SlideShare a Scribd company logo

Practical Approaches to Securely Integrating Business and Production

Download as PPTX, PDF
Jim Gilsinn
Jim Gilsinn

Presented @ 2016 ISA Process Control & Safety Symposium, November 10, 2016 The exchange of key information between business operations, suppliers, customers, production, and ultimately the production equipment itself can provide significant financial and productivity advantages. This presentation will discuss some practical approaches to utilizing the cyber security principles from ISA/IEC 62443 in order to integrate the business and production environments. It will also present some of the different solutions for meeting a variety of scenarios, such as data historians, patching/updating, and remote maintenance.

Technology
1 of 26
Standards Certification Education & Training Publishing Conferences & Exhibits Practical Approaches to Securely Integrating Business and Production Jim Gilsinn
Presenter • Jim Gilsinn – Senior Investigator, Kenexis – ISA99, Co-Chair – ISA99-WG2, Co-Chair – CEH, CISSP – ISA/IEC 62443 Expert – 25 Years Eng. Experience – MSEE
Overview • Why Integrate Business & Production? • Things to Consider • Potential Solutions • Questions
Why Integrate Business & Production? • Production to Business – Production Data – Historical Data – Regulatory Requirements – Network/Security Monitoring • Business to Production – Remote Maintenance – Patch Management – File Exchange – Configuration Data Complete isolation is rarely an option
THINGS TO CONSIDER
Things to Consider • Isolated Zones • Network Segmentation • Wireless Integration • Remote Connections • Public Infrastructure Integration • File/Data Transfer • Monitoring
Isolated Zones • Are there zones that require network isolation? • Safety-related systems are a good example • Set it & forget it! • May require re-calibration over time • Can be connected via signal wiring
Network Segmentation • Firewall vs. Data Diode – Is bidirectional communication required? – Human interaction vs. automated bi-directional communication – “Air-gap” requirement – Mixed firewall & data diode • Multi-legged vs. Dual Firewall – Establish DMZ – Product diversity – IT/OT
Wireless Integration • Will wireless be used? • What communication protocols? • What frequency bands? • Point-to-point vs. omnidirectional? • Star vs. mesh topology? • Bandwidth requirements? • Tolerance for drop-outs? • Where to integrate into architecture?
Remote Connections • Personnel, vendors, contractors, MSSP? • On-site vs. off-site access? • Continuous vs. scheduled vs. sporadic connectivity? • Method of connectivity? • Single-factor vs. multi-factor authentication? • Connection points within architecture? • Types of communication allowed?
Public Infrastructure Integration • More of an issue with SCADA • Wired vs. terrestrial wireless vs. satellite • Dedicated vs. leased-line connections • Service level agreements for ISP • Contingencies for backup/secondary communications
File/Data Transfer • Restricting data flows through zone boundaries • Direct communications vs. servers in DMZ • File transfer server vs. removable media • File transfer through remote management connections
Monitoring • Malware checking • Ingress/egress filtering • Continuous monitoring vs. human interaction • Push vs. pull of monitoring data • Legacy equipment • HIDS/NIDS • Non-networked equipment
People Will Get Things Done • One way or another, people will get their job done • Security can’t be seen as an impediment to that • Provide methods that work easily, but are more secure
POTENTIAL SOLUTIONS
Engineering User
File Transfer
Administrator User – Patch Management
Remote Maintenance
Historian Replication
Domain Controllers
Web Access – License Activation Server
SUMMARY
Summary • There are benefits to connecting business and production networks • There are a variety of things that need to be considered when connecting business and production networks • There are practical solutions for security
Questions
Standards Certification Education & Training Publishing Conferences & Exhibits Thank You for Attending! Enjoy the rest of the conference.

Recommended

Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMJim Gilsinn
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Yokogawa1
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
 
Integrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsIntegrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsJim Gilsinn
 
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...Digital Bond
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
 
IEC and cyber security (June 2018)
IEC and cyber security (June 2018)IEC and cyber security (June 2018)
IEC and cyber security (June 2018)International Electrotechnical Commission (IEC)
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCreekside Marketing Group, LLC
 

Recommended

Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMJim Gilsinn
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Yokogawa1
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
 
Integrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsIntegrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsJim Gilsinn
 
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...Digital Bond
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
 
IEC and cyber security (June 2018)
IEC and cyber security (June 2018)IEC and cyber security (June 2018)
IEC and cyber security (June 2018)International Electrotechnical Commission (IEC)
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCreekside Marketing Group, LLC
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)Byres Security Inc.
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Smart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of ThingsSmart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of ThingsCreekside Marketing Group, LLC
 
Lowering Industrial Network Total Cost of Ownership
Lowering Industrial Network Total Cost of OwnershipLowering Industrial Network Total Cost of Ownership
Lowering Industrial Network Total Cost of OwnershipCreekside Marketing Group, LLC
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?Digital Bond
 
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Digital Bond
 
Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...Jiunn-Jer Sun
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
Contributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsContributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsYokogawa1
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar Nnull The Open Security Community
 
Introduction to Industrial Cybersecurity for Water and Waste Water Operators
Introduction to Industrial Cybersecurity for Water and Waste Water OperatorsIntroduction to Industrial Cybersecurity for Water and Waste Water Operators
Introduction to Industrial Cybersecurity for Water and Waste Water OperatorsSean R. Bouchard, P.Eng
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsItex Solutions
 
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Jim Gilsinn
 
Attacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaAttacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaDigital Bond
 
Critical Infrastructure and Security
Critical Infrastructure and SecurityCritical Infrastructure and Security
Critical Infrastructure and SecurityCan Demirel
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorEnergySec
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing KeynoteDigital Bond
 
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Digital Bond
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 
Havex Deep Dive (English)
Havex Deep Dive (English)Havex Deep Dive (English)
Havex Deep Dive (English)Digital Bond
 
Dynamic Zoning Based On Situational Activity in ICS (Japanese)
Dynamic Zoning Based On Situational Activity in ICS (Japanese)Dynamic Zoning Based On Situational Activity in ICS (Japanese)
Dynamic Zoning Based On Situational Activity in ICS (Japanese)Digital Bond
 

More Related Content

What's hot

Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)Byres Security Inc.
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?Digital Bond
 
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Digital Bond
 
Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...Jiunn-Jer Sun
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
Contributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsContributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsYokogawa1
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar Nnull The Open Security Community
 
Introduction to Industrial Cybersecurity for Water and Waste Water Operators
Introduction to Industrial Cybersecurity for Water and Waste Water OperatorsIntroduction to Industrial Cybersecurity for Water and Waste Water Operators
Introduction to Industrial Cybersecurity for Water and Waste Water OperatorsSean R. Bouchard, P.Eng
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsItex Solutions
 
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Jim Gilsinn
 
Attacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaAttacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaDigital Bond
 
Critical Infrastructure and Security
Critical Infrastructure and SecurityCritical Infrastructure and Security
Critical Infrastructure and SecurityCan Demirel
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorEnergySec
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing KeynoteDigital Bond
 
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Digital Bond
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 

What's hot (20)

Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing Framework
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Smart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of ThingsSmart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of Things
 
Lowering Industrial Network Total Cost of Ownership
Lowering Industrial Network Total Cost of OwnershipLowering Industrial Network Total Cost of Ownership
Lowering Industrial Network Total Cost of Ownership
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
 
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
 
Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
 
Contributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsContributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity Standards
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
 
Introduction to Industrial Cybersecurity for Water and Waste Water Operators
Introduction to Industrial Cybersecurity for Water and Waste Water OperatorsIntroduction to Industrial Cybersecurity for Water and Waste Water Operators
Introduction to Industrial Cybersecurity for Water and Waste Water Operators
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
 
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
 
Attacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaAttacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar Asia
 
Critical Infrastructure and Security
Critical Infrastructure and SecurityCritical Infrastructure and Security
Critical Infrastructure and Security
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy Sector
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing Keynote
 
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
 

Viewers also liked

Havex Deep Dive (English)
Havex Deep Dive (English)Havex Deep Dive (English)
Havex Deep Dive (English)Digital Bond
 
Dynamic Zoning Based On Situational Activity in ICS (Japanese)
Dynamic Zoning Based On Situational Activity in ICS (Japanese)Dynamic Zoning Based On Situational Activity in ICS (Japanese)
Dynamic Zoning Based On Situational Activity in ICS (Japanese)Digital Bond
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Digital Bond
 
ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & Risques
ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & RisquesASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & Risques
ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & RisquesCyber Security Alliance
 
ICS Security Training ... What Works and What Is Needed (Japanese)
ICS Security Training ... What Works and What Is Needed (Japanese)ICS Security Training ... What Works and What Is Needed (Japanese)
ICS Security Training ... What Works and What Is Needed (Japanese)Digital Bond
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseChris Sistrunk
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS CommunicationsDigital Bond
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)Digital Bond
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSFDigital Bond
 

Viewers also liked (10)

Havex Deep Dive (English)
Havex Deep Dive (English)Havex Deep Dive (English)
Havex Deep Dive (English)
 
Dynamic Zoning Based On Situational Activity in ICS (Japanese)
Dynamic Zoning Based On Situational Activity in ICS (Japanese)Dynamic Zoning Based On Situational Activity in ICS (Japanese)
Dynamic Zoning Based On Situational Activity in ICS (Japanese)
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)
 
ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & Risques
ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & RisquesASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & Risques
ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & Risques
 
ICS Security Training ... What Works and What Is Needed (Japanese)
ICS Security Training ... What Works and What Is Needed (Japanese)ICS Security Training ... What Works and What Is Needed (Japanese)
ICS Security Training ... What Works and What Is Needed (Japanese)
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA Defense
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS Communications
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
 
Cisco ASA
Cisco ASACisco ASA
Cisco ASA
 

Similar to Practical Approaches to Securely Integrating Business and Production

Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...Lviv Startup Club
 
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?Edunomica
 
The Website Resiliency Imperative
The Website Resiliency ImperativeThe Website Resiliency Imperative
The Website Resiliency ImperativeDistil Networks
 
gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2Anne Starr
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
How to Architect Microgrids for the Industrial Internet of Things
How to Architect Microgrids for the Industrial Internet of ThingsHow to Architect Microgrids for the Industrial Internet of Things
How to Architect Microgrids for the Industrial Internet of ThingsReal-Time Innovations (RTI)
 
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...Eduardo Gonzalez Loumiet, MBA, PMP, CPHIMS
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloudAjay Rathi
 
Distributed data processing
Distributed data processingDistributed data processing
Distributed data processingAyisha Kowsar
 
Hadoop Migration to databricks cloud project plan.pptx
Hadoop Migration to databricks cloud project plan.pptxHadoop Migration to databricks cloud project plan.pptx
Hadoop Migration to databricks cloud project plan.pptxyashodhannn
 
dtechnClouologyassociatepart2
dtechnClouologyassociatepart2dtechnClouologyassociatepart2
dtechnClouologyassociatepart2Anne Starr
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
Science DMZ security
Science DMZ securityScience DMZ security
Science DMZ securityJisc
 
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...Deepak Shankar
 
Implementing a Disconnected Mobile Application with DSI for Field Operations
Implementing a Disconnected Mobile Application with DSI for Field OperationsImplementing a Disconnected Mobile Application with DSI for Field Operations
Implementing a Disconnected Mobile Application with DSI for Field OperationsSmartbridge
 
Well_Monitoring_System_DataComm_Technology.pdf
Well_Monitoring_System_DataComm_Technology.pdfWell_Monitoring_System_DataComm_Technology.pdf
Well_Monitoring_System_DataComm_Technology.pdfHari Prasetyo Utomo
 
AARNet Enterprise Services presentation at QUESTNET 2018
AARNet Enterprise Services presentation at QUESTNET 2018AARNet Enterprise Services presentation at QUESTNET 2018
AARNet Enterprise Services presentation at QUESTNET 2018James Sankar
 
Edge UPDATED.pptx
Edge UPDATED.pptxEdge UPDATED.pptx
Edge UPDATED.pptxandre241421
 
What is Cloud Security, and Can I Have Some?
What is Cloud Security, and Can I Have Some?What is Cloud Security, and Can I Have Some?
What is Cloud Security, and Can I Have Some?John Kinsella
 
NetIDEAS Inc. - Enabling Global Design Teams with hosted Windchill
NetIDEAS Inc. - Enabling Global Design Teams with hosted WindchillNetIDEAS Inc. - Enabling Global Design Teams with hosted Windchill
NetIDEAS Inc. - Enabling Global Design Teams with hosted WindchillJeff Kiesel
 

Similar to Practical Approaches to Securely Integrating Business and Production (20)

Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...
 
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?
 
The Website Resiliency Imperative
The Website Resiliency ImperativeThe Website Resiliency Imperative
The Website Resiliency Imperative
 
gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
How to Architect Microgrids for the Industrial Internet of Things
How to Architect Microgrids for the Industrial Internet of ThingsHow to Architect Microgrids for the Industrial Internet of Things
How to Architect Microgrids for the Industrial Internet of Things
 
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloud
 
Distributed data processing
Distributed data processingDistributed data processing
Distributed data processing
 
Hadoop Migration to databricks cloud project plan.pptx
Hadoop Migration to databricks cloud project plan.pptxHadoop Migration to databricks cloud project plan.pptx
Hadoop Migration to databricks cloud project plan.pptx
 
dtechnClouologyassociatepart2
dtechnClouologyassociatepart2dtechnClouologyassociatepart2
dtechnClouologyassociatepart2
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
Science DMZ security
Science DMZ securityScience DMZ security
Science DMZ security
 
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
 
Implementing a Disconnected Mobile Application with DSI for Field Operations
Implementing a Disconnected Mobile Application with DSI for Field OperationsImplementing a Disconnected Mobile Application with DSI for Field Operations
Implementing a Disconnected Mobile Application with DSI for Field Operations
 
Well_Monitoring_System_DataComm_Technology.pdf
Well_Monitoring_System_DataComm_Technology.pdfWell_Monitoring_System_DataComm_Technology.pdf
Well_Monitoring_System_DataComm_Technology.pdf
 
AARNet Enterprise Services presentation at QUESTNET 2018
AARNet Enterprise Services presentation at QUESTNET 2018AARNet Enterprise Services presentation at QUESTNET 2018
AARNet Enterprise Services presentation at QUESTNET 2018
 
Edge UPDATED.pptx
Edge UPDATED.pptxEdge UPDATED.pptx
Edge UPDATED.pptx
 
What is Cloud Security, and Can I Have Some?
What is Cloud Security, and Can I Have Some?What is Cloud Security, and Can I Have Some?
What is Cloud Security, and Can I Have Some?
 
NetIDEAS Inc. - Enabling Global Design Teams with hosted Windchill
NetIDEAS Inc. - Enabling Global Design Teams with hosted WindchillNetIDEAS Inc. - Enabling Global Design Teams with hosted Windchill
NetIDEAS Inc. - Enabling Global Design Teams with hosted Windchill
 

More from Jim Gilsinn

ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToJim Gilsinn
 
Network Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksNetwork Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksJim Gilsinn
 
Cook Like a Hacker!
Cook Like a Hacker!Cook Like a Hacker!
Cook Like a Hacker!Jim Gilsinn
 
ICS Performance Lab
ICS Performance LabICS Performance Lab
ICS Performance LabJim Gilsinn
 
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSJim Gilsinn
 
Low-Cost ICS Network Performance Testing
Low-Cost ICS Network Performance TestingLow-Cost ICS Network Performance Testing
Low-Cost ICS Network Performance TestingJim Gilsinn
 
You name it, we analyze it
You name it, we analyze itYou name it, we analyze it
You name it, we analyze itJim Gilsinn
 
Wireshark Network Protocol Analyzer
Wireshark Network Protocol AnalyzerWireshark Network Protocol Analyzer
Wireshark Network Protocol AnalyzerJim Gilsinn
 
Network Packet Analysis with Wireshark
Network Packet Analysis with WiresharkNetwork Packet Analysis with Wireshark
Network Packet Analysis with WiresharkJim Gilsinn
 
Test Tool for Industrial Ethernet Network Performance (June 2009)
Test Tool for Industrial Ethernet Network Performance (June 2009)Test Tool for Industrial Ethernet Network Performance (June 2009)
Test Tool for Industrial Ethernet Network Performance (June 2009)Jim Gilsinn
 

More from Jim Gilsinn (10)

ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How To
 
Network Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksNetwork Security: Protecting SOHO Networks
Network Security: Protecting SOHO Networks
 
Cook Like a Hacker!
Cook Like a Hacker!Cook Like a Hacker!
Cook Like a Hacker!
 
ICS Performance Lab
ICS Performance LabICS Performance Lab
ICS Performance Lab
 
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICS
 
Low-Cost ICS Network Performance Testing
Low-Cost ICS Network Performance TestingLow-Cost ICS Network Performance Testing
Low-Cost ICS Network Performance Testing
 
You name it, we analyze it
You name it, we analyze itYou name it, we analyze it
You name it, we analyze it
 
Wireshark Network Protocol Analyzer
Wireshark Network Protocol AnalyzerWireshark Network Protocol Analyzer
Wireshark Network Protocol Analyzer
 
Network Packet Analysis with Wireshark
Network Packet Analysis with WiresharkNetwork Packet Analysis with Wireshark
Network Packet Analysis with Wireshark
 
Test Tool for Industrial Ethernet Network Performance (June 2009)
Test Tool for Industrial Ethernet Network Performance (June 2009)Test Tool for Industrial Ethernet Network Performance (June 2009)
Test Tool for Industrial Ethernet Network Performance (June 2009)
 

Recently uploaded

Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Recently uploaded (20)

Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

Practical Approaches to Securely Integrating Business and Production

  • 1. Standards Certification Education & Training Publishing Conferences & Exhibits Practical Approaches to Securely Integrating Business and Production Jim Gilsinn
  • 2. Presenter • Jim Gilsinn – Senior Investigator, Kenexis – ISA99, Co-Chair – ISA99-WG2, Co-Chair – CEH, CISSP – ISA/IEC 62443 Expert – 25 Years Eng. Experience – MSEE
  • 3. Overview • Why Integrate Business & Production? • Things to Consider • Potential Solutions • Questions
  • 4. Why Integrate Business & Production? • Production to Business – Production Data – Historical Data – Regulatory Requirements – Network/Security Monitoring • Business to Production – Remote Maintenance – Patch Management – File Exchange – Configuration Data Complete isolation is rarely an option
  • 6. Things to Consider • Isolated Zones • Network Segmentation • Wireless Integration • Remote Connections • Public Infrastructure Integration • File/Data Transfer • Monitoring
  • 7. Isolated Zones • Are there zones that require network isolation? • Safety-related systems are a good example • Set it & forget it! • May require re-calibration over time • Can be connected via signal wiring
  • 8. Network Segmentation • Firewall vs. Data Diode – Is bidirectional communication required? – Human interaction vs. automated bi-directional communication – “Air-gap” requirement – Mixed firewall & data diode • Multi-legged vs. Dual Firewall – Establish DMZ – Product diversity – IT/OT
  • 9. Wireless Integration • Will wireless be used? • What communication protocols? • What frequency bands? • Point-to-point vs. omnidirectional? • Star vs. mesh topology? • Bandwidth requirements? • Tolerance for drop-outs? • Where to integrate into architecture?
  • 10. Remote Connections • Personnel, vendors, contractors, MSSP? • On-site vs. off-site access? • Continuous vs. scheduled vs. sporadic connectivity? • Method of connectivity? • Single-factor vs. multi-factor authentication? • Connection points within architecture? • Types of communication allowed?
  • 11. Public Infrastructure Integration • More of an issue with SCADA • Wired vs. terrestrial wireless vs. satellite • Dedicated vs. leased-line connections • Service level agreements for ISP • Contingencies for backup/secondary communications
  • 12. File/Data Transfer • Restricting data flows through zone boundaries • Direct communications vs. servers in DMZ • File transfer server vs. removable media • File transfer through remote management connections
  • 13. Monitoring • Malware checking • Ingress/egress filtering • Continuous monitoring vs. human interaction • Push vs. pull of monitoring data • Legacy equipment • HIDS/NIDS • Non-networked equipment
  • 14. People Will Get Things Done • One way or another, people will get their job done • Security can’t be seen as an impediment to that • Provide methods that work easily, but are more secure
  • 18. Administrator User – Patch Management
  • 22. Web Access – License Activation Server
  • 24. Summary • There are benefits to connecting business and production networks • There are a variety of things that need to be considered when connecting business and production networks • There are practical solutions for security
  • 26. Standards Certification Education & Training Publishing Conferences & Exhibits Thank You for Attending! Enjoy the rest of the conference.