Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Digitising ManufacturingCyber Security @ T-ERA Project
Richard RutteOCT-17
About Me
Richard Rutte
Technical Specialist Digital Engineering • Business Roles in Manufacturing & Logistics
• IT Roles (SAP Deployment)
1989
2001
• SAP Deployment• IT Project Manager • Cyber Security Projects
2001
2015
T-ERA - Thermal Energy Research Accelerator
• Cryogenic Industry e.g. cooling for food, medicines, etc.
• Factory in a Box (FIAB)
• Remotely Operated
• Industry4.0 Demonstrator
• Rapid Manufacturing DeploymentIP Protection, In-situ production
T-ERA Cyber SecurityCyber Security Scope
Digitally Secure
Account Management
Physical Access
Network Security
Secure Remote Access
Secure Software Development
Antivirus protection
Security Patches
Removable Media
Backup / Restore
4
HA
ZA
RD
Top Event
Consequence
Consequence
Consequence
THREAT
SCENARIO
BARRIERS BARRIERS
Challenge: the FIAB can be deployed anywhere in the world
T-ERA Cyber SecurityChallenges
Some of our Questions
How do we implement secure remote access?
Should we implement a DMZ?
Which firewall ports are safe to open?
How do we securely update antivirus signature files?
How do we keep systems up-to-date with security patches?
Where we find the answers
Public Domain NCSC NIST
MTC IT Specialists
MTC Cyber Security Partners
5
T-ERA Cyber SecurityLessons Learnt
Best Practice
Establish a Cyber Security aware culture. On every level in the company
Establish a Cyber Security Framework covering both the office and shop floor / process control domain.
Include Cyber Security criteria in buying hardware or services with a digital component.
Lessons Learnt
Don’t consider that systems are “air gapped” when they are “not connected to the internet”.
Don’t spent heavily on technology before implementing basic cyber security practices.
6
Cyber Security is broader than Network Security
Thank You
A NEW IDEA FOR SHARING DATAINDUSTRIAL DATA SPACE
Digtalising Manufacturing Conference 2017 @ mtc, Coventry, 31.10.2017Lars Nagel, Managing Director
MAY THEDATA BEWITH YOU!
www.industrialdataspace.org // 3
A PEER TO PEER APPROACHTO STANDARDISEDLY CONNECT PLATFORMS AND THINGS
PLANNING, EXECUTION, CONTROL(MULTI-SIDED PLATFORMS)
Traffic Weather
OPEN CONTEXT DATA
Actors Sensors Machines
IoT Clouds
Domain specific platforms
Marketplaces
BrokerConsumerProduction
FIELD VIEW(FACTORY)
VALUE CHAIN
It‘s all about sharing data!
www.industrialdataspace.org // 4
Short Description• Phase 1: Event based
transfer of effected Supply Chain data
• Phase 2:Event based transfer of material flow data
COLLABORATIVE SUPPLY CHAIN RISK MANAGEMENT
Benefits
+ On demand Supply Chain Transparency + Realtime Tracking and Tracing+ Proactive Supply Chain Risk Management
OUR USE CASES MAKE IT HAPPEN
Main Technology/IDS Components• Internal and external IDS
connector• Vocabulary• Bosch Tracking & Tracing
Partners/Ecosystem• Logistics Service Provider
(tbd.)• Tier-2 Supplier (tbd.)
Targets• Set of rules• Standardized data
definitions• Harmonized data model• Proof of concept for the
data transfer
www.industrialdataspace.org // 5
• Example from theautomotive industry
• Sharing data betweentier-1 supplier and OEM
• Usage control andexecution mechanism
MANAGEMENT OF DISTRIBUTED USAGE CONTROL Focus
www.industrialdataspace.org // 6
• Time Slot Management, Dynamic Estimated Time of Arrvial and Track & Trace
• Integrating all existing telematics systems
• Ensuring maximum connectivity to all logistics service providers
• Using GS1 EDI XML as common message standard
• Comprehensive status changes
DIGITAL LINKING OF A PRODUCTION LINE
• Semantic standards for the Machine 4.0 (RDF)
• Combining of production, replenishment, maintainence, quality management
• Exchanging data along the whole production line and supply chain
• Combining vocabularies• Reference technology stack
for a machine 4.0
DYNAMIC TIMESLOT MANAGEMENT AND TRACKING IN THE SUPPLY CHAIN
+ Automatic matching of tool and order data+ Minimizing tooling time+ Correlation of machine and work piece
Benefits Benefits
+ Reducing traffic jams and out of stock situations
+ Time slot management in realtime+ Better data quality for planning
OUR USE CASES MAKE IT HAPPEN
www.industrialdataspace.org // 7
• Merging of procurement systems
• Automatic management of semantic description of steel quality criterias
• Machine interface for availability
• Transparency and fast response time to customers
BROKER BASED DESIGN OF SUPPLY CHAINS
• Small lot sizes make adhoc actions necessary
• Orchestration of all network partners (Logistic service providers) to fulfill orders
• Selforganisedconfiguration of a transportation order
• Tender management
INTELLIGENT STOCK INFORMATION
+ Tailormade supply chains on demand+ More transparency and options
+ Reducing the connections to suppliers+ Procurement in realtime+ Better quality by reducing misinformation
Benefits Benefits
OUR USE CASES MAKE IT HAPPEN
www.industrialdataspace.org // 8
OUR USE CASES MAKE IT HAPPEN
SMART CARE PLATFORM FOR PROCESS- AND SERVICE-INTEGRATION
• End2End combination of connected devices between users, care services, family members and medical institutions
• Harmonization of various data protocols, transmission media, across vendors, users and institutions.
• Pre-requisite for implementing multi-local smart care services, e.g. in rural regions
+ Overcome babylonic variety of proprietary protocols
+ Elimination of barriers to mass-roll-out of smart care solutions
+ Data sovereignityBenefits
Health Industry
Facility Mgt.
Corporate Health
Mgt
Care Industry
Smart Cities
Insurance Sector
Smart Care Platform
PLATFORM INTEGRATION OF EQUIPMENT VIA OPC UA
• Integration of equipment via industrial standards like OPA UA
• Modular service based concept allows extension for semantic technologies or other protocols
• Support for horizontal integration across value chains
• Linking with platform and cloud services
+ OPC UA standard protocol integration+ Platform connectivity via IDS secure channel
Benefits
OPC UA Connector
www.industrialdataspace.org // 9
Become a member
StartYOUR WAY THROUGH THEINDUSTRIAL DATA SPACE ASSOCIATION
1ACQUIRE BASICKNOWLEDGE ON INDUSTRIAL DATA SPACE
Just start reading and gainingknowledge on Industrial Data Space and the Association(whitepaper, presentations)
Important Documents to be known:
Reference Architecture
Use Case Overview
Sprint Releases Reference Use cases anddocumentation(image file + source code + docker container)
PwC Study on Data Sharing (German)
http://www.industrialdataspace.org/download/
2Send people toworking groups
START CO-CREATINGTHE INDUSTRIAL DATA SPACE
Engage on JIVE
https://industrialdataspace.jiveon.com(apply for access via website or head office – members only)
Login via:
Access credentials on JIVE:
Try out reference use cases – test IDS on your devices:
• working group architecture• working group use cases & requirements• working group certification• taskforce exploitation and business modeling• taskforce legal framework
www.industrialdataspace.org // 10
3
Find your role in the Industrial Data Space ecosystem and build
services or products
SET UP YOUR OWNUSE CASE
4ROLL-OUT INDUSTRIAL DATA SPACE IN MORE THANONE SCENARIO
Use case process – if you are stuck, contact the head office. We guide youthrough the use case process.
Market conquest
5MAKE YOUR OWNINDUSTRIAL DATA SPACE BUSINESSCASE
Describe andcommunicate your
use case
Bring your use case on the IDSA use case map
Pitch your use casein the wg use cases & requirements
Get inspirationfrom others use cases
Add your requirements to the functional overview, so that it can be considerated in future architecture and sprint
release and helps improving the Industrial Data Space:
https://idsspec.isst.fraunhofer.de/idsspec
// 11
JOIN US !LARS NAGEL
MANAGING DIRECTORINDUSTRIAL DATA SPACE ASSOCIATION
WWW.LINKEDIN.COM/IN/LARS-NAGEL-704411B8/
JOSEPH-VON-FRAUNHOFER-STR. 2-444227 DORTMUND | GERMANY
+49 231 9743 [email protected]
@ids_association#industrialdataspace
www.industrialdataspace.orgRessource Hub – Press Area – Blog
Digitalising ManufacturingM4 Meggitt Modular Modifiable ManufacturingOctober 31st, 2017 – MTC Ansty UK
Digital manufacturing
October 2017 | Meggitt proprietary and confidential | No unauthorised copying or disclosure
Meggitt PLCGroup Overview
2
Meggitt PLC is an international engineering group − Aerospace, defence and energy
Extreme environment experts− High technology products and systems on
Annual sales of £1.992B in 2016
Global footprint
Aerospace | 49%Defence | 35%
Energy | 9%Other | 7%
OE | 55%Aftermarket | 49%
64,000 aircraftc.11,employees across Europe, the Americas and Asia
Digital manufacturing
October 2017 | Meggitt proprietary and confidential | No unauthorised copying or disclosure
Objectives
3
A modular and modifiable factory having flexible production lines
with interconnected and monitored assets that is part of a
wider manufacturing network of Meggitt factories and suppliers.
Digital manufacturing
October 2017 | Meggitt proprietary and confidential | No unauthorised copying or disclosure
Digital Manufacturing – Smart FactoriesM4 Lab
4
M4 LAB Mini Smart Factory
Digital manufacturing
October 2017 | Meggitt proprietary and confidential | No unauthorised copying or disclosure
Issues, obstacles to overcome
5
M4 R&D Characteristics− Dynamic & flexible environment− Try new technologies, tools, methods− Cloud computing− But not compromise security
M4 Data− No military or ITAR products− Project data (product, m4 lab) stored in UK databases (IBM London)− Real operational data stored in Meggitt databases
M4 Lab Network− Network segregation− Isolate M4 lab network from the rest of Meggitt Factory network
DFARS Compliance
Digital manufacturing
October 2017 | Meggitt proprietary and confidential | No unauthorised copying or disclosure
Lessons Learnt
6
Security is not a once and done exercise
Digital manufacturing
October 2017 | Meggitt proprietary and confidential | No unauthorised copying or disclosure
Thank you
The Cyber Crime Threat for Manufacturers Paul Vlissidis, Technical Director – Senior Advisor
A Tier 1 National Threat & Business Risk
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/60961/uk-cyber-security-strategy-final.pdfhttp://www.bbc.co.uk/news/uk-36239805
Ability to operate..
Disruption…
Key Cyber Issues for Manufacturers• Lack of Board Understanding• Patching systems…especially production• Vulnerable network architectures• Shared accounts• Over-privileged users• Supply chain disruption• Internet of Things• Cyber security issues with your products
Key elements of an effective approach
Prevention
Impact Reduction
Detection &
Response
Monitoring
Prevention Top 31. Patch, patch and patch again
• Don’t ignore legacy systems• Make patching Business As Usual• If you can’t patch don’t just accept the
risk, mitigate it some other way
2. Restrict user permissions & sharing3. Phishing awareness training and
exercises
Rapid Detection & Response Top 31. Anti-virus – don’t rely on it solely but
keep it up to date2. Managed Threat monitoring services
can detect infections3. Incident Response Planning for when
it hits
Impact Reduction Top 31. Network Segmentation
2. Robust Backup strategy3. Well-rehearsed restoration as part of DR
CyberSecurityandDigitalEngineeringHughBoyesCEngFIETCISSP
PrincipalEngineer– CyberSecurityCentre
MyBackgroundWMGCyberSecurityCentre– Establishedin2014– Currentteamof40+staff(lecturers&researchers)– Researchareas:CPS,IoT,CAV,cybercrime– Educationprovision- GCHQCertifiedcourses (2xMSc&1xBSc),plusindustryshortcourses
BodvocLtd– Specialistsecurityconsultancy– Technicalauthorforcybersecuritystandards&guidance
– SecurityadvicetoBIMTaskforce/DigitalBuiltBritain
Security-mindednessforEngineers
ThematicAreaToraiseawarenessoftheneedforsecurity-mindedness
ChallengesTopromotecollaborationandinnovationwhilstprotectingsensitiveinformationTocreateanapproachtocybersecuritythataddressesthreatstodigitalengineeringandmanufacturing
Issuesandobstacles
Informationassurance(orsecurity)vcybersecuritySafetyvsecurityLackofappropriatestandards&guidance
“Security can be defined as the state of relative freedom from threat or harm caused by deliberate, unwanted, hostile or malicious acts.”
Engineering Council, 2016
CyberSecurityforEngineers
People Process
Physical Technical
Confiden'ality
Possession(orControl)
Availability(includingReliability)
Safety
Resilience
Integrity
U'lity
Authen'city
©HughBoyes,2017BodvocLtd
Inform
a'on
quality&provenance
Service&sy
stem
con
figura'
on
Con'nuityofopera'onsSafetyofpeople&
assets
Controlaccesstosystems,services&informa'on
Governance
Securingourenvironment
http://www.theiet.org/resources/standards/cyber-cop.cfm
PAS 1192-5:2015
Specification for security-minded building information modelling, digital built environments and smart asset management
http://shop.bsigroup.com/pas1192-5
InsightorDigitalLandfill?
©Thinkstock
Afoolandhislaptop…
©BodvocLtd
Hugh Boyes CEng FIET CISSPMember of Register of
Security Engineers and [email protected]
07970 703082