industry information live
play

Industry Information Live Beskyt produktiviteten med Industrial - PowerPoint PPT Presentation

Nov 24, 2022 •165 likes •905 views

Industry Information Live Beskyt produktiviteten med Industrial Security www.siemens.dk/di-webinarer Dagens vrter Morten Kromann Technology Specialist Lars Peter Hansen Per Christiansen Technology Specialist Manager Q&A Jesper

  1. Industry Information Live Beskyt produktiviteten med Industrial Security www.siemens.dk/di-webinarer

  2. Dagens værter Morten Kromann Technology Specialist Lars Peter Hansen Per Christiansen Technology Specialist Manager Q&A Jesper Kristiansen Kim Meyer Jacobsen Q&A Moderator

  3. Agenda Beskyt produktiviteten med Industrial Security • Who are we? • How do we start? • The standard • Operational guidelines • Getting specific

  4. Way more information – NO spam …! Web meeting Webinar Training Topic #1 Web meeting Services Topic #2 YouTube Web meeting Topic #n

  5. Who are we? What do we do?

  6. Taking cyber threats seriously With > 30 million automated systems, > 75 million contracted smart meters and > one million Cloud connected products in the field”

  7. Charter of Trust Leading global companies and organizations working together to make the digital world of tomorrow safer More info: www. charter-of-trust.com

  9. NATO Cooperative Cyber Defense Centre of Excellence More info: https://ccdcoe.org/exercises/locked-shields/

  10. So… How do we start?

  11. Caught between regulation , requirements , and standards NERC CIP BDSG NIS directive WIB ISO 27032 ISA 99 NIST IEC 62443 ANSSI

  13. IEC 62443

  14. IEC 62443 gives us the ability to communicate in an unambiguous way

  15. IEC 62443 based on a holistic Defense in depth concept

  16. IEC 62443 Defense in depth Plant security Network security System integrity

  17. Plant security Plant Physical access protection Processes and guidelines Security service protecting production plants

  18. Network security Segmentation Cell protection, DMZ and remote access Firewall and VPN Asset and Network Management

  19. System integrity System hardening Authentication and user administration Patch management Logging and Monitoring Detection of attacks

  20. IEC 62443 Focus on the interfaces between all stakeholders Operator , Integrators , and Manufacturers

  21. IEC 62443 Is scalable Page 21

  22. IEC 62443 provides system design guidelines

  23. IEC 62443 Addresses the entire life cycle

  24. IEC 62443 provides a complete Cyber Security Management System

  25. Risk analysis Business rationale Risk identification classification and assessment Review, improve and maintain the CSMS Conformance Monitoring and improving the CSMS

  26. Risk methods and frameworks “A good overview” More info : https://www.ncsc.gov.uk/collection/risk-management-collection/component-system-driven-approaches/understanding-component-driven-risk-management

  27. Getting started The IEC62443/ISO27001 based method Development and Risk Implementation of Assessment Protection Concept Identification and Definition of Definition of Business Impact Assessment Scope Target Level

  28. Cybersecurity Life Cycle Assess phase 1. High-level Cyber Risk Assessment 2. Allocation of IACS Assets to Zones or Conduits 3. Detailed Cyber Risk Assessment

  29. Cybersecurity Life Cycle Develop & implement phase 4. Cybersecurity Requirements Specification 5. Design and Engineering of countermeasures or other means of risk reduction 6. Installation, commissioning and validation of countermeasures

  30. Cybersecurity Life Cycle Maintain phase 7. Maintenance, Monitoring and Management of change 8. Incident Response and Recovery

  31. The… Standard

  32. The structure of IEC 62443? 1-2 Master glossary 1-4 IACS General 1-1 Terminology, 1-3 System security of terms and security lifecycle and use- compliance metrics concepts and models abbreviations cases Policies and procedures 2-4 Security program 2-1 Security program 2-3 Patch 2-2 IACS security requirements for IACS service requirements for IACS asset management in the program ratings providers owners IACS environment 3-3 System security System 3-2 Security risk assessment 3-1 Security technologies for requirements and security and system design IACS levels Definition and metrics 4-2 Technical security 4-1 Secure product Compo- nents requirements for IACS Processes / procedures development lifecycle components requirements Functional requirements

  33. Protection Levels are the key criteria and cover security functionalities and processes Security process Security functions • Based on IEC 62443-2-4 • Based on IEC 62443-3-3 Protection Level and ISO27001 • Security Level 1 - 4 • Maturity Level 1 - 4 (PL)

  34. Protection Levels are the key criteria and cover security functionalities and processes PL 1 4 Maturity Level PL 2 3 PL 3 2 PL 4 1 Security Level

  35. Protection Levels PL 1 Protection against casual or coincidental violation Protection against intentional violation using simple means PL 2 with low resources, generic skills and low motivation Protection against intentional violation using sophisticated PL 3 means with moderate resources, IACS specific skills and moderate motivation Protection against intentional violation using sophisticated PL 4 means with extended resources, IACS specific skills and high motivation

  36. Consequences – Some randomly selected points Use of VLAN, network hardening, managed switches and PL 1 capability to backup are mandatory … A distributed Firewalls concept has to be implemented PL 2 Inventory and Network Management are mandatory Capability to automate the backup are mandatory … PL 3 Even more… PL 4 Even way more…

  37. IEC 62443-3-3 Defines security 7 Foundational Requirements requirements for FR 1 – Identification and authentication control industrial FR 2 – Use control control systems FR 3 – System integrity FR 4 – Data confidentiality FR 5 – Restricted data flow FR 6 – Timely response to events FR 7 – Resource availability

  38. FR 1 – Identification and authentication control System Requirement Overview (Part 1) SRs und REs SL 1 SL 2 SL 3 SL 4     SR 1.1 – Human user identification and authentication    SR 1.1 RE 1 – Unique identification and authentication   SR 1.1 RE 2 – Multifactor authentication for untrusted networks  SR 1.1 RE 3 – Multifactor authentication for all networks    SR 1.2 – Software process and device identification and authentication   SR 1.2 RE 1 – Unique identification and authentication     SR 1.3 – Account management   SR 1.3 RE 1 – Unified account management     SR 1.4 – Identifier management     SR 1.5 – Authenticator management   SR 1.5 RE 1 – Hardware security for software process identity credentials     SR 1.6 – Wireless access management    SR 1.6 RE 1 – Unique identification and authentication

  39. FR 1 – Identification and authentication control System Requirement Overview (Part 2) SRs und REs SL 1 SL 2 SL 3 SL 4     SR 1.7 – Strength of password-based authentication   SR 1.7 RE 1 – Password generation and lifetime restrictions for human users  SR 1.7 RE 2 – Password lifetime restrictions for all users    SR 1.8 – Public key infrastructure certificates    SR 1.9 – Strength of public key authentication   SR 1.9 RE 1 – Hardware security for public key authentication     SR 1.10 – Authenticator feedback     SR 1.11 – Unsuccessful login attempts     SR 1.12 – System use notification     SR 1.13 – Access via untrusted networks    SR 1.13 RE 1 – Explicit access request approval

  40. FR 2 – Use control System Requirement Overview (Part 1) SRs und REs SL 1 SL 2 SL 3 SL 4     SR 2.1 – Authorization enforcement    SR 2.1 RE 1 – Authorization enforcement for all users    SR 2.1 RE 2 – Permission mapping to roles   SR 2.1 RE 3 – Supervisor override  SR 2.1 RE 4 – Dual approval     SR 2.2 – Wireless use control   SR 2.2 RE 1 – Identify and report unauthorized wireless devices     SR 2.3 – Use control for portable and mobile devices   SR 2.3 RE 1 – Enforcement of security status of portable and mobile devices     SR 2.4 – Mobile code   SR 2.4 RE 1 – Mobile code integrity check     SR 2.5 – Session lock

  41. FR 2 – Use control System Requirement Overview (Part 2) SRs und REs SL 1 SL 2 SL 3 SL 4    SR 2.6 – Remote session termination   SR 2.7 – Concurrent session control     SR 2.8 – Auditable events   SR 2.8 RE 1 – Centrally managed, system-wide audit trail     SR 2.9 – Audit storage capacity   SR 2.9 RE 1 – Warn when audit record storage capacity threshold reached     SR 2.10 – Response to audit processing failures    SR 2.11 – Timestamps   SR 2.11 RE 1 – Internal time synchronization  SR 2.11 RE 2 – Protection of time source integrity   SR 2.12 – Non-repudiation  SR 2.12 RE 1 – Non-repudiation for all users

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Industry Information Live Fremtidens visualiseringsplatform WinCC Unified Vrter: Kim

Industry Information Live Fremtidens visualiseringsplatform WinCC Unified Vrter: Kim

Industry Information Live Fremtidens visualiseringsplatform WinCC Unified Vrter: Kim Meyer-Jacobsen og Per Mller Hemmingsen Siemens Digital Industrien Velkommen Side 2 April 2020 Industry Information Live Fremtidens

720 views • 46 slides
Industry Information Live Maskinsikkerhed med TIA-portalen integreret og skalerbart Vrter

Industry Information Live Maskinsikkerhed med TIA-portalen integreret og skalerbart Vrter

Industry Information Live Maskinsikkerhed med TIA-portalen integreret og skalerbart Vrter Ole Dyval og Kim Meyer-Jacobsen Siemens Digital Industries Dagens vrter Kim Meyer-Jacobsen - Technology Specialist Ole Dyval - Technology

922 views • 54 slides
Industry Information Live Spar tid og penge med Simatic Robot Integrator Vrter: Sren Jakobsen

Industry Information Live Spar tid og penge med Simatic Robot Integrator Vrter: Sren Jakobsen

Industry Information Live Spar tid og penge med Simatic Robot Integrator Vrter: Sren Jakobsen og Simon Sonne Siemens Digital Industrien Webinar Spar tid og penge med Simatic Robot Integration Hvorfor Robot integration i Simatic?

747 views • 46 slides
Industry 4.0 - the way we live, work and relate to one another. In its scale, scope and

Industry 4.0 - the way we live, work and relate to one another. In its scale, scope and

We stand on the brink of technological revolution that will fundamentally alter Industry 4.0 - the way we live, work and relate to one another. In its scale, scope and Opportunities and complexity, the transformation will be Challenges for

282 views • 16 slides
How Commerce & Industry Shaped the Mails The U.S. Special Handling Service: Live

How Commerce & Industry Shaped the Mails The U.S. Special Handling Service: Live

How Commerce & Industry Shaped the Mails The U.S. Special Handling Service: Live Chicks And so much more Require First Class Treatment Friday, September 16, 2011 Robert G. Rufe, President Brandyw ine Valley Stamp Club

796 views • 52 slides
#1 Go Live Date Christina Kim 2 1 10/4/18 GO LIVE INFORMATION DECEMBER 1, 2019 New

#1 Go Live Date Christina Kim 2 1 10/4/18 GO LIVE INFORMATION DECEMBER 1, 2019 New

10/4/18 USP <800> THE TOP 10 THINGS YOU NEED TO KNOW Christina Coleman Kim, PharmD University of New Mexico Hospitals #1 Go Live Date Christina Kim 2 1 10/4/18 GO LIVE INFORMATION DECEMBER 1, 2019 New Mexico Board of

544 views • 23 slides
Offic e r I nvo lve d Bla c k live s ma tte r, Blue live s ma tte r, All live s ma tte r

Offic e r I nvo lve d Bla c k live s ma tte r, Blue live s ma tte r, All live s ma tte r

APNA 30th Annual Conference Session 3046: October 21, 2016 Assumptio ns T his to pic c a n b ring up a lo t o f e mo tio ns Offic e r I nvo lve d Bla c k live s ma tte r, Blue live s ma tte r, All live s ma tte r Altho ug h the

328 views • 8 slides
MEDIA PROJECT. THE LAUNCH We live in an age of information and the saying He who possesses

MEDIA PROJECT. THE LAUNCH We live in an age of information and the saying He who possesses

MEDIA PROJECT. THE LAUNCH We live in an age of information and the saying He who possesses information owns the world defi- Broadcasting of the Big Asia channel and bigasia.ru website began on June 1, nitely reflects todays

165 views • 12 slides
ENTERTAINMENT FACILITY STUDY August 14, 2018 City Council Briefing David Stone, Stone Pla n ning

ENTERTAINMENT FACILITY STUDY August 14, 2018 City Council Briefing David Stone, Stone Pla n ning

ENTERTAINMENT FACILITY STUDY August 14, 2018 City Council Briefing David Stone, Stone Pla n ning LIVE MUSIC/ ENTERTAINMENT INDUSTRY TRENDS 2 LIVE MUSIC/ ENTERTAINMENT INDUSTRY TRENDS THE TOURING EVENTS INDUSTRY The live entertainment

373 views • 9 slides
WAFarmers General Discussion regarding 2018 Live Sheep Export Crisis Relation of crisis to WA

WAFarmers General Discussion regarding 2018 Live Sheep Export Crisis Relation of crisis to WA

WAFarmers General Discussion regarding 2018 Live Sheep Export Crisis Relation of crisis to WA Shearing Industry Who am I Agronomy, Agribusiness focus Approximately 25 years working in the agricultural industry Last Role Area

524 views • 7 slides
Information meeting for industry vendors January 21 2020 Agenda Industry vendor meeting 1.

Information meeting for industry vendors January 21 2020 Agenda Industry vendor meeting 1.

Information meeting for industry vendors January 21 2020 Agenda Industry vendor meeting 1. Welcome and introduction 2. Overall status and roadmap 3. Preliminary recommendations 4. Q&A Side 2 Fotograf: yvind Eide Citizen Doctor

373 views • 19 slides
ABBREVIATION LISTING Petroleum Information INFORMATION SPECIALISTS TO THE ENERGY INDUSTRY. A

ABBREVIATION LISTING Petroleum Information INFORMATION SPECIALISTS TO THE ENERGY INDUSTRY. A

ABBREVIATION LISTING Petroleum Information INFORMATION SPECIALISTS TO THE ENERGY INDUSTRY. A Subsid1ary oi A C. Nielsen Company r~aryl PETROLEUr~ TWO LETTER STATE ABBREVIATIONS Al - Alabama MT - Montana AK - Alaska NE - Nebraska AZ - Arizona

423 views • 20 slides
The Information Industry, Distant Use Value and the Exxon Valdez Scott Farrow and Douglas

The Information Industry, Distant Use Value and the Exxon Valdez Scott Farrow and Douglas

The Information Industry, Distant Use Value and the Exxon Valdez Scott Farrow and Douglas Larson UMBC UC Davis Outline Motivation: the Information industry and welfare measures Distant use valueEvents Application: Valdez

228 views • 19 slides
Industrial Revolution INDUSTRY 1.0 INDUSTRY 2.0 INDUSTRY 3.0 INDUSTRY 4.0 Mechanisation, Mass

Industrial Revolution INDUSTRY 1.0 INDUSTRY 2.0 INDUSTRY 3.0 INDUSTRY 4.0 Mechanisation, Mass

Industrial Revolution INDUSTRY 1.0 INDUSTRY 2.0 INDUSTRY 3.0 INDUSTRY 4.0 Mechanisation, Mass production, Automation, Internet of things, steam power, assembly line, computers, networks. weaver loom. electrical energy. electronics.

296 views • 3 slides
WEST VIRGINIA STREET DRAGS ALL OUT Live Season 3 ALL OUT Live is the first Live and Televised

WEST VIRGINIA STREET DRAGS ALL OUT Live Season 3 ALL OUT Live is the first Live and Televised

WEST VIRGINIA STREET DRAGS ALL OUT Live Season 3 ALL OUT Live is the first Live and Televised Drag Racing Game show! The ALL OUT grassroots racers battle it out in front of the cameras while fans play along for cash and prizes on the Instant

271 views • 11 slides
UBIS (ASIA) PLC. OPPORTUNITY DAY MARCH 11, 2010. Ubis (Asia) Public Company Limited Industry

UBIS (ASIA) PLC. OPPORTUNITY DAY MARCH 11, 2010. Ubis (Asia) Public Company Limited Industry

UBIS (ASIA) PLC. OPPORTUNITY DAY MARCH 11, 2010. Ubis (Asia) Public Company Limited Industry Information Company Operation Future and Opportunity Industry Information Industry Information Canned Food Export during 2005-2009

552 views • 23 slides
CAEs www.flbog.edu B OARD of G OVERNORS State University System of Florida 2 FLORIDA AUDITOR

CAEs www.flbog.edu B OARD of G OVERNORS State University System of Florida 2 FLORIDA AUDITOR

B OARD of G OVERNORS State University System of Florida Audit and Compliance Committee September 12, 2018 www.flbog.edu www.flbog.edu B OARD of G OVERNORS State University System of Florida 1 STATE UNIVERSITY SYSTEM AUDIT COVERAGE

604 views • 15 slides
Introduction Introduction: The process of selecting the evaluation criteria, and the application of

Introduction Introduction: The process of selecting the evaluation criteria, and the application of

Evaluator Briefing Session Juan Carosio, Senior Head of Procurement (NCL WELC) Introduction Introduction: The process of selecting the evaluation criteria, and the application of evaluating tenders, must take consideration of The Public Contract

480 views • 19 slides
and DNS data mining Making Windows DNS Server Cloud Ready ~Kumar Ashutosh, Microsoft Windows DNS

and DNS data mining Making Windows DNS Server Cloud Ready ~Kumar Ashutosh, Microsoft Windows DNS

DNS Traffic Management and DNS data mining Making Windows DNS Server Cloud Ready ~Kumar Ashutosh, Microsoft Windows DNS Server Widely deployed in enterprises Fair presence in the DNS resolver space Standards compliant and

296 views • 13 slides
Open Session A. Approval of Agenda Briefing Materials B. 1. Audit Reports Fleet Services

Open Session A. Approval of Agenda Briefing Materials B. 1. Audit Reports Fleet Services

Open Session A. Approval of Agenda Briefing Materials B. 1. Audit Reports Fleet Services Performance Audit 2. Continuous Compliance Audits Bi-weekly Payroll Compliance Review 3. Status Updates 1 st Quarter FY 19 Fraud, Waste & Abuse

680 views • 40 slides
Alternate EVV Systems Julie Evers Kristy Wathen June 26, 2018. 1 What is an Alternate EVV

Alternate EVV Systems Julie Evers Kristy Wathen June 26, 2018. 1 What is an Alternate EVV

Alternate EVV Systems Julie Evers Kristy Wathen June 26, 2018. 1 What is an Alternate EVV System? An alternate EVV system is an electronic verification system (EVV) that is used in place of the Sandata system for purposes of satisfying

269 views • 14 slides
Presented by: Nilen Bermal Technical Director Wonderware Southern Africa The Industry

Presented by: Nilen Bermal Technical Director Wonderware Southern Africa The Industry

Presented by: Nilen Bermal Technical Director Wonderware Southern Africa The Industry Standard for Reporting Ocean Data Systems - a Global Company Selling through our Partners Founded 2004 by Experts from the World of Automation Global

549 views • 24 slides
The Data Challenge Content Server is a system intended to process and manage large volumes of

The Data Challenge Content Server is a system intended to process and manage large volumes of

The Data Challenge Content Server is a system intended to process and manage large volumes of data But it provides limited tools to do this effectively The Traditional Responses Pass problem back to users Make changes one document at a

390 views • 15 slides
ACI Symposium REDCap 101 Chris Rofe S t Vincents Hospital S ydney REDCap Administrator

ACI Symposium REDCap 101 Chris Rofe S t Vincents Hospital S ydney REDCap Administrator

ACI Symposium REDCap 101 Chris Rofe S t Vincents Hospital S ydney REDCap Administrator Bachelor of S cience (Pharmacology) Masters of Research (Medicine) (pending approval) Presentation focus Is there a need for REDCap? What is

854 views • 38 slides

More recommend