industrial cyber security e industrie4.0: ot dalla ... · wurldtech security technologies inc....
TRANSCRIPT
Classification: Public
INDUSTRIAL CYBER SECURITY E INDUSTRIE4.0: OT DALLA FABBRICA CABLATA AI SISTEMI IN CLOUD
Enzo M. Tieghi – [email protected]
ServiTecno – www.servitecno.it
Classification: Public
TECNOLOGIA +
CONNECTIVITA’ =
EFFICIENZA
E VALORESiamo pronti per questa
“iper-connessione”?
Classification: PublicClassification: Public
I
IT BIGWHAT’S THE
DIFFERENCE?
O
OT
Classification: PublicClassification: Public
ITSecurity = al sicuro i dati
OTSecurity = proteggiamo critical assets
Persone
Ambiente
Assets/Impianti
RISCHIO e SAFETY
UPTIMEQualità e Performance
Classification: Public
IL CONTESTO E’ UNA SFIDA DIFFICILE…
ASPETTATIVE:
produrre sempre 24x7
Non si può sempre
controllare
l’ambiente ed il
contesto
Vulnerabilità e
Minacce non
facilmente identificabili,
e non vengono solo dai
“Sistemi”
Impatti: Qualsiasi
singolo incidente può
essere un intoppo per
l’intero impianto e la
produzione
Classification: PublicClassification: Public
INSPECTcommunications and commands
ENFORCEpolicy for all
processes
PROTECTcontrol systems
and assets
La soluzione ideale di Cyber Security Industriale ? Proteggere i CONTROL SYSTEMS
per proteggere i CRITICAL ASSETS
RESULTProtect critical assets
without disruption
Classification: PublicClassification: Public
INTERCONNECTIVITY
RISK
7
Classification: Public
Manufacturing
HealthcareClinical
Manufacturing
HealthcareClinical
ChemicalFood &
Beverage
Oil & Gas
Power
8
Classification: Public
Manufacturing
HealthcareClinical
Data Center
Manufacturing
HealthcareClinical
Chemical
Internet
Food &Beverage
ITNext GenFirewall
Real TimeService
Bus
Oil & Gas
Internet
Real TimeService
BusPower
Security Ops Center
Technicians Vendors
OutageMgmnt
HeaderBox
EnterpriseServices
Business Units
9
IT Priorities
1. Confidentiality
2. Integrity
3. Availability
Classification: Public
Manufacturing
HealthcareClinical
Data Center
OEM
Back Door
Switch
PLC
Manufacturing
HealthcareClinical
Chemical
Internet
Pump
Food &Beverage
ITNext GenFirewall
SCADA
Real TimeService
Bus
3rd Party
Oil & Gas
ITNext GenFirewall
Internet
SwitchSwitch
Switch
Switch
Controller
Controller
Controller
Real TimeService
BusPower
LoopSwitch
To: Business Enterprise Services
Security Ops Center
Technicians Vendors
OutageMgmnt
HeaderBox
Data CoreSwitch
Microwave
Modem
Microwave
Modem
Wind Control Engineering Work
Stations
Network #2Protection Network
Network #1
Substation
ProtectionRelay
Synchro-Phasor
EnterpriseServices
Business Units
LoopSwitch
LoopSwitch
10
Switch
PLC
SCADA
ITNext GenFirewall
LoopSwitch
Data CoreSwitch
LoopSwitch
LoopSwitch
OT Priorities
1. Availability
2. Integrity
3. Confidentiality
IT Priorities
1. Confidentiality
2. Integrity
3. Availability
Classification: Public
Manufacturing
HealthcareClinical
Data Center
OEM
Back Door
Switch
PLC
Manufacturing
HealthcareClinical
Chemical
Internet
Pump
Food &Beverage
ITNext GenFirewall
SCADA
Real TimeService
Bus
3rd Party
Oil & Gas
ITNext GenFirewall
Internet
SwitchSwitch
Switch
Switch
Controller
Controller
Controller
Real TimeService
BusPower
LoopSwitch
To: Business Enterprise Services
Security Ops Center
Technicians Vendors
OutageMgmnt
HeaderBox
Data CoreSwitch
Microwave
Modem
Microwave
Modem
Wind Control Engineering Work
Stations
Network #2Protection Network
Network #1
Substation
ProtectionRelay
Synchro-Phasor
EnterpriseServices
Business Units
LoopSwitch
LoopSwitch
11
OpShield
OpShield
OpShield
OpShield
OpShield
OpShield OpShield
OpShield
OpShield
Acknowledge / Clear
Automatic
YawCCW
Status
Local Control
Brake
IT Data
Unidentified OT Command
LEGEND
[OpShield IdentifiedOT Command]
Suspicious OT Command
Classification: PublicClassification: Public
ATTACK SURFACE
Enterprise Network
Internet
ITProteggere i dati
OTProteggere critical assets
Primary control center
SCADA Network
Remote stations
DCS Local production
DMZ
Classification: Public
“Wow, I didn’t realize that all
these things were talking on
the network. Why is CRM3
constantly pinging S1?”Scott, Technician
“Activating the white list is
going to give them a lot
more security.”
David, 3rd party Auditor
“We can’t believe how painless
that was.”
VP Engineering
“What are all those IP
addresses and what are
they doing on my network?”
Lead IEC Engineer
“Can you quote us 20 more
sites?”
David, 3rd party Auditor
PLUG IT IN TODAY.SLEEP WELL TONIGHT.
Classification: Public
WURLDTECH ACHILLES TEST
Achilles Test Platform• Monitor key operating parameters
• Network parameters
• Operational parameters
• Characterize device faults
• Drive repeatable results
Achilles Test Software• Has capabilities similar to ATP
• Enables easy provisioning to developers via VMs
• Enables testing earlier in the product life cycle for time and money savings
Page 14
Classification: Public
SECURED.
OPERATIONS
AND PRODUCTION.
Wurldtech Security Technologies Inc. reserves the right to make changes in specifications and
features, or discontinue the product or service described at any time, without notice or obligation.
These materials do not constitute a representation, warranty or documentation regarding the product
or service featured. Illustrations are provided for informational purposes, and your configuration may
differ.
This information does not constitute legal, financial, coding, or regulatory advice in connection with
your use of the product or service. Please consult your professional advisors for any such advice.
Wurldtech is a trademark of General Electric Company. Other trademarks and logos are the property
of their respective owners.
Copyright © 2016 Wurldtech Security Technologies Inc. All rights reserved.
Classification: PublicClassification: PublicEnzo M. Tieghi – [email protected]
ServiTecno – www.servitecno.it