copper and fiber Lock-in, Blockout products secure connections Data Access Port (keyed cable and jack)

22 Copyright 2013 Rockwell Automation, Inc. All rights reserved. Security Quality Product Design Approach Develop Specifications Audit and Identify Gaps Enhance & Improve

23 Security Quality Product Resiliency & Robustness (R&R) Testing 23 Copyright 2013 Rockwell Automation, Inc. All rights reserved. Key part of our Industrial Security Team Help reduce customer risk Critical to our Industrial Security Goals Identify weaknesses and vulnerabilities Improve product resiliency & robustness Evaluation of all company products Leveraging ISA Security Compliance Institute (ISCI) approved tools and test suites Achilles test tool & Level-2 test suite fulfills technical aspects of ISA-99 and IEC standard for ICS cyber security Evaluates resiliency of Ethernet protocol suite Results provide concrete facts about product resiliency to simplistic attacks driving continuous improvement.

24 Defense-in-Depth Controller Hardening - Examples Electronic design Firmware Digital Signatures Purpose of digital signature Protect firmware from accidental and malicious corruption Ensure firmware was generated by Rockwell Automation How they re being introduced ControlLogix L7x and V18 SoftLogix firmware is digitally signed More devices will have signed firmware in the future ControlFlash itself may check the signature How they work Rockwell Automation digitally signs firmware kits with a private key when they are released Devices locally check the signature with a corresponding public key Any change to the firmware kit will cause the signature check to fail in device 24 Copyright 2013 Rockwell Automation, Inc. All rights reserved. Funda

25 Controller Security Tools Turn the Switch Lock the Program Protect the Source Embedded Change Log FactoryTalk Security Data Access Control Copyright 2011 Rockwell Automation, Inc. All rights reserved. Copyright 2013 Rockwell Automation, Inc. All rights reserved. 25

26 Copyright 2013 Rockwell Automation, Inc. All rights reserved. 26 Tools for a Secure Application Controller Change Detection Every Logix PAC exposes a Change Detection Audit Value When something happens that can impact the behavior of the controller, the value changes Audit Value is available in RSLogix 5000 and Studio 5000 Logix Designer, in other software applications and in other controllers via a message instruction The set of events that causes the Audit Value to change can be configured

27 Defense-in-Depth Controller Hardening - Examples Electronic design - Logix Controller Data Access Control Users can assign External Access settings of Read/Write, Read Only, or None to tags Useful to control which tags can be modified from an HMI or other external application A cryptographically licensed trusted connection is established between RSLogix 5000 and the Logix controller Ensures tags designated as Read-Only or None can only by changed by RSLogix 5000 Users can also define tags as Constants. Constants can not be modified by controller logic Improves security of tags especially when used in conjunction with FactoryTalk Security or the CPU Lock tool 27 Copyright 2013 Rockwell Automation, Inc. All rights reserved. Funda

28 Copyright 2013 Rockwell Automation, Inc. All rights reserved. Copyri New in V20 Trusted Slot Designation

29 Copyright 2013 Rockwell Automation, Inc. All rights reserved. 29 Tools for a Secure Application FactoryTalk Security Use FactoryTalk Security to Manage the insider threat by authenticating the user and authorizing the use of Rockwell Automation software applications to access automation devices How does it work? Provides a centralized authority to verify identity of each user and grants or deny user's requests to perform a particular set of actions on resources within the system. FactoryTalk Directory Authenticate the User Authorize Use of Applications Authorize Access to Specific Devices (All FactoryTalk Security enabled software)

30 Copyright 2013 Rockwell Automation, Inc. All rights reserved. 30 The Purdue Model and Rockwell Automation Rockwell Automation and CISCO Systems have defined a manufacturing framework to created a foundation for network segmentation, management and policy enforcement maximising the seamless of the Industrial Cyber Security Technical Countermeasures and minimising the risks to be assumed by our customers:

31 Copyright 2013 Rockwell Automation, Inc. All rights reserved. 31 Network Security Framework Industrial Demilitarized Zone Level 5 Level 4 , Intranet, etc. Enterprise Network Site Business Planning and Logistics Network Enterprise Security Zone Remote Gateway Services Application Mirror Patch Management Web Services Operations AV Server Application Server Firewall Firewall Web CIP Industrial DMZ Level 3 Level 2 Level 1 FactoryTalk Application Server FactoryTalk Client Batch Control FactoryTalk Directory Operator Interface Discrete Control Engineering Workstation FactoryTalk Client Drive Control Remote Access Server Engineering Workstation Continuous Process Control Site Operations and Control Area Supervisory Control Operator Interface Safety Control Basic Control Industrial Security Zone Cell/Area Zone Level 0 Sensors Drives Actuators Robots Process Logical Model Industrial Automation and Control System (IACS) Converged Multi-discipline Industrial Network No Direct Traffic Flow between Enterprise and Industrial Zone

32 Copyright 2012 Rockwell Automation, Inc. All rights reserved. 32 Tools for a Secure Network Network Segmentation Enterprise-wide Network Enterprise-wide Network Enterprise-wide Network Enterprise-wide Network Plant-wide Network Switch with VLANs Plant-wide Network Plant-wide Network Plant-wide Network Not Recommended Recommended Enterprise-wide Network Enterprise-wide Network Enterprise-wide Network Router (Zone Based FW) Firewall IDMZ Plant-wide Network Plant-wide Network Plant-wide Network Good Better Best

33 Segmentation Structure and Hierarchy - Logical Framework Layer 2 Access Switch Layer 3 Distribution Switch Layer 3 Inter VLAN Catalyst Routing 3750 StackWise Switch Stack Building Block Manages what traffic can pass from one VLAN to the next Cell/Area Zones Levels 0 2 Level 2 HMI Layer 2 Drive Building Controller Block HMI VLAN 102 VLAN 102 Traffic I/O Media & Connectors Rockwell Automation Layer 2Stratix 8000 Layer 2 Access Switch Building Block Cell/Area Zone #2 Level 1 Controller Cell/Area Zone #1 VLAN Ring Topology 103 Traffic Cell/Area VLAN 104 Zone Traffic #3 stays Redundant in this Star Topology block stays Resilient in Ethernet this block Protocol (REP) Bus/Star Flex Links Resiliency stays in Topology this block The Cell/Area zone is a Layer 2 network for a functional area of the plant floor. Key network considerations include: Structure and hierarchy using smaller Layer 2 building blocks I/O VLAN 103 Controller Drive I/O VLAN 104 Level 0 Drive Logical segmentation for traffic management and policy enforcement (e.g. QoS, Security) to accommodate time-sensitive applications HMI HMI Layer 2 Controller Drive Building Block Copyright 2012 Rockwell Automation, Inc. All rights reserved.

34 Copyright 2012 Rockwell Automation, Inc. All rights reserved. 34 Network Security Framework VLANs, Segmenting Domains of Trust Plant-wide IACS VLAN 10 IP Subnet /24 Plant-wide IACS VLAN 10 IP Subnet /24 Plant-wide IACS Stratix 8300 Plant-wide IACS Stratix 8300 Layer 3 Ring Ring Stratix 8000 Stratix 8000 Stratix 8000 Stratix 8000 Machine #1 OEM #1 Machine #2 OEM #2 Machine #1 OEM #1 Machine #2 OEM #2 Layer 2 Layer 2 Layer 2 Flat and Open IACS Network Infrastructure Machine #1 (OEM #1) VLAN 20 IP Subnet /24 Machine #2 (OEM #2) VLAN 30 IP Subnet /24 Structured and Hardened IACS Network Infrastructure

35 Copyright 2012 Rockwell Automation, Inc. All rights reserved. 35 Network Security Framework Cisco / Rockwell Automation Reference Architectures Structured and hardened network infrastructure Scalable framework utilizing holistic defense-in-depth approach Security is pervasive, not a bolt-on component Alignment with industrial security standards (e.g. ISA, NIST) Industrial security policy: A-I-C vs. C-I-A Industrial DMZ implementation Remote partner access policy, with robust & secure implementation Network Security Services Must Not Compromise Plant Operations Standard DMZ Design Best Practices AAA FactoryTalk Authentication Server, Active Directory (AD), AAA Radius / ISE Enterprise Zone Levels 4-5 Remote Access Server Level 3 Site Operations Industrial Demilitarized Zone (IDMZ) FactoryTalk Client OS Hardening Level 2 Area Supervisory Control Controller Hardening, Encrypted Communications Controller Hardening Physical Security Procedural VLANs, Segmenting Domains of Trust Zone Firewall Controller Hardening, Electronic Level 1 - Controller VLANs Catalyst 3750 StackWise Switch Stack Enterprise WAN Cisco ASA 5500 Firewall (Active) Network Status and Monitoring Catalyst 6500/4500 Controller Controller Controllers, I/O, Drives I/O Physical or Virtualized Servers Patch Management Remote Gateway Services Application Mirror AV Server Firewall (Standby) HMI Level 0 - Process Plant Firewall: Inter-zone traffic segmentation ACLs, IPS and IDS VPN Services Portal and Remote Desktop Services proxy Network Device Resiliency Network Infrastructure Hardening Access Control Drive Physical Port Security MCC Soft Starter

36 Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 36 Network Security Framework Unified Threat Management (UTM) Stratix 5900 The Stratix 5900 UTM security appliance is a ruggedized all-inclusive UTM with features such as firewall, secure routing, VPN (virtual private network), intrusion prevention, NAT (network address translation) and content filtering. Site-to-Site Connection, tunnels the Industrial Zone trusted network to a remote site over an untrusted network using a site-to-site VPN connection. Cell/Area Zone Firewall, to protect a Cell/Area Zone from the greater Industrial Zone. Physical features RJ-45 Gigabit WAN 4 10/100Base-Tx LAN ports Shock /Vibration & Extended Temperature DIN rail mount Network features ACL / Firewall DHCP QoS VLAN NAT Stratix 5900 Security Appliance

37 Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 37 Network Security Framework Unified Threat Management (UTM) Enterprise-wide Business Systems Levels 4 & 5 Data Center Enterprise Zone Level IDMZ Plant-wide Site-wide Operation Systems Level 3 - Site Operations Physical or Virtualized Servers Industrial Zone FactoryTalk Application Servers & Services Platform Network Services e.g. DNS, AD, DHCP, AAA Remote Access Server (RAS) Call Manager Storage Array Site-to-Site Connection Stratix ) Site-to-Site Connection Stratix ) Cell/Area Zone Firewall Stratix ) OEM Integration Levels 0-2 Cell/Area Zones UTM UTM UTM Remote Site #1 Local Cell/Area Zone #1 Local OEM Skid / Machine #1

38 Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 38 Agenda Trends in Security of Industrial Control Systems Rockwell CISCO Panduit Partnership for Industrial Security Defense in Depth Remote Access Conclusion

39 Remote Access Best Practice Application Requirements Remote connection into the Plant Indirect access Enterprise centric IT involvement Common IT Infrastructure Following emerging Industrial Automation and Control System security standards Defense-in-depth DMZ Strict Change Management Requirements Patch Management Application Mirror AV Server FactoryTalk Application Servers View Historian AssetCentre Transaction Manager FactoryTalk Services Platform Directory Security/Audit Data Servers Remote Engineer or Partner Enterprise Data Center Enterprise WAN Gbps Link Failover Detection Firewall (Standby) SSL VPN Catalyst 6500/4500 IPSEC VPN Enterprise Edge Firewall Firewall (Active) Catalyst 3750 StackWise Switch Stack VPN Client EtherNet/IP Enterprise Connected Engineer Internet Enterprise Zone Levels 4 and 5 Enterprise Zone Levels 4 and 5 Demilitarized Zone (DMZ) Demilitarized Zone (DMZ) Remote Access Server Remote Desktop Services RSLogix 5000 FactoryTalk View Studio Industrial Zone Site Operations and Control Level 3 Cell/Area Zones Levels 0 2 Fundamentals of Securing EtherNet/IP Networks Copyright 2012 Rockwell Automation, Inc. All rights reserved. Copyright 2014 Rockwell Automation, Inc. All Rights Reserved.

40 Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. Funda Remote Desktop Gateway Network and Security Services Implementation Secure remote access for employees and trusted partners Meeting the security requirements of IT while enabling plant personnel to leverage trusted partners and shared, distributed company resources Common IT Infrastructure Following established Industrial Automation and Control System (IACS) security standards Defense-in-depth DMZ Enables remote asset management: monitoring, configuration and audit Helps simplify change management, version control, regulatory compliance and software license management Helps simplify remote client health management One size does not fit all need a scalable secure solutions Remote Desktop Protocol (RDP) over RCP/HTTPS Patch Management Application Mirror AV Server Remote Gateway Services FactoryTalk Application Servers View Historian AssetCentre Transaction Manager FactoryTalk Services Platform Directory Security/Audit Data Servers Remote Engineer or Partner Enterprise Data Center Enterprise WAN Gbps Link Failover Detection Firewall (Active) SSL VPN Catalyst 6500/4500 IPSEC VPN Generic VPN Client Enterprise Edge Firewall Catalyst 3750 StackWise Switch Stack Firewall (Standby) Enterprise Connected Engineer Internet Enterprise Zone Levels 4 and 5 Enterprise Zone Levels 4 and 5 Demilitarized Zone (DMZ) Remote Desktop Protocol (RDP) Demilitarized Zone (DMZ) Remote Access Server Remote Desktop Services RSLogix 5000 FactoryTalk View Studio Industrial Zone Site Operations and Control Level 3 EtherNet/IP Cell/Area Zones Levels 0 2

41 Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 46 Agenda Trends in Security of Industrial Control Systems Rockwell CISCO Panduit Partnership for Industrial Security Defense in Depth Remote Access Conclusion

42 Putting it Together Secure Remote Access Good, Better, Best Scenario/Recognizing an Issue An employee, or 3 rd party, needs access to the control system from a network outside the production zone to assist in troubleshooting and maintenance Good Solution Stratix 5900 Better Solution Risk/Threat Good solution + expanded technical enforcement of the security perimeter-using FactoryTalk Security Best Solution Better solution + expanded technical enforcement of the security perimerter-though the implementation of Remote Access Gateways with in an Industrial DMZ Unauthorized remote access Worms and viruses Theft Sabotage $$$ Unplanned Downtime Quality Issues-Brand Image Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 47

43 Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 48 Putting it Together Unintended Action Protection Good, Better, Best Scenario/Recognizing an Issue Contractor connecting to plant network to make change or integrate new line- causes downtime by introducing virus or unintentional configuration changes Good Solution Detect unauthorized changes with change detection audit value Use managed switches to segment the architecture with VLANs Scan contractor devices Better Solution Good solution + Enforce VLAN access with Access Control Lists Best Solution Better solution + limit access with FactoryTalk Security with Security Authority Binding enabled Risk/Threat Unauthorized actions by employees Unintended employee actions Lost $$$ Damage to product or assets

44 Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 49 IACS Security Design and Implementation Considerations Align with Industrial Automation and Control System Security Standards DHS External Report # INL/EXT , NIST , ISO/IEC (Formerly ISA- 99) Implement Defense-in-Depth approach: no single product, methodology, nor technology fully secures IACS networks Establish an open dialog between Industrial Automation and IT groups Establish an industrial security policy Establish an IDMZ between the Enterprise and Industrial Zones Work with trusted partners knowledgeable in automation & security "Good enough" security now, is better than "perfect" security...never. (Tom West, Data General)

45 Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 50 What Can You Do Now to Mitigate Risk? Practice these 8 Simple, Actionable Steps to enhance industrial reliability and security 1. Control who has network access 2. Employ firewalls and intrusion detection/prevention 3. Use Anti Virus Protection and patch your system 4. Manage & protect your passwords 5. Turn the processor key(s) to the Run Mode 6. Utilize features embedded in Rockwell Automation products today (example: FactoryTalk Security) 7. Develop a process to manage removable media 8. Block access ports (example: key connectors)

46 Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 51 A new go-to resource for educational, technical and thought leadership information about industrial communications Standard Internet Protocol (IP) for Industrial Applications Coalition of like-minded companies

47 Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 52 Additional Material Cisco and Rockwell Automation Alliance Website Design Guides CPwE DIG Education Series Whitepapers Securing Manufacturing Computer and Controller Assets Production Software within Manufacturing Reference Architectures Achieving Secure Remote Access to Plant Floor Applications and Data

48 Questions? PUBLIC INFORMATION Follow RSTechED on Facebook & Twitter. Connect with us on LinkedIn. Copyright 2014 Rockwell Automation, Inc. All Rights Reserved.

AUP28 - Implementing Security and IP Protection

AUP28 - Implementing Security and IP Protection AUP28 - Implementing Security and IP Protection Features in the Integrated Architecture Mads Laier DK Commercial Engineer Logix & Networks Rev 5058-CO900E Agenda Why IACS Security Now! Defense in depth

More information

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Rev 5058-CO900C Agenda Control System Network Security Defence in Depth Secure Remote Access Examples

More information

T46 - Integrated Architecture Tools for Securing Your Control System

T46 - Integrated Architecture Tools for Securing Your Control System T46 - Integrated Architecture Tools for Securing Your Control System PUBLIC PUBLIC - 5058-CO900G Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. The Connected Enterprise PUBLIC Copyright

More information

Network Security Trends & Fundamentals of Securing EtherNet/IP Networks

Network Security Trends & Fundamentals of Securing EtherNet/IP Networks Network Security Trends & Fundamentals of Securing EtherNet/IP Networks Presented by Rockwell Automation Industrial Network Security Trends Security Quips "Good enough" security now, is better than "perfect"

More information

Securing The Connected Enterprise

Securing The Connected Enterprise Securing The Connected Enterprise Pack Expo 2015 Las Vegas Chelsea An Business Development Lead, Network & Security PUBLIC Copyright 2015 Rockwell Automation, Inc. All Rights Reserved. 8 Connected Enterprise

More information

The Internet of Things (IoT) and Industrial Networks. Guy Denis gudenis@cisco.com Rockwell Automation Alliance Manager Europe 2015

The Internet of Things (IoT) and Industrial Networks. Guy Denis gudenis@cisco.com Rockwell Automation Alliance Manager Europe 2015 The Internet of Things (IoT) and Industrial Networks Guy Denis gudenis@cisco.com Rockwell Automation Alliance Manager Europe 2015 Increasingly Everything will be interconnected 50 Billion Smart Objects

More information

Industrial Security Solutions

Industrial Security Solutions Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats

More information

Securing the Connected Enterprise

Securing the Connected Enterprise Securing the Connected Enterprise Doug Bellin, Cisco Amadou Diaw, Rockwell Automation 2 The Internet of Things (IoT) Continuing Trend in Industrial Applications More Things are gaining the ability to communicate

More information

Scalable Secure Remote Access Solutions

Scalable Secure Remote Access Solutions Scalable Secure Remote Access Solutions Jason Dely, CISSP Principal Security Consultant jdely@ra.rockwell.com Scott Friberg Solutions Architect Cisco Systems, Inc. sfriberg@cisco.com Jeffrey A. Shearer,

More information

REFERENCE ARCHITECTURES FOR MANUFACTURING

REFERENCE ARCHITECTURES FOR MANUFACTURING Synopsis Industry adoption of EtherNet/IP TM for control and information resulted in the wide deployment of standard Ethernet in manufacturing. This deployment acts as the technology enabler for the convergence

More information

Industrial Security in the Connected Enterprise

Industrial Security in the Connected Enterprise Industrial Security in the Connected Enterprise Presented by Rockwell Automation 2008 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. THE CONNECTED ENTERPRISE Optimized for Rapid

More information

AUD20 - Industrial Network Security

AUD20 - Industrial Network Security AUD20 - Industrial Network Security Lesley Van Loo EMEA Senior Commercial engineer - Rockwell Automation Rev 5058-CO900B Copyright 2012 Rockwell Automation, Inc. All rights reserved. 2 Agenda Connected

More information

Computer System Security Updates

Computer System Security Updates Why patch? If you have already deployed a network architecture, such as the one recommended by Rockwell Automation and Cisco in the Converged Plantwide Ethernet Design and Implementation Guide (http://www.ab.com/networks/architectures.html),

More information

Production Software Within Manufacturing Reference Architectures

Production Software Within Manufacturing Reference Architectures Production Software Within Manufacturing Reference Architectures Synopsis Industry adoption of EtherNet/IP for control and information has driven the wide deployment of standard Ethernet for manufacturing

More information

Design Considerations for Securing Industrial Automation and Control System Networks

Design Considerations for Securing Industrial Automation and Control System Networks Design Considerations for Securing Industrial Automation and Control System Networks Synopsis Rockwell Automation and Cisco Four Key Initiatives: Common Technology View: A single system architecture, using

More information

Securing the Connected Enterprise

Securing the Connected Enterprise Securing the Connected Enterprise ABID ALI, Network and Security Consultant. Why Infrastructure Matters Rapidly Growing Markets Global Network Infrastructure and Security Markets 13.7% CAGR over the next

More information

Securing Manufacturing Computing and Controller Assets

Securing Manufacturing Computing and Controller Assets Securing Manufacturing Computing and Controller Assets Rockwell Automation and Cisco Four Key Initiatives: Common Technology View: A single system architecture, using open, industry standard networking

More information

PR03. High Availability

PR03. High Availability PR03 High Availability Related Topics NI10 Ethernet/IP Best Practices NI15 Enterprise Data Collection Options NI16 Thin Client Overview Solution Area 4 (Process) Agenda Overview Controllers & I/O Software

More information

ControlLogix and CompactLogix 5370 Segmentation Methods for Plant-wide/ Site-wide Networks with OEM Convergence-ready Solutions

ControlLogix and CompactLogix 5370 Segmentation Methods for Plant-wide/ Site-wide Networks with OEM Convergence-ready Solutions Network Segmentation Methodology Application Guide ControlLogix and CompactLogix 5370 Segmentation Methods for Plant-wide/ Site-wide Networks with OEM Convergence-ready Solutions By Josh Matson and Gregory

More information

Simplifying the Transition to Virtualization TS17

Simplifying the Transition to Virtualization TS17 Simplifying the Transition to Virtualization TS17 Name Sandeep Redkar Title Manager Process Solutions Date 11 th February 2015 Agenda Overview & Drivers Virtualization for Production Rockwell Automation

More information

Scalable Secure Remote Access Solutions for OEMs

Scalable Secure Remote Access Solutions for OEMs Scalable Secure Remote Access Solutions for OEMs Introduction Secure remote access to production assets, data, and applications, along with the latest collaboration tools, provides manufacturers with the

More information

Achieving Secure, Remote Access to Plant-Floor Applications and Data

Achieving Secure, Remote Access to Plant-Floor Applications and Data Achieving Secure, Remote Access to Plant-Floor Applications and Data Abstract To increase the flexibility and efficiency of production operations, manufacturers are adopting open networking standards for

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Physical Infrastructure for a Resilient Converged Plantwide Ethernet Architecture

Physical Infrastructure for a Resilient Converged Plantwide Ethernet Architecture Physical Infrastructure for a Resilient Converged Plantwide Ethernet Architecture Industrial Ethernet networking is advancing technology applications throughout the plant. These applications are rapidly

More information

Choosing the correct Time Synchronization Protocol and incorporating the 1756-TIME module into your Application

Choosing the correct Time Synchronization Protocol and incorporating the 1756-TIME module into your Application Choosing the correct Time Synchronization Protocol and incorporating the 1756-TIME module into your Application By: Josh Matson Various Time Synchronization Protocols From the earliest days of networked

More information

DeltaV System Cyber-Security

DeltaV System Cyber-Security January 2013 Page 1 This paper describes the system philosophy and guidelines for keeping your DeltaV System secure from Cyber attacks. www.deltav.com January 2013 Page 2 Table of Contents Introduction...

More information

Secure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco

Secure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco Secure Access into Industrial Automation and Systems Industry Best Practice and Trends Serhii Konovalov Venkat Pothamsetty Cisco Vendor offers a remote firmware update and PLC programming. Contractor asks

More information

Industrial Security for Process Automation

Industrial Security for Process Automation Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical

More information

OPC & Security Agenda

OPC & Security Agenda OPC & Security Agenda Cyber Security Today Cyber Security for SCADA/IS OPC Security Overview OPC Security Products Questions & Answers 1 Introduction CYBER SECURITY TODAY The Need for Reliable Information

More information

Securing Manufacturing Control Networks. Alan J. Raveling, CISSP November 2 nd 5 th Pack Expo 2014

Securing Manufacturing Control Networks. Alan J. Raveling, CISSP November 2 nd 5 th Pack Expo 2014 Securing Manufacturing Control Networks Alan J. Raveling, CISSP November 2 nd 5 th Pack Expo 2014 As Internet-enabled technologies such as cloud and mobility grow, the need to understand the potential

More information

Network & Security Services (NSS) Because Infrastructure Matters

Network & Security Services (NSS) Because Infrastructure Matters Network & Security Services (NSS) Because Infrastructure Matters Andrew Ballard Commercial Director Services & Support - EMEA Rev 5058-CO900E THE CONNECTED ENTERPRISE Headquarters Optimized for Rapid Value

More information

Dr. György Kálmán gyorgy@mnemonic.no

Dr. György Kálmán gyorgy@mnemonic.no COMMUNICATION AND SECURITY IN CURRENT INDUSTRIAL AUTOMATION Dr. György Kálmán gyorgy@mnemonic.no Agenda Connected systems historical overview Current trends, concepts, pre and post Stuxnet Risks and threats

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

Building Secure Networks for the Industrial World

Building Secure Networks for the Industrial World Building Secure Networks for the Industrial World Anders Felling Vice President, International Sales Westermo Group Managing Director Westermo Data Communication AB 1 Westermo What do we do? Robust data

More information

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Security for. Industrial. Automation. Considering the PROFINET Security Guideline Security for Industrial Considering the PROFINET Security Guideline Automation Industrial IT Security 2 Plant Security Physical Security Physical access to facilities and equipment Policies & Procedures

More information

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann

More information

IACS Network Security and the Demilitarized Zone

IACS Network Security and the Demilitarized Zone CHAPTER 6 IACS Network Security and the Demilitarized Zone Overview This chapter focuses on network security for the IACS network protecting the systems, applications, infrastructure, and end-devices.

More information

Manufacturing and the Internet of Everything

Manufacturing and the Internet of Everything Manufacturing and the Internet of Everything Johan Arens, CISCO (joarens@cisco.com) Business relevance of the Internet of everything Manufacturing trends Business imperatives and outcomes A vision of the

More information

ICANWK406A Install, configure and test network security

ICANWK406A Install, configure and test network security ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with

More information

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security

More information

Network Security Guidelines. e-governance

Network Security Guidelines. e-governance Network Security Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type

More information

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria

More information

Cisco Certified Security Professional (CCSP)

Cisco Certified Security Professional (CCSP) 529 Hahn Ave. Suite 101 Glendale CA 91203-1052 Tel 818.550.0770 Fax 818.550.8293 www.brandcollege.edu Cisco Certified Security Professional (CCSP) Program Summary This instructor- led program with a combination

More information

Cyber Security for NERC CIP Version 5 Compliance

Cyber Security for NERC CIP Version 5 Compliance GE Measurement & Control Cyber Security for NERC CIP Version 5 Compliance imagination at work Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security Management Controls...

More information

Chapter 1 The Principles of Auditing 1

Chapter 1 The Principles of Auditing 1 Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls

More information

Innovative Defense Strategies for Securing SCADA & Control Systems

Innovative Defense Strategies for Securing SCADA & Control Systems 1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet

More information

Decrease your HMI/SCADA risk

Decrease your HMI/SCADA risk Decrease your HMI/SCADA risk Key steps to minimize unplanned downtime and protect your organization. Are you running your plant operations with serious risk? Most industrial applications lack recommended

More information

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations

More information

IP Telephony Management

IP Telephony Management IP Telephony Management How Cisco IT Manages Global IP Telephony A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge Design, implement, and maintain a highly available, reliable, and resilient

More information

Best Practices for DanPac Express Cyber Security

Best Practices for DanPac Express Cyber Security March 2015 - Page 1 Best Practices for This whitepaper describes best practices that will help you maintain a cyber-secure DanPac Express system. www.daniel.com March 2015 - Page 2 Table of Content 1 Introduction

More information

DeltaV Cyber Security Solutions

DeltaV Cyber Security Solutions TM DeltaV Cyber Security Solutions A Guide to Securing Your Process A long history of cyber security In pioneering the use of commercial off-the-shelf technology in process control, the DeltaV digital

More information

Securing Process Control Systems

Securing Process Control Systems Securing Process Control Systems Bradford H. Hegrat, CISSP, CISM Sr. Principal Security Consultant Network & Security Services Rockwell Automation Process Solutions User Group (PSUG) November 14-15, 2011

More information

Implementing Cisco IOS Network Security

Implementing Cisco IOS Network Security Implementing Cisco IOS Network Security IINS v3.0; 5 Days, Instructor-led Course Description Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

Designing a security policy to protect your automation solution

Designing a security policy to protect your automation solution Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...

More information

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005 State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology

More information

Network Security Administrator

Network Security Administrator Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze

More information

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those

More information

L03 - Design, Implement, and Manage FactoryTalk Security

L03 - Design, Implement, and Manage FactoryTalk Security L03 - Design, Implement, and Manage FactoryTalk Security PUBLIC PUBLIC - 5058-CO900G Background: What is FactoryTalk Security? Use FactoryTalk Security to Manage the insider threat by authenticating the

More information

GE Measurement & Control. Cyber Security for NEI 08-09

GE Measurement & Control. Cyber Security for NEI 08-09 GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4

More information

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems GE Measurement & Control Top 10 Cyber Vulnerabilities for Control Systems GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used

More information

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark The self-defending network a resilient network By Steen Pedersen Ementor, Denmark The self-defending network - a resilient network What is required of our internal networks? Available, robust, fast and

More information

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance GE Oil & Gas Cyber Security for NERC CIP Versions 5 & 6 Compliance Cyber Security for NERC CIP Versions 5 & 6 Compliance 2 Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security

More information

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network WP 1004HE Part 5 1. Cyber Security White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network Table of Contents 1. Cyber Security... 1 1.1 What

More information

Secure Access into Industrial Automation and Control Systems Best Practice and Trends

Secure Access into Industrial Automation and Control Systems Best Practice and Trends Secure Access into Industrial Automation and Systems Best Practice and Trends Serhii Konovalov Venkat Pothamsetty Cisco Collaborating to Advance System Security Vendor offers a remote firmware update and

More information

Secure Networks for Process Control

Secure Networks for Process Control Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than

More information

Unified Threat Management, Managed Security, and the Cloud Services Model

Unified Threat Management, Managed Security, and the Cloud Services Model Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical

More information

This is a preview - click here to buy the full publication

This is a preview - click here to buy the full publication TECHNICAL REPORT IEC/TR 62443-3-1 Edition 1.0 2009-07 colour inside Industrial communication networks Network and system security Part 3 1: Security technologies for industrial automation and control systems

More information

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323

More information

IINS Implementing Cisco Network Security 3.0 (IINS)

IINS Implementing Cisco Network Security 3.0 (IINS) IINS Implementing Cisco Network Security 3.0 (IINS) COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using

More information

Are you prepared to be next? Invensys Cyber Security

Are you prepared to be next? Invensys Cyber Security Defense In Depth Are you prepared to be next? Invensys Cyber Security Sven Grone Critical Controls Solutions Consultant Presenting on behalf of Glen Bounds Global Modernization Consultant Agenda Cyber

More information

RuggedCom Solutions for

RuggedCom Solutions for RuggedCom Solutions for NERC CIP Compliance Rev 20080401 Copyright RuggedCom Inc. 1 RuggedCom Solutions Hardware Ethernet Switches Routers Serial Server Media Converters Wireless Embedded Software Application

More information

Symphony Plus Cyber security for the power and water industries

Symphony Plus Cyber security for the power and water industries Symphony Plus Cyber security for the power and water industries Symphony Plus Cyber Security_3BUS095402_(Oct12)US Letter.indd 1 01/10/12 10:15 Symphony Plus Cyber security for the power and water industries

More information

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1 Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3

More information

IT Security and OT Security. Understanding the Challenges

IT Security and OT Security. Understanding the Challenges IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control

More information

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Architecting the Internal Cloud Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Building the Internal Cloud Virtualization is the Key How Virtualization Affects

More information

Network/Cyber Security

Network/Cyber Security Network/Cyber Security SCAMPS Annual Meeting 2015 Joe Howland,VC3 Source: http://www.information-age.com/technology/security/123458891/how-7-year-old-girl-hacked-public-wi-fi-network-10-minutes Security

More information

PlantPAx op weg naar Connected Enterprise.

PlantPAx op weg naar Connected Enterprise. AUP 46 PlantPAx op weg naar Connected Enterprise. Wim van der Heide Solution Architect Copyright 2015 Rockwell Automation, Inc. All rights reserved. 2 Agenda 1. Waarom zou u moeten migreren? 1. Connected

More information

INTRUSION DETECTION SYSTEMS and Network Security

INTRUSION DETECTION SYSTEMS and Network Security INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS

More information

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control

More information

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric Challenges What challenges are there for Cyber Security in Industrial

More information

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements

More information

Architecture Overview

Architecture Overview Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and

More information

Critical Security Controls

Critical Security Controls Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security

More information

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT Utilities WHITE PAPER May 2013 INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT Table of Contents Introduction...3 Problem Statement...4 Solution Requirements...5 Components of an Integrated

More information

Les clés de l Ethernet Industriel : Comment se faire comprendre par votre département I.T.

Les clés de l Ethernet Industriel : Comment se faire comprendre par votre département I.T. Les clés de l Ethernet Industriel : Comment se faire comprendre par votre département I.T. Alexis Malchair, Business Development Manager, Internet of Things Group March 2015 IoT Is Here Now and Growing!

More information

Security Considerations for DirectAccess Deployments. Whitepaper

Security Considerations for DirectAccess Deployments. Whitepaper Security Considerations for DirectAccess Deployments Whitepaper February 2015 This white paper discusses security planning for DirectAccess deployment. Introduction DirectAccess represents a paradigm shift

More information

SonicWALL PCI 1.1 Implementation Guide

SonicWALL PCI 1.1 Implementation Guide Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard

More information

Network Virtualization Network Admission Control Deployment Guide

Network Virtualization Network Admission Control Deployment Guide Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus

More information

Protecting productivity with Plant Security Services

Protecting productivity with Plant Security Services Protecting productivity with Plant Security Services Identify vulnerabilities and threats at an early stage. Take proactive measures. Achieve optimal long-term plant protection. siemens.com/plant-security-services

More information

CYBER SECURITY. Is your Industrial Control System prepared?

CYBER SECURITY. Is your Industrial Control System prepared? CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect Operation & Optimization Software Activity Schneider-Electric Challenges What challenges are there

More information

Deploying Firewalls Throughout Your Organization

Deploying Firewalls Throughout Your Organization Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense

More information

Remote-Access VPNs: Business Productivity, Deployment, and Security Considerations

Remote-Access VPNs: Business Productivity, Deployment, and Security Considerations Remote-Access VPNs: Business Productivity, Deployment, and Security Considerations Choosing Remote-Access VPN Technologies, Securing the VPN Deployment Defining Remote-Access VPNs Remote-access VPNs allow

More information

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

Plant-wide Network Infrastructure. Copyright 2012 Rockwell Automation, Inc. All rights reserved.

Plant-wide Network Infrastructure. Copyright 2012 Rockwell Automation, Inc. All rights reserved. Plant-wide Network Infrastructure Agenda Additional On-site Information EtherNet/IP Considerations Logical Design Considerations Physical Layer Design Consideration Testing Considerations Plant-Floor and

More information

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy For Public Use G/On Basic Best Practice Reference Guide Version 6 Make Connectivity Easy 2006 Giritech A/S. 1 G/On Basic Best Practices Reference Guide v.6 Table of Contents Scope...3 G/On Server Platform

More information

Achieving PCI-Compliance through Cyberoam

Achieving PCI-Compliance through Cyberoam White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit

More information

Network Security Topologies. Chapter 11

Network Security Topologies. Chapter 11 Network Security Topologies Chapter 11 Learning Objectives Explain network perimeter s importance to an organization s security policies Identify place and role of the demilitarized zone in the network

More information

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0 COURSE OVERVIEW Implementing Secure Converged Wide Area Networks (ISCW) v1.0 is an advanced instructor-led course that introduces techniques and features that enable or enhance WAN and remote access solutions.

More information