Embed Size (px)
Citation preview
Rockwell Automation TechED 2016 @ROKTechED #ROKTechED Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 1
Rockwell Automation TechED 2016 @ROKTechED #ROKTechED Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 2
Tamper Detection
Content Protection
Access Control and Policy Management
Detect & Record unwanted Activity & Modifications to
the application
Protect viewing, editing, and use of specific pieces of control system content
Control Who, What, Where & When access is allowed, to which application & device
Secure Automation and InformationDefending the Digital Architecture
MUST BE IMPLEMENTED AS A SYSTEMINDUSTRIAL SECURITY
Secure Network Infrastructure
Control Access to the network, and Detect unwanted
access and activity
Rockwell Automation TechED 2016 @ROKTechED #ROKTechED Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 3
• Validated Architectures • Stratix™ Portfolio • Network and Security
Services• Stratix 5950• 1756-EN2TSC/B
• Logix Source Protection • Data Access Control• FactoryTalk® Security
• Firmware Digital Signatures• Auditing with FactoryTalk®
AssetCentre • Change Detection and
Logging for Controllers• High Integrity Add-On
Instructions (AOIs)
Secure Automation and InformationCapability Overview
Tamper Detection
Content Protection
Access Control and Policy Management
Detect & Record unwanted Activity & Modifications to
the application
Protect viewing, editing, and use of specific pieces of control system content
Control Who, What, Where & When access is allowed, to which application & device
Secure Network Infrastructure
Control Access to the network, and Detect unwanted
access and activity
Symantec Partnership
Tempered Networks Partnership
Owl CTI Partnership
Rockwell Automation TechED 2016 @ROKTechED #ROKTechED Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 4
Sources of Risk
Source: The State of Security in Control Systems Today, SANS Institute
Rockwell Automation TechED 2016 @ROKTechED #ROKTechED Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 5
Use FactoryTalk® Security to… Manage the insider threat by authenticating the user and authorizing the use of Rockwell Automation® software applications to access automation devices
How does it work?Provides a centralized authority to verify identity of each user and grants or deny user's requests to perform a particular set of actions on resources within the system.
• Authenticate the User• Authorize Use of Applications• Authorize Access to Specific Devices
FactoryTalk® Directory
(All FactoryTalk® Securityenabled software)
5
FactoryTalk® Security
Rockwell Automation TechED 2016 @ROKTechED #ROKTechED Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 6
Secure Network InfrastructureNew Validated Architectures
Achieve infrastructure security through a common, validated system architecture leveraging the Stratix™ portfolio and Cisco® security solutions.
Design and Implementation Guides: • Converged Plantwide Ethernet (CPwE) Design and Implementation Guide (2011)• Segmentation Methods within the Cell/Area Zone (2013)• Securely Traversing IACS Data Across the Industrial Demilitarized Zone (2015)• Deploying Identity Services within a Converged Plantwide Ethernet Architecture (2015)• Site-to-site VPN to a Converged Plantwide Ethernet Architecture (2015)
Download these and more at: http://www.rockwellautomation.com/global/products-technologies/network-technology/architectures.page
IDENTITYSERVICES
ENGINE
Adaptive Security
Appliances
Rockwell Automation TechED 2016 @ROKTechED #ROKTechED Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 7
Security Quality
Vendors must build security into products with a focus on security throughout the products lifecycle…
PUBLIC
www.rockwellautomation.com
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 8
ROKTechED 2016 NetworksFor the rest of the story…
