SlideShare a Scribd company logo

ICS Security from the Plant Floor Up - A Controls Engineers Approach to Securing Plant Floor Network, Jeffrey Smith of AAM

Download as PPTX, PDF
Digital Bond
Digital Bond

The presentation covers assessment, implementation methodology, and current level of success for addressing four key objectives which are protecting the controls fieldbus (networks) from untrusted networks (domain), secure and safe remote support capability from both inside and outside of the company, control supplier access to manufacturing equipment when onsite, and protect manufacturing systems from Malware and intrusion. This system isn’t theoretical, it’s in broad use and full critical production. If the time and connectivity is available a quick remote access demonstration can be given. The presentation will wrap up with a series of thoughts and ideas that occur to me regarding security in general as I listen to other organizations and groups talking about various security needs and activities.

Technology
1 of 38
ICS Security from the Plant Floor Up A Controls Engineers Approach to Securing Plant Floor Networks Jeffrey Smith 1
Less than a minute of blather about Jeffrey Smith 2
How much do I want to spend? Nothing. Zero. Nada. Zip. 3
ICS Security 1. Assess our current posture 2. Define key objectives for which to develop a solution to improve that posture. 4
Key Objective #1 Protect the manufacturing controls networks (EtherNet/IP fieldbus) from the enterprise networks (untrusted networks) and they from us. 5
Key Objective #1 Isolate the Controls Fieldbus from the Enterprise network through two different Firewalls, one managed by IT, one by Controls. IT Firewall IT SPACE CONTROLS Zenwall-5 Controls Firewall Industrial Protocol DPI EtherNet/IP Fieldbus 6
Key Objective #2 Secure and Safe Remote Support Capability from inside and outside the company 7
Key Objective #3 Control and track supplier access to Manufacturing Control Systems when onsite in one of our facilities 8
Supplier Support Login 9
Key Objective #4 Protect manufacturing systems from malware attack by removing PC(s) from or isolating them on the controls network. Whitelist where applicable. 10
Say NO to PCs on your Fieldbus Computer Friends don’t let friends put PC(s) on Controls Networks 11
Move the PCs to the Enterprise ENTERPRISE NETWORK 12
Line Topology 13
Station Topology STATION DEVICE LEVEL RING (DLR) TOPOLOGY EtherNet/IP Ring Link EtherNet/IP Ring Link UPLINK #2 TO MACH 102 OP100 OP90 OP80 PanelView Plus CompactLogix L3x ERM E-TAP Torque Tool EtherNet/IP – Device Level Ring (DLR) PowerFLEX 755 VFD 173x AENT Numatics G3 14 Optional E-TAP Kinetix 6500 Servos HMS Gateway
PC at the Edge…If you must. 15
16
“Deep thoughts” by Jeff Smith 17
10 Ton Security Model 18
Assessment is Critical We don’t build rockets…you might. 19
Ethernet based Fieldbus Is still young, it has long way to grow and it’s a long way from mature when compared to it’s IT counterpart. 20
Can we move to Ethernet? •Many companies, small to large, are just looking at making a move to an Ethernet based fieldbus. •What’s the value proposition of Ethernet if we are pushing a huge security posture on them at the same time? 21
Controls Engineers •Many don’t have experience with Ethernet based controls networks. •Companies are tight with training dollars, more are forcing their support staff to learn via OJT even though technology growth is raging. 22
Migrating the “Ethernetly” Challenged Are you helping? What does your “Convert Legacy Fieldbus X to an Ethernet fieldbus” Engineering Plan look like? 23
Shore up the foundation Perhaps for those who have taken a “swag” at Ethernet based fieldbus, the correct approach to TLC is to help them “fix” their strategy for Control System Ethernet and then help them secure it. TLC = Total Landed Cost 24
Air Gapped? Is there *REALLY* such a thing? 25
Pssst! We can do Controls Stuff… When talking about security, let’s capitalize on our seemingly forgotten skillset of hardwired safety/security. Might not be a singular product purchased from a shelf, but it is value controls can bring to the table. It’s our cockpit door. 26
If we had a little money left… “Replace all unmanaged switches with managed switches.” 27
How to get started? Do something, a little today, and more tomorrow. Eat the elephant one bite at a time. 28
Detection and Recovery Not enough people talking about Detection and Fast Recovery. If we agree we will never stop every attack, shouldn’t we spend time on detection and recovery? 29
Ethernet in Automobiles This year, the first production vehicle will be released that uses Ethernet instead of CAN as it’s primary vehicle communications network. Nervous? I am. 30
Diagnostics Forensic Diagnostics 31
ICS Security Appliance What do I look for? 32
Controls Security Appliance • Fast, Low Latency Deep Packet Inspection of Industrial Protocols • Ability to easily configure and manage firewall rules without needing a degree in “firewall” • Horsepower to spare, with the ability to lay in changes without interrupting performance. 33
ICS Security Appliances • Can’t require an IT person at 2:00am when the line is down. • Best way to introduce yourself and your new wiz-bang security “stuff” to the plant manager is to take the line down OR prevent the 2:00am support staff from bringing it back up. 34
ICS Security Appliances You won’t forget him and he won’t forget you or your security #%^!&%#*%. And you thought CapEx funding of security initiatives was challenging before.… 35
ICS Security Appliances • Must have easily replicatable configurations • Must be scalable from small to large • Must have reasonable pricing models to accompany their scalability 36
Security = Risk Mitigation I’m often asked “How much security is enough?” “Whatever you need to mitigate the risk you can’t live with.” 37
I can make up answers to any… Questions? 38

Recommended

Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Digital Bond
 
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Digital Bond
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Digital Bond
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Digital Bond
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing KeynoteDigital Bond
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
 
Attacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaAttacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaDigital Bond
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
 

Recommended

Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Digital Bond
 
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Digital Bond
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Digital Bond
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Digital Bond
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing KeynoteDigital Bond
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
 
Attacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaAttacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaDigital Bond
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?Digital Bond
 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMJim Gilsinn
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS CommunicationsDigital Bond
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Digital Bond
 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014Digital Bond
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)Byres Security Inc.
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network ArchitecturesEnergySec
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsItex Solutions
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Yokogawa1
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Honeywell
 
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Digital Bond
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCreekside Marketing Group, LLC
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Integrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsIntegrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsJim Gilsinn
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsHoneywell
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...Community Protection Forum
 
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationOpen Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationEnergySec
 
Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014iotisrael
 
ICS security
ICS securityICS security
ICS securityAhmed Shitta
 
MMPL corporate overview mail
MMPL corporate overview mailMMPL corporate overview mail
MMPL corporate overview mailMedley India Infosolution Pvt Ltd
 

More Related Content

What's hot

Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?Digital Bond
 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMJim Gilsinn
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS CommunicationsDigital Bond
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Digital Bond
 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014Digital Bond
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)Byres Security Inc.
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network ArchitecturesEnergySec
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsItex Solutions
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Yokogawa1
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Honeywell
 
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Digital Bond
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Integrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsIntegrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsJim Gilsinn
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsHoneywell
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...Community Protection Forum
 
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationOpen Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationEnergySec
 
Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014iotisrael
 

What's hot (20)

Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS Communications
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
 
Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)
 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
 
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing Framework
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Integrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsIntegrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of Standards
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...
 
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationOpen Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and Education
 
Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014
 

Similar to ICS Security from the Plant Floor Up - A Controls Engineers Approach to Securing Plant Floor Network, Jeffrey Smith of AAM

An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture Symantec
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomiIvan Carmona
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control SystemHemanth M
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
Cloud Security @ TIM - Current Practises and Future Challanges
Cloud Security @ TIM - Current Practises and Future ChallangesCloud Security @ TIM - Current Practises and Future Challanges
Cloud Security @ TIM - Current Practises and Future ChallangesMichele Vecchione
 
terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433Terry Gilsenan
 
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)sandhibhide
 
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerAvoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerProduct of Things
 
Learn how to make your IoT pilot projects and POCs successful
Learn how to make your IoT pilot projects and POCs successfulLearn how to make your IoT pilot projects and POCs successful
Learn how to make your IoT pilot projects and POCs successfulKellton Tech Solutions Ltd
 
Principals of IoT security
Principals of IoT securityPrincipals of IoT security
Principals of IoT securityIoT613
 
AEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAndy Taylor
 
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTTransforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTForescout Technologies Inc
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...Shah Sheikh
 
IoT Design Principles
IoT Design PrinciplesIoT Design Principles
IoT Design Principlesardexateam
 

Similar to ICS Security from the Plant Floor Up - A Controls Engineers Approach to Securing Plant Floor Network, Jeffrey Smith of AAM (20)

ICS security
ICS securityICS security
ICS security
 
MMPL corporate overview mail
MMPL corporate overview mailMMPL corporate overview mail
MMPL corporate overview mail
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomi
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control System
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
 
Cloud Security @ TIM - Current Practises and Future Challanges
Cloud Security @ TIM - Current Practises and Future ChallangesCloud Security @ TIM - Current Practises and Future Challanges
Cloud Security @ TIM - Current Practises and Future Challanges
 
4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial Cybersecurity4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial Cybersecurity
 
terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433
 
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
 
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerAvoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
 
Hugo Fiennes - Security and the IoT - Electric Imp
Hugo Fiennes - Security and the IoT - Electric ImpHugo Fiennes - Security and the IoT - Electric Imp
Hugo Fiennes - Security and the IoT - Electric Imp
 
Learn how to make your IoT pilot projects and POCs successful
Learn how to make your IoT pilot projects and POCs successfulLearn how to make your IoT pilot projects and POCs successful
Learn how to make your IoT pilot projects and POCs successful
 
Principals of IoT security
Principals of IoT securityPrincipals of IoT security
Principals of IoT security
 
AEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution Slides
 
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTTransforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
 
IoT Design Principles
IoT Design PrinciplesIoT Design Principles
IoT Design Principles
 

More from Digital Bond

The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security ProductsDigital Bond
 
Remote Control Automobiles at ESCAR US 2015
Remote Control Automobiles at ESCAR US 2015Remote Control Automobiles at ESCAR US 2015
Remote Control Automobiles at ESCAR US 2015Digital Bond
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)Digital Bond
 
The RIPE Experience
The RIPE ExperienceThe RIPE Experience
The RIPE ExperienceDigital Bond
 
Windows Service Hardening
Windows Service HardeningWindows Service Hardening
Windows Service HardeningDigital Bond
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSFDigital Bond
 
Assessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsAssessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsDigital Bond
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case StudyDigital Bond
 
Unidirectional Security Appliances to Secure ICS
Unidirectional Security Appliances to Secure ICSUnidirectional Security Appliances to Secure ICS
Unidirectional Security Appliances to Secure ICSDigital Bond
 
Internet Accessible ICS in Japan (English)
Internet Accessible ICS in Japan (English)Internet Accessible ICS in Japan (English)
Internet Accessible ICS in Japan (English)Digital Bond
 
Survey and Analysis of ICS Vulnerabilities (Japanese)
Survey and Analysis of ICS Vulnerabilities (Japanese)Survey and Analysis of ICS Vulnerabilities (Japanese)
Survey and Analysis of ICS Vulnerabilities (Japanese)Digital Bond
 
ICS Security Training ... What Works and What Is Needed (Japanese)
ICS Security Training ... What Works and What Is Needed (Japanese)ICS Security Training ... What Works and What Is Needed (Japanese)
ICS Security Training ... What Works and What Is Needed (Japanese)Digital Bond
 
Incubation of ICS Malware (English)
Incubation of ICS Malware (English)Incubation of ICS Malware (English)
Incubation of ICS Malware (English)Digital Bond
 
Dynamic Zoning Based On Situational Activity in ICS (Japanese)
Dynamic Zoning Based On Situational Activity in ICS (Japanese)Dynamic Zoning Based On Situational Activity in ICS (Japanese)
Dynamic Zoning Based On Situational Activity in ICS (Japanese)Digital Bond
 
Havex Deep Dive (English)
Havex Deep Dive (English)Havex Deep Dive (English)
Havex Deep Dive (English)Digital Bond
 
Unsolicited Response - Getting BACnet Off of the Internet (Japanese)
Unsolicited Response - Getting BACnet Off of the Internet (Japanese)Unsolicited Response - Getting BACnet Off of the Internet (Japanese)
Unsolicited Response - Getting BACnet Off of the Internet (Japanese)Digital Bond
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Digital Bond
 
Application Whitelisting and DPI in ICS (English)
Application Whitelisting and DPI in ICS (English)Application Whitelisting and DPI in ICS (English)
Application Whitelisting and DPI in ICS (English)Digital Bond
 
Industrial Wireless Security (Japanese)
Industrial Wireless Security (Japanese)Industrial Wireless Security (Japanese)
Industrial Wireless Security (Japanese)Digital Bond
 
S4x14 Session: You Name It; We Analyze It
S4x14 Session: You Name It; We Analyze ItS4x14 Session: You Name It; We Analyze It
S4x14 Session: You Name It; We Analyze ItDigital Bond
 

More from Digital Bond (20)

The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security Products
 
Remote Control Automobiles at ESCAR US 2015
Remote Control Automobiles at ESCAR US 2015Remote Control Automobiles at ESCAR US 2015
Remote Control Automobiles at ESCAR US 2015
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
 
The RIPE Experience
The RIPE ExperienceThe RIPE Experience
The RIPE Experience
 
Windows Service Hardening
Windows Service HardeningWindows Service Hardening
Windows Service Hardening
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
 
Assessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsAssessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS Solutions
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case Study
 
Unidirectional Security Appliances to Secure ICS
Unidirectional Security Appliances to Secure ICSUnidirectional Security Appliances to Secure ICS
Unidirectional Security Appliances to Secure ICS
 
Internet Accessible ICS in Japan (English)
Internet Accessible ICS in Japan (English)Internet Accessible ICS in Japan (English)
Internet Accessible ICS in Japan (English)
 
Survey and Analysis of ICS Vulnerabilities (Japanese)
Survey and Analysis of ICS Vulnerabilities (Japanese)Survey and Analysis of ICS Vulnerabilities (Japanese)
Survey and Analysis of ICS Vulnerabilities (Japanese)
 
ICS Security Training ... What Works and What Is Needed (Japanese)
ICS Security Training ... What Works and What Is Needed (Japanese)ICS Security Training ... What Works and What Is Needed (Japanese)
ICS Security Training ... What Works and What Is Needed (Japanese)
 
Incubation of ICS Malware (English)
Incubation of ICS Malware (English)Incubation of ICS Malware (English)
Incubation of ICS Malware (English)
 
Dynamic Zoning Based On Situational Activity in ICS (Japanese)
Dynamic Zoning Based On Situational Activity in ICS (Japanese)Dynamic Zoning Based On Situational Activity in ICS (Japanese)
Dynamic Zoning Based On Situational Activity in ICS (Japanese)
 
Havex Deep Dive (English)
Havex Deep Dive (English)Havex Deep Dive (English)
Havex Deep Dive (English)
 
Unsolicited Response - Getting BACnet Off of the Internet (Japanese)
Unsolicited Response - Getting BACnet Off of the Internet (Japanese)Unsolicited Response - Getting BACnet Off of the Internet (Japanese)
Unsolicited Response - Getting BACnet Off of the Internet (Japanese)
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)
 
Application Whitelisting and DPI in ICS (English)
Application Whitelisting and DPI in ICS (English)Application Whitelisting and DPI in ICS (English)
Application Whitelisting and DPI in ICS (English)
 
Industrial Wireless Security (Japanese)
Industrial Wireless Security (Japanese)Industrial Wireless Security (Japanese)
Industrial Wireless Security (Japanese)
 
S4x14 Session: You Name It; We Analyze It
S4x14 Session: You Name It; We Analyze ItS4x14 Session: You Name It; We Analyze It
S4x14 Session: You Name It; We Analyze It
 

Recently uploaded

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

Recently uploaded (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 

ICS Security from the Plant Floor Up - A Controls Engineers Approach to Securing Plant Floor Network, Jeffrey Smith of AAM

  • 1. ICS Security from the Plant Floor Up A Controls Engineers Approach to Securing Plant Floor Networks Jeffrey Smith 1
  • 2. Less than a minute of blather about Jeffrey Smith 2
  • 3. How much do I want to spend? Nothing. Zero. Nada. Zip. 3
  • 4. ICS Security 1. Assess our current posture 2. Define key objectives for which to develop a solution to improve that posture. 4
  • 5. Key Objective #1 Protect the manufacturing controls networks (EtherNet/IP fieldbus) from the enterprise networks (untrusted networks) and they from us. 5
  • 6. Key Objective #1 Isolate the Controls Fieldbus from the Enterprise network through two different Firewalls, one managed by IT, one by Controls. IT Firewall IT SPACE CONTROLS Zenwall-5 Controls Firewall Industrial Protocol DPI EtherNet/IP Fieldbus 6
  • 7. Key Objective #2 Secure and Safe Remote Support Capability from inside and outside the company 7
  • 8. Key Objective #3 Control and track supplier access to Manufacturing Control Systems when onsite in one of our facilities 8
  • 10. Key Objective #4 Protect manufacturing systems from malware attack by removing PC(s) from or isolating them on the controls network. Whitelist where applicable. 10
  • 11. Say NO to PCs on your Fieldbus Computer Friends don’t let friends put PC(s) on Controls Networks 11
  • 12. Move the PCs to the Enterprise ENTERPRISE NETWORK 12
  • 14. Station Topology STATION DEVICE LEVEL RING (DLR) TOPOLOGY EtherNet/IP Ring Link EtherNet/IP Ring Link UPLINK #2 TO MACH 102 OP100 OP90 OP80 PanelView Plus CompactLogix L3x ERM E-TAP Torque Tool EtherNet/IP – Device Level Ring (DLR) PowerFLEX 755 VFD 173x AENT Numatics G3 14 Optional E-TAP Kinetix 6500 Servos HMS Gateway
  • 15. PC at the Edge…If you must. 15
  • 16. 16
  • 17. “Deep thoughts” by Jeff Smith 17
  • 18. 10 Ton Security Model 18
  • 19. Assessment is Critical We don’t build rockets…you might. 19
  • 20. Ethernet based Fieldbus Is still young, it has long way to grow and it’s a long way from mature when compared to it’s IT counterpart. 20
  • 21. Can we move to Ethernet? •Many companies, small to large, are just looking at making a move to an Ethernet based fieldbus. •What’s the value proposition of Ethernet if we are pushing a huge security posture on them at the same time? 21
  • 22. Controls Engineers •Many don’t have experience with Ethernet based controls networks. •Companies are tight with training dollars, more are forcing their support staff to learn via OJT even though technology growth is raging. 22
  • 23. Migrating the “Ethernetly” Challenged Are you helping? What does your “Convert Legacy Fieldbus X to an Ethernet fieldbus” Engineering Plan look like? 23
  • 24. Shore up the foundation Perhaps for those who have taken a “swag” at Ethernet based fieldbus, the correct approach to TLC is to help them “fix” their strategy for Control System Ethernet and then help them secure it. TLC = Total Landed Cost 24
  • 25. Air Gapped? Is there *REALLY* such a thing? 25
  • 26. Pssst! We can do Controls Stuff… When talking about security, let’s capitalize on our seemingly forgotten skillset of hardwired safety/security. Might not be a singular product purchased from a shelf, but it is value controls can bring to the table. It’s our cockpit door. 26
  • 27. If we had a little money left… “Replace all unmanaged switches with managed switches.” 27
  • 28. How to get started? Do something, a little today, and more tomorrow. Eat the elephant one bite at a time. 28
  • 29. Detection and Recovery Not enough people talking about Detection and Fast Recovery. If we agree we will never stop every attack, shouldn’t we spend time on detection and recovery? 29
  • 30. Ethernet in Automobiles This year, the first production vehicle will be released that uses Ethernet instead of CAN as it’s primary vehicle communications network. Nervous? I am. 30
  • 32. ICS Security Appliance What do I look for? 32
  • 33. Controls Security Appliance • Fast, Low Latency Deep Packet Inspection of Industrial Protocols • Ability to easily configure and manage firewall rules without needing a degree in “firewall” • Horsepower to spare, with the ability to lay in changes without interrupting performance. 33
  • 34. ICS Security Appliances • Can’t require an IT person at 2:00am when the line is down. • Best way to introduce yourself and your new wiz-bang security “stuff” to the plant manager is to take the line down OR prevent the 2:00am support staff from bringing it back up. 34
  • 35. ICS Security Appliances You won’t forget him and he won’t forget you or your security #%^!&%#*%. And you thought CapEx funding of security initiatives was challenging before.… 35
  • 36. ICS Security Appliances • Must have easily replicatable configurations • Must be scalable from small to large • Must have reasonable pricing models to accompany their scalability 36
  • 37. Security = Risk Mitigation I’m often asked “How much security is enough?” “Whatever you need to mitigate the risk you can’t live with.” 37
  • 38. I can make up answers to any… Questions? 38