SlideShare a Scribd company logo

10. industrial networks safety and security tom hammond

PROFIBUS and PROFINET InternationaI - PI UK
PROFIBUS and PROFINET InternationaI - PI UK

1. The document discusses security issues related to industrial control systems and safety instrumented systems. It notes that increased connectivity between operational technology (OT) and information technology (IT) systems has led to growing security threats. 2. The document outlines various security challenges, including potential sabotage of process plant safety systems, loss of safety functions, and compliance with standards and regulations. It analyzes the increasing attack surface and most critical threats to industrial control systems. 3. The document compares approaches to safety and security, referring to relevant standards. It provides an overview of security standards and frameworks like ISA/IEC 62443 that can be used to assess industrial control systems security.

1 of 24
Download to read offline
siemens.com/plant-security-servicesUnrestricted/ © Siemens AG 2016 Safety & Security In Industrial Control Systems Plant Security Services
Unrestricted © Siemens AG 2016 19.7.2017Page 2 Mark McCormick /Plant Security Services (Digital Factory) Why Cyber security is an issue for SIS The drivers for Industrial Automation also apply for Safety Instrumented Systems • Open standards • PC-based systems • COTS equipment • Horizontal and vertical integration • IT & OT more connected Other SIS challenges • Integration of Control and Safety • Most systems programmable • Safety Systems are low demand mode • Aging installed base Information technologies are used in industrial automation Increased security threats demand action •Sabotage of the Process Plant Safety Systems •Manipulation of data or application software •Loss of Operator Interface •Loss of Safety Function •Spurious trips •Failure of BPCS maybe initiating event •Common mode failures BPCS and SIS •Compliance with standards and regulations is required
Unrestricted © Siemens AG 2016 19.7.2017Page 3 Mark McCormick /Plant Security Services (Digital Factory) ICS Attack surface is growing Challenges: Increasing vulnerability, high connectivity. Introduction of malware via removable media and external hardware Human error and sabotage Intrusion via remote access Control components connected to the Internet Compromising of smartphones in the production environment Compromising of extranet and cloud components Malware infection via the Internet and Intranet (Distributed) denial-of- service ((D)DOS) attacks Technical malfunctions Source © BSI analysis on cyber security 2016, German Federal Office for Information Security Social engineering and phishing
Unrestricted © Siemens AG 2016 19.7.2017Page 4 Mark McCormick /Plant Security Services (Digital Factory) Source © BSI analysis on cyber security 2016, German Federal Office for Information Security Most critical threats to ICS
Unrestricted © Siemens AG 2016 19.7.2017Page 5 Mark McCormick /Plant Security Services (Digital Factory) Similarities • Defense in Depth • Lifecycle approach • Stakeholders • Requirement for FSM / SM • Ongoing monitoring needed • Terminology of SIL and SL Differences • Focus (internal v. external) • Maturity of standards • Level of adoption • Willingness to share learning • Assessment of risk “Freedom from unacceptable risk of physical injury or of damage to the health of people, either directly or indirectly as a result of damage to property or to the environment.” IEC 61508-4 “Prevention of illegal or unwanted penetration of or interference with the proper and intended operation of an industrial automation and control system” IEC 62443-1-1 Safety Security Comparison of Safety and Security
Unrestricted © Siemens AG 2016 19.7.2017Page 6 Mark McCormick /Plant Security Services (Digital Factory) References to Security from Safety standards IEC 61508-1 Edition 2 7.4.2.3 The hazards, hazardous events and hazardous situations of the EUC and the EUC control system shall be determined under all reasonably foreseeable circumstances (including fault conditions, reasonably foreseeable misuse and malevolent or unauthorised action). This shall include all relevant human factor issues, and shall give particular attention to abnormal or infrequent modes of operation of the EUC. If the hazard analysis identifies that malevolent or unauthorized action, constituting a security threat, as being reasonably foreseeable, then a security threats analysis should be carried out. IEC 61511-1 Edition 2 8.2.4 A security risk assessment shall be carried out to identify the security vulnerabilities of the SIS. NOTE 1: Guidance related to SIS security is provided in ISA TR84.00.09, ISO/IEC 27001:2013, and IEC 62443-2-1:2010. 11.2.12 The design of the SIS shall be such that it provides the necessary resilience against the identified security risks (see 8.2.4).
Unrestricted © Siemens AG 2016 19.7.2017Page 7 Mark McCormick /Plant Security Services (Digital Factory) Security Standards NIST 800-82, 800-30, 800-53 ISA 99 ISA/IEC 62443 NERC-CIP 4 ISO 27032 NIS (Network Information & Security Directive) 2017 UK Government will introduce guidance for CNI companies. WIB M2784 ISO 27002 ISO 27001
Unrestricted © Siemens AG 2016 19.7.2017Page 8 Mark McCormick /Plant Security Services (Digital Factory) IEC62443 Framework
Unrestricted © Siemens AG 2016 19.7.2017Page 9 Mark McCormick /Plant Security Services (Digital Factory) The parties involved in an IACS
Unrestricted © Siemens AG 2016 19.7.2017Page 10 Mark McCormick /Plant Security Services (Digital Factory) SL 4 Capability to protect against intentional violation using sophisticated means with extended resources, IACS specific skills and high motivation SL 3 Capability to protect against intentional violation using sophisticated means with moderate resources, IACS specific skills and moderate motivation Capability to protect against casual or coincidental violation Capability to protect against intentional violation using simple means with low resources, generic skills and low motivationSL 2 SL 1 Protection Levels cover security functionalities and processes Protection Levels Assessment of security functionalities ML 4 Optimized - Process measured, controlled and continuously improved ML 3 Defined - Process characterized, proactive deployment Initial - Process unpredictable, poorly controlled and reactive. Managed - Process characterized , reactiveML 2 ML 1 Assessment of security processes 4 3 2 1 MaturityLevel 2 3 41 Security Level PL 2 Protection against intentional violation using simple means with low resources, generic skills and low motivation Protection against intentional violation using sophisticated means with extended resources, IACS specific skills and high motivation Protection against intentional violation using sophisticated means with moderate resources, IACS specific skills and moderate motivationPL 3 PL 4 PL 1 Protection against casual or coincidental violation
Unrestricted © Siemens AG 2016 19.7.2017Page 11 Mark McCormick /Plant Security Services (Digital Factory) IEC 62443 Assessment Phased project approach based on IEC 62443-3-3 tool with following Foundational Requirements • FR 1 Identification and Access Control • FR 2 Use Control • FR 3 System Integrity • FR 4 Data Confidentiality • FR 5 Restrict Data Flow • FR 6 Timely Response to Events • FR 7 Resource Availability ASSESS IMPLEMENT MANAGE Questionnaire Result spider diagram Result chart bar
Unrestricted © Siemens AG 2016 19.7.2017Page 12 Mark McCormick /Plant Security Services (Digital Factory) Assessing ICS against IEC62443 Each FR contains several SRs (System Requirements) with harder control measures as the target SL increase SL1-SL4. Level 1 SR 5.1 Network segmentation The automation solution or IT infrastructure shall realize the capability and the operating organization shall use the capability to logically segment automation solution or IT infrastructure networks from non-automation solution or IT infrastructure networks and to logically segment critical automation solution or IT infrastructure networks from other automation solution or IT infrastructure networks. Level 2 SR 5.1 RE 1 Physically network segmentation The automation solution or IT infrastructure shall realize the capability and the operating organization shall use the capability to physically segment automation solution or IT infrastructure networks from non-automation solution or IT infrastructure networks and to physically segment critical automation solution or IT infrastructure networks from non-critical automation solution or IT infrastructure networks. Level 3 SR 5.1 RE 2 Independence from non-control system networks The automation solution or IT infrastructure shall have the capability to provide network services to automation solution or IT infrastructure networks, critical or otherwise, without a connection to non-automation solution or IT infrastructure networks. Level 4 SR 5.1 RE 3 Logical and physical isolation of critical networks The automation solution or IT infrastructure shall realize the capability and the operating organization shall use the capability to logically and physically isolate critical automation solution or IT infrastructure networks from non-critical automation solution or IT infrastructure networks. FR 5 Restrict Data Flow
Unrestricted © Siemens AG 2016 19.7.2017Page 13 Mark McCormick /Plant Security Services (Digital Factory) Safety & Security ISA84 WG9 – Annex A - Example SIS Interfaces to the Enterprise Network Air-gapped In this design, the SIS is both logically and physically isolated from communicating with the rest of the zones. Discrete Interfaced SIS and BPCS are still connected using discrete wiring, but they now include a direct point-to-point communication connection. Integrated 2 zone the BPCS and SIS systems are fully integrated and provide direct, real-time communication between the systems. Integrated 1 zone The SIS and BPCS systems are integrated providing greater communication between those systems and higher-level systems.
Unrestricted © Siemens AG 2016 19.7.2017Page 14 Mark McCormick /Plant Security Services (Digital Factory) HSE Operational guide (OG86) • Covers risk identification, and its management including design, maintenance, operation, management systems and competency of staff. • Forms part of the HSE’s EC&I operational delivery guide consistent with other similar operational guides. The following guiding principles were used in producing the guidance: • Protect, detect and respond. It is important to be able to detect possible attacks and respond in an appropriate and timely manner in order to minimize the impacts. • Defence in depth. No single security countermeasure provides absolute protection as new threats and vulnerabilities can be identified at any time. To reduce these risks, implementing multiple protection measures in series avoids single point failures. • Technical, procedural and managerial protection measures. Technology is insufficient on its own to provide robust levels of protection. HSE Operational Guide
Unrestricted © Siemens AG 2016 19.7.2017Page 15 Mark McCormick /Plant Security Services (Digital Factory) Industrial Security The defense in depth concept* provides comprehensive protection Physical access protection to the plant and critical systems + Components with integrated security functions. +Endpoint security: e.g Whitelisting, patching, FW updates, authentication. + Security management for processes and technical measures + Protection of the plant/machine network through segmentation + * based on IEC 62443 Secure remote access via Internet or mobile networks to the plant +
Unrestricted © Siemens AG 2016 19.7.2017Page 16 Mark McCormick /Plant Security Services (Digital Factory) Industrial Security Monitoring Cyber Security Operations Center for a continuous & proactive protection 0100010101100011001010011101001010010001 Cyber Security Operation Center 101101011001110101 00100010101100011001010011101001010010001 Discrete Manufacturing Process Industries Security Correlation and Management Security Information Collector 101101011001110101 Security Information Collector !
Unrestricted © Siemens AG 2016 19.7.2017Page 17 Mark McCormick /Plant Security Services (Digital Factory) Industrial Security Monitoring Most important supported devices OPERATING SYSTEMS Windows XP to Windows 8 Windows Server 2003 to 2012 Linux/UNIX systems NETWORK DEVICES Automation Firewall SCALANCE S, M and X 3rd Party (NG and Application Layer FWs, IDS/IPS, Switches) INDUSTRIAL CONTROL SYSTEMS SIMATIC S7 with specific application DB SIMATIC CP with Security Integrated SINUMERIK PCU SOFTWARE AND SECURITY APPLICATIONS McAfee ePO TrendMicro Symantec
Unrestricted © Siemens AG 2016 19.7.2017Page 18 Mark McCormick /Plant Security Services (Digital Factory) Siemens UK Plant Security Services Tom Hammond Industrial IT Product Manager siemens.com/plant-security-services Contact
Unrestricted © Siemens AG 2016 19.7.2017Page 19 Mark McCormick /Plant Security Services (Digital Factory) Security Information Siemens provides products and solutions with industrial security functions that support the secure operation of plants, systems, machines and networks. In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial security concept. Siemens’ products and solutions only form one element of such a concept. Customer is responsible to prevent unauthorized access to its plants, systems, machines and networks. Systems, machines and components should only be connected to the enterprise network or the internet if and to the extent necessary and with appropriate security measures (e.g. use of firewalls and network segmentation) in place. Additionally, Siemens’ guidance on appropriate security measures should be taken into account. For more information about industrial security, please visit http://www.siemens.com/industrialsecurity. Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly recommends to apply product updates as soon as available and to always use the latest product versions. Use of product versions that are no longer supported, and failure to apply latest updates may increase customer’s exposure to cyber threats. To stay informed about product updates, subscribe to the Siemens Industrial Security RSS Feed under http://www.siemens.com/industrialsecurity.
Unrestricted © Siemens AG 2016 19.7.2017Page 20 Mark McCormick /Plant Security Services (Digital Factory) Security Services and further guidance
Unrestricted © Siemens AG 2016 19.7.2017Page 21 Mark McCormick /Plant Security Services (Digital Factory) Plant Security Services Comprehensive, Modular and Scalable Portfolio Intel Security inside • IEC 62443 Assessment • ISO 27001 Assessment • SIMATIC PCS 7 & WinCC Assessment • Risk & Vulnerability Assessment • Security Awareness Training • Security Policy Consulting • Network Security Consulting • Perimeter Firewall Installation • Clean Slate Validation • Anti Virus Installation • Whitelisting Installation • System Backup • Windows Patch Installation • Industrial Security Monitoring • Remote Incident Handling • Perimeter Firewall Management • Anti Virus Management • Whitelisting Management • Patch & Vulnerability Management
Unrestricted © Siemens AG 2016 19.7.2017Page 22 Mark McCormick /Plant Security Services (Digital Factory) Best Practice Lots of advice and guidance provided in the form of manuals, whitepapers.
Unrestricted © Siemens AG 2016 19.7.2017Page 23 Mark McCormick /Plant Security Services (Digital Factory) Guidance National Cyber Security Centre CPNI
Unrestricted © Siemens AG 2016 19.7.2017Page 24 Mark McCormick /Plant Security Services (Digital Factory) Other Useful Guidance • The Centre for the Protection of National Infrastructure (CPNI) Security for Industrial Control Systems • EEMUA Information sheet 2. Cyber security assessment process for industrial control systems • NIST Publication 800-82 –Guide to Industrial Control Systems (ICS) Security http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800- 82r2.pdf • 10 steps to Cyber security available via link http://www.gchq.gov.uk/press_and_media/news_and_featu res/Pages/Relaunch-10-Steps-to-Cyber-Security.aspx • IET Code of Practice “Cyber Security in the Built Environment” • ISA-TR84.00.09-2013 – Security Countermeasures Related to Safety Instrumented Systems

More Related Content

What's hot

Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
Deepakraj Sahu
 
Nist.sp.800 82r2
Nist.sp.800 82r2Nist.sp.800 82r2
Nist.sp.800 82r2
vimal Kumar Gupta
 
Routeco cyber security and secure remote access 1 01
Routeco cyber security and secure remote access 1 01Routeco cyber security and secure remote access 1 01
Routeco cyber security and secure remote access 1 01
RoutecoMarketing
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution brief
Nozomi Networks
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices
IJECEIAES
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
ClubHack
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
Ivan Carmona
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
James Nesbitt
 
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
TI Safe
 
SCADA Security in CDIC 2009
SCADA Security in CDIC 2009SCADA Security in CDIC 2009
SCADA Security in CDIC 2009
Narinrit Prem-apiwathanokul
 
ICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity Training
Tonex
 
[CLASS 2014] Palestra Técnica - Oliver Narr
[CLASS 2014] Palestra Técnica - Oliver Narr[CLASS 2014] Palestra Técnica - Oliver Narr
[CLASS 2014] Palestra Técnica - Oliver Narr
TI Safe
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
Eran Goldstein
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
Itex Solutions
 
Protecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber AttacksProtecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber Attacks
Maurice Dawson
 
Cyber security of power grid
Cyber security of power gridCyber security of power grid
Cyber security of power grid
P K Agarwal
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
Digital Bond
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security Solutions
Shah Sheikh
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
Digital Bond
 

What's hot (20)

Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
 
Nist.sp.800 82r2
Nist.sp.800 82r2Nist.sp.800 82r2
Nist.sp.800 82r2
 
Routeco cyber security and secure remote access 1 01
Routeco cyber security and secure remote access 1 01Routeco cyber security and secure remote access 1 01
Routeco cyber security and secure remote access 1 01
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution brief
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-Sheet
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
 
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
 
SCADA Security in CDIC 2009
SCADA Security in CDIC 2009SCADA Security in CDIC 2009
SCADA Security in CDIC 2009
 
ICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity Training
 
[CLASS 2014] Palestra Técnica - Oliver Narr
[CLASS 2014] Palestra Técnica - Oliver Narr[CLASS 2014] Palestra Técnica - Oliver Narr
[CLASS 2014] Palestra Técnica - Oliver Narr
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
 
Protecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber AttacksProtecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber Attacks
 
Cyber security of power grid
Cyber security of power gridCyber security of power grid
Cyber security of power grid
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security Solutions
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
 

Similar to 10. industrial networks safety and security tom hammond

Industrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphyIndustrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphy
PROFIBUS and PROFINET InternationaI - PI UK
 
Cybridge Secure Content Filter for SCADA Networks
Cybridge Secure Content Filter for SCADA NetworksCybridge Secure Content Filter for SCADA Networks
Cybridge Secure Content Filter for SCADA Networks
George Wainblat
 
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
TI Safe
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinet
Ivan Carmona
 
Reports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityReports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber Security
A. V. Rajabahadur
 
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.ppt
DelforChacnCornejo
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
Patricia M Watson
 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance
EnergyTech2015
 
Tonight, March 5th – Class 7 (last class) your test” on ICS.docx
Tonight, March 5th – Class 7 (last class) your test” on ICS.docxTonight, March 5th – Class 7 (last class) your test” on ICS.docx
Tonight, March 5th – Class 7 (last class) your test” on ICS.docx
turveycharlyn
 
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
TI Safe
 
IBMS IN HIGH RISE BUILDINGS (HVAC AND LIGHTING) COST OPTIMIZATION
IBMS IN HIGH RISE BUILDINGS (HVAC AND LIGHTING) COST OPTIMIZATIONIBMS IN HIGH RISE BUILDINGS (HVAC AND LIGHTING) COST OPTIMIZATION
IBMS IN HIGH RISE BUILDINGS (HVAC AND LIGHTING) COST OPTIMIZATION
IRJET Journal
 
Industrial Security.pdf
Industrial Security.pdfIndustrial Security.pdf
Industrial Security.pdf
AhmedRKhan
 
Deep Dive into Operational Technology Security - USCSI®.pdf
Deep Dive into Operational Technology Security - USCSI®.pdfDeep Dive into Operational Technology Security - USCSI®.pdf
Deep Dive into Operational Technology Security - USCSI®.pdf
United States Cybersecurity Institute (USCSI®)
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power Utilities
Nir Cohen
 
CyCron 2016
CyCron 2016CyCron 2016
CyCron 2016
Cruxcreative
 
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprIsaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Ulf Mattsson
 
IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED-V2I2P15
IJSRED-V2I2P15
IJSRED
 
InTech-FOCUS-Process-Safety-Sept2020.pdf
InTech-FOCUS-Process-Safety-Sept2020.pdfInTech-FOCUS-Process-Safety-Sept2020.pdf
InTech-FOCUS-Process-Safety-Sept2020.pdf
glan Glandeva
 
The art of securing microgrid control systems
The art of securing microgrid control systemsThe art of securing microgrid control systems
The art of securing microgrid control systems
Jim Dodenhoff
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & Frameworks
Priyanka Aash
 

Similar to 10. industrial networks safety and security tom hammond (20)

Industrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphyIndustrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphy
 
Cybridge Secure Content Filter for SCADA Networks
Cybridge Secure Content Filter for SCADA NetworksCybridge Secure Content Filter for SCADA Networks
Cybridge Secure Content Filter for SCADA Networks
 
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinet
 
Reports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityReports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber Security
 
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.ppt
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance
 
Tonight, March 5th – Class 7 (last class) your test” on ICS.docx
Tonight, March 5th – Class 7 (last class) your test” on ICS.docxTonight, March 5th – Class 7 (last class) your test” on ICS.docx
Tonight, March 5th – Class 7 (last class) your test” on ICS.docx
 
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
 
IBMS IN HIGH RISE BUILDINGS (HVAC AND LIGHTING) COST OPTIMIZATION
IBMS IN HIGH RISE BUILDINGS (HVAC AND LIGHTING) COST OPTIMIZATIONIBMS IN HIGH RISE BUILDINGS (HVAC AND LIGHTING) COST OPTIMIZATION
IBMS IN HIGH RISE BUILDINGS (HVAC AND LIGHTING) COST OPTIMIZATION
 
Industrial Security.pdf
Industrial Security.pdfIndustrial Security.pdf
Industrial Security.pdf
 
Deep Dive into Operational Technology Security - USCSI®.pdf
Deep Dive into Operational Technology Security - USCSI®.pdfDeep Dive into Operational Technology Security - USCSI®.pdf
Deep Dive into Operational Technology Security - USCSI®.pdf
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power Utilities
 
CyCron 2016
CyCron 2016CyCron 2016
CyCron 2016
 
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprIsaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
 
IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED-V2I2P15
IJSRED-V2I2P15
 
InTech-FOCUS-Process-Safety-Sept2020.pdf
InTech-FOCUS-Process-Safety-Sept2020.pdfInTech-FOCUS-Process-Safety-Sept2020.pdf
InTech-FOCUS-Process-Safety-Sept2020.pdf
 
The art of securing microgrid control systems
The art of securing microgrid control systemsThe art of securing microgrid control systems
The art of securing microgrid control systems
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & Frameworks
 

More from PROFIBUS and PROFINET InternationaI - PI UK

11. PI_Ford_Dunton_IOLINK_Safety.pdf
11. PI_Ford_Dunton_IOLINK_Safety.pdf11. PI_Ford_Dunton_IOLINK_Safety.pdf
11. PI_Ford_Dunton_IOLINK_Safety.pdf
PROFIBUS and PROFINET InternationaI - PI UK
 
7. Ford_Dunton_TSN_CRM.pdf
7. Ford_Dunton_TSN_CRM.pdf7. Ford_Dunton_TSN_CRM.pdf
7. Ford_Dunton_TSN_CRM.pdf
PROFIBUS and PROFINET InternationaI - PI UK
 
6. SRCI Profibus International v2.pdf
6. SRCI Profibus International v2.pdf6. SRCI Profibus International v2.pdf
6. SRCI Profibus International v2.pdf
PROFIBUS and PROFINET InternationaI - PI UK
 
13. CEMA - AUTOMOTIVE.pdf
13. CEMA - AUTOMOTIVE.pdf13. CEMA - AUTOMOTIVE.pdf
13. CEMA - AUTOMOTIVE.pdf
PROFIBUS and PROFINET InternationaI - PI UK
 
12. PI_OPC_UK.pdf
12. PI_OPC_UK.pdf12. PI_OPC_UK.pdf
12. PI_OPC_UK.pdf
PROFIBUS and PROFINET InternationaI - PI UK
 
4. APL PI Presentation 2023.pdf
4. APL PI Presentation 2023.pdf4. APL PI Presentation 2023.pdf
4. APL PI Presentation 2023.pdf
PROFIBUS and PROFINET InternationaI - PI UK
 
10. PI_Dunton - OT Security.pdf
10. PI_Dunton - OT Security.pdf10. PI_Dunton - OT Security.pdf
10. PI_Dunton - OT Security.pdf
PROFIBUS and PROFINET InternationaI - PI UK
 
9. PA DIM presentation.pdf
9. PA DIM presentation.pdf9. PA DIM presentation.pdf
9. PA DIM presentation.pdf
PROFIBUS and PROFINET InternationaI - PI UK
 
3. Ford Dunton Mark Freeman.pdf
3. Ford Dunton Mark Freeman.pdf3. Ford Dunton Mark Freeman.pdf
3. Ford Dunton Mark Freeman.pdf
PROFIBUS and PROFINET InternationaI - PI UK
 
2. Ford_Dunton_Introductions_CRM.pdf
2. Ford_Dunton_Introductions_CRM.pdf2. Ford_Dunton_Introductions_CRM.pdf
2. Ford_Dunton_Introductions_CRM.pdf
PROFIBUS and PROFINET InternationaI - PI UK
 
PI UK Seminar (Nov 2021) - Online Certified Training Courses
PI UK Seminar (Nov 2021) - Online Certified Training CoursesPI UK Seminar (Nov 2021) - Online Certified Training Courses
PI UK Seminar (Nov 2021) - Online Certified Training Courses
PROFIBUS and PROFINET InternationaI - PI UK
 
PI UK Seminar (Nov 2021) - PROFINET Implementation and Testing
PI UK Seminar (Nov 2021) - PROFINET Implementation and TestingPI UK Seminar (Nov 2021) - PROFINET Implementation and Testing
PI UK Seminar (Nov 2021) - PROFINET Implementation and Testing
PROFIBUS and PROFINET InternationaI - PI UK
 
PI UK Seminar (Nov 2021) - PROFINET Design Basics
PI UK Seminar (Nov 2021) - PROFINET Design BasicsPI UK Seminar (Nov 2021) - PROFINET Design Basics
PI UK Seminar (Nov 2021) - PROFINET Design Basics
PROFIBUS and PROFINET InternationaI - PI UK
 
PI UK Seminar (Nov 2021) - PROFINET Gateways
PI UK Seminar (Nov 2021) - PROFINET GatewaysPI UK Seminar (Nov 2021) - PROFINET Gateways
PI UK Seminar (Nov 2021) - PROFINET Gateways
PROFIBUS and PROFINET InternationaI - PI UK
 
PI UK Seminar (Nov 2021) - PROFIBUS and PROFINET Device Configuration
PI UK Seminar (Nov 2021) - PROFIBUS and PROFINET Device ConfigurationPI UK Seminar (Nov 2021) - PROFIBUS and PROFINET Device Configuration
PI UK Seminar (Nov 2021) - PROFIBUS and PROFINET Device Configuration
PROFIBUS and PROFINET InternationaI - PI UK
 
PI UK Seminar (Nov 2021) - PROFINET of Things
PI UK Seminar (Nov 2021) - PROFINET of ThingsPI UK Seminar (Nov 2021) - PROFINET of Things
PI UK Seminar (Nov 2021) - PROFINET of Things
PROFIBUS and PROFINET InternationaI - PI UK
 
PI UK Seminar (Nov 2021) - Update on APL
PI UK Seminar (Nov 2021) - Update on APLPI UK Seminar (Nov 2021) - Update on APL
PI UK Seminar (Nov 2021) - Update on APL
PROFIBUS and PROFINET InternationaI - PI UK
 
PROFINET to PROFIBUS gateways - Peter Thomas - 03 june 2020
PROFINET to PROFIBUS gateways - Peter Thomas - 03 june 2020PROFINET to PROFIBUS gateways - Peter Thomas - 03 june 2020
PROFINET to PROFIBUS gateways - Peter Thomas - 03 june 2020
PROFIBUS and PROFINET InternationaI - PI UK
 
PROFIBUS lightning surge protection - Peter Thomas, CSL - 10 june 2020
PROFIBUS lightning surge protection - Peter Thomas, CSL - 10 june 2020 PROFIBUS lightning surge protection - Peter Thomas, CSL - 10 june 2020
PROFIBUS lightning surge protection - Peter Thomas, CSL - 10 june 2020
PROFIBUS and PROFINET InternationaI - PI UK
 
PROFINET network diagnostics and support - May 2020 - Peter Thomas
PROFINET network diagnostics and support - May 2020 - Peter ThomasPROFINET network diagnostics and support - May 2020 - Peter Thomas
PROFINET network diagnostics and support - May 2020 - Peter Thomas
PROFIBUS and PROFINET InternationaI - PI UK
 

More from PROFIBUS and PROFINET InternationaI - PI UK (20)

11. PI_Ford_Dunton_IOLINK_Safety.pdf
11. PI_Ford_Dunton_IOLINK_Safety.pdf11. PI_Ford_Dunton_IOLINK_Safety.pdf
11. PI_Ford_Dunton_IOLINK_Safety.pdf
 
7. Ford_Dunton_TSN_CRM.pdf
7. Ford_Dunton_TSN_CRM.pdf7. Ford_Dunton_TSN_CRM.pdf
7. Ford_Dunton_TSN_CRM.pdf
 
6. SRCI Profibus International v2.pdf
6. SRCI Profibus International v2.pdf6. SRCI Profibus International v2.pdf
6. SRCI Profibus International v2.pdf
 
13. CEMA - AUTOMOTIVE.pdf
13. CEMA - AUTOMOTIVE.pdf13. CEMA - AUTOMOTIVE.pdf
13. CEMA - AUTOMOTIVE.pdf
 
12. PI_OPC_UK.pdf
12. PI_OPC_UK.pdf12. PI_OPC_UK.pdf
12. PI_OPC_UK.pdf
 
4. APL PI Presentation 2023.pdf
4. APL PI Presentation 2023.pdf4. APL PI Presentation 2023.pdf
4. APL PI Presentation 2023.pdf
 
10. PI_Dunton - OT Security.pdf
10. PI_Dunton - OT Security.pdf10. PI_Dunton - OT Security.pdf
10. PI_Dunton - OT Security.pdf
 
9. PA DIM presentation.pdf
9. PA DIM presentation.pdf9. PA DIM presentation.pdf
9. PA DIM presentation.pdf
 
3. Ford Dunton Mark Freeman.pdf
3. Ford Dunton Mark Freeman.pdf3. Ford Dunton Mark Freeman.pdf
3. Ford Dunton Mark Freeman.pdf
 
2. Ford_Dunton_Introductions_CRM.pdf
2. Ford_Dunton_Introductions_CRM.pdf2. Ford_Dunton_Introductions_CRM.pdf
2. Ford_Dunton_Introductions_CRM.pdf
 
PI UK Seminar (Nov 2021) - Online Certified Training Courses
PI UK Seminar (Nov 2021) - Online Certified Training CoursesPI UK Seminar (Nov 2021) - Online Certified Training Courses
PI UK Seminar (Nov 2021) - Online Certified Training Courses
 
PI UK Seminar (Nov 2021) - PROFINET Implementation and Testing
PI UK Seminar (Nov 2021) - PROFINET Implementation and TestingPI UK Seminar (Nov 2021) - PROFINET Implementation and Testing
PI UK Seminar (Nov 2021) - PROFINET Implementation and Testing
 
PI UK Seminar (Nov 2021) - PROFINET Design Basics
PI UK Seminar (Nov 2021) - PROFINET Design BasicsPI UK Seminar (Nov 2021) - PROFINET Design Basics
PI UK Seminar (Nov 2021) - PROFINET Design Basics
 
PI UK Seminar (Nov 2021) - PROFINET Gateways
PI UK Seminar (Nov 2021) - PROFINET GatewaysPI UK Seminar (Nov 2021) - PROFINET Gateways
PI UK Seminar (Nov 2021) - PROFINET Gateways
 
PI UK Seminar (Nov 2021) - PROFIBUS and PROFINET Device Configuration
PI UK Seminar (Nov 2021) - PROFIBUS and PROFINET Device ConfigurationPI UK Seminar (Nov 2021) - PROFIBUS and PROFINET Device Configuration
PI UK Seminar (Nov 2021) - PROFIBUS and PROFINET Device Configuration
 
PI UK Seminar (Nov 2021) - PROFINET of Things
PI UK Seminar (Nov 2021) - PROFINET of ThingsPI UK Seminar (Nov 2021) - PROFINET of Things
PI UK Seminar (Nov 2021) - PROFINET of Things
 
PI UK Seminar (Nov 2021) - Update on APL
PI UK Seminar (Nov 2021) - Update on APLPI UK Seminar (Nov 2021) - Update on APL
PI UK Seminar (Nov 2021) - Update on APL
 
PROFINET to PROFIBUS gateways - Peter Thomas - 03 june 2020
PROFINET to PROFIBUS gateways - Peter Thomas - 03 june 2020PROFINET to PROFIBUS gateways - Peter Thomas - 03 june 2020
PROFINET to PROFIBUS gateways - Peter Thomas - 03 june 2020
 
PROFIBUS lightning surge protection - Peter Thomas, CSL - 10 june 2020
PROFIBUS lightning surge protection - Peter Thomas, CSL - 10 june 2020 PROFIBUS lightning surge protection - Peter Thomas, CSL - 10 june 2020
PROFIBUS lightning surge protection - Peter Thomas, CSL - 10 june 2020
 
PROFINET network diagnostics and support - May 2020 - Peter Thomas
PROFINET network diagnostics and support - May 2020 - Peter ThomasPROFINET network diagnostics and support - May 2020 - Peter Thomas
PROFINET network diagnostics and support - May 2020 - Peter Thomas
 

Recently uploaded

Trends in Computer Aided Design and MFG.
Trends in Computer Aided Design and MFG.Trends in Computer Aided Design and MFG.
Trends in Computer Aided Design and MFG.
Tool and Die Tech
 
Understanding Cybersecurity Breaches: Causes, Consequences, and Prevention
Understanding Cybersecurity Breaches: Causes, Consequences, and PreventionUnderstanding Cybersecurity Breaches: Causes, Consequences, and Prevention
Understanding Cybersecurity Breaches: Causes, Consequences, and Prevention
Bert Blevins
 
OCS Training - Rig Equipment Inspection - Advanced 5 Days_IADC.pdf
OCS Training - Rig Equipment Inspection - Advanced 5 Days_IADC.pdfOCS Training - Rig Equipment Inspection - Advanced 5 Days_IADC.pdf
OCS Training - Rig Equipment Inspection - Advanced 5 Days_IADC.pdf
Muanisa Waras
 
Unit 1 Information Storage and Retrieval
Unit 1 Information Storage and RetrievalUnit 1 Information Storage and Retrieval
Unit 1 Information Storage and Retrieval
KishorMahale5
 
GUIA_LEGAL_CHAPTER-9_COLOMBIAN ELECTRICITY (1).pdf
GUIA_LEGAL_CHAPTER-9_COLOMBIAN ELECTRICITY (1).pdfGUIA_LEGAL_CHAPTER-9_COLOMBIAN ELECTRICITY (1).pdf
GUIA_LEGAL_CHAPTER-9_COLOMBIAN ELECTRICITY (1).pdf
ProexportColombia1
 
Lecture 6 - The effect of Corona effect in Power systems.pdf
Lecture 6 - The effect of Corona effect in Power systems.pdfLecture 6 - The effect of Corona effect in Power systems.pdf
Lecture 6 - The effect of Corona effect in Power systems.pdf
peacekipu
 
Rotary Intersection in traffic engineering.pptx
Rotary Intersection in traffic engineering.pptxRotary Intersection in traffic engineering.pptx
Rotary Intersection in traffic engineering.pptx
surekha1287
 
Evento anual Splunk .conf24 Highlights recap
Evento anual Splunk .conf24 Highlights recapEvento anual Splunk .conf24 Highlights recap
Evento anual Splunk .conf24 Highlights recap
Rafael Santos
 
LeetCode Database problems solved using PySpark.pdf
LeetCode Database problems solved using PySpark.pdfLeetCode Database problems solved using PySpark.pdf
LeetCode Database problems solved using PySpark.pdf
pavanaroshni1977
 
IWISS Catalog 2024
IWISS Catalog 2024IWISS Catalog 2024
IWISS Catalog 2024
Iwiss Tools Co.,Ltd
 
Biology for computer science BBOC407 vtu
Biology for computer science BBOC407 vtuBiology for computer science BBOC407 vtu
Biology for computer science BBOC407 vtu
santoshpatilrao33
 
Quadcopter Dynamics, Stability and Control
Quadcopter Dynamics, Stability and ControlQuadcopter Dynamics, Stability and Control
Quadcopter Dynamics, Stability and Control
Blesson Easo Varghese
 
Software Engineering and Project Management - Introduction to Project Management
Software Engineering and Project Management - Introduction to Project ManagementSoftware Engineering and Project Management - Introduction to Project Management
Software Engineering and Project Management - Introduction to Project Management
Prakhyath Rai
 
MSBTE K Scheme MSBTE K Scheme MSBTE K Scheme MSBTE K Scheme
MSBTE K Scheme MSBTE K Scheme MSBTE K Scheme MSBTE K SchemeMSBTE K Scheme MSBTE K Scheme MSBTE K Scheme MSBTE K Scheme
MSBTE K Scheme MSBTE K Scheme MSBTE K Scheme MSBTE K Scheme
Anwar Patel
 
Paharganj @ℂall @Girls ꧁❤ 9873777170 ❤꧂VIP Arti Singh Top Model Safe
Paharganj @ℂall @Girls ꧁❤ 9873777170 ❤꧂VIP Arti Singh Top Model SafePaharganj @ℂall @Girls ꧁❤ 9873777170 ❤꧂VIP Arti Singh Top Model Safe
Paharganj @ℂall @Girls ꧁❤ 9873777170 ❤꧂VIP Arti Singh Top Model Safe
aarusi sexy model
 
Unblocking The Main Thread - Solving ANRs and Frozen Frames
Unblocking The Main Thread - Solving ANRs and Frozen FramesUnblocking The Main Thread - Solving ANRs and Frozen Frames
Unblocking The Main Thread - Solving ANRs and Frozen Frames
Sinan KOZAK
 
kiln burning and kiln burner system for clinker
kiln burning and kiln burner system for clinkerkiln burning and kiln burner system for clinker
kiln burning and kiln burner system for clinker
hamedmustafa094
 
Lecture 3 Biomass energy...............ppt
Lecture 3 Biomass energy...............pptLecture 3 Biomass energy...............ppt
Lecture 3 Biomass energy...............ppt
RujanTimsina1
 
Online music portal management system project report.pdf
Online music portal management system project report.pdfOnline music portal management system project report.pdf
Online music portal management system project report.pdf
Kamal Acharya
 
1239_2.pdf IS CODE FOR GI PIPE FOR PROCUREMENT
1239_2.pdf IS CODE FOR GI PIPE FOR PROCUREMENT1239_2.pdf IS CODE FOR GI PIPE FOR PROCUREMENT
1239_2.pdf IS CODE FOR GI PIPE FOR PROCUREMENT
Mani Krishna Sarkar
 

Recently uploaded (20)

Trends in Computer Aided Design and MFG.
Trends in Computer Aided Design and MFG.Trends in Computer Aided Design and MFG.
Trends in Computer Aided Design and MFG.
 
Understanding Cybersecurity Breaches: Causes, Consequences, and Prevention
Understanding Cybersecurity Breaches: Causes, Consequences, and PreventionUnderstanding Cybersecurity Breaches: Causes, Consequences, and Prevention
Understanding Cybersecurity Breaches: Causes, Consequences, and Prevention
 
OCS Training - Rig Equipment Inspection - Advanced 5 Days_IADC.pdf
OCS Training - Rig Equipment Inspection - Advanced 5 Days_IADC.pdfOCS Training - Rig Equipment Inspection - Advanced 5 Days_IADC.pdf
OCS Training - Rig Equipment Inspection - Advanced 5 Days_IADC.pdf
 
Unit 1 Information Storage and Retrieval
Unit 1 Information Storage and RetrievalUnit 1 Information Storage and Retrieval
Unit 1 Information Storage and Retrieval
 
GUIA_LEGAL_CHAPTER-9_COLOMBIAN ELECTRICITY (1).pdf
GUIA_LEGAL_CHAPTER-9_COLOMBIAN ELECTRICITY (1).pdfGUIA_LEGAL_CHAPTER-9_COLOMBIAN ELECTRICITY (1).pdf
GUIA_LEGAL_CHAPTER-9_COLOMBIAN ELECTRICITY (1).pdf
 
Lecture 6 - The effect of Corona effect in Power systems.pdf
Lecture 6 - The effect of Corona effect in Power systems.pdfLecture 6 - The effect of Corona effect in Power systems.pdf
Lecture 6 - The effect of Corona effect in Power systems.pdf
 
Rotary Intersection in traffic engineering.pptx
Rotary Intersection in traffic engineering.pptxRotary Intersection in traffic engineering.pptx
Rotary Intersection in traffic engineering.pptx
 
Evento anual Splunk .conf24 Highlights recap
Evento anual Splunk .conf24 Highlights recapEvento anual Splunk .conf24 Highlights recap
Evento anual Splunk .conf24 Highlights recap
 
LeetCode Database problems solved using PySpark.pdf
LeetCode Database problems solved using PySpark.pdfLeetCode Database problems solved using PySpark.pdf
LeetCode Database problems solved using PySpark.pdf
 
IWISS Catalog 2024
IWISS Catalog 2024IWISS Catalog 2024
IWISS Catalog 2024
 
Biology for computer science BBOC407 vtu
Biology for computer science BBOC407 vtuBiology for computer science BBOC407 vtu
Biology for computer science BBOC407 vtu
 
Quadcopter Dynamics, Stability and Control
Quadcopter Dynamics, Stability and ControlQuadcopter Dynamics, Stability and Control
Quadcopter Dynamics, Stability and Control
 
Software Engineering and Project Management - Introduction to Project Management
Software Engineering and Project Management - Introduction to Project ManagementSoftware Engineering and Project Management - Introduction to Project Management
Software Engineering and Project Management - Introduction to Project Management
 
MSBTE K Scheme MSBTE K Scheme MSBTE K Scheme MSBTE K Scheme
MSBTE K Scheme MSBTE K Scheme MSBTE K Scheme MSBTE K SchemeMSBTE K Scheme MSBTE K Scheme MSBTE K Scheme MSBTE K Scheme
MSBTE K Scheme MSBTE K Scheme MSBTE K Scheme MSBTE K Scheme
 
Paharganj @ℂall @Girls ꧁❤ 9873777170 ❤꧂VIP Arti Singh Top Model Safe
Paharganj @ℂall @Girls ꧁❤ 9873777170 ❤꧂VIP Arti Singh Top Model SafePaharganj @ℂall @Girls ꧁❤ 9873777170 ❤꧂VIP Arti Singh Top Model Safe
Paharganj @ℂall @Girls ꧁❤ 9873777170 ❤꧂VIP Arti Singh Top Model Safe
 
Unblocking The Main Thread - Solving ANRs and Frozen Frames
Unblocking The Main Thread - Solving ANRs and Frozen FramesUnblocking The Main Thread - Solving ANRs and Frozen Frames
Unblocking The Main Thread - Solving ANRs and Frozen Frames
 
kiln burning and kiln burner system for clinker
kiln burning and kiln burner system for clinkerkiln burning and kiln burner system for clinker
kiln burning and kiln burner system for clinker
 
Lecture 3 Biomass energy...............ppt
Lecture 3 Biomass energy...............pptLecture 3 Biomass energy...............ppt
Lecture 3 Biomass energy...............ppt
 
Online music portal management system project report.pdf
Online music portal management system project report.pdfOnline music portal management system project report.pdf
Online music portal management system project report.pdf
 
1239_2.pdf IS CODE FOR GI PIPE FOR PROCUREMENT
1239_2.pdf IS CODE FOR GI PIPE FOR PROCUREMENT1239_2.pdf IS CODE FOR GI PIPE FOR PROCUREMENT
1239_2.pdf IS CODE FOR GI PIPE FOR PROCUREMENT
 

10. industrial networks safety and security tom hammond

  • 1. siemens.com/plant-security-servicesUnrestricted/ © Siemens AG 2016 Safety & Security In Industrial Control Systems Plant Security Services
  • 2. Unrestricted © Siemens AG 2016 19.7.2017Page 2 Mark McCormick /Plant Security Services (Digital Factory) Why Cyber security is an issue for SIS The drivers for Industrial Automation also apply for Safety Instrumented Systems • Open standards • PC-based systems • COTS equipment • Horizontal and vertical integration • IT & OT more connected Other SIS challenges • Integration of Control and Safety • Most systems programmable • Safety Systems are low demand mode • Aging installed base Information technologies are used in industrial automation Increased security threats demand action •Sabotage of the Process Plant Safety Systems •Manipulation of data or application software •Loss of Operator Interface •Loss of Safety Function •Spurious trips •Failure of BPCS maybe initiating event •Common mode failures BPCS and SIS •Compliance with standards and regulations is required
  • 3. Unrestricted © Siemens AG 2016 19.7.2017Page 3 Mark McCormick /Plant Security Services (Digital Factory) ICS Attack surface is growing Challenges: Increasing vulnerability, high connectivity. Introduction of malware via removable media and external hardware Human error and sabotage Intrusion via remote access Control components connected to the Internet Compromising of smartphones in the production environment Compromising of extranet and cloud components Malware infection via the Internet and Intranet (Distributed) denial-of- service ((D)DOS) attacks Technical malfunctions Source © BSI analysis on cyber security 2016, German Federal Office for Information Security Social engineering and phishing
  • 4. Unrestricted © Siemens AG 2016 19.7.2017Page 4 Mark McCormick /Plant Security Services (Digital Factory) Source © BSI analysis on cyber security 2016, German Federal Office for Information Security Most critical threats to ICS
  • 5. Unrestricted © Siemens AG 2016 19.7.2017Page 5 Mark McCormick /Plant Security Services (Digital Factory) Similarities • Defense in Depth • Lifecycle approach • Stakeholders • Requirement for FSM / SM • Ongoing monitoring needed • Terminology of SIL and SL Differences • Focus (internal v. external) • Maturity of standards • Level of adoption • Willingness to share learning • Assessment of risk “Freedom from unacceptable risk of physical injury or of damage to the health of people, either directly or indirectly as a result of damage to property or to the environment.” IEC 61508-4 “Prevention of illegal or unwanted penetration of or interference with the proper and intended operation of an industrial automation and control system” IEC 62443-1-1 Safety Security Comparison of Safety and Security
  • 6. Unrestricted © Siemens AG 2016 19.7.2017Page 6 Mark McCormick /Plant Security Services (Digital Factory) References to Security from Safety standards IEC 61508-1 Edition 2 7.4.2.3 The hazards, hazardous events and hazardous situations of the EUC and the EUC control system shall be determined under all reasonably foreseeable circumstances (including fault conditions, reasonably foreseeable misuse and malevolent or unauthorised action). This shall include all relevant human factor issues, and shall give particular attention to abnormal or infrequent modes of operation of the EUC. If the hazard analysis identifies that malevolent or unauthorized action, constituting a security threat, as being reasonably foreseeable, then a security threats analysis should be carried out. IEC 61511-1 Edition 2 8.2.4 A security risk assessment shall be carried out to identify the security vulnerabilities of the SIS. NOTE 1: Guidance related to SIS security is provided in ISA TR84.00.09, ISO/IEC 27001:2013, and IEC 62443-2-1:2010. 11.2.12 The design of the SIS shall be such that it provides the necessary resilience against the identified security risks (see 8.2.4).
  • 7. Unrestricted © Siemens AG 2016 19.7.2017Page 7 Mark McCormick /Plant Security Services (Digital Factory) Security Standards NIST 800-82, 800-30, 800-53 ISA 99 ISA/IEC 62443 NERC-CIP 4 ISO 27032 NIS (Network Information & Security Directive) 2017 UK Government will introduce guidance for CNI companies. WIB M2784 ISO 27002 ISO 27001
  • 8. Unrestricted © Siemens AG 2016 19.7.2017Page 8 Mark McCormick /Plant Security Services (Digital Factory) IEC62443 Framework
  • 9. Unrestricted © Siemens AG 2016 19.7.2017Page 9 Mark McCormick /Plant Security Services (Digital Factory) The parties involved in an IACS
  • 10. Unrestricted © Siemens AG 2016 19.7.2017Page 10 Mark McCormick /Plant Security Services (Digital Factory) SL 4 Capability to protect against intentional violation using sophisticated means with extended resources, IACS specific skills and high motivation SL 3 Capability to protect against intentional violation using sophisticated means with moderate resources, IACS specific skills and moderate motivation Capability to protect against casual or coincidental violation Capability to protect against intentional violation using simple means with low resources, generic skills and low motivationSL 2 SL 1 Protection Levels cover security functionalities and processes Protection Levels Assessment of security functionalities ML 4 Optimized - Process measured, controlled and continuously improved ML 3 Defined - Process characterized, proactive deployment Initial - Process unpredictable, poorly controlled and reactive. Managed - Process characterized , reactiveML 2 ML 1 Assessment of security processes 4 3 2 1 MaturityLevel 2 3 41 Security Level PL 2 Protection against intentional violation using simple means with low resources, generic skills and low motivation Protection against intentional violation using sophisticated means with extended resources, IACS specific skills and high motivation Protection against intentional violation using sophisticated means with moderate resources, IACS specific skills and moderate motivationPL 3 PL 4 PL 1 Protection against casual or coincidental violation
  • 11. Unrestricted © Siemens AG 2016 19.7.2017Page 11 Mark McCormick /Plant Security Services (Digital Factory) IEC 62443 Assessment Phased project approach based on IEC 62443-3-3 tool with following Foundational Requirements • FR 1 Identification and Access Control • FR 2 Use Control • FR 3 System Integrity • FR 4 Data Confidentiality • FR 5 Restrict Data Flow • FR 6 Timely Response to Events • FR 7 Resource Availability ASSESS IMPLEMENT MANAGE Questionnaire Result spider diagram Result chart bar
  • 12. Unrestricted © Siemens AG 2016 19.7.2017Page 12 Mark McCormick /Plant Security Services (Digital Factory) Assessing ICS against IEC62443 Each FR contains several SRs (System Requirements) with harder control measures as the target SL increase SL1-SL4. Level 1 SR 5.1 Network segmentation The automation solution or IT infrastructure shall realize the capability and the operating organization shall use the capability to logically segment automation solution or IT infrastructure networks from non-automation solution or IT infrastructure networks and to logically segment critical automation solution or IT infrastructure networks from other automation solution or IT infrastructure networks. Level 2 SR 5.1 RE 1 Physically network segmentation The automation solution or IT infrastructure shall realize the capability and the operating organization shall use the capability to physically segment automation solution or IT infrastructure networks from non-automation solution or IT infrastructure networks and to physically segment critical automation solution or IT infrastructure networks from non-critical automation solution or IT infrastructure networks. Level 3 SR 5.1 RE 2 Independence from non-control system networks The automation solution or IT infrastructure shall have the capability to provide network services to automation solution or IT infrastructure networks, critical or otherwise, without a connection to non-automation solution or IT infrastructure networks. Level 4 SR 5.1 RE 3 Logical and physical isolation of critical networks The automation solution or IT infrastructure shall realize the capability and the operating organization shall use the capability to logically and physically isolate critical automation solution or IT infrastructure networks from non-critical automation solution or IT infrastructure networks. FR 5 Restrict Data Flow
  • 13. Unrestricted © Siemens AG 2016 19.7.2017Page 13 Mark McCormick /Plant Security Services (Digital Factory) Safety & Security ISA84 WG9 – Annex A - Example SIS Interfaces to the Enterprise Network Air-gapped In this design, the SIS is both logically and physically isolated from communicating with the rest of the zones. Discrete Interfaced SIS and BPCS are still connected using discrete wiring, but they now include a direct point-to-point communication connection. Integrated 2 zone the BPCS and SIS systems are fully integrated and provide direct, real-time communication between the systems. Integrated 1 zone The SIS and BPCS systems are integrated providing greater communication between those systems and higher-level systems.
  • 14. Unrestricted © Siemens AG 2016 19.7.2017Page 14 Mark McCormick /Plant Security Services (Digital Factory) HSE Operational guide (OG86) • Covers risk identification, and its management including design, maintenance, operation, management systems and competency of staff. • Forms part of the HSE’s EC&I operational delivery guide consistent with other similar operational guides. The following guiding principles were used in producing the guidance: • Protect, detect and respond. It is important to be able to detect possible attacks and respond in an appropriate and timely manner in order to minimize the impacts. • Defence in depth. No single security countermeasure provides absolute protection as new threats and vulnerabilities can be identified at any time. To reduce these risks, implementing multiple protection measures in series avoids single point failures. • Technical, procedural and managerial protection measures. Technology is insufficient on its own to provide robust levels of protection. HSE Operational Guide
  • 15. Unrestricted © Siemens AG 2016 19.7.2017Page 15 Mark McCormick /Plant Security Services (Digital Factory) Industrial Security The defense in depth concept* provides comprehensive protection Physical access protection to the plant and critical systems + Components with integrated security functions. +Endpoint security: e.g Whitelisting, patching, FW updates, authentication. + Security management for processes and technical measures + Protection of the plant/machine network through segmentation + * based on IEC 62443 Secure remote access via Internet or mobile networks to the plant +
  • 16. Unrestricted © Siemens AG 2016 19.7.2017Page 16 Mark McCormick /Plant Security Services (Digital Factory) Industrial Security Monitoring Cyber Security Operations Center for a continuous & proactive protection 0100010101100011001010011101001010010001 Cyber Security Operation Center 101101011001110101 00100010101100011001010011101001010010001 Discrete Manufacturing Process Industries Security Correlation and Management Security Information Collector 101101011001110101 Security Information Collector !
  • 17. Unrestricted © Siemens AG 2016 19.7.2017Page 17 Mark McCormick /Plant Security Services (Digital Factory) Industrial Security Monitoring Most important supported devices OPERATING SYSTEMS Windows XP to Windows 8 Windows Server 2003 to 2012 Linux/UNIX systems NETWORK DEVICES Automation Firewall SCALANCE S, M and X 3rd Party (NG and Application Layer FWs, IDS/IPS, Switches) INDUSTRIAL CONTROL SYSTEMS SIMATIC S7 with specific application DB SIMATIC CP with Security Integrated SINUMERIK PCU SOFTWARE AND SECURITY APPLICATIONS McAfee ePO TrendMicro Symantec
  • 18. Unrestricted © Siemens AG 2016 19.7.2017Page 18 Mark McCormick /Plant Security Services (Digital Factory) Siemens UK Plant Security Services Tom Hammond Industrial IT Product Manager siemens.com/plant-security-services Contact
  • 19. Unrestricted © Siemens AG 2016 19.7.2017Page 19 Mark McCormick /Plant Security Services (Digital Factory) Security Information Siemens provides products and solutions with industrial security functions that support the secure operation of plants, systems, machines and networks. In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial security concept. Siemens’ products and solutions only form one element of such a concept. Customer is responsible to prevent unauthorized access to its plants, systems, machines and networks. Systems, machines and components should only be connected to the enterprise network or the internet if and to the extent necessary and with appropriate security measures (e.g. use of firewalls and network segmentation) in place. Additionally, Siemens’ guidance on appropriate security measures should be taken into account. For more information about industrial security, please visit http://www.siemens.com/industrialsecurity. Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly recommends to apply product updates as soon as available and to always use the latest product versions. Use of product versions that are no longer supported, and failure to apply latest updates may increase customer’s exposure to cyber threats. To stay informed about product updates, subscribe to the Siemens Industrial Security RSS Feed under http://www.siemens.com/industrialsecurity.
  • 20. Unrestricted © Siemens AG 2016 19.7.2017Page 20 Mark McCormick /Plant Security Services (Digital Factory) Security Services and further guidance
  • 21. Unrestricted © Siemens AG 2016 19.7.2017Page 21 Mark McCormick /Plant Security Services (Digital Factory) Plant Security Services Comprehensive, Modular and Scalable Portfolio Intel Security inside • IEC 62443 Assessment • ISO 27001 Assessment • SIMATIC PCS 7 & WinCC Assessment • Risk & Vulnerability Assessment • Security Awareness Training • Security Policy Consulting • Network Security Consulting • Perimeter Firewall Installation • Clean Slate Validation • Anti Virus Installation • Whitelisting Installation • System Backup • Windows Patch Installation • Industrial Security Monitoring • Remote Incident Handling • Perimeter Firewall Management • Anti Virus Management • Whitelisting Management • Patch & Vulnerability Management
  • 22. Unrestricted © Siemens AG 2016 19.7.2017Page 22 Mark McCormick /Plant Security Services (Digital Factory) Best Practice Lots of advice and guidance provided in the form of manuals, whitepapers.
  • 23. Unrestricted © Siemens AG 2016 19.7.2017Page 23 Mark McCormick /Plant Security Services (Digital Factory) Guidance National Cyber Security Centre CPNI
  • 24. Unrestricted © Siemens AG 2016 19.7.2017Page 24 Mark McCormick /Plant Security Services (Digital Factory) Other Useful Guidance • The Centre for the Protection of National Infrastructure (CPNI) Security for Industrial Control Systems • EEMUA Information sheet 2. Cyber security assessment process for industrial control systems • NIST Publication 800-82 –Guide to Industrial Control Systems (ICS) Security http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800- 82r2.pdf • 10 steps to Cyber security available via link http://www.gchq.gov.uk/press_and_media/news_and_featu res/Pages/Relaunch-10-Steps-to-Cyber-Security.aspx • IET Code of Practice “Cyber Security in the Built Environment” • ISA-TR84.00.09-2013 – Security Countermeasures Related to Safety Instrumented Systems