The document discusses cyber security challenges facing industrial control systems and how to address them. It identifies the main challenges as organizational issues like risk management and awareness, technical issues involving installed infrastructure and vulnerabilities, and disruptive changes. The challenges can be addressed through better preparation like inventorying systems, understanding normal behavior to detect anomalies, monitoring for vulnerabilities, and keeping systems patched. The presentation concludes that effective cyber security requires a joint effort across various stakeholders and a holistic, defense-in-depth approach covering the entire system lifecycle.

1. Bart de Wijs, Head of Cyber Security, ABB Power Systems
Cyber Security Challenges – How are we
facing them?

2. Focus of todays talk
4 key questions
1.
Advanced security architectures?
2.
What are the main Cyber Security challenges?
3.
How should the challenges be addressed?
4.
What does ABB offer and how can ABB help?
Image: edudemic.com
© ABB Group
21 October, 2013 | Slide 2

3. Substation Automation Systems
Advanced Security Architecture
Automation
Systems Manager
Legend:
Disabled ports / services
Removable media access
Advanced Service
Appliance (ASA)
Individual User Accounts
Malware protection
Firewall
Router
Encryptet communication
Industrial Defender Agent
Patch Management
© ABB Group
21 October, 2013 | Slide 3

4. The Biggest Challenges
Organizational
Risk Management
Awareness
Competence Management
Disruptive Changes
Images: www.guardianconsultants.co.uk
© ABB Group
21 October, 2013
| Slide 4
wegilant.com
www.floris-cm.nl
blogpool4tool.com

5. The Biggest Challenges
Technical
Installed Base
Sustaining Security
Situational Awareness
Heterogeneity
Compliance
Vulnerabilities
Images: www.zazzle.co.nz
© ABB Group
21 October, 2013
| Slide 5
www.zoho.com
blog.monitorscout.com
www.leadthefish.com
nl.123rf.com
www.ccure.it

6. How should the challenges be addressed?
4 key questions
Can we really defend
ourselves?
Do we know our
infrastructure and systems?
Can we identify potentially
malicious activities?
Can we recover from any
incident?
Images: www.techieapps.com
© ABB Group
21 October, 2013
| Slide 6
technorati.com
www.calibersecurity.com
cert.org

7. How should the challenges be addressed?
Better preparation
Requires a change from
all of us!
Make an inventory of
what you have
Know the behavior of your
infrastructure and systems
Compare your actual with
your baseline
Monitor vulnerability
disclosures
Patch your systems and
stay up to date
Image: howstuffworks.com
© ABB Group
21 October, 2013
| Slide 7
blog.optimizely.com
lisagroup.com.au
dhs.org
cve.mitre.org
securityfocus.com
www.marketingzen.com

8. What ABB offers – A holistic approach to Cyber Security
Defense in Depth in all phases of the System Lifecycle
Procedures and Policies
Physical Security
Security Updates
User Access Control
Intrusion Protection
Intrusion Detection
High availability solutions
© ABB Group
21 October, 2013
| Slide 8

9. Conclusions
Cyber security is a key aspect of ICS in Critical
Infrastructure
Cyber security is a real challenge and must become a high
priority item for all involved stakeholders
Effective cyber security solutions require a joint effort by
vendors, integrators, operating system providers, end
users and governments
Effective cyber security will require solutions that cover both
legacy and new installations
Security is about risk management - perfect security is
neither existent nor economically feasible
© ABB Group
21 October, 2013
| Slide 9

10. Contact information
Questions, Comments, etc.
cybersecurity@ch.abb.com
www.abb.com/cybersecurity
© ABB Group
21 October, 2013
| Slide 10