PROFIBUS and PROFINET InternationaI - PI UK, profile picture
Uploaded byPROFIBUS and PROFINET InternationaI - PI UK
PDF, PPTX74 views

10. PI_Dunton - OT Security.pdf

This document discusses operational technology (OT) cyber security. It begins by explaining why OT networks need security due to the merging of IT and OT networks, which has exposed OT assets to compromise. It then describes the differences between IT and OT approaches, with OT prioritizing control, availability, integrity and confidentiality over just data. Several common attack paths for OT networks are outlined, including social engineering, malware from removable devices, and internet-connected components. The document advocates for a multi-layered protection concept including security awareness training, firewalls, physical protection and network monitoring. It stresses that security should be considered from the initial design phase.

Embed presentation

Download as PDF, PPTX
Tim Beech – TGN Project Services Ltd / Indu-Sol OT Cyber Security
2 PROFIBUS& PROFINETInternational(PI) What Happened To Profibus? – Ford Dunton 16-Feb-2023 Why? 1 IT vs OT - Differences and Approach to Security 2 Threats / Attack Paths 3 Implementing OT Security 4 © 2021 Aims
3 PROFIBUS& PROFINETInternational(PI) What Happened To Profibus? – Ford Dunton 16-Feb-2023 Why Do We Need Security? ▪ Merge of IT and OT has opened up OT networks to compromise ▪ OT networks / assets have become targets ▪ Protect data & assets from attack ▪ Cost of a Cyber Attack ▪ Financial cost – ransom, downtime & recovery ▪ Data loss ▪ Damage to reputation ▪ Third Quarter of 2022 - £1.6billion in losses © 2021
4 PROFIBUS& PROFINETInternational(PI) What Happened To Profibus? – Ford Dunton 16-Feb-2023 Why Do We Need Security? © 2021
5 PROFIBUS& PROFINETInternational(PI) What Happened To Profibus? – Ford Dunton 16-Feb-2023 IT vs OT Information Technology ▪ Data flow and storage focussed ▪ Business Functions (HR, Finance, Email) ▪ Protection of Data is critical CIA ▪ Confidentiality / Integrity / Availability Operation Technology ▪ Control focussed ▪ Manufacturing functions & Safety Systems ▪ Protection of people / process is critical CAIC ▪ Control / Availability / Integrity / Confidentiality © 2021
6 PROFIBUS& PROFINETInternational(PI) What Happened To Profibus? – Ford Dunton 16-Feb-2023 © 2021 IT vs OT – Network Levels Level 5 – Clients / Workstations Level 4 – Servers, Data Storage Level 3 – ES / Historians / MES Level 2 – SCADA / HMI Level 1 – PLC & IO Devices Level 3.5 / DMZ – Data Servers / DHCP / Edge Devices OT IT
7 PROFIBUS& PROFINETInternational(PI) What Happened To Profibus? – Ford Dunton 16-Feb-2023 Threats & Attack Paths for OT Networks Top 10 Threats to OT Networks (According to BSI) 1. Social Engineering & Phishing 2. Malware via removable media / external hardware 3. Human Error & Sabotage 4. Malware via Internet / Intranet 5. Internet connected control components 6. Intrusion via Remote Access 7. Technical Malpractice 8. Compromise of Extranet & Cloud Components 9. (D)DOS Attacks 10. Compromise from personal devices in the production environment © 2021
8 PROFIBUS& PROFINETInternational(PI) What Happened To Profibus? – Ford Dunton 16-Feb-2023 Threats & Attack Paths 1. Social Engineering & Phishing 2. Malware via removable media / external hardware 3. Human Error & Sabotage © 2021
9 PROFIBUS& PROFINETInternational(PI) What Happened To Profibus? – Ford Dunton 16-Feb-2023 Threats & Attack Paths 4. Malware via Internet / Intranet 5. Internet connected components 6. Intrusion via Remote Access © 2021
10 PROFIBUS& PROFINETInternational(PI) What Happened To Profibus? – Ford Dunton 16-Feb-2023 Threats & Attack Paths 7. Technical Malpractice 8. Compromise of Extranet & Cloud Components 9. (D)DoS Attacks 10. Compromise from personal devices in the production environment © 2021
11 PROFIBUS& PROFINETInternational(PI) What Happened To Profibus? – Ford Dunton 16-Feb-2023 Protection Concept © 2021 Security Awareness Trusted Zone Firewalls / DMZ / Remote Access Physical Protection Locking ports / Restrict MCC Access Network Monitoring Asset Management and Monitoring ▪ Multilevel approach ▪ Scalable ▪ Fit for purpose ▪ Training ▪ Supported by policies, procedures and standards ▪ Multi-discipline teams
12 PROFIBUS& PROFINETInternational(PI) What Happened To Profibus? – Ford Dunton 16-Feb-2023 Implementing OT Security ▪ Security shouldn’t be an after thought!! ▪ Protection Concept ▪ Defence in Depth ▪ Policies, Procedures & Standards ▪ Planning ▪ Threats and risks should be assessed ▪ DMZ between IT and OT ▪ Initial design and consider impact of modifications ▪ Selection of components ▪ Criteria for selection (standards) © 2021
13 PROFIBUS& PROFINETInternational(PI) What Happened To Profibus? – Ford Dunton 16-Feb-2023 © 2021 Case Study – Bad Network / No Security
Questions?

More Related Content

PPTX
IT Audit Methodologies
bySALIH AHMED ISLAM
 
PPTX
Top 5 Cybersecurity Threats in Retail Industry
bySeqrite
 
PPTX
Tyler Technology Expo
byTony DeGonia (LION)
 
PPTX
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...
byFinTech Belgium
 
PPTX
Security For Business: Are You And Your Customers Safe
bywoodsy01
 
PDF
Why Corporate Security Professionals Should Care About Information Security
byResolver Inc.
 
DOCX
What operational technology cyber security is?
bysohailAhmad304
 
PDF
Mca Erg Oct 09
byDonald Tabone
 
IT Audit Methodologies
bySALIH AHMED ISLAM
 
Top 5 Cybersecurity Threats in Retail Industry
bySeqrite
 
Tyler Technology Expo
byTony DeGonia (LION)
 
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...
byFinTech Belgium
 
Security For Business: Are You And Your Customers Safe
bywoodsy01
 
Why Corporate Security Professionals Should Care About Information Security
byResolver Inc.
 
What operational technology cyber security is?
bysohailAhmad304
 
Mca Erg Oct 09
byDonald Tabone
 

Similar to 10. PI_Dunton - OT Security.pdf

PDF
Cyber Security and Data Privacy - presentation
bynoorebrahim2002
 
PDF
Cybersecurity concepts & Defense best practises
byWAJAHAT IQBAL
 
PPT
Indian perspective of cyber security
byAurobindo Nayak
 
PDF
Cyber Security in a Fully Mobile World
byUniversity of Hertfordshire
 
PDF
System and Enterprise Security Project - Penetration Testing
byBiagio Botticelli
 
PDF
PROFIsafe and IT security - Peter Brown of Siemens A&D
byPROFIBUS and PROFINET InternationaI - PI UK
 
PDF
Cyber security general perspective a
bymarukanda
 
PPTX
Network Security Architecture
byInnoTech
 
PDF
MT 117 Key Innovations in Cybersecurity
byDell EMC World
 
PPTX
5 Cybersecurity threats in Public Sector
bySeqrite
 
PPTX
Trust and the web veria 11 12- 09
byvafopoulos
 
PDF
INT 1010 06-6.pdf
byLuis R Castellanos
 
PDF
IT Security Presentation - IIMC 2014 Conference
byJeff Lemmermann
 
PDF
Securing your presence at the perimeter
byBen Rothke
 
PPT
Presentación AMIB Los Cabos
byJuan Carlos Carrillo
 
PDF
Cybersecurity solution-guide
byAdilsonSuende
 
PPTX
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
byAndris Soroka
 
PDF
Tecnologías para el Cumplimiento. Alexandre Bento. SafeNet
byInternet Security Auditors
 
PPTX
New Horizons SCYBER Presentation
byNew Horizons Computer Learning Centers / 5PE
 
PDF
Advanced IT and Cyber Security for Your Business
byInfopulse
 
Cyber Security and Data Privacy - presentation
bynoorebrahim2002
 
Cybersecurity concepts & Defense best practises
byWAJAHAT IQBAL
 
Indian perspective of cyber security
byAurobindo Nayak
 
Cyber Security in a Fully Mobile World
byUniversity of Hertfordshire
 
System and Enterprise Security Project - Penetration Testing
byBiagio Botticelli
 
PROFIsafe and IT security - Peter Brown of Siemens A&D
byPROFIBUS and PROFINET InternationaI - PI UK
 
Cyber security general perspective a
bymarukanda
 
Network Security Architecture
byInnoTech
 
MT 117 Key Innovations in Cybersecurity
byDell EMC World
 
5 Cybersecurity threats in Public Sector
bySeqrite
 
Trust and the web veria 11 12- 09
byvafopoulos
 
INT 1010 06-6.pdf
byLuis R Castellanos
 
IT Security Presentation - IIMC 2014 Conference
byJeff Lemmermann
 
Securing your presence at the perimeter
byBen Rothke
 
Presentación AMIB Los Cabos
byJuan Carlos Carrillo
 
Cybersecurity solution-guide
byAdilsonSuende
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
byAndris Soroka
 
Tecnologías para el Cumplimiento. Alexandre Bento. SafeNet
byInternet Security Auditors
 
New Horizons SCYBER Presentation
byNew Horizons Computer Learning Centers / 5PE
 
Advanced IT and Cyber Security for Your Business
byInfopulse
 

More from PROFIBUS and PROFINET InternationaI - PI UK

PDF
7. Ford_Dunton_TSN_CRM.pdf
byPROFIBUS and PROFINET InternationaI - PI UK
 
PDF
9. PA DIM presentation.pdf
byPROFIBUS and PROFINET InternationaI - PI UK
 
PDF
PROFINET to PROFIBUS gateways - Peter Thomas - 03 june 2020
byPROFIBUS and PROFINET InternationaI - PI UK
 
PDF
4. APL PI Presentation 2023.pdf
byPROFIBUS and PROFINET InternationaI - PI UK
 
PDF
12. PI_OPC_UK.pdf
byPROFIBUS and PROFINET InternationaI - PI UK
 
PDF
PROFIBUS lightning surge protection - Peter Thomas, CSL - 10 june 2020
byPROFIBUS and PROFINET InternationaI - PI UK
 
PDF
6. SRCI Profibus International v2.pdf
byPROFIBUS and PROFINET InternationaI - PI UK
 
PDF
PI UK Seminar (Nov 2021) - Update on APL
byPROFIBUS and PROFINET InternationaI - PI UK
 
PDF
3. Ford Dunton Mark Freeman.pdf
byPROFIBUS and PROFINET InternationaI - PI UK
 
PDF
PI UK Seminar (Nov 2021) - PROFINET Gateways
byPROFIBUS and PROFINET InternationaI - PI UK
 
PDF
13. CEMA - AUTOMOTIVE.pdf
byPROFIBUS and PROFINET InternationaI - PI UK
 
PDF
2. Ford_Dunton_Introductions_CRM.pdf
byPROFIBUS and PROFINET InternationaI - PI UK
 
PDF
Profinet network design webinar - Peter Thomas may 2020 - v1.0
byPROFIBUS and PROFINET InternationaI - PI UK
 
PDF
PI UK Seminar (Nov 2021) - PROFINET of Things
byPROFIBUS and PROFINET InternationaI - PI UK
 
PDF
11. PI_Ford_Dunton_IOLINK_Safety.pdf
byPROFIBUS and PROFINET InternationaI - PI UK
 
PDF
PI UK Seminar (Nov 2021) - PROFINET Design Basics
byPROFIBUS and PROFINET InternationaI - PI UK
 
PDF
PROFINET network diagnostics and support - May 2020 - Peter Thomas
byPROFIBUS and PROFINET InternationaI - PI UK
 
PDF
PI UK Seminar (Nov 2021) - PROFIBUS and PROFINET Device Configuration
byPROFIBUS and PROFINET InternationaI - PI UK
 
PDF
PI UK Seminar (Nov 2021) - PROFINET Implementation and Testing
byPROFIBUS and PROFINET InternationaI - PI UK
 
PDF
PI UK Seminar (Nov 2021) - Online Certified Training Courses
byPROFIBUS and PROFINET InternationaI - PI UK
 
7. Ford_Dunton_TSN_CRM.pdf
byPROFIBUS and PROFINET InternationaI - PI UK
 
9. PA DIM presentation.pdf
byPROFIBUS and PROFINET InternationaI - PI UK
 
PROFINET to PROFIBUS gateways - Peter Thomas - 03 june 2020
byPROFIBUS and PROFINET InternationaI - PI UK
 
4. APL PI Presentation 2023.pdf
byPROFIBUS and PROFINET InternationaI - PI UK
 
12. PI_OPC_UK.pdf
byPROFIBUS and PROFINET InternationaI - PI UK
 
PROFIBUS lightning surge protection - Peter Thomas, CSL - 10 june 2020
byPROFIBUS and PROFINET InternationaI - PI UK
 
6. SRCI Profibus International v2.pdf
byPROFIBUS and PROFINET InternationaI - PI UK
 
PI UK Seminar (Nov 2021) - Update on APL
byPROFIBUS and PROFINET InternationaI - PI UK
 
3. Ford Dunton Mark Freeman.pdf
byPROFIBUS and PROFINET InternationaI - PI UK
 
PI UK Seminar (Nov 2021) - PROFINET Gateways
byPROFIBUS and PROFINET InternationaI - PI UK
 
13. CEMA - AUTOMOTIVE.pdf
byPROFIBUS and PROFINET InternationaI - PI UK
 
2. Ford_Dunton_Introductions_CRM.pdf
byPROFIBUS and PROFINET InternationaI - PI UK
 
Profinet network design webinar - Peter Thomas may 2020 - v1.0
byPROFIBUS and PROFINET InternationaI - PI UK
 
PI UK Seminar (Nov 2021) - PROFINET of Things
byPROFIBUS and PROFINET InternationaI - PI UK
 
11. PI_Ford_Dunton_IOLINK_Safety.pdf
byPROFIBUS and PROFINET InternationaI - PI UK
 
PI UK Seminar (Nov 2021) - PROFINET Design Basics
byPROFIBUS and PROFINET InternationaI - PI UK
 
PROFINET network diagnostics and support - May 2020 - Peter Thomas
byPROFIBUS and PROFINET InternationaI - PI UK
 
PI UK Seminar (Nov 2021) - PROFIBUS and PROFINET Device Configuration
byPROFIBUS and PROFINET InternationaI - PI UK
 
PI UK Seminar (Nov 2021) - PROFINET Implementation and Testing
byPROFIBUS and PROFINET InternationaI - PI UK
 
PI UK Seminar (Nov 2021) - Online Certified Training Courses
byPROFIBUS and PROFINET InternationaI - PI UK
 

Recently uploaded

PDF
EPC vs Reality: The Schedule That Was Never Possible
byGanesh Kumar
 
PPTX
Biological Oxygen Demand (BOD) Numericals-2026.pptx
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
PPTX
Symmetrical faults in power system .pptx
byRased Khan
 
PDF
Non-Deterministic Finite Automata (NFA) to Deterministic Finite Automata (DFA...
byNileshPardeshi28
 
PPTX
CFP_Unit 4. Arrays, Structure and Pointers pptx
bypawarbhaktiit
 
PDF
SURAJIT PARAMANIK_ME_3RD_THERMODYNAMICS.pdf
byastikparamanik1970
 
PPTX
Unit II Introduction to C programming ppts
bypawarbhaktiit
 
PPTX
CFP_Unit 3 Decision Control and Looping Statements
bypawarbhaktiit
 
PDF
UNIT02_TRE_GEOMETRIC DESIGN.pdf_________
byAaquib Ansari
 
PPTX
Two Unethical Issue Engineers Practice.pptx
byhehbe481
 
PDF
graph graph graph theory Graph presentation .pdf
bygeekcooder2020
 
PDF
Foundations and evolution of Artificial Intelligence - Mechanical Engineering...
byvyankatesh1
 
PDF
Yes, we put AI agents in production. No, don't try this at home
byMarie-Alice Blete
 
PDF
BOE 2.1 Inch LCD 1600X1600 For VR AR Headset Smart Device
bySyluxdisplay
 
PPTX
Unit I – Introduction to Devops Deployment Pipeline & Design Options Deploym...
byvenkadeshr123
 
PDF
DSP_Assignment -1_2026 Laboratory Kolkata
byrezafahim81
 
PPTX
Solar PV An Essential Requirement in renewable energy based sources Industria...
byshilpashukla2025
 
PDF
Flexibility Matrix Method of Analysis- Part B
byDr. Nitin Naik
 
PPTX
analog communication part one lecture note
byhirutfanta1212
 
PPTX
role of artillery in russia ukraine war in recent context.pptx
bymahmudnaeem38
 
EPC vs Reality: The Schedule That Was Never Possible
byGanesh Kumar
 
Biological Oxygen Demand (BOD) Numericals-2026.pptx
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
Symmetrical faults in power system .pptx
byRased Khan
 
Non-Deterministic Finite Automata (NFA) to Deterministic Finite Automata (DFA...
byNileshPardeshi28
 
CFP_Unit 4. Arrays, Structure and Pointers pptx
bypawarbhaktiit
 
SURAJIT PARAMANIK_ME_3RD_THERMODYNAMICS.pdf
byastikparamanik1970
 
Unit II Introduction to C programming ppts
bypawarbhaktiit
 
CFP_Unit 3 Decision Control and Looping Statements
bypawarbhaktiit
 
UNIT02_TRE_GEOMETRIC DESIGN.pdf_________
byAaquib Ansari
 
Two Unethical Issue Engineers Practice.pptx
byhehbe481
 
graph graph graph theory Graph presentation .pdf
bygeekcooder2020
 
Foundations and evolution of Artificial Intelligence - Mechanical Engineering...
byvyankatesh1
 
Yes, we put AI agents in production. No, don't try this at home
byMarie-Alice Blete
 
BOE 2.1 Inch LCD 1600X1600 For VR AR Headset Smart Device
bySyluxdisplay
 
Unit I – Introduction to Devops Deployment Pipeline & Design Options Deploym...
byvenkadeshr123
 
DSP_Assignment -1_2026 Laboratory Kolkata
byrezafahim81
 
Solar PV An Essential Requirement in renewable energy based sources Industria...
byshilpashukla2025
 
Flexibility Matrix Method of Analysis- Part B
byDr. Nitin Naik
 
analog communication part one lecture note
byhirutfanta1212
 
role of artillery in russia ukraine war in recent context.pptx
bymahmudnaeem38
 

10. PI_Dunton - OT Security.pdf

  • 1.
    Tim Beech –TGN Project Services Ltd / Indu-Sol OT Cyber Security
  • 2.
    2 PROFIBUS& PROFINETInternational(PI) What HappenedTo Profibus? – Ford Dunton 16-Feb-2023 Why? 1 IT vs OT - Differences and Approach to Security 2 Threats / Attack Paths 3 Implementing OT Security 4 © 2021 Aims
  • 3.
    3 PROFIBUS& PROFINETInternational(PI) What HappenedTo Profibus? – Ford Dunton 16-Feb-2023 Why Do We Need Security? ▪ Merge of IT and OT has opened up OT networks to compromise ▪ OT networks / assets have become targets ▪ Protect data & assets from attack ▪ Cost of a Cyber Attack ▪ Financial cost – ransom, downtime & recovery ▪ Data loss ▪ Damage to reputation ▪ Third Quarter of 2022 - £1.6billion in losses © 2021
  • 4.
    4 PROFIBUS& PROFINETInternational(PI) What HappenedTo Profibus? – Ford Dunton 16-Feb-2023 Why Do We Need Security? © 2021
  • 5.
    5 PROFIBUS& PROFINETInternational(PI) What HappenedTo Profibus? – Ford Dunton 16-Feb-2023 IT vs OT Information Technology ▪ Data flow and storage focussed ▪ Business Functions (HR, Finance, Email) ▪ Protection of Data is critical CIA ▪ Confidentiality / Integrity / Availability Operation Technology ▪ Control focussed ▪ Manufacturing functions & Safety Systems ▪ Protection of people / process is critical CAIC ▪ Control / Availability / Integrity / Confidentiality © 2021
  • 6.
    6 PROFIBUS& PROFINETInternational(PI) What HappenedTo Profibus? – Ford Dunton 16-Feb-2023 © 2021 IT vs OT – Network Levels Level 5 – Clients / Workstations Level 4 – Servers, Data Storage Level 3 – ES / Historians / MES Level 2 – SCADA / HMI Level 1 – PLC & IO Devices Level 3.5 / DMZ – Data Servers / DHCP / Edge Devices OT IT
  • 7.
    7 PROFIBUS& PROFINETInternational(PI) What HappenedTo Profibus? – Ford Dunton 16-Feb-2023 Threats & Attack Paths for OT Networks Top 10 Threats to OT Networks (According to BSI) 1. Social Engineering & Phishing 2. Malware via removable media / external hardware 3. Human Error & Sabotage 4. Malware via Internet / Intranet 5. Internet connected control components 6. Intrusion via Remote Access 7. Technical Malpractice 8. Compromise of Extranet & Cloud Components 9. (D)DOS Attacks 10. Compromise from personal devices in the production environment © 2021
  • 8.
    8 PROFIBUS& PROFINETInternational(PI) What HappenedTo Profibus? – Ford Dunton 16-Feb-2023 Threats & Attack Paths 1. Social Engineering & Phishing 2. Malware via removable media / external hardware 3. Human Error & Sabotage © 2021
  • 9.
    9 PROFIBUS& PROFINETInternational(PI) What HappenedTo Profibus? – Ford Dunton 16-Feb-2023 Threats & Attack Paths 4. Malware via Internet / Intranet 5. Internet connected components 6. Intrusion via Remote Access © 2021
  • 10.
    10 PROFIBUS& PROFINETInternational(PI) What HappenedTo Profibus? – Ford Dunton 16-Feb-2023 Threats & Attack Paths 7. Technical Malpractice 8. Compromise of Extranet & Cloud Components 9. (D)DoS Attacks 10. Compromise from personal devices in the production environment © 2021
  • 11.
    11 PROFIBUS& PROFINETInternational(PI) What HappenedTo Profibus? – Ford Dunton 16-Feb-2023 Protection Concept © 2021 Security Awareness Trusted Zone Firewalls / DMZ / Remote Access Physical Protection Locking ports / Restrict MCC Access Network Monitoring Asset Management and Monitoring ▪ Multilevel approach ▪ Scalable ▪ Fit for purpose ▪ Training ▪ Supported by policies, procedures and standards ▪ Multi-discipline teams
  • 12.
    12 PROFIBUS& PROFINETInternational(PI) What HappenedTo Profibus? – Ford Dunton 16-Feb-2023 Implementing OT Security ▪ Security shouldn’t be an after thought!! ▪ Protection Concept ▪ Defence in Depth ▪ Policies, Procedures & Standards ▪ Planning ▪ Threats and risks should be assessed ▪ DMZ between IT and OT ▪ Initial design and consider impact of modifications ▪ Selection of components ▪ Criteria for selection (standards) © 2021
  • 13.
    13 PROFIBUS& PROFINETInternational(PI) What HappenedTo Profibus? – Ford Dunton 16-Feb-2023 © 2021 Case Study – Bad Network / No Security
  • 14.