true cost and real benefits of
play

True Cost and Real Benefits of @bsidesvienna 07e1 IIoT Security - PowerPoint PPT Presentation

Mar 30, 2023 •406 likes •691 views

Herbert Dirnberger True Cost and Real Benefits of @bsidesvienna 07e1 IIoT Security Verein zur Frderung der Sicherheit in sterreichs strategischer Infrastruktur Agenda Digital Darwinism Risks Scenario based IIoT Security Use Case

  1. Herbert Dirnberger True Cost and Real Benefits of @bsidesvienna 07e1 IIoT Security Verein zur Förderung der Sicherheit in Österreichs strategischer Infrastruktur

  2. Agenda Digital Darwinism Risks Scenario based IIoT Security Use Case Summary

  3. Digitalization @home

  4. Smart Cats @home RFID-Reader RFID Smart Door IoT Hub Mobile Cloud

  5. Smart Humans @world I CYBORG Google Glass Steve Mann Kevin Marvick http://www.csmonitor.com/Innovation/Latest-News-Wires/2012/0718/Cyborg-allegedly-attacked-over-camera- implants http://www.zeit.de/digital/internet/2012-08/cyborg-neil-harbisson-biohacking-campus-party http://dailynoise.blogspot.co.at/2011/10/what-is-cyborg-anthropology.html http://en.wikipedia.org/wiki/Steve_Mann http://www.kevinwarwick.com/ICyborg.htm Alle Inhalte dieser Präsentation unterliegen der Creative Common License. 2012 Herbert Dirnberger

  6. b0111 1110 0001: 0.15 7 E 1 1024 + 512 + 256 +128+ 64+32 + 1

  7. Technical Progress of Industry 200 years digital, 70 years computer, 6 years Industrie 4.0/IIoT How do we call this kind of nerds and geeks in s e Loom with punched cards c i v r e l a S Markus Schweiß [GFDL (http://www.gnu.org/copyleft/ i the industry? r d t s n fdl.html) or CC-BY-SA-3.0 (http://creativecommons.org/ u a d s licenses/by-sa/3.0/)], via Wikimedia Commons n g I n i h 0 T . 4 f o e i t r e t s n u r d e t n n I I Apollo 11 Zuse Z3 PLC Robot PC Internet mobil Cloud IIoT 1805 1941 1969 2011 2017

  8. Industrial Automation in 2 min SCADA Operator HMI Controller Industrial Network Actor Sensor Physical Process Alle Inhalte dieser Präsentation unterliegen der Creative Common License. 2012 Herbert Dirnberger

  9. Industrial Actors Robots Power Plants …

  10. Disruption and Digital Darwinism Digital Customer need Transformation Player A top management of medium-sized companies believes that their company has nothing to do with digitalization. Player B (innovativ) Player C (innovativ + disruptive) Time 42 Arno Martin Fast 2017 - Phoenix Contact - Industrial Cloud Computing The new form of creative destruction "Disruptive self-attack!" Let us ask ourselves, what is the business model that would destroy us ?!

  11. Don’t think in Camps and Silos! physical business services process process IIoT

  12. (some) IIoT Benefits Business Model Slide to flip very fast Process pay per use over!! reduced costs contracting better quality data as service optimized cycle time customized products Machine higher availabity reduced service costs Employee longer lifetime ergonomics better decisions meaningful work

  13. web access with cross site open scripting system found in shodan.io Business Risks Risk Management exposed exposed physical wireless access networks The IoT is extremely insecure and not no secure no backups patchable passwords Bruce Schneier

  14. p u k c Traditional Risk Management Program a B Slide to flip very fast Strategy Alignment over!! Asset Management Business Impact Analysis Risk Monitoring Risk Management Business Continuity Mgt. Threat Analysis Incident Management Vuln Analysis 01100 13708 € Program Risk Mitigation ROI Controls Typical Scope: 1 year - balancing cost and risk

  15. BSI Top 10 Threats to IIoT/ICS Systems Cost Social Engineering Internet Phishing Confidentiality Enterprise Value Malware Privacy unauthorized Access/Ownership Intrusion via Remote Access Data Leak • to/of Buildings • to/of Systems Compliance • and Transfer/Manipulation of Human Error / Sabotage Information Safety Compromised Smartphones Value Add Availability Collateral Damages Compromised Cloud Realtime Integrity Technical Malfunctions (D)DOS Force majeur BSI: Top 10 Threats and Countermeasure 2016

  16. p u k c Controls for IIoT Security a B Restricted Access to Internet, VPN, Industrial Firewalls (micro Segmentation) are the basics. Securit Vendor Management Policies, Procedures restricted Internet for Control Network Passwords, Files, DB Sandbox, Whitelists Business Continuity Segments, Firewall Backup, Diversity Secure Appstores Monitoring, Audits Security Updates y Policy Need to Know Scan, Log, IDS DMZ, Network Fences, Guards no VPN, 2 Faktor Anti Malware & Backup Secure Redundancy Awareness Encryption SLA Interne Need to Scan Hardening VPN+2F SLA, NDA 
 Training Awarre Proced Patches Redund Appstor NDA t i n Know Logs Hardeni Update aktor 
 DMZ, MDM Guards nss + ures anz e Vendor Control (Files, Audits ng sPatch Encrypt Segmen Training Busines Diversit (BDEW) Networ PW, DB) IDS ion s Cont. y MDM ks Manage ment Social Engineering / Phisihing + + + + + + + + + + Human Error / Sabotage + + + + + + + + + Malware + + + + + + + + + Malfunctions / Force Majeur + + + + Compromised Cloud + + + + Intrusion via Remote Access + + + + + Compromised Smartphones + + + + + DDOS + + + BSI: Top 10 Threats and Countermeasure 2016

  17. Use Case: IIoT in manufacturing Focus: Business Interruption and Cyber Security IT Security Information Security ICS Security IIOT Security Physical Security

  18. IIoT Security is about DEFENSE and ENABLER Industrial Users Attacks (Scan, Tests, Enumeration, … Exploits) IT Security Unauthorised use Information Security Human Misbehaviour Physical Security Processes Sabotage, Theft, Fraud Ressources ICS/IOT Security Malicious Code Safety & Cyber Security Technical Misbehaviour t VS (uncontrolled Patches, Software Bugs, n y e t Protocol Error) i m u t n n e e i g t t m n n a Force majeure e n e o e m c C a g n M a e s e a n VA g C s c n t a a n i e e v M n e n t r a n d i e k s M i i S c a u s Costs Value Add n M i B R I

  19. 
 
 Use Case: IIoT in manufacturing Industrial user, 200 employees, 50 m € sales/year, 1 m € profit/year Manufacturing Enterprise Ressource Execution System Planning System Article produced External Energy consumed services Production data Order Program ID Article to produce RFID 5 Robots, 2 CNC 3 HMI/SCADA, 4 PLC, 20 IED 5 automatic transport vehicle 3 Network cells, 1 Industrial DMZ 10 MES Clients, 100 Office Clients, 25 Notebooks, 50 mobile, 200 User, 2 IT KPI Admins, 1 Automation Engineer, 2 Maintenance, CISO + managed security Maintenance Availability services 15 VPN Accounts (10 internal 5 external)

  20. What we will expect, because it happened last years Industrial user, 200 employees, 50 m € sales/year, 1 m € profit/year 20 hardware malfunctions 20 malware / Crypto 45 software defects / updates 4 orders in Junk 40 locked User (10 leaks) 25 network outage > 1d Scope: 5 years Damage: 100.000 EUR 1 data breach > 15000 EUR 20 lost - 5 stolen devices 10 power breakdown 10 lost encryption keys 13708 20 problems with VPN

  21. Comparing Costs and Value Add Industrial user, 200 employees, 50 m € sales/year, 1 m € profit/year Costs in TSD € Damage Costs in TSD € Industrial FWs, VPN Router incl. 20 100 CAPEX 8 Hardware/Software Malfunctions 40 Config and Licenses Enterprise FW inkl. Config and 12 Power Breakdown/Network Outage 10 Licenses 100 OPEX Managed prof. ICS Security Services 24 Unrealized Orders 10 Managed basic ICS Security Services 6 Data Breach 15 Scope: 5 years Managed Client Security Services 60 Stolen Devices 5 Managed mobile Security Services 10 Crypto/Ransomware 15 CISO as a Service Incl. Mini Problems 5 Value add in TSD € Value Add 250 Direct „measurable" Value Add ~ 0.1% of sales/year CAPEX -20 OPEX -100 Realtime Availability Integrity Damage Costs -100 Privacy Safety Compliance no Data Leak Confidentiality Real Benefit +30 Value add > Costs

  22. What we will not see, but it will happen. Industrial user, 200 employees, 50 m € sales/year, 1 m € profit/year Social Engineering Manipulation (IIOT in Internet) If we not directly notice, we will not handle in etc. Phishing (Accounts) risk management! Industrial Spionage Sabotage (Availability) Manipulation (Integrity) DDOS (Availability) 13708 Friendly Malware BSI: Top 10 Threats and Countermeasure 2016

  23. Szenario based Enterprise Values EV IIoT security costs are part of LCC Enterprise Value Value Add VA Life Cycle Costs LCC „The best way to predict the future is to invent it.“ Alan Curtis Kay time Concept Idea 0 EOL „running“ Investment LCC, OPEX, service and security costs are mostly defined in the concept and investment.

  24. The Reality about Industrial Security 10% Hackers, Script Kiddies, APT, Cybercrime … 90% Wrong documentation, no backups, protocol errors, no time, no awareness, legacy …

  25. 1 typical Lifecycle … 25 years 2010 Stuxnet 2017 Wannacry, NonPeyta 2035 all problems solved 2042+ Picture taken at Security of Things Conference 2017 - Berlin

  26. Summary Disruptive self-attack Don’t think in camps and silos, but in lifecycle! IIoT security is about defense and enabler. What we will not see, but it will happen. „The best way to predict the future is to invent it.“ 2042+

  27. Think big, start small, secure and now Verein zur Förderung der Sicherheit in Österreichs strategischer Infrastruktur

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

TRUE COST FOR SUSTAINABILITY AND IMPACT UNIFORM GRANTS GUIDANCE NICOLIE CASS LETTINI, MBA OWNER

TRUE COST FOR SUSTAINABILITY AND IMPACT UNIFORM GRANTS GUIDANCE NICOLIE CASS LETTINI, MBA OWNER

TRUE COST FOR SUSTAINABILITY AND IMPACT UNIFORM GRANTS GUIDANCE NICOLIE CASS LETTINI, MBA OWNER OF CAPITAL ACCOUNTING PARTNERS CEO & FOUNDER OF COSTTREE AGENDA Feel for the room. What is a Cost Allocation Plan? Benefits of a Cost

1.27k views • 43 slides
and Cost-Benefits Analysis Steven Ikeler Army Cost-Benefits Analyst ICEAA 2014 Workshop

and Cost-Benefits Analysis Steven Ikeler Army Cost-Benefits Analyst ICEAA 2014 Workshop

Cost and Performance Trades and Cost-Benefits Analysis Steven Ikeler Army Cost-Benefits Analyst ICEAA 2014 Workshop Icebreaker A cost analyst finds an interesting CER in a cost estimating textbook and wants to use it, but is concerned

854 views • 36 slides
TRUE IT A LI A N T A STE PROJECT WH A T IS THE TRUE IT A LI A N T A STE PROJECT ? The True

TRUE IT A LI A N T A STE PROJECT WH A T IS THE TRUE IT A LI A N T A STE PROJECT ? The True

I T A L Y - A M E R I C A C H A M B E R O F C O M M E R C E TRUE IT A LI A N T A STE PROJECT WH A T IS THE TRUE IT A LI A N T A STE PROJECT ? The True Italian Taste project is a large-scale educational and promotional initiative aimed at

80 views • 6 slides
Fact Checking Problem: Estimated that people will see more fake than real news by 2022

Fact Checking Problem: Estimated that people will see more fake than real news by 2022

Fact Checking Problem: Estimated that people will see more fake than real news by 2022 Data: Google Fact Check research dataset Input: Claim + Supporting evidence Output: True / Partly True / Not True Supporting Evidence

150 views • 3 slides
The True Cost of Food Waste Professor Lisa Jack Previous Work Researching the food industry

The True Cost of Food Waste Professor Lisa Jack Previous Work Researching the food industry

The True Cost of Food Waste Professor Lisa Jack Previous Work Researching the food industry for 20 years accounting, performance measurement Contributed to the Elliott Review on food fraud; The Cost of Food Crime for

310 views • 14 slides
Hamilton County Schools Employee Benefit Plans Benefits at no cost to the Employee Board Paid

Hamilton County Schools Employee Benefit Plans Benefits at no cost to the Employee Board Paid

Hamilton County Schools Employee Benefit Plans Benefits at no cost to the Employee Board Paid Life Insurance Dental Long Term Disability Benefits with a cost to the Employee Medical EyeMed Vision Care Supplemental Life

665 views • 22 slides
The work of the Partnership Delivering real health and wellbeing benefits for our residents

The work of the Partnership Delivering real health and wellbeing benefits for our residents

The work of the Partnership Delivering real health and wellbeing benefits for our residents and local communities Game changing - best customer service practice Bankable economic benefits for LA/NHS services National importance

404 views • 39 slides
UUFEC Annual Meeting True religion is real living; living with all one's soul, with all one's

UUFEC Annual Meeting True religion is real living; living with all one's soul, with all one's

UUFEC Annual Meeting True religion is real living; living with all one's soul, with all one's goodness and righteousness. Albert Einstein Our Mission Statement "The Unitarian Universalist Fellowship of the Emerald Coast is a religious

799 views • 51 slides
Personal Statements TRUE FALSE TRUE FALSE TRUE There is a 4,000 character

Personal Statements TRUE FALSE TRUE FALSE TRUE There is a 4,000 character

Personal Statements TRUE FALSE TRUE FALSE TRUE There is a 4,000 character limit (including spaces) or 47 lines. It comes to about 1.5 A4 pages. TRUE FALSE The university will receive your whole UCAS application which

443 views • 43 slides
Your TRUE Cost Solution Partner Who is Veros Group Jack Witt and Bill Bowen have more than 40

Your TRUE Cost Solution Partner Who is Veros Group Jack Witt and Bill Bowen have more than 40

Your TRUE Cost Solution Partner Who is Veros Group Jack Witt and Bill Bowen have more than 40 years of combined aerospace and manufacturing experience. Areas consisting of operations, production, estimating, planning, procurement and

260 views • 10 slides
The true cost of switching to low global-warming potential inhalers. An analysis of NHS

The true cost of switching to low global-warming potential inhalers. An analysis of NHS

The true cost of switching to low global-warming potential inhalers. An analysis of NHS prescription data in England. Rory Braggins, University of Cambridge Medical School; Dr James Smith, University of Cambridge Department of Public Health

356 views • 20 slides
COMPLEX SYSTEMS, LIFE, & their ORIGIN PCES 5.61 The t true c comple lexity of real l

COMPLEX SYSTEMS, LIFE, & their ORIGIN PCES 5.61 The t true c comple lexity of real l

COMPLEX SYSTEMS, LIFE, & their ORIGIN PCES 5.61 The t true c comple lexity of real l solid lids and liq liquids is is frig ightening t g to contempla late. T They do NOT lo look lik like s sim imple le models o of crystals

473 views • 13 slides
between the mountains and the sea True Majesty. True North. True Scotland CruiseAberdeenshire

between the mountains and the sea True Majesty. True North. True Scotland CruiseAberdeenshire

between the mountains and the sea True Majesty. True North. True Scotland CruiseAberdeenshire offers: CruiseA eAber berdeensh deenshir ire is a working alliance between Aberdeen A joined-up Port and Destination offering Harbour

590 views • 32 slides
Real-Time Java for Latency Critical Banking Applications Real-Time Bertrand Delsart System

Real-Time Java for Latency Critical Banking Applications Real-Time Bertrand Delsart System

Real-Time Java for Latency Critical Banking Applications Real-Time Bertrand Delsart System JavaRTS Technical Leader Author of Sun's RTGC technology Agenda Background Benefits of a Real-Time Java Virtual Machine Benefits of

554 views • 36 slides
TRICATs XpresS Pre-sulfiding Process The Benefits of True Ex-situ Pre-sulfiding Conventional

TRICATs XpresS Pre-sulfiding Process The Benefits of True Ex-situ Pre-sulfiding Conventional

TRICAT TRICATs XpresS Pre-sulfiding Process The Benefits of True Ex-situ Pre-sulfiding Conventional In-situ Sulfiding Gas or Liquid Phase Using Sulfiding Agent Sulfiding Reactions 3NiO + 2H 2 S + H 2 Ni 3 S 2 + 3H 2 O 9CoO + 8H 2 S +

209 views • 17 slides
Structuring Preferred Equity Investments in Real Estate Ventures: True Equity vs.

Structuring Preferred Equity Investments in Real Estate Ventures: True Equity vs.

Presenting a live 90-minute webinar with interactive Q&A Structuring Preferred Equity Investments in Real Estate Ventures: True Equity vs. "Debt-Like" Equity Negotiating Deal Terms, Investor Return, Change in Control Provisions;

409 views • 40 slides
Customizing Stata graphs made easy Ben Jann University of Bern, ben.jann@soz.unibe.ch 2018 Swiss

Customizing Stata graphs made easy Ben Jann University of Bern, ben.jann@soz.unibe.ch 2018 Swiss

Customizing Stata graphs made easy Ben Jann University of Bern, ben.jann@soz.unibe.ch 2018 Swiss Stata Users Group Meeting Zurich, October 25, 2018 Ben Jann (University of Bern) grstyle Zurich, 25.10.2018 1 Outline Introduction 1

541 views • 42 slides
De lUne lAutre Towards Linked Data in Special Collections Cataloging Regine Heberlein

De lUne lAutre Towards Linked Data in Special Collections Cataloging Regine Heberlein

De lUne lAutre Towards Linked Data in Special Collections Cataloging Regine Heberlein (Princeton University) SWIB Hamburg, December 5 2017 LD4P@PUL Joyce Bell (project lead) Cataloging & Metadata Services Director

630 views • 27 slides
Structure-preserving numerical methods in relativity Douglas N. Arnold, University of Minnesota

Structure-preserving numerical methods in relativity Douglas N. Arnold, University of Minnesota

Structure-preserving numerical methods in relativity Douglas N. Arnold, University of Minnesota Advances and Challenges in Computational Relativity September 14, 2020 ICERM Structure-preserving discretization Structure-preserving

502 views • 49 slides
Proving Linearizability Using Partial Orders Artem Khyzha Mike Dodds Alexey Gotsman Matthew

Proving Linearizability Using Partial Orders Artem Khyzha Mike Dodds Alexey Gotsman Matthew

Proving Linearizability Using Partial Orders Artem Khyzha Mike Dodds Alexey Gotsman Matthew Parkinson The Kent Concurrency Workshop July 22 nd 2016 In this talk Algorithms posing challenges for the linearization points method: the

649 views • 36 slides
Towards a Truly Statistical Natural Language Generator for Spoken Dialogues Ondej Duek

Towards a Truly Statistical Natural Language Generator for Spoken Dialogues Ondej Duek

Introduction Statistics in NLG Prospects Towards a Truly Statistical Natural Language Generator for Spoken Dialogues Ondej Duek Institute of Formal and Applied Linguistics Charles University in Prague June 5, 2013 . . . . . .

597 views • 17 slides
On Pruning for Top-k Ranking in Uncertain Databases Chonghai Wang, Li Yan Yuan, Jia-Huai You,

On Pruning for Top-k Ranking in Uncertain Databases Chonghai Wang, Li Yan Yuan, Jia-Huai You,

On Pruning for Top-k Ranking in Uncertain Databases Chonghai Wang, Li Yan Yuan, Jia-Huai You, Osmar R. Zaiane University of Alberta, Canada Jian Pei Simon Fraser University, Canada August 23, 2011 1 / 32 Outline Background A new

982 views • 32 slides
Multidimensional Social Welfare Dominance with 4 th Order Derivatives of Utility Christophe

Multidimensional Social Welfare Dominance with 4 th Order Derivatives of Utility Christophe

Multidimensional Social Welfare Dominance with 4 th Order Derivatives of Utility Christophe Muller Aix-Marseille School of Economics August 2014 conf 1 1. Dominance Poverty, Inequality, Social Welfare Robust dominance judgments:

491 views • 27 slides
Improving Data Access Efficiency by Using Context-Aware Loads and Stores Alen Bardizbanyan, Magnus

Improving Data Access Efficiency by Using Context-Aware Loads and Stores Alen Bardizbanyan, Magnus

Improving Data Access Efficiency by Using Context-Aware Loads and Stores Alen Bardizbanyan, Magnus Sjlander , David Whalley , Per Larsson-Edefors Chalmers University of Technology Uppsala University Florida State University

640 views • 42 slides

More recommend