Industrial and OT Cybersecurity in the digital Transformation

Industrial and OT Cybersecurity in the digital TransformationTÜV Rheinland Group

Referent

WOLFGANG KIENER

Cybersicherheit in der digitalen Transformation

Business Development ManagerTÜV Rheinland i-sec [email protected]

26.02.20182

Topics

1 TÜV Rheinland. Another Industrial Revolution?

2 What is Digital Transformation?

3 What is Business Transformation?

4 Industrial and OT Cybersecurity in the Digital Transformation.

5 Why OT Threat Detection and Response is paramount?

26.02.2018 Cybersicherheit in der digitalen Transformation3

TÜV Rheinland. Another Industrial Revolution?

� $2.3 Billion� Privately Held� 144 Years Old

� 500 Locations� 69 Countries� 19,320 people

The 4th Industrial Revolution will be defined by th e use of “cyber-physical” systems.!

Protecting society since 1872

Industry 1.0

MechanicalProduction

Industry 2.0

Mass Production& Electricity

Industry 3.0

Electronic & IT Systems

Industry 4.0

Cyber-physical Systems, Social, Mobile, Analytics, Cloud



From a simple Product to Cyber Physical Systems and IoT.

Cyber Physical Systems (CPS)� Combination of mechanical and

software components� Connected System (wired or wireless)� Intelligent embedded System

Internet of Things (IoT)� Combination of mechanical

and software components� Network of physical devices, vehicles, …� Intelligent embedded System� Collect and exchange informationCONFIDENTIALITY

Products� Mechanical & Software components are not deeply intertwined � Not connected and “zero” intelligence



Cybersecurity as a baseline for safety and privacy

SafetyProtection of the environmentagainst the IoT product.

PrivacyEnsuring the informational self-determination of the

end customer and protection of customer’s data.

Our business is highly affected by the dependencies between Safety, Cybersecurity and Privacy.!

CybersecurityProtection of the IoT product

against cybercriminals.


Regulations

Expectations

Pro

mot

es

Exp

ecta

tions

Reg

ulat

ions

Work4.0

Society5.0

What is Digital Transformation?

26.02.2018 Cybersicherheit in der digitalen Transformation

It goes beyond Industry 4.0!

EnterprisesBusiness

Transformation

ScienceNew Possibilities

SocietyLiving Changes

Nation StateEcological Changes

Use Develop Use

Reg

ulat

ions

Digital Technologies

Digital Infrastructure

Digital Applications

Utilisation

Digital Business Models

Digital Value Chain

Change

PeopleUse Develop UsePromote

7

What is Business Transformation?

Business Transformation requires Digital Transformation

Digital Transformation means most of all continues change, now and in future.!

Connectivity Big Data

BlockChain

BYOD

AI

Social MediaDev Ops

Cloud

IoT

Mobility

SupplyChain

DRIVERS OR REQUIRED

New Technology& Innovation

DataDriven

CulturalChange

DigitalProcesses

OrganisationalChange

Way ofWorking

New customersand interaction

New partnersand interaction

ContinuesChange


CompetitiveAdvantage

IncreaseMarket Share

ReduceCosts

8

!

Why do we need car brakes? Why do we need ABS, ESP, EBD, …?

Cybersecurity in Digital Transformation


What do car brakes and cybersecurity have in common?

BUSINESS ENABLER BUSINESS INNOVATOR

� Cybersecurity is not just about cost and risk� Cybersecurity is more than a compulsory program� Cybersecurity increases efficiency and productivity� Cybersecurity supports the enterprise objectives

� Cybersecurity requires shifting to be business driven� Cybersecurity can be more than a business enabler� Innovate cyber security culture enables faster growth� Support and adapt new technologies e.g. block chain

Cybersecurity experts need to think about how to se curely grow the business– a cultural change is required.!

9

Source: Gartner Security & Risk Management Summit: “Tutorial: Gartner Essentials: Top Cybersecurity Trends for 2016 – 2017”; Earl Perkins, 12 – 13 Sept. 2016

Cybersecurity in Digital Transformation


Cybersecurity requires to be business driven

The New Modelfor Digital Security

Data People

Environments

SAFETY, RELIABILITY AND PRIVACY: DIGITAL SECURITY IMPERATIVES

Confidentiality

Integrity

Availability

Privacy

Safety

Reliability

10

Key Domains in Industrial and OT Security


It is more than network segmentation and secure maintenance access

INDUSTRIAL AND OT SECURITY REQUIRES TO BE BUSINESS DRIVEN

Organization

Process

People

Procedures

Segmentation and Zones

Inventory Overview

Product Lifecycle

Software Security

Application Security

Training and Awareness

Wireless Network

Physical Security

Recovery Plan (BCM)

Whitelisting

Hardening

Supplier Security

Cloud Security

Maintenance Access

RiskManagement

InformationSecurity

Management

Procurement

Infrastructure Security

Threat Detection and Response

Identity Management

Privacy

11

Key Domains in Industrial and OT Security


Key challenges we see at almost every manufacturer

Business demand is increasing, hardly to resist – we should not resist.

Convergence in OT and IT requires a cultural change in every organisation.

Overarching and integrated RISK and ISMS management.

Update to date inventory for a better understanding about residual risks.

Managing identities: machines, products, partners, customers, ...

OT threat detection and response is paramount.

12

Vulnerabilities and attacks continuously increase


� Nearly every ICS vendor is affected by vulnerabilities; patches are not available for all discovered issues and even if patches are available;they cannot be applied in control systems

� Common Vulnerabilities in Industrial Control Systems include buffer overflows, Unauthenticated Protocols, Weak User Authentication,Untimely Adoption Of Software, Poor Password Policies or Management

Source: Fireeye

� Manufacturing plants are targeted to obtain intellectual property, trade secrets and engineering information

� Attacks on public infrastructure like utility, transportation are motivated by financial gain (identity theft, card frauds) and hacktivism (political agenda)

Source: Demonstrate relative attack frequency on industry based on sector reports

2888

1010

2022

2932

38

0 10 20 30 40

MiningChemical

MetalsPharmaceutical

Water/ Waste WaterAutomative

Oil and GasTelecommunications

TransportationPower and Utilities

Manufacturing

DRAMATIC INCREASE IN ICS SECURITY VULNERABILITIES DISCLOSURES GLOBAL TREND OF TARGETED INDUSTRIES

0

50

100

150

200

250

300

350

400

2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015

Two-year rolling average

13

Vulnerabilities and attacks in the Purdue layers


Level 0Control Zone (Sensors, Actuators)

Safety Zone

Level 1Basic Control Zone (PLC, RTU)

Level 2Supervisory Control Zone (SCADA, HMI, Engineering W/S Historian)

Level 3Operations Zone (Servers, Workstations)

Level 3.5Demilitarized Zone (Application Servers, Infrastructure)

Level 4Business Unit Zone (Servers, Applications)

Level 5Enterprise Business Zone (Internet, Servers, Corporate Applications)

Safety Instrumented Systems

Process I/O Devices

Basic Control Devices

Area & Supervisory Control

Site Manufacturing Operations & Control

Business Planning & Logistics

Enterprise Systems

Infrastructure and IT Systems

VULNERABILITY DISCLOSED CYBER ATTACKS

14

OT Threat Detection and Response is paramount


Attacks happen and vulnerabilities get exploited – we need to detect and respond.

Support Most Industrial Vendors Support Most Industrial Protocols

ABB � Aspentech Cim/IO� Beckhoff ADS� CEI 79-5/2-3� DNP3� EtherNet/IP – CIP� Foundation Fieldbus� Honeywell� ICCP

Passive; no interaction or overhead with industrial automation and control process

Proactive monitoring against abnormal behaviour protecting control systems from0-day and unknown unknowns

Complement operational activities by identifying process bottlenecks andassisting with root cause analysis

Regulatory Compliance

Allen-Bradley/Rockwell

Beckhoff

Emerson

General Electrics

Honeywell

Mitsubishi

Motorola

Rockwell Automation

Schneider Electric

Siemens

Yokogawa

� IEC-60870-5-104� IEC-61850 (MMS, GOOSE, SMV)� Modbus/TCP� MMS� OPC� PI-Connect� Profinet� Siemens S7

15

OT Threat Detection and Response is paramount


Attacks happen and vulnerabilities get exploited – we need to detect and respond.

Network switch

SIEM

Active Directory/LDAP

CMDB

REST APIJSON, CEF, LEEF (SYSLOG)

TAXIISERVER

Monitoring sensor

Command center

Work-stations

Domain controller

Historian

Asset Discovery and Inventory

Communication Profile Vulnerability Assessment

Potential Threats

Criticality Rating

Service Delivery Capabilities

Threat Hunting

Efficient Compliance Threat Modelling

Service Delivery Models

1. Assess inventory and communication flows (one time)

2. OT Cybersecurity Risk Assessment (one time or regular)

3. Managed Service for OT Security Monitoring (continues protection)

LEV

EL

4C

orpo

rate

Net

wor

k

LEV

EL

3O

pera

tions

and

Con

trol

LEV

EL

2S

uper

viso

ry

Net

wor

k

LEV

EL

1C

ontr

ol

Net

wor

k

Managed Threat Detection & Response

Network switch Monitoring sensorEngineering workstation

DCS/SCADA server

HMI

Network switch Monitoring sensorPLC/RTU PLC/RTUPLC/RTU

ICS NETWORK 1ICS

NETWORK 2

16

You do need brakes to drive faster and save!

Summary. Key Takeaway.

Cybersecurity must be a business innovator – not a cost driver.


TÜV Rheinland OT Cybersecurity


Protecting the digital manufacturing processes

Enterprise Risk Management

Cybersecurity Governance

IT Security Management & Engineering

OT Security Management & Engineering

IT Operations(global, local)

OT Operations(global, local)

CISO

Security Manager(s)

Bus

ines

s R

equi

rem

ents

& R

isks

Information & Operational Technology

Consulting Services

Testing Services

Managed Services

Envisioned Client Operating Model TÜV Rheinland OT Cybersecurity Offering (extract)

� OT Security Awareness Program

� OT Plant Blueprint Consulting

� OT Architecture Review

� OT Vulnerability Assessments

� OT Security & Inventory Monitoring

� Threat Detection & Response

� Incident Response & Recovery

� Secure Maintenance Access

� Industry 4.0 Cybersecurity Strategy

� Business Continuity Management

� IT-OT Integrated Risk Management

� IT-OT Risk Assessments

� IT-OT Risk & Threat Modelling

� Data Privacy Consulting

Rep

orts

& M

etric

s &

Tre

nds

18

TÜV Rheinland OT Cybersecurity


Protecting the digital manufacturing processes

Enterprise Risk Management

Cybersecurity Governance

IT Security Management & Engineering

OT Security Management & Engineering

IT Operations(global, local)

OT Operations(global, local)

CISO

Security Manager(s)

Bus

ines

s R

equi

rem

ents

& R

isks

Information & Operational Technology

Consulting Services

Testing Services

Managed Services

Envisioned Client Operating Model TÜV Rheinland OT Cybersecurity Offering

Rep

orts

& M

etric

s &

Tre

nds

Mastering Risk& Compliance

Advanced CyberDefences

Secure Cloud Adoption

19

Thank you.

Wolfgang Kiener

Business Development Manager – Cybersecurity

Phone +49 174 1880217

https://tuv.com/informationsecurity

LEGAL DISCLAIMERThis document remains the property of TÜV Rheinland. It is supplied in confidence solely for information purposes for the recipient. Neither this document nor any information or data contained therein may be used for any other purposes, or duplicated or disclosed in whole or in part, to any third party, without the prior written authorization by TÜV Rheinland.This document is not complete without a verbal explanation (presentation) of the content. TÜV Rheinland AG

Documents

Industrial and OT Cybersecurity in the digital Transformation