Rethinking Cyber Security for Industrial Control Systems (ICS)



Similar documents
WORKSHOP Rethinking Cyber Security for Industrial Control Systems

ARC WHITE PAPER. Risk Drives Industrial Control System Cyber Security Investment VISION, EXPERIENCE, ANSWERS FOR INDUSTRY MAY 2011

ISA Security Compliance Institute

Resilient and Secure Solutions for the Water/Wastewater Industry

SCADA Security Training

Roadmaps to Securing Industrial Control Systems

How To Manage Risk On A Scada System

1 ISA Security Compliance Institute

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity

Waterfall for NERC-CIP Compliance

future data and infrastructure

What Risk Managers need to know about ICS Cyber Security

White Paper. 7 Steps to ICS and SCADA Security. Tofino Security exida Consulting LLC. Contents. Authors. Version 1.0 Published February 16, 2012

NIST Cybersecurity Initiatives. ARC World Industry Forum 2014

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

ISACA rudens konference

Rebecca Massello Energetics Incorporated

Industrial Security Solutions

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

Effective OPC Security for Control Systems - Solutions you can bank on

Preventing Cyber Security Attacks Against the Water Industry

Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro)

Session 14: Functional Security in a Process Environment

ARC Forum Orlando 2015 Building a Secure Industrial Internet of Things

Chemical Sector Cyber Security Program

ISA Security Compliance Institute

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

GOOD PRACTICE GUIDE PROCESS CONTROL AND SCADA SECURITY

North American Electric Reliability Corporation (NERC) Cyber Security Standard

ICS CYBER SECURITY RKNEAL, INC. Protecting Industrial Control Systems: An Integrated Approach. Critical Infrastructure Protection

Cyber Security focus in ABB: a Key issue. 03 Luglio 2014, Roma 1 Conferenza Nazionale Cyber Security Marco Biancardi, ABB SpA, Power System Division

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Collaborative Service Management Reduces Cost and Risk. Executive Overview Trends in Process Industry Operations Challenge Service Models...

Help for the Developers of Control System Cyber Security Standards

Cybersecurity in a Mobile IP World

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe

TRIPWIRE NERC SOLUTION SUITE

Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education

CONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT

CERIAS Tech Report Mapping Water Sector Cyber-Security Vulnerabilities by James H. Graham, Jeffrey L. Hieb and J. Chris Foreman Center for

Vendor Risk Management Financial Organizations

Leveraging Cloud Services for Quicker Implementation and More Secure Automation Solutions

Middle Class Economics: Cybersecurity Updated August 7, 2015

Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.

ARC WHITE PAPER. Yokogawa s Comprehensive Lifecycle Approach to Process Control System Cyber-Security VISION, EXPERIENCE, ANSWERS FOR INDUSTRY

ISA Security. Compliance Institute. Role of Product Certification in an Overall Cyber Security Strategy

Decrease your HMI/SCADA risk

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

New Era in Cyber Security. Technology Development

Industrial Control Systems Security Guide

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

Establishing a State Cyber Crimes Unit White Paper

Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Protecting Organizations from Cyber Attack

INDUSTRY BUSINESS. Clemens Blum, EVP Industry. February 19, 2015

Industrial Cyber Security 101. Mike Spear

Industrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities

A Modern Process Automation System Offers More than Process Control. Dick Hill Vice President ARC Advisory Group

CYBER SECURITY INFORMATION SHARING & COLLABORATION

IT Security and OT Security. Understanding the Challenges

Critical Infrastructure Cybersecurity

The Group CYTEK CYTEK PROJECTS CONSULTING

Verve Security Center

Claes Rytoft, ABB, Security in Power Systems. ABB Group October 29, 2009 Slide 1

GE Fanuc Production Management Software

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

CyberSecurity Solutions. Delivering

Innovative Defense Strategies for Securing SCADA & Control Systems

Solutions and IT services for Oil-Gas & Energy markets

Report on CAP Cybersecurity November 5, 2015

Cybersecurity Guidance for Industrial Automation in Oil and Gas Applications

CIP Supply Chain Risk Management (RM ) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk

Keeping the Lights On

April 8, Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

Erik Johansson, , Virtualization in Control Systems Possibilities and Challenges

Cyber Security and Privacy - Program 183

White Paper. April Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks

BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

Symphony Plus Cyber security for the power and water industries

RESILIENCE AGAINST CYBER ATTACKS Protecting Critical Infrastructure Information

GE Measurement & Control. Cyber Security for Industrial Controls

Risk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit

IEEE-Northwest Energy Systems Symposium (NWESS)

Transcription:

Rethinking Cyber Security for Industrial Control Systems (ICS) Bob Mick VP Emerging Technologies ARC Advisory Group bmick@arcweb.com 1

Rethinking Cyber Security We Now Have Years of Experience - Security is Complex Are we on the Right Track? What are the Emerging Opportunities? Are We Investing in the Right Security Activities? 2

Introduction Cyber Security Services Certification and Testing Panel (30 minutes) Energy Industry Roadmap Break Chemical Industry Roadmap Panel (30 Minutes) 3

What Stimulates Cyber Security Activity? For Industrial Control Systems (ICS) Risk Management Business: Safety, Environmental, Reliability, Financial National: Terrorism, Rapidly emerging Cyber Warfare Regulation & Compliance (Must Do) Government, Customers, Partners, Suppliers Cost Reduction People & Infrastructure Skills & Practices Cyber Security is a National, Business and Personal Issue 4

Risk Management - A Fundamental Driver Risk Escalation is Real and Continuing Cyber Warfare Viruses More Integration More Connectivity Diverse Sophisticated Combination Attacks Criminals & Insider Th Threats t Businesses Will Get More Help in Defining Risk 5

Address National Level Risks US Department of Homeland Security and Friends Sector Specific Agencies Chemical SSA NERC CIP Energy DHS is Driving Industry Specific Activities 6

The Penalty for Not Complying (in the US) Required Practices, Reporting, Responding, Violations Energy Chemicals Up to $25,000/day ~$750,000/Month S Source: CFATS Mi Minutes t y y Practices are Not Good Cyber Security Optional for Critical Infrastructure Industries 7

Security Is Not a One-time Investment Practices are Maturing - It Is Difficult Skills Shortage? New Business Initiatives Acquisitions Partners Regulations Cost Pressures Applications Systems New Technologies Architectures Practices Design Assess Renovate Audit Test Monitor Mitigate Adapt New Vulnerabilities Threats Patches People Organizations Governments Cyber Security is a Very Dynamic Activity Continued Investment is Required 8

The Cost of Cyber Security is Significant Various IT Analysts Estimates of Global IT Spend Global IT Spend $1.5-3 trillion Security (3-6%) ~$120 billion Business Systems Operations Management Remote Users Engineering Automation Laboratories Manufacturing and Utilities $600 billion Security Includes Hardware Software Services For Servers, networking, security appliances, laptops, desktops Applications, technology platform, monitoring Consulting, design All Corporate IT and some of Engineering, Labs, Operations ~$25 billion Does not Include Hardware Control Systems, embedded system Software Automation software, DCS, PLC, HMI, SCADA Services Systems Integration, consulting, managed services... for Industrial Control Systems Big IT Spend Big Security Spend Big Losses 9

Explore a Few of Today s Opportunities ARC Advisory Group Forum 2010 This afternoons Topics Day 2 - Tuesday Afternoon - Track 4 10

Opportunity: Utilize Security Services External Resources Objectives Cut costs, Cut risks, Improve Security Audit Design Assess Activity Assessments Design Practices for ICS Help readily available Commonly outsourced Monitor Renovation Commonly outsourced Mitigate Operation Seldom outsourced Adapt Auditing Should be outsourced Renovate Tom Good, DuPont Perspective 11

Security Certification and Testing Know That You Are Secure And Remain Secure Objective Improve Security, Avoid Deterioration Strengthen ICS Components Verify System Effectiveness Activity Define Standards Certification Robustness Testing Systems Testing Practices for ICS Standards bodies Independent Organizations Test Tools and Services Penetration Testing Patch Testing Problem of Timing Johan Nye, ExxonMobil Perspective 12

Opportunity: Cross Industry Sharing Industry Activities, Government Activities Objectives Leverage practices and experiences Accelerate progress and avoid duplication p of efforts Keith i h Stouffer, ff NIST Eric Cosman, Dow 18 Critical Infrastructure Industries 13

Let s Get Started For more information, contact bmick@arcweb.com or visit www.arcweb.com 14

Security In Manufacturing, Utilities Business, Engineering, Laboratories Business Systems ERP, SCM, CRM, EAM, BI Lab Systems, Engineering Systems Remote Access Networking Software Servers Business Systems Remote Users Operations Management Networks Intelligences, Analytics, Integration Historians, Recipe Management, User Interface Networks HMI DCS Trending SCADA Operations Management Engineering Automation Systems Network Unit Controllers, PLCs, Devices Automation Laboratories Network Model Security Zone Model Simple Operations-Centric Perspective 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information