SlideShare a Scribd company logo

Industry 4.0 Security

Duncan Purves
Duncan Purves

Presentation given by Stuart Traynor of Cisco at the IoT Thames Valley Meetup on 21 November 2018

Technology
1 of 15
Download to read offline
Stuart Traynor Technical Specialist - Manufacturing 13th November Industry 4.0 Security Evolution of Factory Security for Industry 4.0
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Agenda • Challenges in securing Industry 4.0 • Standards for ICS systems • Legacy machine tools example • Policy based IoT security
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Enabling internet connectivity to the OT environment • New attack vector • Potentially leveraging the same network as the automation, traditionally air-gapped • Sometimes no automation network in place and leveraging the standard enterprise network
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Move towards IoT cloud platforms and other cloud services including MES, the shop floor needs to support this transition • Shop floors have traditionally legacy devices e.g. PLC’s, Windows XP/7 or older devices which are vulnerable • Need for remote access to systems from external vendors, partners etc. • Networks are segmented in a static fashion, making changes complex, costly and slow e.g. moving a networked machine can take many weeks / months. Other common challenges to security from Industry 4.0
Cisco Confidential 5© 2016 Cisco and/or its affiliates. All rights reserved. Starting Point: Proprietary Serial Islands Unmanaged, unconverged Ethernet Converged Plantwide Network Flexible, Multi-Service Platform • Still siloed • No security • Individual OEM networking • Converge siloed networks • Static environment • Typically air-gapped networks • Industry 4.0 • Cloud/Edge Computing • Software Defined Factories • Enterprise wide security policy Everyone’s at a different stage on the journey Phase 1 Phase 2 Phase 3
Cisco Confidential 6© 2016 Cisco and/or its affiliates. All rights reserved. What is Converged Plantwide Network? The basis of the Connected Factory “CPwE is co-owned Solution Architecture created jointly by Cisco and Rockwell Automation to architect IP from the Enterprise level down to the Operational cell/zone level within the manufacturing plant floor. CPwE solution is designed specifically for industrial Ethernet applications.” The CVD (Cisco Validated Design) is a 700 page design and best practice guide for Engineering IP at the Cell/Zone level and interworking to the Enterprise https://www.cisco.com/c/en/us/solutions/enterprise/design-zone- manufacturing/landing_ettf.html
Cisco Confidential 7© 2016 Cisco and/or its affiliates. All rights reserved. Industrial Network Convergence Enterprise Zone DMZ Manufacturing Zone Cell/Area Zone Demilitarized Zone — Shared Access Enterprise Network Level 5 Site Business Planning and Logistics Network Level 4 Site Manufacturing Operations and Control Level 3 Area Control Level 2 Basic Control Level 1 Process Level 0 • Levels – ISA 95, Purdue • Zones – IEC 62443, NIST 800- 82, ICS-CERT
Sensors Cell/Area Zone Levels 0–2 Layer 2 Access The Legacy machine tools example Drive Controller HMI Distributed I/O VLAN 10 - automation VLAN 20 - sensors Gateways • Remote access • Industrial specific security • Network Segmentation • Control network and IoT connectivity • Policy based routing • Data encryption • Secure cloud connectivity Manufacturing Zone/ Demilitarized zone Level 3 Distribution and Core Enterprise Levels 4–5 A fairly straight forward application of the standards and designs
Firewall (Active) Firewall (Standby) Application Servers Network Services Patch Management Terminal Services Application Mirror AV Server Cell/Area #1 (Redundant Star Topology) Drive Controller HMI Distributed I/O Controller DriveDrive HMI Distributed I/O HMI Cell/Area #2 (Ring Topology) Cell/Area #3 (Linear Topology) Layer 2 Access Switch Controller Cell/Area Zone Levels 0–2 Layer 2 Access Manufacturing Zone Level 3 Distribution and Core Demilitarized Zone (DMZ) Firewalls Enterprise Network Levels 4–5 Web Apps DNS FTP Scaling out…
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential The next step on the journey…
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Defining Security Policies without Visibility is Complex Security Platforms C a m e r a P r i n t e r L a p t o p P h o n e ? ? ? ? ? ? ? ? ? ? Enterprise Assets Industrial Assets
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Many controls teams view segmentation and enforcement as a hindrance to operations • Maybe bitten in the past by IT actions disrupting production • You need to explain to them how segmentation increases reliability in addition to security, as they do care about reliability • Most importantly, in many cases, their networks are not ready, poorly architected, and process/people are not in place to consume a sophisticated security solution Moving towards a policy Blind Monitor / Baseline Segment Enforce
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Manufacturer Usage Descriptions Work on Standards?
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential IoT Device Business Challenges Device Visibility Intent-based Policy Standard based Do you know devices well enough to differentiate service? Does customer knows behavior of devices to build their policy? Is there any industry standard way of connecting IoT devices to enterprise network? 14
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • The needs of the automation and operations networks are changing • Everyone's at a different stage of the journey • Start to look at your automation network, how do you prepare it for Industry 4.0 • There's validated designs and guidance for all kinds of scale • Visibility of what's on the network and security policy is going to become key Summary

Recommended

security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of thingssreelekha appakondappagari
 
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...CODE BLUE
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
 
IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 Tonex
 
Top 5 IoT Use Cases
Top 5 IoT Use CasesTop 5 IoT Use Cases
Top 5 IoT Use CasesCloudera, Inc.
 
Data Center Site Selection
Data Center Site SelectionData Center Site Selection
Data Center Site SelectionMorrison Hershfield
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIntel® Software
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 

Recommended

security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of thingssreelekha appakondappagari
 
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...CODE BLUE
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
 
IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 Tonex
 
Top 5 IoT Use Cases
Top 5 IoT Use CasesTop 5 IoT Use Cases
Top 5 IoT Use CasesCloudera, Inc.
 
Data Center Site Selection
Data Center Site SelectionData Center Site Selection
Data Center Site SelectionMorrison Hershfield
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIntel® Software
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
IBM Security Services Overview
IBM Security Services OverviewIBM Security Services Overview
IBM Security Services OverviewCasey Lucas
 
Industrial IoT is coming
Industrial IoT is comingIndustrial IoT is coming
Industrial IoT is comingColin Koh (許国仁)
 
Industry 4.0 and the Internet of Things
Industry 4.0 and the Internet of Things Industry 4.0 and the Internet of Things
Industry 4.0 and the Internet of Things Schneider Electric
 
Overview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOverview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOlivier Busolini
 
What is next for IoT and IIoT
What is next for IoT and IIoTWhat is next for IoT and IIoT
What is next for IoT and IIoTAhmed Banafa
 
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALAVIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALASaikiran Panjala
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of ThingsForgeRock
 
Introduction to the Internet of Things
Introduction to the Internet of ThingsIntroduction to the Internet of Things
Introduction to the Internet of ThingsAlexandru Radovici
 
Iot basics
Iot basicsIot basics
Iot basicsAllsoftSolutions
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management IntroductionAidy Tificate
 
Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Maganathin Veeraragaloo
 
Manufacturing and the Industrial Internet of Things (IIoT)
Manufacturing and the Industrial Internet of Things (IIoT)Manufacturing and the Industrial Internet of Things (IIoT)
Manufacturing and the Industrial Internet of Things (IIoT)Plex Systems
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoBSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoKatie Nickels
 
Industrial Internet of things.pptx
Industrial Internet of things.pptx Industrial Internet of things.pptx
Industrial Internet of things.pptx faisal_ghazanfar
 
Watson IOT Platform
Watson IOT PlatformWatson IOT Platform
Watson IOT PlatformBrenda Barrioz, CPDS
 
FortiGate_Sec_02_Security Fabric (1).pptx
FortiGate_Sec_02_Security Fabric (1).pptxFortiGate_Sec_02_Security Fabric (1).pptx
FortiGate_Sec_02_Security Fabric (1).pptxNajahIdrissiMoulayRa
 
M2M technology in IOT
M2M technology in IOTM2M technology in IOT
M2M technology in IOTshashidharPapishetty
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCPriyanka Aash
 
Internet of things
Internet of thingsInternet of things
Internet of thingsRoutecoMarketing
 
Cisco Impresa40 - Trends, Vision, Solutions
Cisco Impresa40 - Trends, Vision, SolutionsCisco Impresa40 - Trends, Vision, Solutions
Cisco Impresa40 - Trends, Vision, SolutionsMatteo Masi
 

More Related Content

What's hot

IBM Security Services Overview
IBM Security Services OverviewIBM Security Services Overview
IBM Security Services OverviewCasey Lucas
 
Industry 4.0 and the Internet of Things
Industry 4.0 and the Internet of Things Industry 4.0 and the Internet of Things
Industry 4.0 and the Internet of Things Schneider Electric
 
Overview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOverview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOlivier Busolini
 
What is next for IoT and IIoT
What is next for IoT and IIoTWhat is next for IoT and IIoT
What is next for IoT and IIoTAhmed Banafa
 
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALAVIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALASaikiran Panjala
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of ThingsForgeRock
 
Introduction to the Internet of Things
Introduction to the Internet of ThingsIntroduction to the Internet of Things
Introduction to the Internet of ThingsAlexandru Radovici
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management IntroductionAidy Tificate
 
Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Maganathin Veeraragaloo
 
Manufacturing and the Industrial Internet of Things (IIoT)
Manufacturing and the Industrial Internet of Things (IIoT)Manufacturing and the Industrial Internet of Things (IIoT)
Manufacturing and the Industrial Internet of Things (IIoT)Plex Systems
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoBSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoKatie Nickels
 
Industrial Internet of things.pptx
Industrial Internet of things.pptx Industrial Internet of things.pptx
Industrial Internet of things.pptx faisal_ghazanfar
 
FortiGate_Sec_02_Security Fabric (1).pptx
FortiGate_Sec_02_Security Fabric (1).pptxFortiGate_Sec_02_Security Fabric (1).pptx
FortiGate_Sec_02_Security Fabric (1).pptxNajahIdrissiMoulayRa
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCPriyanka Aash
 

What's hot (20)

IBM Security Services Overview
IBM Security Services OverviewIBM Security Services Overview
IBM Security Services Overview
 
Industrial IoT is coming
Industrial IoT is comingIndustrial IoT is coming
Industrial IoT is coming
 
Industry 4.0 and the Internet of Things
Industry 4.0 and the Internet of Things Industry 4.0 and the Internet of Things
Industry 4.0 and the Internet of Things
 
Overview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOverview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in Cybersecurity
 
What is next for IoT and IIoT
What is next for IoT and IIoTWhat is next for IoT and IIoT
What is next for IoT and IIoT
 
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALAVIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of Things
 
Introduction to the Internet of Things
Introduction to the Internet of ThingsIntroduction to the Internet of Things
Introduction to the Internet of Things
 
Iot basics
Iot basicsIot basics
Iot basics
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
 
Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)
 
Manufacturing and the Industrial Internet of Things (IIoT)
Manufacturing and the Industrial Internet of Things (IIoT)Manufacturing and the Industrial Internet of Things (IIoT)
Manufacturing and the Industrial Internet of Things (IIoT)
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
 
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoBSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
 
Industrial Internet of things.pptx
Industrial Internet of things.pptx Industrial Internet of things.pptx
Industrial Internet of things.pptx
 
Watson IOT Platform
Watson IOT PlatformWatson IOT Platform
Watson IOT Platform
 
FortiGate_Sec_02_Security Fabric (1).pptx
FortiGate_Sec_02_Security Fabric (1).pptxFortiGate_Sec_02_Security Fabric (1).pptx
FortiGate_Sec_02_Security Fabric (1).pptx
 
M2M technology in IOT
M2M technology in IOTM2M technology in IOT
M2M technology in IOT
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
 

Similar to Industry 4.0 Security

Cisco Impresa40 - Trends, Vision, Solutions
Cisco Impresa40 - Trends, Vision, SolutionsCisco Impresa40 - Trends, Vision, Solutions
Cisco Impresa40 - Trends, Vision, SolutionsMatteo Masi
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksPriyanka Aash
 
Cisco Connect Ottawa 2018 dna automation the evolution to intent-based netw...
Cisco Connect Ottawa 2018 dna automation the evolution to intent-based netw...Cisco Connect Ottawa 2018 dna automation the evolution to intent-based netw...
Cisco Connect Ottawa 2018 dna automation the evolution to intent-based netw...Cisco Canada
 
TechWiseTV Workshop: Operational Insights
TechWiseTV Workshop: Operational InsightsTechWiseTV Workshop: Operational Insights
TechWiseTV Workshop: Operational InsightsRobb Boyd
 
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...Cisco Canada
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Denim Group
 
IIot vs IoT - 10 differencies that mater
IIot vs IoT - 10 differencies that materIIot vs IoT - 10 differencies that mater
IIot vs IoT - 10 differencies that materAPPAU_Ukraine
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing GlobalSign
 
What is ThousandEyes Webinar
What is ThousandEyes WebinarWhat is ThousandEyes Webinar
What is ThousandEyes WebinarThousandEyes
 
Enabling the-Connected-Car-Java
Enabling the-Connected-Car-JavaEnabling the-Connected-Car-Java
Enabling the-Connected-Car-Javaterrencebarr
 
IoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR ProposalIoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR ProposalSyam Madanapalli
 
RA TechED 2019 - NT03 - Building Converged Plantwide Ethernet Architectures
RA TechED 2019 - NT03 - Building Converged Plantwide Ethernet ArchitecturesRA TechED 2019 - NT03 - Building Converged Plantwide Ethernet Architectures
RA TechED 2019 - NT03 - Building Converged Plantwide Ethernet ArchitecturesRockwell Automation
 
Cisco Meraki Cloud Managed Networking
Cisco Meraki Cloud Managed NetworkingCisco Meraki Cloud Managed Networking
Cisco Meraki Cloud Managed NetworkingCisco Russia
 
Controls-Con 2019 | Business Track
Controls-Con 2019 | Business TrackControls-Con 2019 | Business Track
Controls-Con 2019 | Business TrackCochrane_Supply
 
Cisco identity services engine (ise) ordering steps & guide
Cisco identity services engine (ise) ordering steps & guideCisco identity services engine (ise) ordering steps & guide
Cisco identity services engine (ise) ordering steps & guideIT Tech
 
Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)Rafael Maranon
 

Similar to Industry 4.0 Security (20)

Internet of things
Internet of thingsInternet of things
Internet of things
 
Cisco Impresa40 - Trends, Vision, Solutions
Cisco Impresa40 - Trends, Vision, SolutionsCisco Impresa40 - Trends, Vision, Solutions
Cisco Impresa40 - Trends, Vision, Solutions
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & Frameworks
 
Iio t security std
Iio t security stdIio t security std
Iio t security std
 
PSOIOT-1151.pdf
PSOIOT-1151.pdfPSOIOT-1151.pdf
PSOIOT-1151.pdf
 
Cisco Connect Ottawa 2018 dna automation the evolution to intent-based netw...
Cisco Connect Ottawa 2018 dna automation the evolution to intent-based netw...Cisco Connect Ottawa 2018 dna automation the evolution to intent-based netw...
Cisco Connect Ottawa 2018 dna automation the evolution to intent-based netw...
 
TechWiseTV Workshop: Operational Insights
TechWiseTV Workshop: Operational InsightsTechWiseTV Workshop: Operational Insights
TechWiseTV Workshop: Operational Insights
 
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
 
IIot vs IoT - 10 differencies that mater
IIot vs IoT - 10 differencies that materIIot vs IoT - 10 differencies that mater
IIot vs IoT - 10 differencies that mater
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing
 
What is ThousandEyes Webinar
What is ThousandEyes WebinarWhat is ThousandEyes Webinar
What is ThousandEyes Webinar
 
Enabling the-Connected-Car-Java
Enabling the-Connected-Car-JavaEnabling the-Connected-Car-Java
Enabling the-Connected-Car-Java
 
IoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR ProposalIoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR Proposal
 
RA TechED 2019 - NT03 - Building Converged Plantwide Ethernet Architectures
RA TechED 2019 - NT03 - Building Converged Plantwide Ethernet ArchitecturesRA TechED 2019 - NT03 - Building Converged Plantwide Ethernet Architectures
RA TechED 2019 - NT03 - Building Converged Plantwide Ethernet Architectures
 
Cisco Meraki Cloud Managed Networking
Cisco Meraki Cloud Managed NetworkingCisco Meraki Cloud Managed Networking
Cisco Meraki Cloud Managed Networking
 
Controls-Con 2019 | Business Track
Controls-Con 2019 | Business TrackControls-Con 2019 | Business Track
Controls-Con 2019 | Business Track
 
Building converged plantwide ethernet architectures
Building converged plantwide ethernet architecturesBuilding converged plantwide ethernet architectures
Building converged plantwide ethernet architectures
 
Cisco identity services engine (ise) ordering steps & guide
Cisco identity services engine (ise) ordering steps & guideCisco identity services engine (ise) ordering steps & guide
Cisco identity services engine (ise) ordering steps & guide
 
Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)
 

More from Duncan Purves

Supporting Elderly Independent Living with IOT devices
Supporting Elderly Independent Living with IOT devicesSupporting Elderly Independent Living with IOT devices
Supporting Elderly Independent Living with IOT devicesDuncan Purves
 
The Internet of Trees (IoTr) and is the IoT really sustainable?
The Internet of Trees (IoTr) and is the IoT really sustainable?The Internet of Trees (IoTr) and is the IoT really sustainable?
The Internet of Trees (IoTr) and is the IoT really sustainable?Duncan Purves
 
Insights into the IoT market
Insights into the IoT marketInsights into the IoT market
Insights into the IoT marketDuncan Purves
 
Meeting the NIS Directive with Distributed Ledgers
Meeting the NIS Directive with Distributed LedgersMeeting the NIS Directive with Distributed Ledgers
Meeting the NIS Directive with Distributed LedgersDuncan Purves
 
Extending the reach of IoT to address global scale challenges
Extending the reach of IoT to address global scale challengesExtending the reach of IoT to address global scale challenges
Extending the reach of IoT to address global scale challengesDuncan Purves
 
Smart Cities: A new development
Smart Cities: A new developmentSmart Cities: A new development
Smart Cities: A new developmentDuncan Purves
 
Can you trust your smart building
Can you trust your smart buildingCan you trust your smart building
Can you trust your smart buildingDuncan Purves
 
Saving lives on British Railways with IQRF
Saving lives on British Railways with IQRFSaving lives on British Railways with IQRF
Saving lives on British Railways with IQRFDuncan Purves
 
5G and Connected Communities
5G and Connected Communities5G and Connected Communities
5G and Connected CommunitiesDuncan Purves
 
AWS IoT and Alexa in the connected home
AWS IoT and Alexa in the connected homeAWS IoT and Alexa in the connected home
AWS IoT and Alexa in the connected homeDuncan Purves
 
PSA Certified – building trust in IoT
PSA Certified – building trust in IoTPSA Certified – building trust in IoT
PSA Certified – building trust in IoTDuncan Purves
 
Smart City Challenge calls
Smart City Challenge callsSmart City Challenge calls
Smart City Challenge callsDuncan Purves
 
Vodafone's NB-IoT Rollout
Vodafone's NB-IoT RolloutVodafone's NB-IoT Rollout
Vodafone's NB-IoT RolloutDuncan Purves
 
Are you prepared for R&D funding
Are you prepared for R&D fundingAre you prepared for R&D funding
Are you prepared for R&D fundingDuncan Purves
 
Thames Valley Berkshire Smart City Cluster Challenge
Thames Valley Berkshire Smart City Cluster ChallengeThames Valley Berkshire Smart City Cluster Challenge
Thames Valley Berkshire Smart City Cluster ChallengeDuncan Purves
 
World Bee Project - The Connected Hive & The Future of Farming
World Bee Project - The Connected Hive & The Future of FarmingWorld Bee Project - The Connected Hive & The Future of Farming
World Bee Project - The Connected Hive & The Future of FarmingDuncan Purves
 
Bridging the gap between hardware and the cloud
Bridging the gap between hardware and the cloudBridging the gap between hardware and the cloud
Bridging the gap between hardware and the cloudDuncan Purves
 
Cyber Academic Startup Accelerator Programme
Cyber Academic Startup Accelerator ProgrammeCyber Academic Startup Accelerator Programme
Cyber Academic Startup Accelerator ProgrammeDuncan Purves
 
The University of Sheffield AMRC
The University of Sheffield AMRCThe University of Sheffield AMRC
The University of Sheffield AMRCDuncan Purves
 

More from Duncan Purves (20)

Supporting Elderly Independent Living with IOT devices
Supporting Elderly Independent Living with IOT devicesSupporting Elderly Independent Living with IOT devices
Supporting Elderly Independent Living with IOT devices
 
The Internet of Trees (IoTr) and is the IoT really sustainable?
The Internet of Trees (IoTr) and is the IoT really sustainable?The Internet of Trees (IoTr) and is the IoT really sustainable?
The Internet of Trees (IoTr) and is the IoT really sustainable?
 
Insights into the IoT market
Insights into the IoT marketInsights into the IoT market
Insights into the IoT market
 
Meeting the NIS Directive with Distributed Ledgers
Meeting the NIS Directive with Distributed LedgersMeeting the NIS Directive with Distributed Ledgers
Meeting the NIS Directive with Distributed Ledgers
 
Extending the reach of IoT to address global scale challenges
Extending the reach of IoT to address global scale challengesExtending the reach of IoT to address global scale challenges
Extending the reach of IoT to address global scale challenges
 
Smart Cities: A new development
Smart Cities: A new developmentSmart Cities: A new development
Smart Cities: A new development
 
Can you trust your smart building
Can you trust your smart buildingCan you trust your smart building
Can you trust your smart building
 
Saving lives on British Railways with IQRF
Saving lives on British Railways with IQRFSaving lives on British Railways with IQRF
Saving lives on British Railways with IQRF
 
5G and Connected Communities
5G and Connected Communities5G and Connected Communities
5G and Connected Communities
 
AWS IoT and Alexa in the connected home
AWS IoT and Alexa in the connected homeAWS IoT and Alexa in the connected home
AWS IoT and Alexa in the connected home
 
PSA Certified – building trust in IoT
PSA Certified – building trust in IoTPSA Certified – building trust in IoT
PSA Certified – building trust in IoT
 
Smart City Challenge calls
Smart City Challenge callsSmart City Challenge calls
Smart City Challenge calls
 
Vodafone's NB-IoT Rollout
Vodafone's NB-IoT RolloutVodafone's NB-IoT Rollout
Vodafone's NB-IoT Rollout
 
Are you prepared for R&D funding
Are you prepared for R&D fundingAre you prepared for R&D funding
Are you prepared for R&D funding
 
Thames Valley Berkshire Smart City Cluster Challenge
Thames Valley Berkshire Smart City Cluster ChallengeThames Valley Berkshire Smart City Cluster Challenge
Thames Valley Berkshire Smart City Cluster Challenge
 
World Bee Project - The Connected Hive & The Future of Farming
World Bee Project - The Connected Hive & The Future of FarmingWorld Bee Project - The Connected Hive & The Future of Farming
World Bee Project - The Connected Hive & The Future of Farming
 
Bridging the gap between hardware and the cloud
Bridging the gap between hardware and the cloudBridging the gap between hardware and the cloud
Bridging the gap between hardware and the cloud
 
Cyber Academic Startup Accelerator Programme
Cyber Academic Startup Accelerator ProgrammeCyber Academic Startup Accelerator Programme
Cyber Academic Startup Accelerator Programme
 
Digital buildings
Digital buildingsDigital buildings
Digital buildings
 
The University of Sheffield AMRC
The University of Sheffield AMRCThe University of Sheffield AMRC
The University of Sheffield AMRC
 

Recently uploaded

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 

Recently uploaded (20)

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Industry 4.0 Security

  • 1. Stuart Traynor Technical Specialist - Manufacturing 13th November Industry 4.0 Security Evolution of Factory Security for Industry 4.0
  • 2. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Agenda • Challenges in securing Industry 4.0 • Standards for ICS systems • Legacy machine tools example • Policy based IoT security
  • 3. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Enabling internet connectivity to the OT environment • New attack vector • Potentially leveraging the same network as the automation, traditionally air-gapped • Sometimes no automation network in place and leveraging the standard enterprise network
  • 4. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Move towards IoT cloud platforms and other cloud services including MES, the shop floor needs to support this transition • Shop floors have traditionally legacy devices e.g. PLC’s, Windows XP/7 or older devices which are vulnerable • Need for remote access to systems from external vendors, partners etc. • Networks are segmented in a static fashion, making changes complex, costly and slow e.g. moving a networked machine can take many weeks / months. Other common challenges to security from Industry 4.0
  • 5. Cisco Confidential 5© 2016 Cisco and/or its affiliates. All rights reserved. Starting Point: Proprietary Serial Islands Unmanaged, unconverged Ethernet Converged Plantwide Network Flexible, Multi-Service Platform • Still siloed • No security • Individual OEM networking • Converge siloed networks • Static environment • Typically air-gapped networks • Industry 4.0 • Cloud/Edge Computing • Software Defined Factories • Enterprise wide security policy Everyone’s at a different stage on the journey Phase 1 Phase 2 Phase 3
  • 6. Cisco Confidential 6© 2016 Cisco and/or its affiliates. All rights reserved. What is Converged Plantwide Network? The basis of the Connected Factory “CPwE is co-owned Solution Architecture created jointly by Cisco and Rockwell Automation to architect IP from the Enterprise level down to the Operational cell/zone level within the manufacturing plant floor. CPwE solution is designed specifically for industrial Ethernet applications.” The CVD (Cisco Validated Design) is a 700 page design and best practice guide for Engineering IP at the Cell/Zone level and interworking to the Enterprise https://www.cisco.com/c/en/us/solutions/enterprise/design-zone- manufacturing/landing_ettf.html
  • 7. Cisco Confidential 7© 2016 Cisco and/or its affiliates. All rights reserved. Industrial Network Convergence Enterprise Zone DMZ Manufacturing Zone Cell/Area Zone Demilitarized Zone — Shared Access Enterprise Network Level 5 Site Business Planning and Logistics Network Level 4 Site Manufacturing Operations and Control Level 3 Area Control Level 2 Basic Control Level 1 Process Level 0 • Levels – ISA 95, Purdue • Zones – IEC 62443, NIST 800- 82, ICS-CERT
  • 8. Sensors Cell/Area Zone Levels 0–2 Layer 2 Access The Legacy machine tools example Drive Controller HMI Distributed I/O VLAN 10 - automation VLAN 20 - sensors Gateways • Remote access • Industrial specific security • Network Segmentation • Control network and IoT connectivity • Policy based routing • Data encryption • Secure cloud connectivity Manufacturing Zone/ Demilitarized zone Level 3 Distribution and Core Enterprise Levels 4–5 A fairly straight forward application of the standards and designs
  • 9. Firewall (Active) Firewall (Standby) Application Servers Network Services Patch Management Terminal Services Application Mirror AV Server Cell/Area #1 (Redundant Star Topology) Drive Controller HMI Distributed I/O Controller DriveDrive HMI Distributed I/O HMI Cell/Area #2 (Ring Topology) Cell/Area #3 (Linear Topology) Layer 2 Access Switch Controller Cell/Area Zone Levels 0–2 Layer 2 Access Manufacturing Zone Level 3 Distribution and Core Demilitarized Zone (DMZ) Firewalls Enterprise Network Levels 4–5 Web Apps DNS FTP Scaling out…
  • 10. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential The next step on the journey…
  • 11. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Defining Security Policies without Visibility is Complex Security Platforms C a m e r a P r i n t e r L a p t o p P h o n e ? ? ? ? ? ? ? ? ? ? Enterprise Assets Industrial Assets
  • 12. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Many controls teams view segmentation and enforcement as a hindrance to operations • Maybe bitten in the past by IT actions disrupting production • You need to explain to them how segmentation increases reliability in addition to security, as they do care about reliability • Most importantly, in many cases, their networks are not ready, poorly architected, and process/people are not in place to consume a sophisticated security solution Moving towards a policy Blind Monitor / Baseline Segment Enforce
  • 13. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Manufacturer Usage Descriptions Work on Standards?
  • 14. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential IoT Device Business Challenges Device Visibility Intent-based Policy Standard based Do you know devices well enough to differentiate service? Does customer knows behavior of devices to build their policy? Is there any industry standard way of connecting IoT devices to enterprise network? 14
  • 15. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • The needs of the automation and operations networks are changing • Everyone's at a different stage of the journey • Start to look at your automation network, how do you prepare it for Industry 4.0 • There's validated designs and guidance for all kinds of scale • Visibility of what's on the network and security policy is going to become key Summary