Deep-Secure offers unique solutions that help organizations control the movement of high-value data between networks by protecting network boundaries and information assets from internal and external threats. Their solutions are designed for high security environments and aim to reduce risks, cut costs, and increase benefits from data sharing without creating barriers. They take a holistic approach framework using standards like ISA 99 and ISO 27001, with elements like risk assessment, traffic monitoring, zone separation, and continuous improvement to achieve the desired security levels.

1. A practical and holistic approach to protecting your
IndustrialPresentation to
Process Control Solutions
10 October 2011
1

2. The Value

Deep-Secure offer unique solutions that help organisations control the movement
of high value data assets between networks:
– Designed for the Highest Security Environments
– Protects the boundary
– Protects Itself
– Protects your information assets
• Internal & external threats

Providing solutions that are assured in their ability to:
– Reduce the operational risk of data loss & enhance security levels
– Cut operational and infrastructure costs
– Increase the operational benefit of sharing data without being a barrier
2

3. The ISA 99 (IEC-62443 ) Reference Model
• The Reference Model has more than
enough depth granularity
• Allows organisations to focus on the
greatest risk areas
• Shows a requirement for a family of
controls at different levels in the layer
model
• Recognises existing/required “Gateway”
points
• Defense in Depth concepts maintained
3

4. An ICS Solutions Framework Approach
Support and
Maintenance
Standards
ISA 99
ISO 27001
• All organisations and therefore
all solutions are different
Gap Analysis
& Benchmark
Solution
Training
Risk
Assessment
Solution
Deployment
ICS
Solutions
Framework
• Organised and logical – allows
organisations to start at any
point
• Elements can be repeated
Traffic Flow and
Asset Discovery
Configuration
Of Controls
• The framework allows different
tools and fulfilment methods
• Continuous Improvement until
desired Risk level is achieved
Assessment
application
Separation
of Zones
Process
Definition
Design of
Controls
4

5. A Holistic Approach To The Right Assurance Levels
Internet
Controlled email exchange
Business Network
ISA-99 Level 4
Schedules and
Process Specs
ISA-99 Level 3
Controlled
forwarding of
network event data
Controlled
email
exchange
Controlled access
to browser-based
business apps.
Controlled
export of
MIS data
Controlled
email
browsing
Controlled
web
browsing
Controlled
software update
imports
Plant Operations Network
Controlled forwarding of network
event data
ISA-99 Level 2
Controlled web browsing
Recipe updates
Controlled export of
MIS data
Controlled software
update imports
Supervisory Network
Guarded industrial protocols over TCP/IP
ISA-99 Level 1
Basic Control
Guarded industrial protocols over TCP/IP
ISA-99 Level 0
Field Devices
5

6. “Need for Change” patterns are emerging....
Triggers for Change
Trigger Characteristics
 Large Infrastructure

New/Different Automation vendors

“Open” vs Varied Protocols

Turnkey (standalone) or Integration?

Enterprise to Plant connectivity?

ERP/MRP/Asset Management

Database/transactional/MIS

Security Audit Findings

Remote Access requirements

Encryption/Wireless Networks

Protective Monitoring of SCADA
Projects
 Business Integration
Projects
 Tactical Improvements
6

7. A practical and holistic approach to protecting your
IndustrialPresentation to
Process Control Solutions
10 October 2011
7