IT-sikkerhedssystem. Rockwool International. DAu Konference: Industriel IT sikkerhed

Similar documents

Agenda - Remote Access i Rockwool

Innovation Days Industrial Communication

Industrial Security for Process Automation

2 halvleg. 1 halvleg. Opvarmning. 2 halvleg. 3 halvleg. Advanced & Powerful. Basic PC-based Automation. Diagnose. Online Tools & Add-on s

Nyheder i SAS Data Management med SAS version 9.4 Jens Dahl Mikkelsen Nordic CoE, Information Management

Trådløs forbindelse. Juni Peter Fuglsang Product Application Engineer Automation

Protecting productivity with Plant Security Services

PCN Cyber-security Considerations for Manufacturers. Based on Chevron Phillips Chemical Company PCN Architecture Design and Philosophy

BM482E Introduction to Computer Security

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Hot & New in Symantec Management and Windows Protection

Water and Environment Theme

Network and Security Controls

OIO Dekstop applikation

NERC CIP Substation Cyber Security Update. John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Network Documentation Checklist

Security all around. Industrial security for your plant at all levels. siemens.com/industrialsecurity. Answers for industry.

John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

Software Defined Data Center #EMCForum København

Name: Position held: Company Name: Is your organisation ISO27001 accredited:

NETWORK SECURITY GUIDELINES

The User is Evolving. July 12, 2011

Client Security Risk Assessment Questionnaire

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

Module 5 Introduction to Processes and Controls

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Developing Network Security Strategies

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

Solving the Desktop Dilemma

INCIDENT RESPONSE CHECKLIST

Patch Management. Is it recommended to patch an Industrial Automation Control System and, if so, why? Siemens AG All Rights Reserved.

Questionnaire #1: The Patient (Spørgeskema, må gerne besvares på dansk)

activecho Driving Secure Enterprise File Sharing and Syncing

Disaster Recovery Checklist Disaster Recovery Plan for <System One>

Velkommen til Innovation Days PC-based Automation

Oversættelse af symbolsk maskinsprog. Sammenkædning og indlæsning af maskinsprog

Agil Business Process Management - i Finans

De tidlige udviklingsfaser Idé fasen og ContinuaHealth Alliance. Eva Kühne, forretningsudvikler DELTA Brian Hedegaard, Business Manager DELTA

Technical Brief: Virtualization

Smart Substation Security

Remote Disaster Recovery Services Suite (nvision Edition)

Understanding the Pros and Cons of Combination Networks 7. Acknowledgments Introduction. Establishing the Numbers of Clients and Servers 4

Dr. György Kálmán

Etablering af krav (kap 10)

Security Controls What Works. Southside Virginia Community College: Security Awareness

Indenfor projektledelse

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Cyber security tackling the risks with new solutions and co-operation Miikka Pönniö

Arkivering: Gab, hvor kedeligt kan det blive++..

C CMRR Computer Resources Overview

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

SPDE. Lagring af større datamængder. make connections share ideas be inspired. Henrik Dorf Chefkonsulent SAS Institute A/S

Remote Access Considered Dangerous. Andrew Ginter, VP Industrial Security Waterfall Security Solutions

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

I.T. Assurance. Letting you do what you do best... run your business

JOB DESCRIPTION QUESTIONNAIRE FOR SUPPORT STAFF

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

SAP Best Practices. Færdigpakket branchespecifik og brancheovergribende knowhow. Tilgængelighed for SAP-kunder og SAP-partnere

6445A - Implementing and Administering Windows Small Business Server 2008

Are You in Control? MaaS360 Control Service. Services > Overview MaaS360 Control Overview

Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, CASE: Implementation of Cyber Security for Yara Glomfjord

A Practical Approach to Network Vulnerability Assessment AN AUDITOR S PERSPECTIVE BRYAN MILLER, IT DIRECTOR JOHN KEILLOR, CPA, AUDIT PARTNER

Symphony Plus Cyber security for the power and water industries

Operational Guidelines for Industrial Security

Qualification Specification. Level 4 Certificate in Cyber Security and Intrusion For Business

Quick Installation Guide For Mac users

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

Healthcare IT Compliance Service. Services > Overview MaaS360 Healthcare IT Compliance Service

Information Blue Valley Schools FEBRUARY 2015

VoIP Survivor s s Guide

How To Protect Your Data From Being Stolen

RuggedCom Solutions for

Document ID. Cyber security for substation automation products and systems

Quick Installation Guide-For MAC users

TECHNICAL AUDITS FOR CERTIFYING EUROPEAN CITIZEN COLLECTION SYSTEMS

The Internet of Things (IoT) and Industrial Networks. Guy Denis Rockwell Automation Alliance Manager Europe 2015

SharePoint Brugergruppe møde 15. august 2014

Business Continuity / Disaster Recovery in an IT infrastructure scenario

IT Security and OT Security. Understanding the Challenges

Konfigurering Netværk Sikkerhed brugen af IPSec.

Server Protection Policy 1 1. Rationale 1.1. Compliance with this policy will help protect the privacy and integrity of data created by and relating

Security Tool Kit System Checklist Departmental Servers and Enterprise Systems

Altius IT Policy Collection Compliance and Standards Matrix

When Your Networkʼs Down, Call Crown

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Electronic Prescribing of Controlled Substances Technical Framework Panel. Mark Gingrich, RxHub LLC July 11, 2006

Transcription:

IT-sikkerhedssystem hos Rockwool International DAu Konference: Industriel IT sikkerhed

DAu Konference: Industriel IT sikkerhed IT-sikkerheds-system hos Rockwool International Baggrund Siemens Security Assessment Struktureret tilgang: Work Packages Løsninger 2

Præsentation Flemming Schou Section Manager: Automation & Electrical Standards Rockwool International Flemming.schou@rockwool.com +45 20 29 87 24 Lars Peter Hansen Produktchef - Industrial Communication Lars-peter.hansen@siemens.com T.: +45 4477 4827 M.: +45 2129 9650

Baggrund for øget Security i Rockwool Krav fra Ejer/Bestyrelse/Management om øget security niveau pga. ny fabrik i Kina Projekt aflyst/udskudt, men koncept fortsat i Memphis, USA Ledelse ønskede et eksternt view på sikkerhedsniveau og action plan Krævede øget samarbejde mellem Engineering og IT

Security Assessment Assement by Siemens Industrial Security

Work Packages Afklaring af områder

Løsninger Løsninger implementeret: Netværkssegmentering Layers/Celler Portblokering/MAC filtrering Hardware Protection af PLC er Block Privacy udvalgte blokke Ikke AD på PLC Net, men Password database PC hardening Standard image fra IT MED MODIFIKATIONER Adm konto for at installere/ændre Antivirus Patching Ikke Automatisk AD Autentifikering Alle Stationer på PC automationsnettet (RockNet) Access: Remote WiFi (Web baseret adgang f.eks 30 dage til MAC adresse) Jumpstation/Access Management Disaster recovery: BackUp System

Løsninger Løsninger implementeret: Netværkssegmentering Layers/Celler Portblokering/MAC filtrering Hardware Protection af PLC er Block Privacy udvalgte blokke Ikke AD på PLC Net, men Password database PC hardening Standard image fra IT MED MODIFIKATIONER Adm konto for at installere/ændre Antivirus Patching Ikke Automatisk AD Autentifikering Alle Stationer på PC automationsnettet (RockNet) Access: Remote WiFi (Web baseret adgang f.eks 30 dage til MAC adresse) Jumpstation/Access Management Disaster recovery: BackUp System

Rocknet, Office network POP Label RF RockFact Client Control room Access Management PC PC Automation network WinCC Clients Firewall File for Acronis Backups RockFact/POP Gateway Engineering Station Label Printer, WinCC 1 WinCC 2 Daneel, (X-Ray) CP1613 Label PC Label PLC PLC Automation network PLC PLC Charging Spinner PLC Wool Collecrtion PLC. PLC

Forudsætninger hvad sker der? og, stil krav til din leverandør ICS-CERT update: http://ics-cert.us-cert.gov/#rss Unrestricted / Siemens AG 2015. All Rights Reserved. Page 10 V1.0

Løsninger Løsninger implementeret: Netværkssegmentering Layers/Celler Portblokering/MAC filtrering Hardware Protection af PLC er Block Privacy udvalgte blokke Ikke AD på PLC Net, men Password database PC hardening Standard image fra IT MED MODIFIKATIONER Adm konto for at installere/ændre Antivirus Patching Ikke Automatisk AD Autentifikering Alle Stationer på PC automationsnettet (RockNet) Access: Remote WiFi (Web baseret adgang f.eks 30 dage til MAC adresse) Jumpstation/Access Management Disaster recovery: BackUp System

Rocknet, Office network POP Label RF RockFact Client Control room Access Management PC PC Automation network WinCC Clients Firewall File for Acronis Backups RockFact/POP Gateway Engineering Station Label Printer, WinCC 1 WinCC 2 Daneel, (X-Ray) CP1613 Label PC Label PLC PLC Automation network PLC PLC Charging Spinner PLC Wool Collecrtion PLC. PLC

Industrial Security the Defense in Depth Concept Fysisk adgangskontrol Processer og guidelines Segmentering Firewalls & VPN Whitelisting System Hardening Autentificering Patch management Intrusion detection Virusscannere Træning Unrestricted / Siemens AG 2015. All Rights Reserved. Page 13 V1.0

Løsninger Løsninger implementeret: Netværkssegmentering Layers/Celler Portblokering/MAC filtrering Hardware Protection af PLC er Block Privacy udvalgte blokke Ikke AD på PLC Net, men Password database PC hardening Standard image fra IT MED MODIFIKATIONER Adm konto for at installere/ændre Antivirus Patching Ikke Automatisk AD Autentifikering Alle Stationer på PC automationsnettet (RockNet) Access: Remote WiFi (Web baseret adgang f.eks 30 dage til MAC adresse) Jumpstation/Access Management Disaster recovery: BackUp System

Rocknet, Office network Firewall POP Label RF RockFact Client Control room Access Management PC PC Automation network WinCC Clients Firewall File for Acronis Backups RockFact/POP Gateway Engineering Station Label Printer, WinCC 1 WinCC 2 Daneel, (X-Ray) CP1613 Label PC Label PLC Laptop for maintenance/ commissioning PLC Automation network PLC PLC Charging Spinner PLC Wool Collecrtion PLC. PLC

Password problematikken Static Shared Secret Og sårbar over for Man-in-the-Middel Atack Sårbar over for Man-in-the-Middel Atack Unrestricted / Siemens AG 2015. All Rights Reserved. Page 16 V1.0

Centraliseret User og Password Management Clients Control Center Application Virtualization Secure Access Manager Firewall High Availability (optional) Active Directory (optional) RSA Authentication (optional) WAN Client Substation Maskine/Process/Substation/RTU Unrestricted / Siemens AG 2015. All Rights Reserved. Page 17 V1.0

Løsninger Løsninger implementeret: Netværkssegmentering Layers/Celler Portblokering/MAC filtrering Hardware Protection af PLC er Block Privacy udvalgte blokke Ikke AD på PLC Net, men Password database PC hardening Standard image fra IT MED MODIFIKATIONER Adm konto for at installere/ændre Antivirus Patching Ikke Automatisk AD Autentifikering Alle Stationer på PC automationsnettet (RockNet) Access: Remote WiFi (Web baseret adgang f.eks 30 dage til MAC adresse) Jumpstation/Access Management Disaster recovery: BackUp System

Label POP RF Access Management PC RockFact Client Control room Avamar (Data Center) Rocknet, Office network WinCC Client WinCC Client WinCC Client WinCC Client WinCC Client WinCC Client WinCC Client File for Acronis Backups Firewall PC Automation network Label PC PMS WinCC 1 WinCC 2 RockFact/POP Gateway PC Engineering Station GRIT Responsibility - Avamar GPR Responsibility - Acronics Label Printer, Label PLC PLC / Automation network PLC PLC PLC PLC PLC PLC PLC 4

Industrial Security Opsummering Fokus på security er kritisk Hardning af systemer anvend eksisterende muligheder Segmentér netværk og isolér sårbare systemer Anvend Jump Stations og brug certificerede produkter Stil krav til autentificering og brug passwords Implementer centrale autentificeringsløsninger Backup og forbered Disaster Recovery Unrestricted / Siemens AG 2015. All Rights Reserved. Page 20 V1.0