WIB Mini-Seminar, The Hague (21 st of March 2013) An update from the Control Systems Working Group



Similar documents
WIB Functional Safety

Global Industrial Cyber Security Professional GICSP

ISA Security. Compliance Institute. Role of Product Certification in an Overall Cyber Security Strategy

ISA Security Compliance Institute

ISA Security Compliance Institute ISASecure IACS Certification Programs

Roadmaps to Securing Industrial Control Systems

Vision & Positioning Statement For Wurldtech Labs

ISA Security Compliance Institute

ARC INDUSTRY FORUM 2015

Security Levels in ISA-99 / IEC 62443

The Group CYTEK CYTEK PROJECTS CONSULTING

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

Cybersecurity for Energy Delivery Systems 2010 Peer Review. Dale Peterson Digital Bond, Inc. Bandolier and Portaledge

ESKISP Direct security testing

Chemical Sector Cyber Security Program

Rethinking Cyber Security for Industrial Control Systems (ICS)

Process Automation and Instrumentation Market by Types, Technology, Application and by Geography - Analysis & Global Forecasts to

AUTOMATION AND PROCESS CONTROL

Shared Infrastructure: What and Where is Collaboration Needed to Build the SM Platform?

Team A SaaS Strategy

Dr. Markus Braendle, Head of Cyber Security, ABB Group 10 Steps on the Road to a Successful Cyber Security Program Asia Pacific ICS Security SUMMIT

Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems

Process Automation - History and Future

Control System Integrity (CSI) Tools and Processes to Automate CIP Compliance for Control Systems

Transforming Control System to a Virtualized Platform, including On Process Migration. Anneke Vemer ExxonMobil

Applying ISA/IEC to Control Systems MESAKNOWS. Graham Speake. Principal Systems Architect Yokogawa. Do you know MESA? Additional partner logos

Industrial Cyber Security 101. Mike Spear

Manage Release and Deployment

ISA99 Working Group 5 ISA99 Working Group 5

RESPONSIBLE CARE GLOBAL CHARTER. A Special Supplement Presented with

Session 14: Functional Security in a Process Environment

IEC A New Perspective in Substation Automation

Roles & Grades Rate Cards and Applicable SFIA Skills

N.K. Srivastava GM-R&M-Engg.Services NTPC- CC/Noida

Technical Project Manager JOB DESCRIPTION

OE PROJECT CHARTER TEMPLATE

Industrial Control System Cyber Security

BUSINESS TO MANUFACTURING (B2M) COLLABORATION BETWEEN BUSINESS AND MANUFACTURING USING ISA-95 ABSTRACT

OE PROJECT CHARTER TEMPLATE

Advanced automation and real-time business intelligence Solutions for the Energy & Utilities markets M A N A G I N G T H E E S S E N T I A L S

Information Security Managing The Risk

FOR REVIEW PURPOSES ONLY!

STATE BOARD OF ELECTIONS P.O. BOX 6486, ANNAPOLIS, MD PHONE (410)

ARC Industry Forum, Orlando 2/13/2014. Overview. Martin Swaine 4D Program Manager, Shell P&T (Projects & Technology) Shell International

LOGIIC Remote Access. Final Public Report. June LOGIIC - APPROVED FOR PUBLIC DISTRIBUTION

ISA-99 Industrial Automation & Control Systems Security

Cyber Security Implications of SIS Integration with Control Networks

FOR REVIEW PURPOSES ONLY!

International Chamber of Commerce The world business organization

FOR REVIEW PURPOSES ONLY!

Design Document Version 0.0

Process Control Systems Forum (PCSF)

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

ESCoRTS A European network for the Security of Control & Real Time Systems

Standard for an Architectural Framework for the Internet of Things (IoT) IEEE P2413

Office of the Chief Information Officer

DHS, National Cyber Security Division Overview

Is your current safety system compliant to today's safety standard?

Annexure-A (Qualifications & Job Description with Roles & Responsibilities) Job Description

CSMS. Cyber Security Management System. Conformity Assessment Scheme

Project Team Roles Adapted for PAAMCO

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Avaya Strategic Communications. Consulting. A Strong Foundation for Superior Business Results. Table of Contents. Taking Business Vision to Reality

Strategic payment solutions

Voice Over IP Network Solution Design, Testing, Integration and Implementation Program Overview

Towards a standard approach to supply chain integrity. Claire Vishik September 2013

A Guide to the Cyber Essentials Scheme

Information Technology Project Management (ITPM)

Dallas IIA Chapter / ISACA N. Texas Chapter. January 7, 2010

Protecting productivity with Plant Security Services

Development, Acquisition, Implementation, and Maintenance of Application Systems

MNLARS Project Audit Checklist

TERMS OF REFERENCE (TORs) OF CONSULTANTS - (EAG) 1. Reporting Function. The Applications Consultant reports directly to the CIO

NGITS ITSM STRATEGY JAYASHREE RAGHURAMAN SHIVA CHANDRASHEKHER VIKAS SOLANKI

Cyber Security Health Test

integrate 2: Business Process Redesign

Building the business case for ITAM

Front End Engineering Design Capabilities

1 ISA Security Compliance Institute

Historians and Production Management as Cloud Applications

Transcription:

WIB Mini-Seminar, The Hague (21 st of March 2013) An update from the Control Systems Working Group Kees Biesheuvel, DOW Product Manager MOD5 Engineering Solutions Jos Menting, Laborelec Belgium, CTO

The merger of two WIB Working Groups 2011-2012 BPCS Working Group 2007-2012 Plant Security Working Group 2013 Control Systems Working Group WIB

Who is active in the Control Systems Working Group? 1. Eric Abresch - Exxonmobil 2. Ted Angevaare Shell & Chairman 3. Kees Biesheuvel - DOW 4. Lex Boekel - Wintershall 5. Pascal vd Boogaard Shell 6. Guido de Bouver - M+W-group 7. Fabien Briere - Total (Fr) 8. Maarten de Caluwe DOW 9. Lion Demarteau - Sitech 10. Jimmy Denis - Laborelec 11. Ruud Denneman - Total 12. Mahdi Elkawafi - Wintershall 13. Sierk Goedemoed Heineken 14. Dominic de Kerf - Cargill 15. Michiel Kleisen - Dupont 16. Tom Koeken - EdeA 17. Peter Kwaspen Shell 18. Patrick Lienart - Total (Fr) 19. Mart Louisse - Aramco 20. Joris Meijs - AkzoNobel 21. Jos Menting Laborelec & Board 22. Onno Moret - Wintershall 23. Jos Oelers - Sabic 24. Kevin Orr - Solar Turbines 25. Frank Pijnenburg - DSM 26. Joost Roldaan - Heineken 27. Chris Sandford Wurldtech (Guest Mem) 28. Andre Schepens - Dow 29. Frans Staes - Cargill 30. Maximilien Simons - Solvay 31. Gerard Valkema - AkzoNobel 32. Edwin Vandeneynde - Solvay 33. Anneke Vemer - Exxonmobil 34. Lou Verhagen - AkzoNobel 35. Martin Visser - Waternet 36. Dick de Wagenaar - Q8 37. Jos Wenmeckers EdeA (Alphabetic-order)

New Plan of Action: First a strategy document shall be produced to provide steer to the Control Systems Working Group: Strategy is the direction and scope of an organization over the long-term: which achieves advantage for the organization through its configuration of resources within a challenging environment, to meet the needs of markets and to fulfill stakeholder expectations : The following subject will be addressed in the strategy document: 1- Sharing knowledge 2- IT security 3- Obsolescence /Life Cycle 4- Common voice to vendors Plant Security 5- Migration The Control Systems Working Group will be active on technical subjects and not on financial/commercial subjects. Dedicated Task Forces will be create to deal with specific subjects in more detail and to work on the subject to create a deliverable, such as a document or a presentation.

WIB MISSION Facilitate exchange of experience and expertise amongst end-users and with vendors of C&A Provide requirements, selection and application guidance through independent evaluation Tom Kuperij Managing Director March 25, 2013 5

The old WIB Plant Security Workgroup Mission Statement from 2007: 1. Mitigate the threats to industrial automation, measurement & control equipment and systems created by Cyber Security risks; 2. Main focus area will be to generate minimum standards or create references to minimum International Standards and Guidelines to allow the WIB members to speak with one voice to the industrial automation Vendors to allow them to improve their products and services; 3. Create metrics to measure the level of protection to cyber security threats; 4. Provide guidance to the WIB members in the certification of Process Control Security products and services; Ref.: http://www.wib.nl/index.html

New Plan of Action: The following Task Forces have been created: Task Force: PCD Security Metrics Who: Ruud Denneman Typical Best Practice Architectures Lex Boekel / Maarten de Caluwe / Guido de Bouver Security Management Accreditation + Certification FAT-SAT PCD Security Standards + Guidelines Pro-Active Security Definitions to/from suppliers Tom Koeken / Frans Staes Frank Pijnenburg Pascal vd Boogaard (in combination with LOGIIC) Ted Angevaare Frans Staes Kees Biesheuvel Life Cycle Management Jos Oelers / Onno Moret / Frank Pijnenburg / Lou Verhagen = More details provided in this presentation

Typical Best Practice Architectures: Create best practice architecture per vendor (secure high availability high integrity for L1 and L2 (L3)) Define what is required to create a typical architecture. Decided is to ask vendors to present/supply their vision on secure architecture based on their products Vendor: Siemens Rockwell ABB Emerson Honeywell Invensys Hima General Electric Yokogawa Bentley Nevada PILZ Beckhoff RTP Who: Michiel Kleisen - Dupont Frans Staes - Cargill Martin Visser - Waternet Ted Angevaare - Shell Michiel Kleisen - Dupont Lou Verhagen - AkzoNobel Kees Biesheuvel - DOW Jos Menting - Laborelec Ted Angevaare - Shell Peter Kwaspen - Shell Frans Staes - Cargill Onno Moret - Wintershall Kees Biesheuvel - DOW

Evolution towards international standards: 1500+ downloads DACA security standards and experiences Less than 50% content from ISO 27002 IDEAL standard is selection of relevant IT requirements from various standards WIB Report M 2784 X10, version 1 WIB Report M 2784 X10, version 2 IEC proposal International standard Cyber Security Procurement Language for Control Systems by DHS IEC 62443-2-4 2007-2009 2010 2013

Current IEC 62443 framework: 10

IEC process and present status now 11

Business case of certification: 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information