Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Referent
WOLFGANG KIENER
Cybersicherheit in der digitalen Transformation
Business Development ManagerTÜV Rheinland i-sec [email protected]
26.02.20182
Topics
1 TÜV Rheinland. Another Industrial Revolution?
2 What is Digital Transformation?
3 What is Business Transformation?
4 Industrial and OT Cybersecurity in the Digital Transformation.
5 Why OT Threat Detection and Response is paramount?
26.02.2018 Cybersicherheit in der digitalen Transformation3
TÜV Rheinland. Another Industrial Revolution?
� $2.3 Billion� Privately Held� 144 Years Old
� 500 Locations� 69 Countries� 19,320 people
The 4th Industrial Revolution will be defined by th e use of “cyber-physical” systems.!
Protecting society since 1872
Industry 1.0
MechanicalProduction
Industry 2.0
Mass Production& Electricity
Industry 3.0
Electronic & IT Systems
Industry 4.0
Cyber-physical Systems, Social, Mobile, Analytics, Cloud
26.02.2018 Cybersicherheit in der digitalen Transformation4
TÜV Rheinland. Another Industrial Revolution?
From a simple Product to Cyber Physical Systems and IoT.
Cyber Physical Systems (CPS)� Combination of mechanical and
software components� Connected System (wired or wireless)� Intelligent embedded System
Internet of Things (IoT)� Combination of mechanical
and software components� Network of physical devices, vehicles, …� Intelligent embedded System� Collect and exchange informationCONFIDENTIALITY
Products� Mechanical & Software components are not deeply intertwined � Not connected and “zero” intelligence
26.02.2018 Cybersicherheit in der digitalen Transformation5
TÜV Rheinland. Another Industrial Revolution?
Cybersecurity as a baseline for safety and privacy
SafetyProtection of the environmentagainst the IoT product.
PrivacyEnsuring the informational self-determination of the
end customer and protection of customer’s data.
Our business is highly affected by the dependencies between Safety, Cybersecurity and Privacy.!
CybersecurityProtection of the IoT product
against cybercriminals.
26.02.2018 Cybersicherheit in der digitalen Transformation6
Regulations
Expectations
Pro
mot
es
Exp
ecta
tions
Reg
ulat
ions
Work4.0
Society5.0
What is Digital Transformation?
26.02.2018 Cybersicherheit in der digitalen Transformation
It goes beyond Industry 4.0!
EnterprisesBusiness
Transformation
ScienceNew Possibilities
SocietyLiving Changes
Nation StateEcological Changes
Use Develop Use
Reg
ulat
ions
Digital Technologies
Digital Infrastructure
Digital Applications
Utilisation
Digital Business Models
Digital Value Chain
Change
PeopleUse Develop UsePromote
7
What is Business Transformation?
Business Transformation requires Digital Transformation
Digital Transformation means most of all continues change, now and in future.!
Connectivity Big Data
BlockChain
BYOD
AI
Social MediaDev Ops
Cloud
IoT
Mobility
SupplyChain
DRIVERS OR REQUIRED
New Technology& Innovation
DataDriven
CulturalChange
DigitalProcesses
OrganisationalChange
Way ofWorking
New customersand interaction
New partnersand interaction
ContinuesChange
26.02.2018 Cybersicherheit in der digitalen Transformation
CompetitiveAdvantage
IncreaseMarket Share
ReduceCosts
8
!
Why do we need car brakes? Why do we need ABS, ESP, EBD, …?
Cybersecurity in Digital Transformation
26.02.2018 Cybersicherheit in der digitalen Transformation
What do car brakes and cybersecurity have in common?
BUSINESS ENABLER BUSINESS INNOVATOR
� Cybersecurity is not just about cost and risk� Cybersecurity is more than a compulsory program� Cybersecurity increases efficiency and productivity� Cybersecurity supports the enterprise objectives
� Cybersecurity requires shifting to be business driven� Cybersecurity can be more than a business enabler� Innovate cyber security culture enables faster growth� Support and adapt new technologies e.g. block chain
Cybersecurity experts need to think about how to se curely grow the business– a cultural change is required.!
9
Source: Gartner Security & Risk Management Summit: “Tutorial: Gartner Essentials: Top Cybersecurity Trends for 2016 – 2017”; Earl Perkins, 12 – 13 Sept. 2016
Cybersecurity in Digital Transformation
26.02.2018 Cybersicherheit in der digitalen Transformation
Cybersecurity requires to be business driven
The New Modelfor Digital Security
Data People
Environments
SAFETY, RELIABILITY AND PRIVACY: DIGITAL SECURITY IMPERATIVES
Confidentiality
Integrity
Availability
Privacy
Safety
Reliability
10
Key Domains in Industrial and OT Security
26.02.2018 Cybersicherheit in der digitalen Transformation
It is more than network segmentation and secure maintenance access
INDUSTRIAL AND OT SECURITY REQUIRES TO BE BUSINESS DRIVEN
Organization
Process
People
Procedures
Segmentation and Zones
Inventory Overview
Product Lifecycle
Software Security
Application Security
Training and Awareness
Wireless Network
Physical Security
Recovery Plan (BCM)
Whitelisting
Hardening
Supplier Security
Cloud Security
Maintenance Access
RiskManagement
InformationSecurity
Management
Procurement
Infrastructure Security
Threat Detection and Response
Identity Management
Privacy
11
Key Domains in Industrial and OT Security
26.02.2018 Cybersicherheit in der digitalen Transformation
Key challenges we see at almost every manufacturer
Business demand is increasing, hardly to resist – we should not resist.
Convergence in OT and IT requires a cultural change in every organisation.
Overarching and integrated RISK and ISMS management.
Update to date inventory for a better understanding about residual risks.
Managing identities: machines, products, partners, customers, ...
OT threat detection and response is paramount.
12
Vulnerabilities and attacks continuously increase
26.02.2018 Cybersicherheit in der digitalen Transformation
� Nearly every ICS vendor is affected by vulnerabilities; patches are not available for all discovered issues and even if patches are available;they cannot be applied in control systems
� Common Vulnerabilities in Industrial Control Systems include buffer overflows, Unauthenticated Protocols, Weak User Authentication,Untimely Adoption Of Software, Poor Password Policies or Management
Source: Fireeye
� Manufacturing plants are targeted to obtain intellectual property, trade secrets and engineering information
� Attacks on public infrastructure like utility, transportation are motivated by financial gain (identity theft, card frauds) and hacktivism (political agenda)
Source: Demonstrate relative attack frequency on industry based on sector reports
2888
1010
2022
2932
38
0 10 20 30 40
MiningChemical
MetalsPharmaceutical
Water/ Waste WaterAutomative
Oil and GasTelecommunications
TransportationPower and Utilities
Manufacturing
DRAMATIC INCREASE IN ICS SECURITY VULNERABILITIES DISCLOSURES GLOBAL TREND OF TARGETED INDUSTRIES
0
50
100
150
200
250
300
350
400
2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
Two-year rolling average
13
Vulnerabilities and attacks in the Purdue layers
26.02.2018 Cybersicherheit in der digitalen Transformation
Level 0Control Zone (Sensors, Actuators)
Safety Zone
Level 1Basic Control Zone (PLC, RTU)
Level 2Supervisory Control Zone (SCADA, HMI, Engineering W/S Historian)
Level 3Operations Zone (Servers, Workstations)
Level 3.5Demilitarized Zone (Application Servers, Infrastructure)
Level 4Business Unit Zone (Servers, Applications)
Level 5Enterprise Business Zone (Internet, Servers, Corporate Applications)
Safety Instrumented Systems
Process I/O Devices
Basic Control Devices
Area & Supervisory Control
Site Manufacturing Operations & Control
Business Planning & Logistics
Enterprise Systems
Infrastructure and IT Systems
VULNERABILITY DISCLOSED CYBER ATTACKS
14
OT Threat Detection and Response is paramount
26.02.2018 Cybersicherheit in der digitalen Transformation
Attacks happen and vulnerabilities get exploited – we need to detect and respond.
Support Most Industrial Vendors Support Most Industrial Protocols
ABB � Aspentech Cim/IO� Beckhoff ADS� CEI 79-5/2-3� DNP3� EtherNet/IP – CIP� Foundation Fieldbus� Honeywell� ICCP
Passive; no interaction or overhead with industrial automation and control process
Proactive monitoring against abnormal behaviour protecting control systems from0-day and unknown unknowns
Complement operational activities by identifying process bottlenecks andassisting with root cause analysis
Regulatory Compliance
Allen-Bradley/Rockwell
Beckhoff
Emerson
General Electrics
Honeywell
Mitsubishi
Motorola
Rockwell Automation
Schneider Electric
Siemens
Yokogawa
� IEC-60870-5-104� IEC-61850 (MMS, GOOSE, SMV)� Modbus/TCP� MMS� OPC� PI-Connect� Profinet� Siemens S7
15
OT Threat Detection and Response is paramount
26.02.2018 Cybersicherheit in der digitalen Transformation
Attacks happen and vulnerabilities get exploited – we need to detect and respond.
Network switch
SIEM
Active Directory/LDAP
CMDB
REST APIJSON, CEF, LEEF (SYSLOG)
TAXIISERVER
Monitoring sensor
Command center
Work-stations
Domain controller
Historian
Asset Discovery and Inventory
Communication Profile Vulnerability Assessment
Potential Threats
Criticality Rating
Service Delivery Capabilities
Threat Hunting
Efficient Compliance Threat Modelling
Service Delivery Models
1. Assess inventory and communication flows (one time)
2. OT Cybersecurity Risk Assessment (one time or regular)
3. Managed Service for OT Security Monitoring (continues protection)
LEV
EL
4C
orpo
rate
Net
wor
k
LEV
EL
3O
pera
tions
and
Con
trol
LEV
EL
2S
uper
viso
ry
Net
wor
k
LEV
EL
1C
ontr
ol
Net
wor
k
Managed Threat Detection & Response
Network switch Monitoring sensorEngineering workstation
DCS/SCADA server
HMI
Network switch Monitoring sensorPLC/RTU PLC/RTUPLC/RTU
ICS NETWORK 1ICS
NETWORK 2
16
You do need brakes to drive faster and save!
Summary. Key Takeaway.
Cybersecurity must be a business innovator – not a cost driver.
26.02.2018 Cybersicherheit in der digitalen Transformation17
TÜV Rheinland OT Cybersecurity
26.02.2018 Cybersicherheit in der digitalen Transformation
Protecting the digital manufacturing processes
Enterprise Risk Management
Cybersecurity Governance
IT Security Management & Engineering
OT Security Management & Engineering
IT Operations(global, local)
OT Operations(global, local)
CISO
Security Manager(s)
Bus
ines
s R
equi
rem
ents
& R
isks
Information & Operational Technology
Consulting Services
Testing Services
Managed Services
Envisioned Client Operating Model TÜV Rheinland OT Cybersecurity Offering (extract)
� OT Security Awareness Program
� OT Plant Blueprint Consulting
� OT Architecture Review
� OT Vulnerability Assessments
� OT Security & Inventory Monitoring
� Threat Detection & Response
� Incident Response & Recovery
� Secure Maintenance Access
� Industry 4.0 Cybersecurity Strategy
� Business Continuity Management
� IT-OT Integrated Risk Management
� IT-OT Risk Assessments
� IT-OT Risk & Threat Modelling
� Data Privacy Consulting
Rep
orts
& M
etric
s &
Tre
nds
18
TÜV Rheinland OT Cybersecurity
26.02.2018 Cybersicherheit in der digitalen Transformation
Protecting the digital manufacturing processes
Enterprise Risk Management
Cybersecurity Governance
IT Security Management & Engineering
OT Security Management & Engineering
IT Operations(global, local)
OT Operations(global, local)
CISO
Security Manager(s)
Bus
ines
s R
equi
rem
ents
& R
isks
Information & Operational Technology
Consulting Services
Testing Services
Managed Services
Envisioned Client Operating Model TÜV Rheinland OT Cybersecurity Offering
Rep
orts
& M
etric
s &
Tre
nds
Mastering Risk& Compliance
Advanced CyberDefences
Secure Cloud Adoption
19
Thank you.
Wolfgang Kiener
Business Development Manager – Cybersecurity
Phone +49 174 1880217
https://tuv.com/informationsecurity
LEGAL DISCLAIMERThis document remains the property of TÜV Rheinland. It is supplied in confidence solely for information purposes for the recipient. Neither this document nor any information or data contained therein may be used for any other purposes, or duplicated or disclosed in whole or in part, to any third party, without the prior written authorization by TÜV Rheinland.This document is not complete without a verbal explanation (presentation) of the content. TÜV Rheinland AG