© 2013 Invensys. All Rights Reserved. The names, logos, and taglines identifying the products and services of Invensys are proprietary marks of Invensys or its subsidiaries. All third party trademarks and service marks are the proprietary marks of their respective owners.

© Invensys 04/09/13 Invensys proprietary & confidential Slide 2

Cyber Security - How to optimize your plant production?

Safety Event 2013

Mark Bakker (Sr. CSE)

05/14/13

Who is Mark Bakker?

Lectures/articles:

• Safety Event (NL) – 14 May 2013

• Cyb.Sec. workshop PMA – Mar 2013

• Aandrijftechniek (NL) – Oct 2012

• Alfa Laval (S) – Sept 2011

• Rockwell (D) – June 2011

• Cyb.Sec. workshop PMA – Mar 2011

Memberships:

Slide 3

Career:

1 What is the impact of Cyber Crime?

Slide 4

Cisco Confidential © 2012 Cisco and/or its affiliates. All rights reserved. 5

“Our lives are becoming more and more connected to

technology every day. At the same time, the threat to our

information systems from hackers and bad actors is increasing just as rapidly.”

National Security Agency, December 2010

Threats are nearer than we expect

1. March 2000, Australia - raw sewage spilled out into environment

2. January 2003, USA – First energy (OH): Slammer worm

3. January 2008, Poland – 4 trams in Lodz got off track

4. January 2009, USA – Carrell Memorial Hospital hacked

5. December 2010, USA – MasterCard website down by DoS

6. March 2011, USA – RSA: Hackers stole security data

7. April 2011, JPN – SONY: Hackers stole data from gaming site

8. November 2011, WW – Duqu virus destroyed Word files

9. August 2012, NL – “Dorifel” malware infected >3000 PCs in NL

Slide 6

Virus 2.0 – ex. 1: Stuxnet

Iran, December 2010

• Stuxnet is a sophisticated worm that

selectively targets ICS from Siemens

• Sabotage - Natanz

Slide 7

Virus 2.0 – ex. 2: Shamoon

Saudi Arabia & Quatar, August 2012

• Modular computer virus

• Windows OS

• Cyber espionage – energy sector

• Middle-East focus

• 30,000 pcs infected

• 1 week restoring services

Slide 8

Critical National Infrastructure

Slide 9

Cyber Security Agency - NL

• Information Center Cybercrime

(NCSC) – part of TNO

• National Trend Report Cybercrime:

– Process Automation is more at risk

Slide 10

Loss to cyber crime in NL:

2010: $ 1.8b Source: security.nl

Cost of cyber crime – USA only

Slide 11

Cost of cyber crime – data loss

Slide 12

Ponemon Institute, 2010

Do you have a Cyber Security Plan?

Slide 13

• “Our production systems are completely isolated from outside access”

• “Our system is secure as it would be impossible for an outsider to understand it.”

• “We’re not a likely target. We’re not important or interesting enough to attract hackers.”

• “We’ve never had a problem: no intrusion or disruption in our production network.”

• “We can’t justify the expense and manpower.”

Objections to protect systems

Pre-warning

Pro-ACT:

It is always best to take measures to

prevent the house from burning.

Re-ACT in case there is a Cyber

Security Attack:

call our Computer Incident Response

Team to reduce the impact.

Slide 15

IT vs. IA

Slide 16

2 Cyber Security Plan

Slide 17

How to protect your systems 1

Policy & Organisation:

• Priority

• Responsibility

• Collaboration

• Software

Risk Management:

• Security Audit

• Recovery plan

• External Expertise

Slide 18

How to protect your systems 2

Secure Access:

• Secure Mobility

• Secure User Identity

• Internet / Intranet

• Overall network security

Threat Protection:

• Back-up data

• Encrypt Data

Slide 19

How to protect your systems 3

Monitoring & Control:

• Identify

• Information

• Membership

Slide 20

The Security Challenge

How do I secure?

• Any device, anywhere

• New collaboration and social media

applications

• Data moving to the cloud

• Data center and virtualization

• Against increasing complex threats

Slide 21

3 Secure Architecture

Slide 22

ISA-99 Guidelines

Security for Industrial

Automation and Control

Systems

Establishing an IACS Security

Program

Slide 23

Guidelines

Typical architecture

for Security for

Industrial Automation

and Control Systems

Slide 24

AW

Factory Application Servers • SCADA/HMI • Historian • AssetCentre • Transaction Manager

Factory Services Platform • Directory • Security/Audit

Data Servers

Gbps Link for Failover Detection

Firewall (Active)

Firewall (Standby)

DIO

Levels 0–2

HMI

Cell/Area #1 Redundant Star Topology Flex Links Resiliency

Cell/Area #3 Bus/Star Topology

Cell/Area Zones

Demilitarized Zone (DMZ)

Demilitarized Zone (DMZ)

Enterprise Zone Levels 4 and 5

Enterays Layer 2 Access Switch

Switch

Manufacturing Zone Site Manufacturing

Operations and Control Level 3

Remote Access Server

Firewall

Patch Management Terminal Services Application Mirror AV Server

ERP, Email,

Wide Area Network (WAN)

Network Services • DNS, DHCP, syslog server • Network and security mgmt

Drive

Controller

HMI

DIO

Controller

Drive

Controller

Drive

HMI

Cell/Area #2 Ring Topology Resilient Ethernet Protocol (REP)

DIO DIO

4 Time to optimize

Slide 25

Lipman Report, October 2010

“We can no longer afford to ignore the threat from these increasingly advanced governments or terrorist groups aiming to disarm us or fund their activities, to individual hackers looking for money and information.

The time for urgency is now.”

Slide 26

Invensys can help you!

Q&A

Slide 27

Confucious, 551 – 479BC

Slide 28

“I hear, I know.

I see, I remember.

I do, I understand.”

Thank you,

Let’s secure

Our offerings

Cyber Security

Assessment

Security Architecture

And Policy Development

Cyber Security Implementation

Cyber Security Management

And Optimization

Site Security Design

System Security Design

Managed Site Security

IOM Cyber Security

Serv

ices

Ele

men

ts

So

luti

on

s

Installation & Configuration

Secure Design Implementation

Knowledge Transfer

Procedure Creation

Security Policy Creation

System Hardening System Assessment

Vulnerability Scanning

Incident Response

Security Planning Workshop

Penetration Testing

Penetration Testing

Compliance Evaluation

Managed System Security

Policy Assessment

Procedure Assessment

Site Assessment

Compliance Assessment

Vulnerability Assessment

Risk Assessment

Security Baseline testing