Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Exploit the potential of IoT without compromising security


Published on

IoT is a key enabler of digital transformation, creating an interconnected world with new possibilities for both business and society. However, increased interconnectivity also implies new levels of complexity and risk. In this environment, how can we keep critical infrastructures reliable, secure and compliant? This session will explore the challenges and share the latest insights from the perspective of people, processes and technology.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Exploit the potential of IoT without compromising security

  1. 1. © 2019 FUJITSU Exploit the potential of IoT without compromising Security Jamie Wilkie
  2. 2. 2 © 2019 FUJITSU Today’s Agenda 01 WHY - Analyzing the current state of IoT deployment Understand the drivers and challenges that are currently impacting businesses 03 02 WHAT - Security in connected services as a quality KPI How security can strengthen IoT in a interconnected world HOW - Best practices for IoT security and performance What steps can you take right now to implement a robust security framework within an IoT ecosystem
  3. 3. 3 © 2019 FUJITSU Digitization reshapes business models, business processes and infrastructure design ◼ Customers and partners seek new value, new services and revenue streams ◼ Data drives all relationships ◼ Our physical infrastructure is already very connected to tap data ◼ This will increase rapidly ◼ Data protection and security by design required at all levels ◼ Personal Data (GDPR) ◼ Corporate Intellectual Property ◼ Brand Protection ◼ Business Continuity ◼ Operational Safety ◼ Co-create for speed Business Models Processes Connected Infrastructure Security
  4. 4. 4 © 2019 FUJITSU Increased Interconnectivity = Increased Risk Every industry is a target Script Kiddies Hacktivists Insiders State Actors Criminals Energy Water Food IT and Communications Transportation Health Finance & Insurance Regulated, e.g. NIS (EU), National Non-Regulated ! ! ! Smart Cities Logistics Manufacturing Retail !
  5. 5. 5 © 2019 FUJITSU We have only seen the beginning… Heavy Industry Energy Transport Water 2014 Blast-furnace damaged 2015 Electricity supply sabotaged 2017 Ransomware disruption 2018 Crypto mining Resource theft Cyberattacks threaten the Economy and Society
  6. 6. 6 © 2019 FUJITSU …to interconnectedfrom heavily fortified… The challenge of industrial security ◼ Immense opportunity for growth, driven by the value in data ◼ Massive increase in communication – between people and machines and with external partners and customers ◼ Trust and security mechanisms must keep pace as we evolve…
  7. 7. 7 © 2019 FUJITSU Connected Services Security for IoT, AI and Cloud based Services in Edge and Core Smart Cities Logistics Manufacturing Retail 0 0,2 0,4 0,6 0,8 1 Security Privacy ResilienceReliability Safety Vertical Customer ISO 27001 Our approach Security in connected services as a quality KPI Security Characteristics Future Situation IEC 62443 GDPR NIS Others Energy (Electricity, Oil & Gas) Water Food IT and Communications Transportation Health Finance & Insurance Regulated, e.g. NIS (EU), National Non-Regulated
  8. 8. 8 © 2019 FUJITSU Compliance Compulsory for CNI – a model for manufacturing Standards e.g. UK NCSC CAF A: Managing security risk B: Protecting against cyberattack C: Detecting cyber security events D: Minimizing impact of cyber security incidents ISO 27001 IEC 62443 Operator – Integrator – Component Supplier Others
  9. 9. 9 © 2019 FUJITSU Architecture principles in the new ecosystem Core Core The Core connects, manages, processes, analyzes and controls all IoT devices. e.g. ICS components, robots, PLCs, sensors, 3D-Print, IoT gateways, MES, etc. live here.
  10. 10. 10 © 2019 FUJITSU Trust in the industrial IoT ◼ Trust evolves dynamically over time ◼ Dynamic Trust must be continuously reestablished ◼ Analytics and AI enable prediction and learning ◼ Trust results from interaction of hardware, software and services ◼ Updates and predictive maintenance may change properties and Trust ◼ Future standards of Trust under development ◼ Trust services to be delivered to the Edge from the Core ◼ e.g. Policy & Risk Management, Data Classification, Federations, PKIs, CAs, IAM, SIEM ◼ IoT Management will be essential part of asset and security management Source: IIC Industrial Internet Security Framework ODM OEM Modules Chips Development Tools Software Stack SaaS Transactions PaaS IaaS Software Integrator Solution Provider Framework Container Guest OS Hypervisor Firmware OS
  11. 11. 11 © 2019 FUJITSU New business models and cost savings with customers and partners require new, secure, processes Pay-per-use of partner equipment Out of the cage robot assistant Transformation example Manufacturing Campus Germany Electro-magnetic testing for external customers
  12. 12. 12 © 2019 FUJITSU Transformation example Water Utility United Kingdom Goals: ◼ Improved services ◼ Minimize maintenance disruption in communities ◼ Increase productivity (smart hands on site) ◼ Automation, Backup Central Operations Center Large remote site Small remote site Small remote site Small remote site Small remote site Small remote site
  13. 13. 13 © 2019 FUJITSU Individual projects require a governance framework SecurityArchitecture AI (Machine Learning) Visualization Platform Edge Connectivity / Network Use Case Use Case Use Case Use Case IT Governance Corporate IT Business and Corporate ITKey:
  14. 14. 14 © 2019 FUJITSU Trust relationships between security domains are the basis of the security design ◼ Security Management is central to security design ◼ Hierarchy and compartmentalisation of trust reduces exposure ◼ No trust assumed between corporate and OT Services ◼ Typical Security Management Services ◼ Identity and Access Management ◼ Security Patching ◼ Anti-malware systems ◼ Intrusion Detection and Prevention ◼ Network Monitoring and Control ◼ Log Management Trust Relationship Corporate IT Services Security Domain Central OT Services Security Domain OT Security Management 3rd Party Cloud Services Local site OT Local site OT IT Security Management
  15. 15. 15 © 2019 FUJITSU Mapping security management principles to the overall environment Responsibility L5: Enterprise Applications L3: Production Operations L2: Area Supervisory Control IT for OT Enterprise/ Hybrid IT L4: Business Planning L1: Basic Control L0: Physical Process Analog OT CISO Environment Connectivity Cloud Apps Segmentation EnterpriseOperationsCentre Monitoring Enterprise SIEM OTSIEM
  16. 16. 16 © 2019 FUJITSU Mapping security management principles to a reference architecture (multiple site utility) Sites Process Control DMZ Enterprise Network Internet OT Information Technology Untrusted OT Network Operations Center Enterprise Resource Planning (ERP) Partner Cloud Analytics Dashboard Fujitsu Cloud IoT Apps OT SIEMSD-WAN Connectivity Untrusted OT Network Security Management Edge Appliance
  17. 17. 17 © 2019 FUJITSU Real time management visibility Intelligent Dashboard
  18. 18. 18 © 2019 FUJITSU Industrial Security Monitoring Shared OT – IT security responsibility IT Security Operating Center Monitors IT for OT & OT traffic Threat Intelligence on global Industrial IoT Security data OT Operations Center Correlates SOC analysis with facility operations knowledge React Facility – Operations of online industrial control systems and online processes. Focus on uptime and safety
  19. 19. 19 © 2019 FUJITSU Typical initial steps ◼ Identify what is critical according to your risk profile ◼ Know what you are protecting – establish an asset database ◼ Architect your network for flexibility and security ◼ Modernize connectivity ◼ Network separation of OT and Office domains ◼ Segmentation of OT domain ◼ Evolve processes to allow and manage software updates and patches ◼ Establish governance, security processes, roles and responsibilities across OT and IT ◼ Establish ongoing monitoring and response capabilities It is not rocket science – get started Fujitsu Offers ■ Industrial Security Consulting ■ Baseline current environment ■ Recommend compliant enhancement plan ■ Implementation Services ■ Network connectivity and segmentation services ■ Security implementation with leading product partners ■ Managed Security Monitoring Services ■ Monitor health of OT traffic and the IT controlling OT ■ Integration with customer’s OT management ■ Integration with Enterprise IT security management
  20. 20. 20 © 2019 FUJITSU Co-Creation – an open invitation to business model and technology innovation ◼ Industrial Control Systems Lab ◼ Practical set up of a 6 field site ICS environment ◼ Simulate the corporate environment ◼ Emulate a working environment ◼ Includes a variety of communications link