Industrial Security in the Connected Enterprise
|
|
- Adrian Wilcox
- 8 years ago
- Views:
Transcription
1 Industrial Security in the Connected Enterprise Presented by Rockwell Automation 2008 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
2 THE CONNECTED ENTERPRISE Optimized for Rapid Value Creation Supply Chain Integration Collaborative, Demand Driven Compliant and Sustainable Enterprise PRODUCTIVITY SUSTAINABILITY Smart Grid AGILITY Customers Supply Chain COMPANY CONFIDENTIAL Distribution Center Copyright 2013 Rockwell Automation, Inc. All Rights Reserved. 2
3 3
4 INDUSTRIAL Internet of Things Active Energy Management CONTROLLER CONTROLLER
5 The Internet of Things IoT Continuing Trend in Industrial Applications More Things are being embedded with smart sensors and gaining the ability to communicate Things become the tools for better understanding complex processes and can adapt to changes quickly Things are linked through wired & wireless networks using the same network technology as the internet Ethernet IP (Internet Protocol) Smarter machines can be better controlled - thereby increasing efficiency Plant-wide Optimization Securing the architecture from attacks, data authentication & access control become increasingly important Faster Time to Market Improved Asset Utilization Lower Total Cost of Ownership Risk Management
6 Connected Enterprise - The IoT at work for Industrial Applications The IT Influence Increasing in Automation buying decisions Big Data & Analytics Information available to manage the supply chain & complex processes Machine data is expected to grow by a factor of >15 Cloud Computing & Virtualization Speed up deployment, Increase longevity, reliability & provide disaster recovery Centers around IT - Information Technology Mobility & BYOD Improve maintainability, uptime, asset longevity, safety and cost control Workforce is mobile during typical work day
7 Risks and Threats Application of Security patches Natural or Man-made disasters Worms and viruses Theft Sabotage Unauthorized access INFORMATION Denial of Service Business Risk Unauthorized actions by employees Unauthorized remote access Unintended employee actions OPERATIONS Security risks increase potential for disruption to System uptime, safe operation, and a loss of IP
8 Rockwell Automation s Approach to Industrial Security Build in Security Quality by Providing control system solutions that follow global standards and regulatory security requirements Utilizing common secure design requirements for our products Leading the industry in Responsible Disclosure policies and processes Create Security Value by Building compelling security related products, features and functionality Supply detailed and useful system architecture recommendations Provide access to experts in control system security to help customers design and maintain robust systems Rockwell Automation Enables Defense in Depth 8
9 Network Hardening Tamper Detection Content Protection Access Control
10 Connected Enterprise Collaboration of Partners Rockwell Automation and Partner Portfolio Rockwell Automation Cisco Automation & Process Control Wireless, Security, Switching & Routing Panduit Fluke Networks Physical Network Layer Verification, Network Troubleshooting Infrastructure Tools Microsoft VMWare Information Solutions Data Center Virtualization
11 Industrial Network Security Trends Established Industrial Security Standards International Society of Automation ISA/IEC (Formerly ISA-99) Industrial Automation and Control Systems (IACS) Security Defence-in-Depth IDMZ Deployment National Institute of Standards and Technology NIST Industrial Control System (ICS) Security Defence-in-Depth IDMZ Deployment Department of Homeland Security / Idaho National Lab DHS INL/EXT Control Systems Cyber Security: Defence-in-Depth Strategies Defence-in-Depth IDMZ Deployment A secure application depends on multiple layers of protection. Industrial security must be implemented as a system. 11
12 Industrial Network Security Trends Industrial vs Enterprise Network Requirements Industrial Requirements Switches Managed and Unmanaged Layer 2 is predominant Traffic types Information, control, safety, motion, time synchronization, energy management Performance Low Latency, Low Jitter Data Prioritization QoS Layer 2 & 3 IP Addressing Static Security Industrial security policies are inconsistently deployed Open by default, must close by configuration and architecture Enterprise Requirements Switches Managed Layer 2 and Layer 3 Traffic types Voice, Video, Data Performance Low Latency, Low Jitter Data Prioritization QoS Layer 3 IP Addressing Dynamic Security Pervasive Strong policies Similarities and differences? 12
13 Industrial Network Security Trends Policies - Industrial vs. Enterprise Network Requirements Focus Precedence of Priorities Types of Data Traffic Access Control Implications of a Device Failure Threat Protection Upgrades Industrial (IAT) Network 24/7 operations, high OEE Availability Integrity Confidentiality Converged network of data, control, information, safety and motion Strict physical access Simple network device access Production is down ($$ s/hour or worse) Isolate threat but keep operating Scheduled during downtime Enterprise (IT) Network Protecting intellectual property and company assets Confidentiality Integrity Availability Converged network of data, voice and video Strict network authentication and access policies Work-around or wait Shut down access to detected threat Automatically pushed during uptime 13
14 Network Security Framework Converged Plant-wide Ethernet (CPwE) Reference Architectures Structured and Hardened IACS Network Infrastructure Industrial security policy Pervasive security, not a bolt-on component Security framework utilizing defense-indepth approach Industrial DMZ implementation Remote partner access policy, with robust & secure implementation Standard DMZ Design Best Practices Enterprise Zone Levels 4-5 Industrial Demilitarized Zone (IDMZ) Physical or Virtualized Servers Patch Management Remote Gateway Services Application Mirror AV Server AAA - Application Authentication Server, Active Directory (AD), AAA - Network Remote Access Server Level 3 Site Operations FactoryTalk Client Client Hardening Level 2 Area Supervisory Control VLANs, Segmenting Domains of Trust Unified Threat Management (UTM) VLANs Catalyst 3750 StackWise Switch Stack Enterprise WAN Cisco ASA 5500 Firewall (Active) Network Status and Monitoring Catalyst 6500/4500 Controllers, I/O, Drives Firewall (Standby) HMI Plant Firewall: Inter-zone traffic segmentation ACLs, IPS and IDS VPN Services Portal and Terminal Server proxy Network Device Resiliency Network Infrastructure Access Control and Hardening Physical Port Security Network Security Services Must Not Compromise Operations of the IACS Controller Hardening, Encrypted Communications Controller Hardening, Physical Security Controller Level 1 - Controller Controller I/O Drive Level 0 - Process MCC Soft Starter 14
15 Industrial Network Security Trends EtherNet/IP Industrial Automation & Control System Network Open by default to allow both technology coexistence and device interoperability for Industrial Automation and Control System (IACS) Networks Secured by configuration: Protect the network - Electronic Security Perimeter Defend the edge - Industrial DMZ (IDMZ) Defense-in-Depth Multiple layers of security 15
16 Defense in Depth A secure application depends on multiple layers of protection. Industrial security must be implemented as a system. Layered Security Model Shield potential targets behind multiple levels of protection to reduce security risks Defense in Depth Use multiple security countermeasures to protect integrity of components or systems Openness Consideration for participation of a variety of vendors in our security solutions Flexibility Able to accommodate a customer s needs, including policies & procedures Consistency Solutions that align with Government directives and Standards Bodies
17 Assessing & Mitigating Threat Sources Presented by Rockwell Automation 2008 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
18 Industrial Security Risk & Threats 91% = number of cybersecurity breaches that took hours or less to perpetrate 62% = number of cybersecurity breaches that took months or years to discover 53% = number of cybersecurity breaches that took months or more to contain 21% = number of successful Intellectual Property external cybersecurity breaches that had internal help, and 80% of those exploited normal users, not administrators 10% = number of cybersecurity breaches detected by internal resource Source : 2013 DBIR
19 Is Your Company Protected? Some organizations will be a target regardless of what they do, but most become a target because of what they do Compromising network security is a $6 billion global underground industry of which $300 million is directly tied to manufacturing If your organization is a target of choice, understand as much as you can about what your opponent is likely to do and how far they are willing to go. Source : 2013 DBIR
20 Historical Industrial Control System (ICS) Common Traits to Historical ICS Proprietary Complete vertical solutions Customized Specialized communications Wired, fiber, microwave, dialup, serial, etc. 100s of different protocols Slow; e.g baud Long service lifetimes: years Not specifically designed with security in mind
21 Modern ICS Internet Enterprise Network Firewall Workplaces IP Enterprise Optimization Suite Enterprise Network Third Party Application Server Mobile Operator Services Network Connectivity Server Historian Server Application Server Engineering Workplace Control Network Serial, OPC or Fieldbus Device Network Redundant Third Party Controllers, Servers, etc. Serial RS485
22 Technology Trends in ICS COTS (Commercial-Off-The-Shelf) technologies Operating systems Windows, WinCE, embedded RTOSes Applications Databases, web servers, web browsers, etc. IT protocols HTTP, SMTP, FTP, DCOM, XML, SNMP, etc. Networking equipment switches, routers, firewalls, etc. Connectivity of ICS to enterprise LAN Improved business visibility, business process efficiency Remote access to control center and field devices IP Networking Common in higher level networks, gaining in lower levels Many legacy protocols wrapped in TCP or UDP Most new industrial devices have Ethernet ports Most new ICS architectures are IP-based
23 Availability, Integrity and Confidentiality Enterprise networks require C-I-A Confidentiality of intellectual property matters most Industrial Control Systems require A-I-C Availability and integrity of control matters most control data has low entropy little need for confidentiality Many ICS vendors provide six 9 s of availability Ensuring availability is hard Cryptography does not help (directly) DOS protection, rate limiting, resource management, QoS, redundancy, robust hardware with high MTBF Security must not reduce availability!
24 DoS and DDoS Attacks Denial of Service (DoS) attack overwhelms a system with too many packets/requests Exhausts TCP stack or application resources Defenses include connection limits in firewall Distributed Denial of Service (DDoS) attack coordinates a botnet to overwhelm a target system No single point of attack Requires sophisticated, coordinated defenses Weapon of choice for hackers, hacktivists, cyber-extortionists DoS, DDoS particularly effective when availability is critical, against ICS
25 Unpatched Systems Many ICS systems are not patched current Particularly Windows servers No patches available for older versions of windows OS and application patches can break ICS OS patches are commonly tested for enterprise apps not ICS Uncertified patches can invalidate warranty Patching often requires system reboot Before installation of a patch: Vendor certification typically one week Lab testing by operator Staged deployment on less critical systems first Avoid interrupting any critical process phases
26 Limited use of Host Anti-Virus AV operations can cause significant system disruption at inopportune times 3am is no better than any other time for a full disk scan on a system that operates 24x7x365 ICS vendors only beginning to support anti-virus Anti-virus is only as good as the signature set Signatures may require testing just like patches AV may be losing ground in enterprise deployments Impact on hosts, endpoint security not getting better Virus writers have learned to test against dominant AV Application whitelisting can be a good alternative Enumerate goodness rather than badness
27 Poor Authentication and Authorization Machine-to-machine comms involve no user Many ICS have poor authentication mechanisms and very limited authorization mechanisms Many protocols use cleartext passwords Many ICS devices lack crypto support Sometimes passwords left at vendor default Device passwords are hard to manage appropriately Often one password is shared amongst all devices and all users and seldom, if ever, changed
28 Requirements for 3rd Party Access Firmware updates and PLC, IED programming are sometimes performed by vendor Many ICS have open maintenance ports Infected vendor laptops can bring down an ICS Partners may require continuous status information Partner access is often poorly secured Partner channels can serve as backdoors 3 rd parties may include: ISO, transmission provider or grid neighbor, equipment vendor, emissions monitoring service or agency, water level monitoring agency, vibration monitoring service, etc.
29 People Issues ICS network often managed by Control Systems Department, distinct from IT Department running enterprise network ICS personnel are not IT or networking experts IT personnel are not ICS experts Significant portion of control systems workforce is older and nearing retirement Fewer young people entering this field Fewer academic programs
30 Ways to Address Risk There are four ways to deal with risk: 1. Risk Mitigation address it head on 2. Risk Acceptance i.e. the Risk Tautology (it is what it is) 3. Risk Transference i.e. insurance 4. Risk Avoidance Project X is risky let s not do Project X
31 Recommendations for Defending ICS Separate control network from enterprise network Harden connection to enterprise network Protect all points of entry with strong authentication Make reconnaissance difficult from outside Harden interior of control network Make reconnaissance difficult from inside Avoid single points of vulnerability Frustrate opportunities to expand a compromise Harden field sites and partner connections Mutual distrust Monitor both perimeter and inside events Periodically scan for changes in security posture
32 Network & Security Services -at a Glance Recover Protect ASSESS WHY is my network not operating according to operational / availability baselines? IS the network architecture robust enough to protect my intellectual property and assets? HOW do I know if issues I have on my network are security related, and how do I fix them? Detect Respond Defend DESIGN DOES my existing As-Is architecture protect against malware attacks? WHAT do I need to do to ensure my architecture scales to accommodate demands? HOW do I prioritize technology refresh tasks to maximize operational availability? IMPLEMENT HOW do I configure devices to best interface with Process Controls network? WHAT will the impact be if I upgrade to X and how do I go about making changes? HOW do I securely dispose of old equipment to ensure my data is not exposed? GOVERNANCE AM I required to be compliant with any regulations, and if so WHAT are they and HOW do I comply? WHAT is the risk if I am not compliant and HOW long do I have to become compliant? MANAGE/MONITOR HOW do I securely access my network remotely? DOES Rockwell Automaton provide a Virtual Support Engineer to help me maintain availability?
33 Rockwell Automation Industrial Security Resources Security-enhanced Products and Technologies Rockwell Automation product and technologies with security capabilities that help increase overall control system system-level security. EtherNet/IP Plantwide Reference Architectures Control system validated designs and security best-practices that complement recommended layered security/defence-in-depth measures. Network & Security Services (NSS) RA consulting specialists that conduct security risk assessments and make recommendations for how to avert risk and mitigate vulnerabilities. Remote Asset Monitoring Services The Virtual Support Engineer is a service that offers a simple and secure approach to monitoring your equipment and collecting valuable performance analytics.
34 Rockwell Automation: Industrial Security Resources Assessment Services Security Technology Security FAQ Security Services Leadership & Standards Security Resources Security Advisory Index MS Patch Qualification Reference Architectures Assessment Services Pretty Good Privacy (PGP) Public Key 34
35 Educational Tools & Content Industrial IP Advantage Website A new go-to resource for educational, technical and thought leadership information about industrial network communication Visit Industrial IP Advantage to learn more SANS Training Material Security policy blueprint (for IACS) available EX: Remote Access Policy, Router Security Policy Visit to learn more
36 Thank You
Securing The Connected Enterprise
Securing The Connected Enterprise Pack Expo 2015 Las Vegas Chelsea An Business Development Lead, Network & Security PUBLIC Copyright 2015 Rockwell Automation, Inc. All Rights Reserved. 8 Connected Enterprise
More informationT46 - Integrated Architecture Tools for Securing Your Control System
T46 - Integrated Architecture Tools for Securing Your Control System PUBLIC PUBLIC - 5058-CO900G Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. The Connected Enterprise PUBLIC Copyright
More informationNetwork Security Trends & Fundamentals of Securing EtherNet/IP Networks
Network Security Trends & Fundamentals of Securing EtherNet/IP Networks Presented by Rockwell Automation Industrial Network Security Trends Security Quips "Good enough" security now, is better than "perfect"
More informationIndustrial Security Solutions
Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats
More informationSecure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation
Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Rev 5058-CO900C Agenda Control System Network Security Defence in Depth Secure Remote Access Examples
More informationAUP28 - Implementing Security and IP Protection
AUP28 - Implementing Security and IP Protection Features in the Integrated Architecture Mads Laier DK Commercial Engineer Logix & Networks Rev 5058-CO900E Agenda Why IACS Security Now! Defense in depth
More informationThe Internet of Things (IoT) and Industrial Networks. Guy Denis gudenis@cisco.com Rockwell Automation Alliance Manager Europe 2015
The Internet of Things (IoT) and Industrial Networks Guy Denis gudenis@cisco.com Rockwell Automation Alliance Manager Europe 2015 Increasingly Everything will be interconnected 50 Billion Smart Objects
More informationComputer System Security Updates
Why patch? If you have already deployed a network architecture, such as the one recommended by Rockwell Automation and Cisco in the Converged Plantwide Ethernet Design and Implementation Guide (http://www.ab.com/networks/architectures.html),
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationAUP28. Implementing Security In Integrated Architecture Practical security solutions for Industrial Control System (ICS)
AUP28 Implementing Security In Integrated Architecture Practical security solutions for Industrial Control System (ICS) Clive Barwise, Rockwell Automation European Product Manager Networks and Security
More informationDr. György Kálmán gyorgy@mnemonic.no
COMMUNICATION AND SECURITY IN CURRENT INDUSTRIAL AUTOMATION Dr. György Kálmán gyorgy@mnemonic.no Agenda Connected systems historical overview Current trends, concepts, pre and post Stuxnet Risks and threats
More informationSecuring the Connected Enterprise
Securing the Connected Enterprise ABID ALI, Network and Security Consultant. Why Infrastructure Matters Rapidly Growing Markets Global Network Infrastructure and Security Markets 13.7% CAGR over the next
More informationRecommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationREFERENCE ARCHITECTURES FOR MANUFACTURING
Synopsis Industry adoption of EtherNet/IP TM for control and information resulted in the wide deployment of standard Ethernet in manufacturing. This deployment acts as the technology enabler for the convergence
More informationScalable Secure Remote Access Solutions
Scalable Secure Remote Access Solutions Jason Dely, CISSP Principal Security Consultant jdely@ra.rockwell.com Scott Friberg Solutions Architect Cisco Systems, Inc. sfriberg@cisco.com Jeffrey A. Shearer,
More informationIACS Network Security and the Demilitarized Zone
CHAPTER 6 IACS Network Security and the Demilitarized Zone Overview This chapter focuses on network security for the IACS network protecting the systems, applications, infrastructure, and end-devices.
More informationNetwork & Security Services (NSS) Because Infrastructure Matters
Network & Security Services (NSS) Because Infrastructure Matters Andrew Ballard Commercial Director Services & Support - EMEA Rev 5058-CO900E THE CONNECTED ENTERPRISE Headquarters Optimized for Rapid Value
More informationDeltaV System Cyber-Security
January 2013 Page 1 This paper describes the system philosophy and guidelines for keeping your DeltaV System secure from Cyber attacks. www.deltav.com January 2013 Page 2 Table of Contents Introduction...
More informationIndustrial Security for Process Automation
Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical
More informationGE Measurement & Control. Cyber Security for NEI 08-09
GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4
More informationDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationCisco Virtualization Experience Infrastructure: Secure the Virtual Desktop
White Paper Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop What You Will Learn Cisco Virtualization Experience Infrastructure (VXI) delivers a service-optimized desktop virtualization
More informationGE Measurement & Control. Cyber Security for Industrial Controls
GE Measurement & Control Cyber Security for Industrial Controls Contents Overview...3 Cyber Asset Protection (CAP) Software Update Subscription....4 SecurityST Solution Options...5 Centralized Account
More informationAn Analysis of the Capabilities Of Cybersecurity Defense
UNIDIRECTIONAL SECURITY GATEWAYS An Analysis of the Capabilities Of Cybersecurity Defense Michael Firstenberg, Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright
More informationEffective Defense in Depth Strategies
Honeywell.com 2014 Honeywell Users Group Asia Pacific Effective Defense in Depth Strategies for Industrial Systems 1 Document control number Honeywell Proprietary Honeywell.com Chee Ban, Ngai About the
More information13 Ways Through A Firewall
Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationCyber Security for NERC CIP Version 5 Compliance
GE Measurement & Control Cyber Security for NERC CIP Version 5 Compliance imagination at work Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security Management Controls...
More informationAre you prepared to be next? Invensys Cyber Security
Defense In Depth Are you prepared to be next? Invensys Cyber Security Sven Grone Critical Controls Solutions Consultant Presenting on behalf of Glen Bounds Global Modernization Consultant Agenda Cyber
More informationDecrease your HMI/SCADA risk
Decrease your HMI/SCADA risk Key steps to minimize unplanned downtime and protect your organization. Are you running your plant operations with serious risk? Most industrial applications lack recommended
More informationFundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals
Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure.
More informationSCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP
SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations
More informationSecuring Manufacturing Control Networks. Alan J. Raveling, CISSP November 2 nd 5 th Pack Expo 2014
Securing Manufacturing Control Networks Alan J. Raveling, CISSP November 2 nd 5 th Pack Expo 2014 As Internet-enabled technologies such as cloud and mobility grow, the need to understand the potential
More informationSecurity for. Industrial. Automation. Considering the PROFINET Security Guideline
Security for Industrial Considering the PROFINET Security Guideline Automation Industrial IT Security 2 Plant Security Physical Security Physical access to facilities and equipment Policies & Procedures
More informationControlLogix and CompactLogix 5370 Segmentation Methods for Plant-wide/ Site-wide Networks with OEM Convergence-ready Solutions
Network Segmentation Methodology Application Guide ControlLogix and CompactLogix 5370 Segmentation Methods for Plant-wide/ Site-wide Networks with OEM Convergence-ready Solutions By Josh Matson and Gregory
More informationIndustrial Network Security and Connectivity. Tunneling Process Data Securely Through Firewalls. A Solution To OPC - DCOM Connectivity
Industrial Network Security and Connectivity Tunneling Process Data Securely Through Firewalls A Solution To OPC - DCOM Connectivity Manufacturing companies have invested billions of dollars in industrial
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationSession 14: Functional Security in a Process Environment
Abstract Session 14: Functional Security in a Process Environment Kurt Forster Industrial IT Solutions Specialist, Autopro Automation Consultants In an ideal industrial production security scenario, the
More informationInfinity Acute Care System monitoring system
Infinity Acute Care System monitoring system Workstation security in a networked architecture Introduction The benefits of networked medical devices for healthcare facilities are compelling. However, the
More informationGE Measurement & Control. Cyber Security for NERC CIP Compliance
GE Measurement & Control Cyber Security for NERC CIP Compliance GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used for purposes
More informationSecurity Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net
Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those
More informationIP Telephony Management
IP Telephony Management How Cisco IT Manages Global IP Telephony A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge Design, implement, and maintain a highly available, reliable, and resilient
More informationOPC & Security Agenda
OPC & Security Agenda Cyber Security Today Cyber Security for SCADA/IS OPC Security Overview OPC Security Products Questions & Answers 1 Introduction CYBER SECURITY TODAY The Need for Reliable Information
More informationSecure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco
Secure Access into Industrial Automation and Systems Industry Best Practice and Trends Serhii Konovalov Venkat Pothamsetty Cisco Vendor offers a remote firmware update and PLC programming. Contractor asks
More information1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network
WP 1004HE Part 5 1. Cyber Security White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network Table of Contents 1. Cyber Security... 1 1.1 What
More informationNetwork & Security Services. Because Infrastructure Matters
Network & Security Services Because Infrastructure Matters Network & Security Services Manufacturing Convergence merging IT and manufacturing systems has created the need for coexistence and interoperability
More informationFirewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA
Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..
More informationManufacturing and the Internet of Everything
Manufacturing and the Internet of Everything Johan Arens, CISCO (joarens@cisco.com) Business relevance of the Internet of everything Manufacturing trends Business imperatives and outcomes A vision of the
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationVulnerability Testing of Industrial Network Devices
Vulnerability Testing of Industrial Network Devices Matthew Franz (mfranz@cisco.com) Critical Infrastructure Assurance Group (CIAG) http://www.cisco.com/go/ciag 2003, Cisco Systems, Inc. All rights reserved.
More informationCYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric
CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric Challenges What challenges are there for Cyber Security in Industrial
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationScalable Secure Remote Access Solutions for OEMs
Scalable Secure Remote Access Solutions for OEMs Introduction Secure remote access to production assets, data, and applications, along with the latest collaboration tools, provides manufacturers with the
More informationSecurity Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions
Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample
More informationGE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance
GE Oil & Gas Cyber Security for NERC CIP Versions 5 & 6 Compliance Cyber Security for NERC CIP Versions 5 & 6 Compliance 2 Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationUsing ISA/IEC 62443 Standards to Improve Control System Security
Tofino Security White Paper Version 1.2 Published May 2014 Using ISA/IEC 62443 Standards to Improve Control System Security Contents 1. Executive Summary... 1 2. What s New in this Version... 1 3. Why
More informationThe Advantages of an Integrated Factory Acceptance Test in an ICS Environment
The Advantages of an Integrated Factory Acceptance Test in an ICS Environment By Jerome Farquharson, Critical Infrastructure and Compliance Practice Manager, and Alexandra Wiesehan, Cyber Security Analyst,
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More informationHow To Secure Your System From Cyber Attacks
TM DeltaV Cyber Security Solutions A Guide to Securing Your Process A long history of cyber security In pioneering the use of commercial off-the-shelf technology in process control, the DeltaV digital
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationIT Networking and Security
elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer
More informationInformation Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100
Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Course Description: Introduction to Cybersecurity is designed to provide students the basic concepts and terminology
More informationNetwork & Security Services Rockwell Automation s Specialist team of Network & Security Specialists
Network & Security Services Rockwell Automation s Specialist team of Network & Security Specialists Sonny Kailola Customer Support & Maintenance (CSM) Rev 5058-CO900D Copyright 2015 Rockwell Automation,
More informationAvaya G700 Media Gateway Security - Issue 1.0
Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional Enterprise
More informationDefense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks
Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks A look at multi-vendor access strategies Joel Langill TÜV FSEng ID-1772/09, CEH, CPT, CCNA Security Consultant / Staff
More informationARCHITECT S GUIDE: Comply to Connect Using TNC Technology
ARCHITECT S GUIDE: Comply to Connect Using TNC Technology August 2012 Trusted Computing Group 3855 SW 153rd Drive Beaverton, OR 97006 Tel (503) 619-0562 Fax (503) 644-6708 admin@trustedcomputinggroup.org
More informationBest Practices for Outdoor Wireless Security
Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationUnified Threat Management, Managed Security, and the Cloud Services Model
Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical
More informationCconducted at the Cisco facility and Miercom lab. Specific areas examined
Lab Testing Summary Report July 2009 Report 090708 Product Category: Unified Communications Vendor Tested: Key findings and conclusions: Cisco Unified Communications solution uses multilayered security
More informationSimplifying the Transition to Virtualization TS17
Simplifying the Transition to Virtualization TS17 Name Sandeep Redkar Title Manager Process Solutions Date 11 th February 2015 Agenda Overview & Drivers Virtualization for Production Rockwell Automation
More informationSecure Networks for Process Control
Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than
More informationEase Server Support With Pre-Configured Virtualization Systems
Ease Server Support With Pre-Configured Virtualization Systems Manufacturers and industrial production companies are increasingly challenged with supporting the complex server environments that host their
More informationSecuring Virtual Applications and Servers
White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating
More informationG/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy
For Public Use G/On Basic Best Practice Reference Guide Version 6 Make Connectivity Easy 2006 Giritech A/S. 1 G/On Basic Best Practices Reference Guide v.6 Table of Contents Scope...3 G/On Server Platform
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationInnovative Defense Strategies for Securing SCADA & Control Systems
1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet
More informationCybersecurity considerations for electrical distribution systems
White Paper WP152002EN Supersedes January 2014 electrical distribution systems Authors Max Wandera, Brent Jonasson, Jacques Benoit, James Formea, Tim Thompson, Zwicks Tang, Dennis Grinberg, Andrew Sowada,
More information13 Ways Through A Firewall What you don t know will hurt you
Scientech 2013 Symposium: Managing Fleet Assets and Performance 13 Ways Through A Firewall What you don t know will hurt you Andrew Ginter VP Industrial Security Waterfall Security Solutions andrew. ginter
More informationFirewall Testing Methodology W H I T E P A P E R
Firewall ing W H I T E P A P E R Introduction With the deployment of application-aware firewalls, UTMs, and DPI engines, the network is becoming more intelligent at the application level With this awareness
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationHow To Create An Intelligent Infrastructure Solution
SYSTIMAX Solutions Intelligent Infrastructure & Security Using an Internet Protocol Architecture for Security Applications White Paper July 2009 www.commscope.com Contents I. Intelligent Building Infrastructure
More informationCyber Protection for Building Automation and Energy Management Systems
Cyber Protection for Building Automation and Energy Management Systems IT and Network Operations Managers Perspective PROTECT YOUR INVESTMENT Reinforcing the Integrity of Enterprise Networks The intersection
More informationAUD20 - Industrial Network Security
AUD20 - Industrial Network Security Lesley Van Loo EMEA Senior Commercial engineer - Rockwell Automation Rev 5058-CO900B Copyright 2012 Rockwell Automation, Inc. All rights reserved. 2 Agenda Connected
More informationProtecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking
ProCurve Networking by HP Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking Introduction... 2 Today s Network Security Landscape... 2 Accessibility...
More informationLifecycle Solutions & Services. Managed Industrial Cyber Security Services
Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements
More informationAdvantages of Managed Security Services
Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Get Started Now: 877.611.6342 to learn more. www.megapath.com Executive Summary Protecting Your Network
More informationBy David G. Holmberg, Ph.D., Member ASHRAE
The following article was published in ASHRAE Journal, November 2003. Copyright 2003 American Society of Heating, Refrigerating and Air-Conditioning Engineers, Inc. It is presented for educational purposes
More informationSecurely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.
Securely Architecting the Internal Cloud Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Building the Internal Cloud Virtualization is the Key How Virtualization Affects
More informationInformation Technology Cluster
Network Systems Pathway Information Technology Cluster Assistant Network Technician -- This major prepares students to install, configure, operate, and connections to remote sites in a wide area network
More informationCisco Certified Security Professional (CCSP)
529 Hahn Ave. Suite 101 Glendale CA 91203-1052 Tel 818.550.0770 Fax 818.550.8293 www.brandcollege.edu Cisco Certified Security Professional (CCSP) Program Summary This instructor- led program with a combination
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationSecuring SIP Trunks APPLICATION NOTE. www.sipera.com
APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)
More information