ARC INDUSTRY FORUM 2015

Similar documents
Practical Steps To Securing Process Control Networks

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Vision & Positioning Statement For Wurldtech Labs

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

The Protection Mission a constant endeavor

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

Are you prepared to be next? Invensys Cyber Security

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

SANS Top 20 Critical Controls for Effective Cyber Defense

Modular Network Security. Tyler Carter, McAfee Network Security

Industrial Security for Process Automation

Cybersecurity: What CFO s Need to Know

New Era in Cyber Security. Technology Development

Goals. Understanding security testing

External Supplier Control Requirements

Session 14: Functional Security in a Process Environment

IBM Security Strategy

Cloud Computing for SCADA

Vulnerability management lifecycle: defining vulnerability management

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

2012 Honeywell Users Group Americas. Sustain.Ability. Rick Kaun - Honeywell. Cyber Security

Patch and Vulnerability Management Program

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Closing the Vulnerability Gap of Third- Party Patching

IT Security and OT Security. Understanding the Challenges

THE TOP 4 CONTROLS.

Industrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities

Changing the Enterprise Security Landscape

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO p f

Invensys Security Compliance Platform

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Facilitated Self-Evaluation v1.0

ARC Forum Orlando 2015 Building a Secure Industrial Internet of Things

ISACA rudens konference

The Evolution of Application Monitoring

13 Ways Through A Firewall

ABB s approach concerning IS Security for Automation Systems

Cyber Security Implications of SIS Integration with Control Networks

Control System Integrity (CSI) Tools and Processes to Automate CIP Compliance for Control Systems

Global Industrial Cyber Security Professional GICSP

PATCH MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Automated Patch Management Service

Be Fast, but be Secure a New Approach to Application Security July 23, 2015

Endpoint Security for DeltaV Systems

13 Ways Through A Firewall What you don t know will hurt you

GEARS Cyber-Security Services

Reducing the cost and complexity of endpoint management

Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, CASE: Implementation of Cyber Security for Yara Glomfjord

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

Protecting Your Organisation from Targeted Cyber Intrusion

Effective Defense in Depth Strategies

The Internet of Things (IoT) and Industrial Networks. Guy Denis Rockwell Automation Alliance Manager Europe 2015

Network Cyber Security. Presented by: Motty Anavi RFL Electronics

ICBA Summary of FFIEC Cybersecurity Assessment Tool

SCADA Security Training

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

Promoting Network Security (A Service Provider Perspective)

Post-Access Cyber Defense

ISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services

SAFECode Security Development Lifecycle (SDL)

Update On Smart Grid Cyber Security

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

THE BLUENOSE SECURITY FRAMEWORK

Symantec Endpoint Protection

Glasnost or Tyranny? You Can Have Secure and Open Networks!

RESILIENCE AGAINST CYBER ATTACKS Protecting Critical Infrastructure Information

8/27/2015. Brad Schuette IT Manager City of Punta Gorda (941) Don t Wait Another Day

Data Center security trends

Average annual cost of security incidents

External Supplier Control Requirements

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

Response to Questions CML Managed Information Security

HP Fortify application security

Mobile Banking. Secure Banking on the Go. Matt Hillary, Director of Information Security, MX

Security Management. Keeping the IT Security Administrator Busy

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

PCN Cyber-security Considerations for Manufacturers. Based on Chevron Phillips Chemical Company PCN Architecture Design and Philosophy

Process Control Networks Secure Architecture Design

Intelligent. Buildings: Understanding and managing the security risks

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Cutting the Cost of Application Security

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems

Information & Asset Protection with SIEM and DLP

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark

INCIDENT RESPONSE CHECKLIST

Italy. EY s Global Information Security Survey 2013

Transcription:

ARC INDUSTRY FORUM PRESENTATION TOPIC: MANAGING INDUSTRIAL CYBER SECURITY RISK Tyler Williams Manager, Industrial Cyber Security Shell Global Solutions tyler.williams@shell.com 1

THE TRADITIONAL APPROACH HOW IS IT GOING FOR YOU? 1. Worms/Trojans 2. Code injection 3. Drive-by Downloads 4. Exploit Kits 5. Physical Theft/Loss/Damage 6. Denial of Service 7. Botnets 8. Phishing 9. Information Leakage 10. Targeted Attacks 2

WHY HASN T IT WORKED? 3

SO WHAT DID YOU DO? START WITH A PURPOSE AND A MANDATE The Vision No HSSE damage, No unplanned disruption to project progress and No product deferment or loss as a result of cyber incidents. The Mission Shell s process control Domain (PCD) infrastructure will be procured, designed, deployed and maintained against one set of security requirements, in a standardized fashion and commensurate with risk with all projects / assets will be reporting compliance centrally. 4

THE JOURNEY TO DATE CHANGE RISK INTO OPPORTUNITY COST Oil & Gas Industry Industrial Automation & Control System Infrastructure Increasing push towards un-manned operations. Remote workforce and operations management a must. Need for big data infrastructure and low cost IT solutions. Increased use of advanced process control software. Further integration with IT communication protocols. Increased use of mobile applications and web infrastructure. More use of COTS infrastructure and outsourced IT suppliers. Integrated sensor networks with embedded IT. Continued integration of industrial / IT infrastructure. Integrated networking and data applications across vendors. New, Remote, Dynamic, Automated & Wireless Growing use of industrial wireless for process control. Adoption of virtualization for improved availlability. Advanced, Standardized, Integrated & Connected 5

THE JOURNEY TO DATE CONVERGE ENGINEERING & IT 6

THE JOURNEY TO DATE ESTABLISH DEFENSIBLE RULES PCD IT Security Risk Assessment & Control Selection Process PCD IT Security DEP Standard For Capital Projects PCD Risk Profile Standard For Operating Assets 7

THE JOURNEY TO DATE INTEGRATE SUPPORTING PROCESSES 8

THE JOURNEY TO DATE DEVELOP & EMPOWER THE PEOPLE 9

GSEL CCR PAS (DCS/PLC) HMI Control Apps Gateway Process Control Domain (PCD) Historian Fire&Gas SIS (IPS) Detection SIS (IPS) Fiscal Metering Special Monitoring Version: 2.2 MANAGING CYBER SECURITY RISK - ARC FORUM THE JOURNEY TO DATE BUILD THE TOOLS Remote 3 rd Party Access E.g. Honeywell, Yokogawa, Emerson SecurePlant SOC Security Operations Centre CSMC Threat Management Asset Inventory NextNine PCD Access Control NextNine & Firewall OS Security Patches NextNine & WSUS Security Log Collection & Mgt NextNine & ArcSight Anti-virus Symantec / McAfee SecurePlant PROCESS CONTROL NETWORK (PCN or L3) Firewall CONTROL BUS (L2) FIELD BUS (L1) L0 Site A Site B 10

WHERE WE ARE TODAY READY TO DEPLOY Prepare Assess Design Pre-Deploy Deploy & Stabilize Operate Site Onboarding & Readiness Review Technical & Procedural Gap Assessment Workshop 1 2 3 PCD Network & Organizational Design 4 Establish Organizational Practices PCD Network Remediation 5 Endpoint Remediation & Cutover SecurePlant Service Activation 6 7 8 Project Closeout SG1 SG2 SG3 SG4 SG5 SG6 11

Sell value/opportunity NOT security Use facts not FUD Simplify and standardize; focus on the basics. Apply the basics across the industrial product lifecycle. Involve suppliers: Expect the basics, pay for maturity Have a clear vision, mission and strategy. Beware of Shiny Objects, Chicken Little s and Workinggroupitis Integrate Engineering / IT & build hybrid capability. 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information