Pareto's View on ICS Cyber Security. Dirk Seewald CEO, Innominate Security Technologies AG



Similar documents
Security for. Industrial. Automation. Considering the PROFINET Security Guideline

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Microsoft s cybersecurity commitment

Risk and responsibility in a hyperconnected world: Implications for enterprises

Protecting productivity with Plant Security Services

OPC & Security Agenda

Information Technology Security Review April 16, 2012

8/27/2015. Brad Schuette IT Manager City of Punta Gorda (941) Don t Wait Another Day

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Cisco Advanced Services for Network Security

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Basics of Internet Security

Cyber Security. John Leek Chief Strategist

IBM QRadar Security Intelligence April 2013

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

Partnership for Cyber Resilience

How To Manage Risk On A Scada System

Injazat s Managed Services Portfolio

The Ministry of Information & Communication Technology MICT

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Cyber security tackling the risks with new solutions and co-operation Miikka Pönniö

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc.

13 Ways Through A Firewall What you don t know will hurt you

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited

Supply Chain Risk: Understanding Emerging Threats to Global Supply Chains

Industrial Security Solutions

Nine Steps to Smart Security for Small Businesses

Remote Access Considered Dangerous. Andrew Ginter, VP Industrial Security Waterfall Security Solutions

What is Really Needed to Secure the Internet of Things?

13 Ways Through A Firewall

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS

MEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO

LOGIIC Remote Access. Final Public Report. June LOGIIC - APPROVED FOR PUBLIC DISTRIBUTION

10 Best Practices to Protect Your Network presented by Saalex Information Technology and Citadel Group

Remote Services. Managing Open Systems with Remote Services

Managing IT Security with Penetration Testing

Embedded Virtualization & Cyber Security for Industrial Automation HyperSecured PC-based Control and Operation

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Patch and Vulnerability Management Program

CYBER SECURITY, A GROWING CIO PRIORITY

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

Security all around. Industrial security for your plant at all levels. siemens.com/industrialsecurity. Answers for industry.

An Introduction to Network Vulnerability Testing

Security for NG9-1-1 SYSTEMS

External Supplier Control Requirements

The Value of Automated Penetration Testing White Paper

Internet threats: steps to security for your small business

Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG All rights reserved

Facilitated Self-Evaluation v1.0

Session 14: Functional Security in a Process Environment

Security Controls for the Autodesk 360 Managed Services

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

Security Information Management (SIM)

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement... 2

NETWORK PENETRATION TESTING

KEY STEPS FOLLOWING A DATA BREACH

Network/Cyber Security

The Four-Step Guide to Understanding Cyber Risk

Building Secure Networks for the Industrial World

Developing A Successful Patch Management Process

Cisco Security Optimization Service

Information Technology General Controls And Best Practices

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

ARC Forum Orlando 2015 Building a Secure Industrial Internet of Things

ICS-CERT Incident Response Summary Report

Brainloop Cloud Security

IBX Business Network Platform Information Security Controls Document Classification [Public]

Capabilities for Cybersecurity Resilience

Cloak and Secure Your Critical Infrastructure, ICS and SCADA Systems

Developing the Corporate Security Architecture. Alex Woda July 22, 2009

Cyber Essentials Scheme

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark

Critical Security Controls

RESILIENCE AGAINST CYBER ATTACKS Protecting Critical Infrastructure Information

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Guide to Vulnerability Management for Small Companies

Industrial Security for Process Automation

Keyfort Cloud Services (KCS)

Network Intrusion Prevention Systems Justification and ROI

Compliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme

Transcription:

Pareto's View on ICS Cyber Security Dirk Seewald CEO, Innominate Security Technologies AG ARC Forum Europe 2015

Scope Of This Talk This Presentation is focussing on securing process and factory plants taking an automation system perspective covering both, greenfield and brownfield applications pragmatic, yet systematic This Presentation is not covering the development and povisioning of secure automation components academic 2 / Dirk Seewald @ ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

Why This Talk? We do have vulnerable IT/OT operations. There is no 100% security. Deployable ICS cyber security measures are often counter-intuitive to today's operating precedures. ICS cyber security is not only technology. ICS cyber security is an investment which competes with other spending options. 3 / Dirk Seewald @ ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

World Economic Forum & McKinsey Recommendations to implement institutional readiness for robust cyber resiliance: Prioritize information assets based on business risks. Develop deep integration of security into the technology environment to drive scalability. Provide differentiated protection based on the importance of assets. Deploy active defences to uncover attacks proactively. Test continuously to improve incident response. Help personnel to understand the value of information assets. Integrate cyber resistance into enterprise-wide risk management and governance processes. Source: Insight Report "Risk and Responsibility in a Hyperconnected World", Jan. 2014 4 / Dirk Seewald @ ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

Vilfredo Pareto Vilfredo Federico Damaso Pareto (1848-1923) was an Italian engineer, sociologist, economist, political scientist, and philosopher. He introduced the concept of Pareto efficiency and helped develop the field of microeconomics. The Pareto principle was named after him and built on observations of his such as that 80% of the land in Italy was owned by 20% of the population. Source: Wikipedia, March 2015 5 / Dirk Seewald @ ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

"Pareto Principle", As Used Here. CONCEPTUAL Cause Effect 20% 80% 80% 20% 6 / Dirk Seewald @ ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

What Is At Stake? Cyber security is a business risk. Deploying cyber security measures also is a business enabler for innovative operating procedures (such as preemptive remote maintenance), and innovative business models (such as "Industry 4.0"). 7 / Dirk Seewald @ ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

Business Risk - Applying The "Pareto Principle" CONCEPTUAL Severity Effort Likelihood Risk "Low Hanging Fruits" 8 / Dirk Seewald @ ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

Business Risk - Risk Assessment Matrix Uncontrolled status of a nuclear enrichment plant Unintended PLC reprogramming by service technician Complete removal of data on IT/OT infrastructure CONCEPTUAL Severity of Damage Criminal hostagetaking of a production process Leak of IP due to unmanaged remote access across the Internet Accidential halt of production due to unintended OT virus scan Ongoing covert proliferation of OT equipment infections Color indicates Risk Level: Low High Unresponsive OT equipment due to network traffic overflow, DoS Unauthorized access using hardcoded passwords Likelihood of Occurance 9 / Dirk Seewald @ ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

Business Risk - Risk Management Matrix Uncontrolled status of a nuclear enrichment plant CONCEPTUAL Risk Management Effort Unintended PLC reprogramming by service technician Color indicator: "Low Hanging Fruits" Leak of IP due to unmanaged remote access across the Internet Accidential halt of production due to unintended OT virus scan Ongoing covert proliferation of OT equipment infections Complete removal of data on IT/OT infrastructure Risk Level 10 / Dirk Seewald @ ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

Business Enabler - After Sales Business Source: VDMA/McKinsey, "Zukunftsperspektive deutscher Maschinenbau", July 2014 Increasing importance of aftersales/service for machine builders Secure Remote Connectivity 11 / Dirk Seewald @ ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

Business Enabler - Industry 4.0 Secured Data Encrypted Communication Trustworthy Identities Source: acatech, "Recommendations for implementing the strategic initiative INDUSTRIE 4.0", Apr. 2013 12 / Dirk Seewald @ ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

"Low Hanging Fruits" EXAMPLE Risk, Enabler Risk: Complete removal of data on IT/OT infrastructure Risk: Accidental halt of production due to un-intended OT virus scan Mitigation, Implementation Options Implement backup technology and desaster recovery procedures Implement separation between IT and OT (firewall, DMZ) Risk: Ongoing covert proliferation of OT equipment infections Risk: Leak of IP due to unmanaged remote access across the Internet Enabler: Preemptive remote maintenance Enabler: Encrypted communication Implement separation between automation cells (firewall, DMZ) Determine, document and monitor Internet-facing systems Provide only managed authenticated remote access to automation suppliers Implement encryption techniques for data leaving your plant Deploy authenticated, encrypted communicaton to your customers' plants Deploy authenticated, encrypted communicaton across the entire product value chain 13 / Dirk Seewald @ ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

Caution! Be aware of the "Pareto Principles" limitations. "Black Swans" do exist. Characteristics of a "Black Swan" event (acc. to Nassim Nicholas Taleb): 1. The event is a surprise (to the observer). 2. The event has a major effect. 3. After the first recorded instance of the event, it is rationalized by hindsight, as if it could have been expected. 14 / Dirk Seewald @ ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

Innominate Security Technologies AG Highly targeted portfolio of software and hardware products and solutions for the cyber protection of Industrial Control Systems Established 2001, German company Inventor and licensor of technology Several hundred customers, more than 100.000 products in the field Since 2008 fully owned by PHOENIX CONTACT 15 / Dirk Seewald @ ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

Thank You. protecting industrial networks Dirk Seewald Chief Executive Officer Vorstand Innominate Security Technologies AG Rudower Chaussee 13 12489 Berlin, Germany Tel.: +49 30 921028-001 Fax: +49 30 921028-020 A Phoenix Contact Company dseewald@innominate.com www.innominate.com 16 / Dirk Seewald @ ARC Forum Europe 2015 / LIMITED DISTRIBUTION ONLY

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information