Proteggiamo da incidenti cyber i Sistemi di controllo e automazione nell’industria e nelle infrastrutture Enzo M. Tieghi etieghi @servitecno.it [email protected]

Project Management & Industrial Cyber Security (ICS) by Enzo M. Tieghi

Embed Size (px)


Why and How should You include Industrial Cyber Security among the topics to be covered during the definition of an industrial or infrastructural Project?

Citation preview

2. ad esempio (chi non conosce Suki?) CLUSIT 2013 Tieghi Cyber Security Industria e IC 2 3. Enzo Maria Tieghi Amministratore Delegato di ServiTecno (da oltre 20 anni software industriale) Consigliere AIIC, attivo in associazioni e gruppi di studio per la cyber security industriale (ISA s99 member) In Advisory Board, gruppi e progetti internazionali su Industrial Security e CIP (Critical Infrastructure Protection) Co-autore ed autore pubblicazioni, articoli e memorie 3 4. Dove, questi sistemi? Ovunque: Industrial, Processes, Buildings, Manufacturing & Infrastructures 5. Identifichiamo e definiamo il perimetro IT Security & Control System Protection: dove? 6. 6 ANSI/ISA95 Functional Hierarchy www.isa.org Level 4 Level 1 Level 2 Level 3 Business Planning & Logistics Plant Production Scheduling, Operational Management, etc Manufacturing Operations Management Dispatching Production, Detailed Production Scheduling, Reliability Assurance, ... Batch Control Discrete Control Continuous Control 1 - Sensing the production process, manipulating the production process 2 - Monitoring, supervisory control and automated control of the production process 3 - Work flow / recipe control to produce the desired end products. Maintaining records and optimizing the production process. Time Frame Days, Shifts, hours, minutes, seconds 4 - Establishing the basic plant schedule - production, material use, delivery, and shipping. Determining inventory levels. Time Frame Months, weeks, days Level 0 0 - The actual production process Level 4 Level 1 Level 2 Level 3 Business Planning & Logistics Plant Production Scheduling, Operational Management, etc Manufacturing Operations Management Dispatching Production, Detailed Production Scheduling, Reliability Assurance, ... Batch Control Discrete Control Continuous Control 1 - Sensing the production process, manipulating the production process 2 - Monitoring, supervisory control and automated control of the production process 3 - Work flow / recipe control to produce the desired end products. Maintaining records and optimizing the production process. Time Frame Days, Shifts, hours, minutes, seconds 4 - Establishing the basic plant schedule - production, material use, delivery, and shipping. Determining inventory levels. Time Frame Months, weeks, days Level 0 0 - The actual production process 7. Sicurezza Impianti Oltre alla safety (EN ISO 13849-1/2, IEC/EN 62061, IEC/EN 61508, IEC/EN61511) valutiamo la security? Life Cycle dei sistemi? Documentazione di progetto? Cambiamenti sullimpianto? Reti, PLC, DCS, SCADA? Chi? Quando? Dove? Perch? 8. un repository per la versione validata del sw la documentazione di progetto per eventuali variazioni, manutenzioni, ripartenze? 9. Ho fatto Risk Analysis per rischio cyber? Ho protetto rete e sistemi di fabbrica? Ho una copia completa, back-up del sistema (e dei dati) ? Ho mai provato il recovery? 10. Sicurezza in profondit: in-depth (multi-layered) Security 11. No alle reti piatte: Seg/Seg Segmentare & Segregare 12. Zones & Conduits (ISA99/IEC62443) 13. Esempio di Security Architecture nei sistemi di automazione e controllo Enterprise Control Network Manufacturing Operations Network Perimeter Control Network Control System Network Process Control Network Source: Byres - Tofino 14. Protezione di Zone & Conduits con Firewalls (multilayered defence) Corporate Firewall Industrial Firewall Source: Byres - Tofino 15. e molto altro HW e SW di varie marche, provenienze, epoche, uso 16. Introduzione alla Security Industriale - Enzo M. Tieghi Esempio di rete con protezioni 17. SCADA Server Client Scada-Historian-KPI 1 3 4 6 7 Mobile BI- KPI/ Allarmi RTU su APN Privata/Pubblica 2 5 Datacenter/Historian Server KPI/ ALM Server CLOUD, MOBILE, BYOD. 18. 19 Il vero problema? Control system staff often have no skill and time for security practices Steve Meyer, System Security Expert says: ... Hackers and exploits are an inconvenience and can cost money but plant downtime will kill a business 19. Enzo Maria Tieghi Amministratore Delegato di ServiTecno (da oltre 20 anni software industriale) Consigliere AIIC, attivo in associazioni e gruppi di studio per la cyber security industriale (ISA s99 member) In Advisory Board, gruppi e progetti internazionali su Industrial Security e CIP (Critical Infrastructure Protection) Co-autore ed autore pubblicazioni, articoli e memorie 20 20. Dubbi? Domande? Enzo M. Tieghi [email protected] [email protected]