Project Management & Industrial Cyber Security (ICS) by Enzo M. Tieghi

287 views
179 views

Published on

Why and How should You include Industrial Cyber Security among the topics to be covered during the definition of an industrial or infrastructural Project?

Published in: Engineering
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
287
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Project Management & Industrial Cyber Security (ICS) by Enzo M. Tieghi

  1. 1. Proteggiamo da incidenti cyber i Sistemi di controllo e automazione nell’industria e nelle infrastrutture Enzo M. Tieghi etieghi@servitecno.it em.tieghi@infrastrutturecritiche.it
  2. 2. …ad esempio… (chi non conosce Suki?) © CLUSIT 2013 – Tieghi – Cyber Security Industria e IC 2
  3. 3. Enzo Maria Tieghi  Amministratore Delegato di ServiTecno (da oltre 20 anni software industriale)  Consigliere AIIC, attivo in associazioni e gruppi di studio per la cyber security industriale (ISA s99 member)  In Advisory Board, gruppi e progetti internazionali su Industrial Security e CIP (Critical Infrastructure Protection)  Co-autore ed autore pubblicazioni, articoli e memorie 3
  4. 4. Dove, questi sistemi? Ovunque: Industrial, Processes, Buildings, Manufacturing & Infrastructures
  5. 5. Identifichiamo e definiamo il perimetro IT Security & Control System Protection: dove?
  6. 6. 6 ANSI/ISA95 Functional Hierarchy www.isa.org Level 4 Level 1 Level 2 Level 3 Business Planning & Logistics Plant Production Scheduling, Operational Management, etc Manufacturing Operations Management Dispatching Production, Detailed Production Scheduling, Reliability Assurance, ... Batch Control Discrete Control Continuous Control 1 - Sensing the production process, manipulating the production process 2 - Monitoring, supervisory control and automated control of the production process 3 - Work flow / recipe control to produce the desired end products. Maintaining records and optimizing the production process. Time Frame Days, Shifts, hours, minutes, seconds 4 - Establishing the basic plant schedule - production, material use, delivery, and shipping. Determining inventory levels. Time Frame Months, weeks, days Level 0 0 - The actual production process Level 4 Level 1 Level 2 Level 3 Business Planning & Logistics Plant Production Scheduling, Operational Management, etc Manufacturing Operations Management Dispatching Production, Detailed Production Scheduling, Reliability Assurance, ... Batch Control Discrete Control Continuous Control 1 - Sensing the production process, manipulating the production process 2 - Monitoring, supervisory control and automated control of the production process 3 - Work flow / recipe control to produce the desired end products. Maintaining records and optimizing the production process. Time Frame Days, Shifts, hours, minutes, seconds 4 - Establishing the basic plant schedule - production, material use, delivery, and shipping. Determining inventory levels. Time Frame Months, weeks, days Level 0 0 - The actual production process
  7. 7. Sicurezza Impianti Oltre alla safety (EN ISO 13849-1/2, IEC/EN 62061, IEC/EN 61508, IEC/EN61511)… • valutiamo la security? • Life Cycle dei sistemi? • Documentazione di progetto? • Cambiamenti sull’impianto? • Reti, PLC, DCS, SCADA? • Chi? Quando? Dove? Perchè?
  8. 8. • un repository per la versione “validata” del sw • la documentazione di progetto • per eventuali variazioni, manutenzioni, ripartenze?
  9. 9. • Ho fatto Risk Analysis per rischio cyber? • Ho protetto rete e sistemi di fabbrica? • Ho una copia completa, back-up del sistema (e dei dati) ? • Ho mai provato il recovery?
  10. 10. Sicurezza in profondità: in-depth (multi-layered) Security
  11. 11. No alle “reti piatte”: Seg/Seg Segmentare & Segregare
  12. 12. Zones & Conduits (ISA99/IEC62443)
  13. 13. Esempio di “Security Architecture” nei sistemi di automazione e controllo Enterprise Control Network Manufacturing Operations Network Perimeter Control Network Control System Network Process Control Network Source: Byres - Tofino
  14. 14. Protezione di Zone & Conduits con Firewalls (multilayered defence) Corporate Firewall Industrial Firewall Source: Byres - Tofino
  15. 15. … e molto altro HW e SW di varie marche, provenienze, epoche, uso…
  16. 16. Introduzione alla Security Industriale - Enzo M. Tieghi Esempio di rete “con protezioni”
  17. 17. SCADA Server Client Scada-Historian-KPI 1 3 4 6 7 Mobile BI- KPI/ Allarmi RTU su APN Privata/Pubblica 2 5 Datacenter/Historian Server KPI/ ALM Server CLOUD, MOBILE, BYOD….
  18. 18. 19 Il vero problema?  …“Control system staff often have no skill and time for security practices…” Steve Meyer, System Security Expert says: “... Hackers and exploits are an inconvenience and can cost money but plant downtime will kill a business…”
  19. 19. Enzo Maria Tieghi  Amministratore Delegato di ServiTecno (da oltre 20 anni software industriale)  Consigliere AIIC, attivo in associazioni e gruppi di studio per la cyber security industriale (ISA s99 member)  In Advisory Board, gruppi e progetti internazionali su Industrial Security e CIP (Critical Infrastructure Protection)  Co-autore ed autore pubblicazioni, articoli e memorie 20
  20. 20. Dubbi? Domande? Enzo M. Tieghi etieghi@servitecno.it em.tieghi@infrastrutturecritiche.it

×