Helping to increase your resistance to attack. Industrial Security Reale Gefahren aus dem virtuellen Raum
|
|
- Bryan Taylor
- 8 years ago
- Views:
Transcription
1 Helping to increase your resistance to attack Industrial Security Reale Gefahren aus dem virtuellen Raum siemens.com/industrialsecurity
2 The age of cyberattacks The concept of Defense-in-Depth The Siemens approach Awareness is Key Outlook: in future cybersecurity will be regulated Page 2
3 Security Trends Globally we are seeing more network connections than ever before Trends Impacting Security Cloud Computing approaches Increased use of Mobile Devices Wireless Technology Reduced Personnel Requirements Smart Grid The worldwide and remote access to remote plants, remote machines and mobile applications The Internet of Things Source: World Economic Forum, 50 Global Risks Page 3
4 The corporate security chain is only as strong as its weakest link Security Can Fail at Any of these Points Employee Smartphone Laptops PC workstations Network infrastructure Mobile storage devices Tablet PC Computer center Policies and guidelines Printer Production systems Page 4
5 Why has industrial security become so important? Main Trends Impacting the Vulnerability of Automation Plants Horizontal and vertical Integration at all network levels Connection of automation networks with IT-Networks and Internet for remote maintenance Increased use of open standards and PC-based systems Possible Threats increased due to these trends: Access violation through unauthorized persons Espionage and manipulation of data Damages and data loss caused by malware Several security incidents reveal the vulnerability of automation plants. Page 5
6 Cyber vulnerabilities can affect your plant at many level The Need to Act Because of Cyber Security Vulnerabilities Loss of intellectual property, recipes, Sabotage of production plant Plant downtime e.g. caused by virus and malware Manipulation of data or of application software Unauthorized use of system functions Regulations and standards for industrial security require conformance Regulations: FDA, NERC CIP, CFATS, CPNI, KRITIS Standards: ISA 99, IEC Page 6
7 Threat analysis Every three years new developments The Age of Computerworms Cybercrime and Financial Interests Politics and Critical Infrastructure Cyberwarfare- Preparation CodeRed Slammer Blaster Hacking for Fun Hobbyists Worms Backdoors Anti-Virus Hackers Viruses BlackHat Responsible Disclosure Zeus SpyEye Rustock Hacking for Money Organized Criminals Botnets Adware Credit Card Fraud Phishing Banker Trojans SPAM WebSite Hacking Number of published exploits Number of published vulnerabilities Number of new malware signatures Aurora Nitro Stuxnet Hacking for political and economic gains Hacktivists State sponsored Actors Anonymous SCADA RSA Breach DigiNotar APT Targeted Attacks Sony Hack??? Development and spreading of cyberwarface capabilities Multiple state- and non-state actors Underground exploit market Systematic remote exploration and reconnaissance of critical Infrastructures and vendors Increasing sophistication, focus and brutality/impact of cyber methods Introduction of malicious, sleeping functionality in critical products? Page 7
8 Top 10 threats Page 8
9 The age of cyberattacks The concept of Defense-in-Depth The Siemens approach Awareness is Key Outlook: in future cybersecurity will be regulated Page 9
10 IACS, automation solution, control system Industrial Automation and Control System (IACS) Asset Owner operates Operational and Maintenance policies and procedures + System Integrator designs and deploys IACS environment / project specific Basic Process Control System (BPCS) Automation solution is the base for Safety Instrumented System (SIS) Product Supplier develops Embedded devices Control System as a combination of Network components Host devices Applications Independent of IACS environment Page 10
11 Actual structure of IEC / ISA Main documents to be published IEC / ISA General Policies and procedures System Component 1-1 Terminology, concepts and 2-1 Requirements for an IACS 3-1 Security technologies for IACS models security management system IS* 2009 TR* 2009 Ed.2.0 Profile of ISO / Master glossary of terms and abbreviations 1-3 System security compliance metrics DTS* 1Q14 Rejected DC* 10/ Patch management in the IACS environment TR* 4Q Requirements for IACS solution suppliers 3-2 Security risk assessment and system design DC* 2Q System security requirements and security levels IS* 08/ Product development requirements ID* 4Q Technical security requirements for IACS products ID* 4Q13 IS* 4Q14 Definitions Metrics Requirements placed on security organization and processes of the plant owner and suppliers Requirements to achieve a secure system Requirements to secure system components *DC: Draft for Comment *IS: International Standard *CDV: Committee Draft for Vote *TR: Technical Report Page 11 *ID: Initial Draft Functional requirements Processes / procedures
12 Various parts of IEC / ISA are addressing Defense in Depth Main parts of IEC General Asset Owner Policies and procedures IEC / ISA System Component Operational and Maintenances policies and procedures System Integrator Policies and procedures Security capabilities of the Automation Solution Product Supplier Security capabilities of the products 4-1 Development process Defense in Depth involves all stakeholders: Asset Owner, System Integrator, Product Supplier Page 12
13 IACS, automation solution, control system Industrial Automation and Control System (IACS) Asset Owner System Integrator operates designs and deploys IACS environment / project specific Operational and Maintenance policies and procedures Basic Process Control System (BPCS) + Automation solution is the base for Safety Instrumented System (SIS) Product Supplier develops Independent of IACS environment Embedded devices Control System as a combination of Network components Host devices Applications Page 13
14 Each stakeholder can create vulnerabilities Asset Owner operates can create weaknesses Industrial Automation and Control System (IACS) Operational and Maintenance policies and procedures + Invalid accounts not deleted Non confidential passwords Passwords not renewed System Integrator IACS environment designs and deploys can create weaknesses Basic Process Control System (BPCS) Automation solution base for Safety Instrumented System (SIS) Temporary accounts not deleted Default passwords not changed Product Supplier develops can create weaknesses Embedded devices Control System as a combination of Network components Host devices Applications Elevation of privileges Hard coded passwords Example: User Identification and Authentication Page 14
15 The age of cyberattacks The concept of Defense-in-Depth The Siemens approach Awareness is Key Outlook: in future cybersecurity will be regulated Page 15
16 IACS, automation solution, control system Industrial Automation and Control System (IACS) Asset Owner System Integrator operates designs and deploys Basic Process Control System (BPCS) Operational and Maintenance policies and procedures + Automation solution Safety Instrumented System (SIS) Complementary Hardware and Software IACS environment / project specific Siemens is product and solution supplier is the base for Product Supplier develops Embedded devices Network components Control System as a combination of Host devices Applications Independent of IACS environment Page 16
17 The Defense in Depth Concept Plant security Physical prevention of access to critical areas Establishing a Security Management Process Network security Controlled interfaces between office and plant network e.g. via firewalls Further segmentation of plant network System integrity Antivirus and whitelisting software System hardening Maintenance and update processes User authentication for plant or machine operators Integrated access protection mechanisms in automation components Security solutions in an industrial context must take account of all protection layers Page 17
18 The Siemens Approach Siemens Industrial Security approach Implementation of Security Management The interfaces are subject to regulations - and are monitored accordingly. PC-based systems must be protected. The control level must be protected. Communication must be monitored and can be segmented. The Siemens approach is based on five key points Page 18
19 The Siemens Solution Industrial Security Services Managed service and consulting Security Management Processes and policies Products & Systems Secure PCs, controllers and networks Integral security in PCs and controllers Security products for networking and communication The Siemens solution reduces your risk with a well thought-out security concept Page 19
20 Step-by-step approach for long-term protection of your industrial control system (ICS) Step 1: Assess Information about the security status and development of a security roadmap Step 2: Implement Planning, development and implementation of a holistic cyber security program Step 3: Continuous security services Continuous security through detection and proactive protection Vulnerability analysis Gap analysis Threat analysis Risk analysis Cyber security training Development of security strategies and procedures Implementation of security technology Global Threat Intelligence Detection and resolution of incidents Fast adaptation to changing threats Page 20
21 The Siemens solution for plant security Implementation of Security Management The interfaces are subject to regulations - and are monitored accordingly. Plant security PC-based systems must be protected. The control level must be protected. Communication must be monitored and can be segmented. Page 21
22 Security Management Security Management Process Risk analysis with definition of mitigation measures 1 Risk analysis Setting up of policies and coordination of organizational measures Coordination of technical measures Regular / event-based repetition of the risk analysis 4 Validation & improvement 3 Technical measures 2 Policies, Organizational measures Security Management is essential for a well thought-out security concept Page 22
23 The Siemens Solution for Network Security Implementation of Security Management The interfaces are subject to regulations - and are monitored accordingly. PC-based systems must be protected. Network security System Integrity The control level must be protected. Communication must be monitored and can be segmented. Implementierung des Security- Managements Page 23
24 Security Integrated is an essential component of a Defense in Depth concept Plant security Access blocked for unauthorized persons Physical prevention of access to critical components Network security Controlled interfaces with SCALANCE firewalls Further segmentation with Advanced CPs System integrity Know-how protection Copy protection Protection against manipulation Access protection Expanded access protection with CP Siemens products with Security Integrated provide security features such as integrated firewall, VPN communication, access protection, protection against manipulation. Page 24
25 SIMATIC S and the TIA Portal Security Highlights The SIMATIC S and the TIA Portal provide several security features: Increased Know-How Protection in STEP 7 Protection of intellectual property and effective investment: Password protection against unauthorized opening of program blocks in STEP 7 and thus protection against unauthorized copying of e.g. developed algorithms Password protection against unauthorized evaluation of the program blocks with external programs from the STEP 7 project from the data of the memory card from program libraries Increased Copy Protection Protection against unauthorized reproduction of executable programs: Binding of single blocks to the serial number of the memory card or PLC Protection against unauthorized copying of program blocks with STEP 7 Protection against duplicating the project saved on the memory card Page 25
26 SIMATIC S and the TIA Portal Security Highlights The SIMATIC S and the TIA Portal provide several security features: Increased Access Protection (Authentication) Extensive protection against unauthorized project changes: New degree of Protection Level 4 for PLC, complete lockdown (also HMI connections need password) * Configurable levels of authorization (1-3 with own password) For accessing over PLC and Communication Module interfaces General blocking of project parameter changes via the built-in display Expanded Access Protection Extensive protection against unauthorized project changes: Via Security CP by means of integrated firewall and VPN communication Increased Protection against Manipulation Protection of communication against unauthorized manipulation for high plant availability: Improved protection against manipulated communication by means of digital checksums when accessing controllers Protection against network attacks such as intrude of faked / recorded network communication (replay attacks) Protected password transfer for authentication Detection of manipulated firmware updates by means of digital checksums Page 26 * Optimally supported by SIMATIC HMI products and SIMATIC NET OPC Server
27 The age of cyberattacks The concept of Defense-in-Depth The Siemens approach Awareness is Key Outlook: in future cybersecurity will be regulated Page 27
28 Security Awareness is a basic Element Organization Technical Security Processes Security Awareness Standardization/ Regulations Industrial Security must be addressed at different levels Page 28
29 die 10 Top-Tipps der Informationssicherheit 1 Stufen Sie Informationen richtig ein, z.b. als vertraulich, und schützen Sie diese entsprechend 2 Machen Sie Informationen nur denjenigen zugänglich, die diese wirklich benötigen 3 Geben Sie persönliche Passwörter, Zugangscodes oder Ihre PIN/PKI nicht weiter auch nicht zu Vertretungszwecken 4 Speichern oder versenden Sie vertrauliche Informationen nur verschlüsselt. Verschlüsseln Sie Ihre Kommunikation mit Externen 5 Nutzen Sie sichere Entsorgungswege für vertrauliche Informationen, z.b. spezielle Container, Schredder 6 Führen Sie auf Reisen nur Informationen und Geräte mit, die Sie wirklich brauchen 7 Schützen Sie Informationen vor ungewollten Blicken und unerwünschten Zuhörern, im Büro und in der Öffentlichkeit 8 Seien Sie stets vorsichtig und wachsam im Umgang mit dem Internet und mit s 9 Halten Sie Ihre PC- und Antivirus-Software stets auf dem aktuellen Stand 10 Verständigen Sie sofort Ihren InfoSec Advisor, wenn Sie unsicher sind oder Gefahr vermuten Page 29
30 The age of cyberattacks The concept of Defense-in-Depth The Siemens approach Awareness is Key Outlook: in future cybersecurity will be regulated Page 30
31 Security will be regulated Page 31
32 Assessment of cybersecurity requires an holistic approach Cybersecurity protection of IACS operates Asset Owner Automation solution Asset Owner has the appropriate operational and maintenance policies and procedures to operate in a secure fashion an automation solution + Automation solution fulfills the security functionalities required by the target protection level of the plant controls Plant SL 1 SL 2 SL 3 SL 4 Protection against casual or coincidental violation Protection against intentional violation using simple means with low resources, generic skills and low motivation Protection against intentional violation using sophisticated means with moderate resources, IACS specific skills and moderate motivation Protection against intentional violation using sophisticated means with extended resources, IACS specific skills and high motivation Page 32
33 Thank you for your attention! Dr. Pierre Kobes Product and Solution Security Officer PD TI ATS TM 2 pierre.kobes@siemens.com siemens.com/industrialsecurity Page 33
34 Support & Service for Industrial Security Information about Industrial Security WWW: Contact in Marketing Promotion Industrial Security Oliver Narr Phone: +49 (911) Contact for Industrial Security Services Stefan Woronka Phone: +49 (721) Page 34
35 Support & Service for Industrial Security SIMATIC System Presales Support Factory Automation Phone: +49 (911) Contact in Security Product Management Factory Automation Dirk Gebert Phone: +49 (911) Contact for Motion Control Sven Härtel Phone: +49 (9131) Page 35
36 Support & Service for Industrial Security SIMATIC System Presales Support Process Automation Phone: +49 (721) Contact in Security Product Management Process Automation Jean-Luc Gummersbach Phone: +49 (721) Page 36
37 Support & Service for Industrial Security SIMATIC NET support for Network Security Phone: +49 (911) Customer Support WWW: Phone: +49 (911) Page 37
38 Any questions about Network Security?? Contact in Security Product Management Network Security Franz Köbinger Phone: +49 (911) Contact in Business Development Network Security Maximilian Korff Phone: +49 (911) Contact in Marketing Promotion Network Security Christine Gaida Telefon: +49 (911) Page 38
39 Security Information Siemens provides products and solutions with industrial security functions that support the secure operation of plants, solutions, machines, equipment and/or networks. They are important components in a holistic industrial security concept. With this in mind, Siemens products and solutions undergo continuous development. Siemens recommends strongly that you regularly check for product updates. For the secure operation of Siemens products and solutions, it is necessary to take suitable preventive action (e.g. cell protection concept) and integrate each component into a holistic, state-of-the-art industrial security concept. Third-party products that may be in use should also be considered. For more information about industrial security, visit To stay informed about product updates as they occur, sign up for a product-specific newsletter. For more information, visit Page 39
40 Thank you for your attention! Dr. Pierre Kobes Product and Solution Security Officer PD TI ATS TM 2 pierre.kobes@siemens.com siemens.com/industrialsecurity Page 40
Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG 2015. All rights reserved
Siemens AG - Corporate Technology - IT Security Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG 2015. All rights reserved Not a single
More informationSecurity all around. Industrial security for your plant at all levels. siemens.com/industrialsecurity. Answers for industry.
Security all around Industrial security for your plant at all levels siemens.com/industrialsecurity Answers for industry. A systematic approach to minimize threats With the increased use of Ethernet connections
More informationProtecting productivity with Plant Security Services
Protecting productivity with Plant Security Services Identify vulnerabilities and threats at an early stage. Take proactive measures. Achieve optimal long-term plant protection. siemens.com/plant-security-services
More informationTeleTrusT Bundesverband IT-Sicherheit e.v.
TeleTrusT Bundesverband IT-Sicherheit e.v. TeleTrusT-Workshop "Industrial Security" 2015 München, 11.06.2015 Einführung Industrial Security anhand des IEC 62443; Bedrohungslage für Betreiber von ICS (Industrial
More informationOperational Guidelines for Industrial Security
Operational Guidelines for Industrial Security Proposals and recommendations for technical and organizational measures for secure operation of plant and machinery Version 2.0 Operational Guidelines for
More informationSecurity Levels in ISA-99 / IEC 62443
Summary Assessment of the security protection of a plant A Security Protection Level has to be assessed in a plant in operation A Protection Level requires both: The fulfillment of the policies and procedures
More informationSecurityconcept fortheprotectionofindustrialplants. Industrial Security. White PaperV1.0
Securityconcept fortheprotectionofindustrialplants Industrial Security White PaperV1.0 June 2013 Prologue This whitepaper gives an overview of Industrial Security. It describes the threats and risks to
More informationIndustrial Security for Process Automation
Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical
More informationA New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager
A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks Alex Leemon, Sr. Manager 1 The New Cyber Battleground: Inside Your Network Over 90% of organizations have been breached
More informationThis is a preview - click here to buy the full publication
TECHNICAL REPORT IEC/TR 62443-3-1 Edition 1.0 2009-07 colour inside Industrial communication networks Network and system security Part 3 1: Security technologies for industrial automation and control systems
More informationPractical Steps To Securing Process Control Networks
Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.
More informationSecurity for. Industrial. Automation. Considering the PROFINET Security Guideline
Security for Industrial Considering the PROFINET Security Guideline Automation Industrial IT Security 2 Plant Security Physical Security Physical access to facilities and equipment Policies & Procedures
More informationWhere Smart Data meets Data Security Siemens Cloud for Industry powered by SAP HANA. April 2015
Where Smart Data meets Data Security Siemens Cloud for Industry powered by SAP HANA April 2015 Think of a Number! 13642916 Page 2 Prologue: Nineteenth-century Data Overkill Page 3 Prologue: Your Brain
More informationDr. György Kálmán gyorgy@mnemonic.no
COMMUNICATION AND SECURITY IN CURRENT INDUSTRIAL AUTOMATION Dr. György Kálmán gyorgy@mnemonic.no Agenda Connected systems historical overview Current trends, concepts, pre and post Stuxnet Risks and threats
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationIntel Cyber-Security Briefing: Trends, Solutions, and Opportunities
Intel Cyber-Security Briefing: Trends, Solutions, and Opportunities John Skinner, Director, Secure Enterprise and Cloud, Intel Americas, Inc. May 2012 Agenda Intel + McAfee: What it means Computing trends
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationDevice Hardening, Vulnerability Remediation and Mitigation for Security Compliance
Device Hardening, Vulnerability Remediation and Mitigation for Security Compliance Produced on behalf of New Net Technologies by STEVE BROADHEAD BROADBAND TESTING 2010 broadband testing and new net technologies
More informationCyber Security. Moderator: Marla J. Kreindler, Partner, Morgan, Lewis & Bockius LLP
Cyber Security Moderator: Marla J. Kreindler, Partner, Morgan, Lewis & Bockius LLP Speakers: Keith Overly, Executive Director, Ohio Deferred Compensation Program Raj Patel, Partner, Plante & Moran, PLLC
More informationCyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services
Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance
More informationABB s approach concerning IS Security for Automation Systems
ABB s approach concerning IS Security for Automation Systems Copyright 2006 ABB. All rights reserved. Stefan Kubik stefan.kubik@de.abb.com The problem Most manufacturing facilities are more connected (and
More informationSCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP
SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations
More informationSecurity Practices for Online Collaboration and Social Media
Cisco IT Best Practice Collaboration Security Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 2013 Cisco and/or its affiliates. All rights reserved.
More informationBest Practices for DanPac Express Cyber Security
March 2015 - Page 1 Best Practices for This whitepaper describes best practices that will help you maintain a cyber-secure DanPac Express system. www.daniel.com March 2015 - Page 2 Table of Content 1 Introduction
More informationDeltaV System Cyber-Security
January 2013 Page 1 This paper describes the system philosophy and guidelines for keeping your DeltaV System secure from Cyber attacks. www.deltav.com January 2013 Page 2 Table of Contents Introduction...
More informationDocument ID. Cyber security for substation automation products and systems
Document ID Cyber security for substation automation products and systems 2 Cyber security for substation automation systems by ABB ABB addresses all aspects of cyber security The electric power grid has
More informationDefense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks
Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks A look at multi-vendor access strategies Joel Langill TÜV FSEng ID-1772/09, CEH, CPT, CCNA Security Consultant / Staff
More informationCyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist
Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationWhat is Really Needed to Secure the Internet of Things?
What is Really Needed to Secure the Internet of Things? By Alan Grau, Icon Labs alan.grau@iconlabs.com The Internet of Things (IoT) has become a ubiquitous term to describe the tens of billions of devices
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationUsing Tofino to control the spread of Stuxnet Malware
technical datasheet Application Note Using Tofino to control the spread of Stuxnet Malware This application note describes how to use the Tofino Industrial Security Solution to prevent the spread of the
More informationN-Dimension Solutions Cyber Security for Utilities
AGENDA ITEM NO.: 3.A. MEETING DATE; 08/18/2014 N-Dimension Solutions Cyber Security for Utilities Cyber Security Protection for Critical Infrastructure Assets The cyber threat is escalating - Confidential
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationHow to Secure Your Environment
End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge
More informationHow To Secure Your System From Cyber Attacks
TM DeltaV Cyber Security Solutions A Guide to Securing Your Process A long history of cyber security In pioneering the use of commercial off-the-shelf technology in process control, the DeltaV digital
More informationSymphony Plus Cyber security for the power and water industries
Symphony Plus Cyber security for the power and water industries Symphony Plus Cyber Security_3BUS095402_(Oct12)US Letter.indd 1 01/10/12 10:15 Symphony Plus Cyber security for the power and water industries
More informationIndustrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities
Industrial Cyber Security Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities WE HEAR ABOUT CYBER INCIDENTS EVERY DAY IN THE NEWS, BUT JUST HOW RELEVANT ARE THESE
More informationCloak and Secure Your Critical Infrastructure, ICS and SCADA Systems
Cloak and Secure Your Critical Infrastructure, ICS and SCADA Systems Building Security into Your Industrial Internet Phillip Allison Tempered Networks Discussion topics Threats to network security TCP/IP
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationCyber Security Seminar KTH 2011-04-14
Cyber Security Seminar KTH 2011-04-14 Defending the Smart Grid erik.z.johansson@se.abb.com Appropriate Footer Information Here Table of content Business Drivers Compliance APT; Stuxnet and Night Dragon
More informationSCADA Security Training
SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: www.axenic.co.nz phone: +64 21 689998 page 1 of 6 Introduction Corporate Background Axenic Ltd Since 2009,
More informationCisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media
January 2012 Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 All contents are Copyright 1992 2012 Cisco Systems, Inc. All rights reserved. This document
More informationi-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors
March 25-27, 2014 Steven A. Kunsman i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors ABB Inc. March 26, 2015 Slide 1 Cyber Security for Substation
More informationUsing ISA/IEC 62443 Standards to Improve Control System Security
Tofino Security White Paper Version 1.2 Published May 2014 Using ISA/IEC 62443 Standards to Improve Control System Security Contents 1. Executive Summary... 1 2. What s New in this Version... 1 3. Why
More informationABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?
ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security? Agenda Threats Risk Assessment Implementation Validation Advanced Security Implementation Strategy
More informationInternet Safety and Security: Strategies for Building an Internet Safety Wall
Internet Safety and Security: Strategies for Building an Internet Safety Wall Sylvanus A. EHIKIOYA, PhD Director, New Media & Information Security Nigerian Communications Commission Abuja, NIGERIA Internet
More informationHigh Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe
2/1/2012 Assessor: J. Doe Disclaimer This report is provided as is for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information
More informationAgenda. Introduction to SCADA. Importance of SCADA security. Recommended steps
Agenda Introduction to SCADA Importance of SCADA security Recommended steps SCADA systems are usually highly complex and SCADA systems are used to control complex industries Yet.SCADA systems are actually
More informationUser Security Education and System Hardening
User Security Education and System Hardening Topic 1: User Security Education You have probably received some form of information security education, either in your workplace, school, or other settings.
More informationCYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric
CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric Challenges What challenges are there for Cyber Security in Industrial
More informationSecurity Implications Associated with Mass Notification Systems
Security Implications Associated with Mass Notification Systems Overview Cyber infrastructure: Includes electronic information and communications systems and services and the information contained in these
More informationIndustrial Security in the Connected Enterprise
Industrial Security in the Connected Enterprise Presented by Rockwell Automation 2008 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. THE CONNECTED ENTERPRISE Optimized for Rapid
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationOlav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord
Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord Implementation of Cyber Security for Yara Glomfjord Speaker profile Olav Mo ABB
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationData Security Best Practices & Reasonable Methods
Data Security Best Practices & Reasonable Methods September 2013 Mike Tassey Technical Security Advisor Privacy Technical Assistance Center (PTAC) http://ptac.ed.gov/ E-mail: PrivacyTA@ed.gov Phone: 855-249-3072
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationCybersecurity Awareness. Part 1
Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat
More informationHow-To Guide: Cyber Security. Content Provided by
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
More informationa Post-Stuxnet World The Future of Critical Infrastructure Security Eric Byres, P.Eng.
SCADA and CIP Security in a Post-Stuxnet World The Future of Critical Infrastructure Security Eric Byres, P.Eng. CTO, Byres Security Inc. What is Stuxnet? The Stuxnet Worm July, 2010: Stuxnet worm was
More information2012 Bit9 Cyber Security Research Report
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationJort Kollerie SonicWALL
Jort Kollerie Cloud 85% of businesses said their organizations will use cloud tools moderately to extensively in the next 3 years. 68% of spend in private cloud solutions. - Bain and Dell 3 Confidential
More information13 Ways Through A Firewall
Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright
More informationMaturation of a Cyber Security Incident Prevention and Compliance Program
Maturation of a Cyber Security Incident Prevention and Compliance Program Utilities & Energy Compliance & Ethics Conference February 25, 2013 Houston, Texas Anna Wang Principal Consultant Imminent Cyber
More informationInformation Technology Cyber Security Policy
Information Technology Cyber Security Policy (Insert Name of Organization) SAMPLE TEMPLATE Organizations are encouraged to develop their own policy and procedures from the information enclosed. Please
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationDIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014
DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014 Revision History Update this table every time a new edition of the document is
More informationIndustrial Security Solutions
Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats
More informationEEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project
EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies
More informationVerve Security Center
Verve Security Center Product Features Supports multiple control systems. Most competing products only support a single vendor, forcing the end user to purchase multiple security systems Single solution
More informationCyber Essentials Scheme
Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these
More informationICT OPERATING SYSTEM SECURITY CONTROLS POLICY
ICT OPERATING SYSTEM SECURITY CONTROLS POLICY TABLE OF CONTENTS 1. INTRODUCTION... 3 2. LEGISLATIVE FRAMEWORK... 3 3. OBJECTIVE OF THE POLICY... 4 4. AIM OF THE POLICY... 4 5. SCOPE... 4 6. BREACH OF POLICY...
More informationHow are we keeping Hackers away from our UCD networks and computer systems?
How are we keeping Hackers away from our UCD networks and computer systems? Cybercrime Sony's Hacking Scandal Could Cost The Company $100 Million - http://www.businessinsider.com/sonys-hacking-scandal-could-cost-the-company-100-million-2014-12
More informationManaging Web Security in an Increasingly Challenging Threat Landscape
Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.
More informationFrost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends
Frost & Sullivan s Aerospace, Defence & Security Practice Global Industrial Cyber Security Trends Presented by Philipp Reuter Director Frost & Sullivan, Turkey 1 Worth over $ 50 Billion globally in 2014
More informationAre you prepared to be next? Invensys Cyber Security
Defense In Depth Are you prepared to be next? Invensys Cyber Security Sven Grone Critical Controls Solutions Consultant Presenting on behalf of Glen Bounds Global Modernization Consultant Agenda Cyber
More informationA Concise Model to Evaluate Security of SCADA Systems based on Security Standards
A Concise Model to Evaluate Security of SCADA Systems based on Security Standards Nasser Aghajanzadeh School of Electrical and Computer Engineering, Shiraz University, Shiraz, Iran Alireza Keshavarz-Haddad
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationPatch and Vulnerability Management Program
Patch and Vulnerability Management Program What is it? A security practice designed to proactively prevent the exploitation of IT vulnerabilities within an organization To reduce the time and money spent
More informationCyber Security Awareness
Cyber Security Awareness User IDs and Passwords Home Computer Protection Protecting your Information Firewalls Malicious Code Protection Mobile Computing Security Wireless Security Patching Possible Symptoms
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationPatch Management. Is it recommended to patch an Industrial Automation Control System and, if so, why? Siemens AG 2012. All Rights Reserved.
Patch Management Is it recommended to patch an Industrial Automation Control System and, if so, why? Facts Most of the computer components of modern Industrial Automation Control System are based on standard
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationRethinking Cyber Security for Industrial Control Systems (ICS)
Rethinking Cyber Security for Industrial Control Systems (ICS) Bob Mick VP Emerging Technologies ARC Advisory Group bmick@arcweb.com 1 Rethinking Cyber Security We Now Have Years of Experience - Security
More informationAhead of the threat with Security Intelligence
Ahead of the threat with Security Intelligence PITB Information Security Conference 2013 Zoaib Nafar Brand Technical Sales Lead 2012 IBM Corporation 1 The world is becoming more digitized and interconnected,
More informationRisk Management in Global Operating Industry
Risk Management in Global Operating Industry World Financial Symposium 2015 Here is the News Saleema Brohi Aviation Legal Expert Session Sponsor World Financial Symposium 2015 Cyber Attack! - Beyond Firewalls
More informationEffective Defense in Depth Strategies
Honeywell.com 2014 Honeywell Users Group Asia Pacific Effective Defense in Depth Strategies for Industrial Systems 1 Document control number Honeywell Proprietary Honeywell.com Chee Ban, Ngai About the
More informationCompliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:
Security.01 Penetration Testing.02 Compliance Review.03 Application Security Audit.04 Social Engineering.05 Security Outsourcing.06 Security Consulting.07 Security Policy and Program.08 Training Services
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationPromoting Network Security (A Service Provider Perspective)
Promoting Network Security (A Service Provider Perspective) Prevention is the Foundation H S Gupta DGM (Technical) Data Networks, BSNL hsgupta@bsnl.co.in DNW, BSNL 1 Agenda Importance of Network Security
More informationStuxnet Malware. Official communication presented at CIP Seminar 02-11-2010 by Thomas Brandstetter. Siemens AG 2010. All Rights Reserved.
Official communication presented at CIP Seminar 02-11-2010 by Thomas Brandstetter What is the Stuxnet and what can it do? Stuxnet is a high sophisticated malware that targets very specific configurations
More informationWho s Doing the Hacking?
Who s Doing the Hacking? 1 HACKTIVISTS Although the term hacktivist refers to cyber attacks conducted in the name of political activism, this segment of the cyber threat spectrum covers everything from
More informationFERPA: Data & Transport Security Best Practices
FERPA: Data & Transport Security Best Practices April 2013 Mike Tassey Privacy Technical Assistance Center FERPA and Data Security Unlike HIPAA and other similar federal regulations, FERPA does not require
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More information1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.
Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is
More information