SlideShare a Scribd company logo

Ensuring your plant is secure

Download as PPTX, PDF
Schneider Electric
Schneider Electric

The document discusses ensuring cyber security for industrial control systems and plants. It recommends implementing seven building blocks for cyber security: identifying critical assets, electronic access controls, user access controls, patching, anti-virus software, disaster recovery through backups, and logging and alerting. The document also promotes best practices like network segmentation, access controls, system hardening, and centralized cyber security management. Finally, it describes how the Foxboro Evo process automation system and the Critical Infrastructure Security Practice can help industrial plants develop and implement comprehensive cyber security programs.

1 of 22
1 Ensuring Your Plant is Secure Tim Johnson, Cyber Security Consultant
The Foxboro EvoTM Process Automation System Addressing the needs across your operation today and tomorrow. Confidential Property of Schneider Electric 2
3 Industrial Control Systems Why Cyber Security Why Now
Industrial Control System Cyber Security Headlines Confidential Property of Schneider Electric 4
Industrial Control System Cyber Security In a “post-Stuxnet” world, a lot of attention is being given to the Industrial Control Systems running task for critical infrastructure and important manufacturing processes. Much of this attention is caused by a new wave of security research being performed on the security vulnerabilities that many of these systems possess. It is one thing to say that a system has security vulnerabilities, but it is something entirely different to say that the system is insecure,” http://www.securitybistro.com Confidential Property of Schneider Electric 5
Industrial Control System Cyber Security Impact •More Corporate/Regulatory Compliance •Requirements to Reduce Environmental and Financial Risk •Decreases Plant Safety •Non-Secure Plant to the Enterprise Network Connections •Increased Downtime •Decreased Network Performance Confidential Property of Schneider Electric 6
7 Industrial Control Systems Protect
Industrial Control System Cyber Security Basics Seven Building Blocks Required for Cyber Security 1. Identify what should be protected • Identify what is Critical to the Process 2. Electronic Access Controls • Firewall Network Segmentation 3. User Access Controls • Least Privilege Methodology for Users 4. Patching • OS and Software 5. Anti-Virus • Advanced Anti-Virus technologies i.e. Device Control 6. Disaster Recovery (Backups) • Backup & Recovery Planning 7. Logging & Alerting • Failed and Successful Logins Confidential Property of Schneider Electric 8
Industrial Control Systems Best Practices *Network Segregation *Electronic Access Point Access Controls *System Hardening Confidential Property of Schneider Electric 9
Industrial Control Systems Best Practices - Continued *Network Segregation *Electronic Access Point Access Controls *System Hardening *User Access Controls *Malicious Software Prevention - Antivirus - Device Control *Patching Server *Backups *Performance Monitoring & Alerting *Logging Server Confidential Property of Schneider Electric 10
11 Industrial Control Systems Maintain
Industrial Control Systems Centralized Cyber Management Management Server *Malicious Software Prevention - Antivirus - Device Control *Patching Server *Backups *Performance Monitoring & Alerting *Malicious Software Prevention *Patching Server *Centralized Backups *Malicious Software Prevention Confidential Property of Schneider Electric 12
13 Foxboro EvoTM Process Automation System Cyber Security
Foxboro EvoTM Enabling Cyber Security Product Features for Secure Deployments: – McAfee ePO Centralized Management and configuration for: • Anti-Virus Settings and DAT updates based on Computer memberships • Advanced protections based on users, security groups and computer memberships • Data Loss Prevention (Removable Media/USB device controls) • Whitelisting – Centralized Account Management for Operating System (Active Directory) • Ability to utilize single or shared user account methodologies • Operating System GUI set based on user login • Computer Security Settings set by simple drag and drop methodogy – System Access Controls for Users and Computers Management (Active Directory GPOs) • Locked Windows GUI • Preliminary Operating System Hardening – System configuration Baseline and Reports (Station Assessment Tool “SAT”) – Backup and Recovery (BESR) Confidential Property of Schneider Electric 14
Foxboro EvoTM Looking to the Future Adopting New Technologies: – Virtualization for Foxboro Stations: • Helps lower cost for maintain cyber security programs – Less hardware to track, maintain and warrantee – Snapshot recovery facilitates patching programs – Snapshot recovery reduces dependence on similar hardware and reduces system recovery times – Single Active Directory Deployment Methodologies • Off MESH and Existing Active Directory Integration support as standard product feature – Leverage existing DCS Active Directory Installations – Create new Active Directory deployments for managing user access controls across your whole plant – McAfee ePO Advanced Threat Management Mitigitations • Application Whitelisting • File Integrity Control Confidential Property of Schneider Electric 15
16 Industrial Control Systems Critical Infrastructure Security Practice (CISP)
CISP Operation Technology • Experienced with IT technologies but with a Industrial Control System mindset • Bridge technology gap for today’s heavily technology based Process Automation Systems • Providing Cyber Security and Technology services for Industrial Control Systems since 2001 • CISP Consultants are focused on Critical Infrastructure Market • Cyber Security implementations across varying industries • Cyber Security and Technology solutions covering your whole Plant • Vendor Independent Cyber Security Solutions Confidential Property of Schneider Electric 17
CISP Services & Solutions • Expanding Cyber Security for Foxboro EvoTM • Foxboro EvoTMCyber Security integration into Non-Foxboro systems • Advanced Active Directory integration • Network Alarming and Event Management • Patching solutions for Foxboro and Non-Foxboro systems • Technology Assessments and Remediation • Cyber Security Assessments and Remediation • NERC CIP Workshops • Services and Solutions for meeting Corporate Cyber Security requirements placed on Industrial Control Systems Confidential Property of Schneider Electric 18
19 Ensuring Your Plant is Secure Putting it all together
Ensuring Your Plant is Secure *Cyber Security implementation capable of supporting other Vendors *Ability to Integrate Active Directory (Plant Wide Active Directory Solution) *Network Segmentation *MGT Server for Centralized Server Dedicated to Cyber Security Task (Plant Wide Solution) - ePO Server, Patching Server, Logging Server, Centralized Backup Repository, Performance Monitoring and Alerting *Thin Clients lowering Management and Maintenance cost *Relay Zone Server Creates a Bastion Host limiting Direct Access from Un-Trusted Networks to DCS Trusted Networks - Dedicated to RDP access only - View only or Engineering Server Options - Additional Active Directory security measure may be implemented Confidential Property of Schneider Electric 20
Ensuring Your Plant is Secure Schneider Electric Cyber Security Asset Identification CISP Cyber Solutions Your Plant is Secure User Access Controls Electronic Access Controls Logging Network Design & Management Backup and Restoration Anti Malware Patching Platform Hardening Foxboro EvoTM Cyber Security Confidential Property of Schneider Electric 21
22 ©2014 Schneider Electric. All Rights Reserved. All trademarks are owned by Schneider Electric Industries SAS or its affiliated companies or their respective owners.

Recommended

Holistic Efficiency
Holistic EfficiencyHolistic Efficiency
Holistic Efficiency
Schneider Electric
 
Getting Started with Advanced Network Operations
Getting Started with Advanced Network OperationsGetting Started with Advanced Network Operations
Getting Started with Advanced Network Operations
Schneider Electric
 
The Data Center Evolution and Pre-Fab Data Centers
The Data Center Evolution and Pre-Fab Data CentersThe Data Center Evolution and Pre-Fab Data Centers
The Data Center Evolution and Pre-Fab Data Centers
Schneider Electric
 
Field Data Gathering Services — A Cloud-Based Approach
Field Data Gathering Services — A Cloud-Based ApproachField Data Gathering Services — A Cloud-Based Approach
Field Data Gathering Services — A Cloud-Based Approach
Schneider Electric
 
Containerized Power and Cooling Modules for Data Centers
Containerized Power and Cooling Modules for Data CentersContainerized Power and Cooling Modules for Data Centers
Containerized Power and Cooling Modules for Data Centers
Schneider Electric
 
SCADA of the Future
SCADA of the FutureSCADA of the Future
SCADA of the Future
Schneider Electric
 
PES: An Innovative Approach to Process Control Systems (and Energy Managemen...
PES: An Innovative Approach to Process Control Systems (and Energy Managemen... PES: An Innovative Approach to Process Control Systems (and Energy Managemen...
PES: An Innovative Approach to Process Control Systems (and Energy Managemen...
Schneider Electric
 
Cloud computing
Cloud computing Cloud computing
Cloud computing
Schneider Electric
 

Recommended

Holistic Efficiency
Holistic EfficiencyHolistic Efficiency
Holistic Efficiency
Schneider Electric
 
Getting Started with Advanced Network Operations
Getting Started with Advanced Network OperationsGetting Started with Advanced Network Operations
Getting Started with Advanced Network Operations
Schneider Electric
 
The Data Center Evolution and Pre-Fab Data Centers
The Data Center Evolution and Pre-Fab Data CentersThe Data Center Evolution and Pre-Fab Data Centers
The Data Center Evolution and Pre-Fab Data Centers
Schneider Electric
 
Field Data Gathering Services — A Cloud-Based Approach
Field Data Gathering Services — A Cloud-Based ApproachField Data Gathering Services — A Cloud-Based Approach
Field Data Gathering Services — A Cloud-Based Approach
Schneider Electric
 
Containerized Power and Cooling Modules for Data Centers
Containerized Power and Cooling Modules for Data CentersContainerized Power and Cooling Modules for Data Centers
Containerized Power and Cooling Modules for Data Centers
Schneider Electric
 
SCADA of the Future
SCADA of the FutureSCADA of the Future
SCADA of the Future
Schneider Electric
 
PES: An Innovative Approach to Process Control Systems (and Energy Managemen...
PES: An Innovative Approach to Process Control Systems (and Energy Managemen... PES: An Innovative Approach to Process Control Systems (and Energy Managemen...
PES: An Innovative Approach to Process Control Systems (and Energy Managemen...
Schneider Electric
 
Cloud computing
Cloud computing Cloud computing
Cloud computing
Schneider Electric
 
Asset Management - what are some of your top priorties?
Asset Management - what are some of your top priorties?Asset Management - what are some of your top priorties?
Asset Management - what are some of your top priorties?
Schneider Electric
 
Simplifying Data Center Design/ Build
Simplifying Data Center Design/ BuildSimplifying Data Center Design/ Build
Simplifying Data Center Design/ Build
Schneider Electric
 
Distributech 2015 - Mobile Work management
Distributech 2015 - Mobile Work managementDistributech 2015 - Mobile Work management
Distributech 2015 - Mobile Work management
Schneider Electric
 
Essential Elements of Data Center Facility Operations
Essential Elements of Data Center Facility OperationsEssential Elements of Data Center Facility Operations
Essential Elements of Data Center Facility Operations
Schneider Electric
 
Data centers on the Edge
Data centers on the EdgeData centers on the Edge
Data centers on the Edge
Schneider Electric
 
Preparing for the Future: How Asset Management Will Evolve in the Age of Smar...
Preparing for the Future: How Asset Management Will Evolve in the Age of Smar...Preparing for the Future: How Asset Management Will Evolve in the Age of Smar...
Preparing for the Future: How Asset Management Will Evolve in the Age of Smar...
Schneider Electric
 
Engineer the Future Now!
Engineer the Future Now!Engineer the Future Now!
Engineer the Future Now!Schneider Electric
 
Effect on Substation Engineering Costs of IEC61850 & System Configuration Tools
Effect on Substation Engineering Costs of IEC61850 & System Configuration ToolsEffect on Substation Engineering Costs of IEC61850 & System Configuration Tools
Effect on Substation Engineering Costs of IEC61850 & System Configuration Tools
Schneider Electric
 
How Warehouse and Distribution Systems (Conveyor systems) are being designed ...
How Warehouse and Distribution Systems (Conveyor systems) are being designed ...How Warehouse and Distribution Systems (Conveyor systems) are being designed ...
How Warehouse and Distribution Systems (Conveyor systems) are being designed ...
Schneider Electric
 
Panduit Smartzone™ DCIM Solution Details
Panduit Smartzone™ DCIM Solution DetailsPanduit Smartzone™ DCIM Solution Details
Panduit Smartzone™ DCIM Solution Details
Panduit
 
ADMS (Advanced Distribution Management System)
ADMS (Advanced Distribution Management System)ADMS (Advanced Distribution Management System)
ADMS (Advanced Distribution Management System)
Schneider Electric
 
Types of Prefabricated Modular Data Centers
Types of Prefabricated Modular Data CentersTypes of Prefabricated Modular Data Centers
Types of Prefabricated Modular Data Centers
Schneider Electric
 
Datacenter Strategy, Design, and Build
Datacenter Strategy, Design, and BuildDatacenter Strategy, Design, and Build
Datacenter Strategy, Design, and Build
Christopher Kelley
 
Smart Alarming Management
Smart Alarming ManagementSmart Alarming Management
Smart Alarming Management
Schneider Electric
 
Practical Considerations for Implementing Prefabricated Data Centers
Practical Considerations for Implementing Prefabricated Data CentersPractical Considerations for Implementing Prefabricated Data Centers
Practical Considerations for Implementing Prefabricated Data Centers
Schneider Electric
 
Data Center Infrastructure Management(DCIM)
Data Center Infrastructure Management(DCIM)Data Center Infrastructure Management(DCIM)
Data Center Infrastructure Management(DCIM)MD. IFTEKARUL ALAM
 
Best Practices for Creating Your Smart Grid Network Model
Best Practices for Creating Your Smart Grid Network ModelBest Practices for Creating Your Smart Grid Network Model
Best Practices for Creating Your Smart Grid Network Model
Schneider Electric
 
GIS-Based Design for Effective Smart Grid Strategies
GIS-Based Design for Effective Smart Grid StrategiesGIS-Based Design for Effective Smart Grid Strategies
GIS-Based Design for Effective Smart Grid Strategies
Schneider Electric
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
Schneider Electric
 
Fundamentals of Managing the Data Center Life Cycle for Owners
Fundamentals of Managing the Data Center Life Cycle for OwnersFundamentals of Managing the Data Center Life Cycle for Owners
Fundamentals of Managing the Data Center Life Cycle for Owners
Schneider Electric
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgInformation Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric Vanderburg
Eric Vanderburg
 

More Related Content

What's hot

Asset Management - what are some of your top priorties?
Asset Management - what are some of your top priorties?Asset Management - what are some of your top priorties?
Asset Management - what are some of your top priorties?
Schneider Electric
 
Simplifying Data Center Design/ Build
Simplifying Data Center Design/ BuildSimplifying Data Center Design/ Build
Simplifying Data Center Design/ Build
Schneider Electric
 
Distributech 2015 - Mobile Work management
Distributech 2015 - Mobile Work managementDistributech 2015 - Mobile Work management
Distributech 2015 - Mobile Work management
Schneider Electric
 
Essential Elements of Data Center Facility Operations
Essential Elements of Data Center Facility OperationsEssential Elements of Data Center Facility Operations
Essential Elements of Data Center Facility Operations
Schneider Electric
 
Data centers on the Edge
Data centers on the EdgeData centers on the Edge
Data centers on the Edge
Schneider Electric
 
Preparing for the Future: How Asset Management Will Evolve in the Age of Smar...
Preparing for the Future: How Asset Management Will Evolve in the Age of Smar...Preparing for the Future: How Asset Management Will Evolve in the Age of Smar...
Preparing for the Future: How Asset Management Will Evolve in the Age of Smar...
Schneider Electric
 
Effect on Substation Engineering Costs of IEC61850 & System Configuration Tools
Effect on Substation Engineering Costs of IEC61850 & System Configuration ToolsEffect on Substation Engineering Costs of IEC61850 & System Configuration Tools
Effect on Substation Engineering Costs of IEC61850 & System Configuration Tools
Schneider Electric
 
How Warehouse and Distribution Systems (Conveyor systems) are being designed ...
How Warehouse and Distribution Systems (Conveyor systems) are being designed ...How Warehouse and Distribution Systems (Conveyor systems) are being designed ...
How Warehouse and Distribution Systems (Conveyor systems) are being designed ...
Schneider Electric
 
Panduit Smartzone™ DCIM Solution Details
Panduit Smartzone™ DCIM Solution DetailsPanduit Smartzone™ DCIM Solution Details
Panduit Smartzone™ DCIM Solution Details
Panduit
 
ADMS (Advanced Distribution Management System)
ADMS (Advanced Distribution Management System)ADMS (Advanced Distribution Management System)
ADMS (Advanced Distribution Management System)
Schneider Electric
 
Types of Prefabricated Modular Data Centers
Types of Prefabricated Modular Data CentersTypes of Prefabricated Modular Data Centers
Types of Prefabricated Modular Data Centers
Schneider Electric
 
Datacenter Strategy, Design, and Build
Datacenter Strategy, Design, and BuildDatacenter Strategy, Design, and Build
Datacenter Strategy, Design, and Build
Christopher Kelley
 
Smart Alarming Management
Smart Alarming ManagementSmart Alarming Management
Smart Alarming Management
Schneider Electric
 
Practical Considerations for Implementing Prefabricated Data Centers
Practical Considerations for Implementing Prefabricated Data CentersPractical Considerations for Implementing Prefabricated Data Centers
Practical Considerations for Implementing Prefabricated Data Centers
Schneider Electric
 
Data Center Infrastructure Management(DCIM)
Data Center Infrastructure Management(DCIM)Data Center Infrastructure Management(DCIM)
Data Center Infrastructure Management(DCIM)MD. IFTEKARUL ALAM
 
Best Practices for Creating Your Smart Grid Network Model
Best Practices for Creating Your Smart Grid Network ModelBest Practices for Creating Your Smart Grid Network Model
Best Practices for Creating Your Smart Grid Network Model
Schneider Electric
 
GIS-Based Design for Effective Smart Grid Strategies
GIS-Based Design for Effective Smart Grid StrategiesGIS-Based Design for Effective Smart Grid Strategies
GIS-Based Design for Effective Smart Grid Strategies
Schneider Electric
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
Schneider Electric
 
Fundamentals of Managing the Data Center Life Cycle for Owners
Fundamentals of Managing the Data Center Life Cycle for OwnersFundamentals of Managing the Data Center Life Cycle for Owners
Fundamentals of Managing the Data Center Life Cycle for Owners
Schneider Electric
 

What's hot (20)

Asset Management - what are some of your top priorties?
Asset Management - what are some of your top priorties?Asset Management - what are some of your top priorties?
Asset Management - what are some of your top priorties?
 
Simplifying Data Center Design/ Build
Simplifying Data Center Design/ BuildSimplifying Data Center Design/ Build
Simplifying Data Center Design/ Build
 
Distributech 2015 - Mobile Work management
Distributech 2015 - Mobile Work managementDistributech 2015 - Mobile Work management
Distributech 2015 - Mobile Work management
 
Essential Elements of Data Center Facility Operations
Essential Elements of Data Center Facility OperationsEssential Elements of Data Center Facility Operations
Essential Elements of Data Center Facility Operations
 
Data centers on the Edge
Data centers on the EdgeData centers on the Edge
Data centers on the Edge
 
Preparing for the Future: How Asset Management Will Evolve in the Age of Smar...
Preparing for the Future: How Asset Management Will Evolve in the Age of Smar...Preparing for the Future: How Asset Management Will Evolve in the Age of Smar...
Preparing for the Future: How Asset Management Will Evolve in the Age of Smar...
 
Engineer the Future Now!
Engineer the Future Now!Engineer the Future Now!
Engineer the Future Now!
 
Effect on Substation Engineering Costs of IEC61850 & System Configuration Tools
Effect on Substation Engineering Costs of IEC61850 & System Configuration ToolsEffect on Substation Engineering Costs of IEC61850 & System Configuration Tools
Effect on Substation Engineering Costs of IEC61850 & System Configuration Tools
 
How Warehouse and Distribution Systems (Conveyor systems) are being designed ...
How Warehouse and Distribution Systems (Conveyor systems) are being designed ...How Warehouse and Distribution Systems (Conveyor systems) are being designed ...
How Warehouse and Distribution Systems (Conveyor systems) are being designed ...
 
Panduit Smartzone™ DCIM Solution Details
Panduit Smartzone™ DCIM Solution DetailsPanduit Smartzone™ DCIM Solution Details
Panduit Smartzone™ DCIM Solution Details
 
ADMS (Advanced Distribution Management System)
ADMS (Advanced Distribution Management System)ADMS (Advanced Distribution Management System)
ADMS (Advanced Distribution Management System)
 
Types of Prefabricated Modular Data Centers
Types of Prefabricated Modular Data CentersTypes of Prefabricated Modular Data Centers
Types of Prefabricated Modular Data Centers
 
Datacenter Strategy, Design, and Build
Datacenter Strategy, Design, and BuildDatacenter Strategy, Design, and Build
Datacenter Strategy, Design, and Build
 
Smart Alarming Management
Smart Alarming ManagementSmart Alarming Management
Smart Alarming Management
 
Practical Considerations for Implementing Prefabricated Data Centers
Practical Considerations for Implementing Prefabricated Data CentersPractical Considerations for Implementing Prefabricated Data Centers
Practical Considerations for Implementing Prefabricated Data Centers
 
Data Center Infrastructure Management(DCIM)
Data Center Infrastructure Management(DCIM)Data Center Infrastructure Management(DCIM)
Data Center Infrastructure Management(DCIM)
 
Best Practices for Creating Your Smart Grid Network Model
Best Practices for Creating Your Smart Grid Network ModelBest Practices for Creating Your Smart Grid Network Model
Best Practices for Creating Your Smart Grid Network Model
 
GIS-Based Design for Effective Smart Grid Strategies
GIS-Based Design for Effective Smart Grid StrategiesGIS-Based Design for Effective Smart Grid Strategies
GIS-Based Design for Effective Smart Grid Strategies
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
 
Fundamentals of Managing the Data Center Life Cycle for Owners
Fundamentals of Managing the Data Center Life Cycle for OwnersFundamentals of Managing the Data Center Life Cycle for Owners
Fundamentals of Managing the Data Center Life Cycle for Owners
 

Similar to Ensuring your plant is secure

Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgInformation Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric Vanderburg
Eric Vanderburg
 
Chapter 11 - It’s a Network
Chapter 11 - It’s a NetworkChapter 11 - It’s a Network
Chapter 11 - It’s a Network
Yaser Rahmati
 
CCNAv5 - S1: Chapter11 It's A Network
CCNAv5 - S1: Chapter11 It's A NetworkCCNAv5 - S1: Chapter11 It's A Network
CCNAv5 - S1: Chapter11 It's A Network
Vuz Dở Hơi
 
Chapter 11 : It’s a network
Chapter 11 : It’s a networkChapter 11 : It’s a network
Chapter 11 : It’s a network
teknetir
 
CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11
Irsandi Hasan
 
Government and Education: IT Tools to Support Your Hybrid Workforce
Government and Education: IT Tools to Support Your Hybrid WorkforceGovernment and Education: IT Tools to Support Your Hybrid Workforce
Government and Education: IT Tools to Support Your Hybrid Workforce
SolarWinds
 
CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11
Nil Menon
 
University Management System - UMS-X1 Technical Data
University Management System - UMS-X1 Technical DataUniversity Management System - UMS-X1 Technical Data
University Management System - UMS-X1 Technical Data
Nasser Hassan
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureCloudPassage
 
Security testing in critical systems
Security testing in critical systemsSecurity testing in critical systems
Security testing in critical systems
Peter Wood
 
CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11
Irsandi Hasan
 
Government Webinar: Low-Cost Log, Network Configuration, and IT Monitoring So...
Government Webinar: Low-Cost Log, Network Configuration, and IT Monitoring So...Government Webinar: Low-Cost Log, Network Configuration, and IT Monitoring So...
Government Webinar: Low-Cost Log, Network Configuration, and IT Monitoring So...
SolarWinds
 
CCNA4 Verson6 Chapter7
CCNA4 Verson6 Chapter7CCNA4 Verson6 Chapter7
CCNA4 Verson6 Chapter7
Chaing Ravuth
 
siemens relays catalog - geetech group.pdf
siemens relays catalog - geetech group.pdfsiemens relays catalog - geetech group.pdf
siemens relays catalog - geetech group.pdf
GeeTech Group
 
Cloak your critical industrial control systems before they get hacked
Cloak your critical industrial control systems before they get hackedCloak your critical industrial control systems before they get hacked
Cloak your critical industrial control systems before they get hacked
Tempered
 
Ccna v5-S1-Chapter 11
Ccna v5-S1-Chapter 11Ccna v5-S1-Chapter 11
Ccna v5-S1-Chapter 11
Hamza Malik
 
CCNA (R & S) Module 02 - Connecting Networks - Chapter 7
CCNA (R & S) Module 02 - Connecting Networks - Chapter 7CCNA (R & S) Module 02 - Connecting Networks - Chapter 7
CCNA (R & S) Module 02 - Connecting Networks - Chapter 7
Waqas Ahmed Nawaz
 
Smart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of ThingsSmart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of Things
Creekside Marketing Group, LLC
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
Creekside Marketing Group, LLC
 

Similar to Ensuring your plant is secure (20)

Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82
 
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgInformation Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric Vanderburg
 
Chapter 11 - It’s a Network
Chapter 11 - It’s a NetworkChapter 11 - It’s a Network
Chapter 11 - It’s a Network
 
CCNAv5 - S1: Chapter11 It's A Network
CCNAv5 - S1: Chapter11 It's A NetworkCCNAv5 - S1: Chapter11 It's A Network
CCNAv5 - S1: Chapter11 It's A Network
 
Chapter 11 : It’s a network
Chapter 11 : It’s a networkChapter 11 : It’s a network
Chapter 11 : It’s a network
 
CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11
 
Government and Education: IT Tools to Support Your Hybrid Workforce
Government and Education: IT Tools to Support Your Hybrid WorkforceGovernment and Education: IT Tools to Support Your Hybrid Workforce
Government and Education: IT Tools to Support Your Hybrid Workforce
 
CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11
 
University Management System - UMS-X1 Technical Data
University Management System - UMS-X1 Technical DataUniversity Management System - UMS-X1 Technical Data
University Management System - UMS-X1 Technical Data
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
 
Security testing in critical systems
Security testing in critical systemsSecurity testing in critical systems
Security testing in critical systems
 
CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11
 
Government Webinar: Low-Cost Log, Network Configuration, and IT Monitoring So...
Government Webinar: Low-Cost Log, Network Configuration, and IT Monitoring So...Government Webinar: Low-Cost Log, Network Configuration, and IT Monitoring So...
Government Webinar: Low-Cost Log, Network Configuration, and IT Monitoring So...
 
CCNA4 Verson6 Chapter7
CCNA4 Verson6 Chapter7CCNA4 Verson6 Chapter7
CCNA4 Verson6 Chapter7
 
siemens relays catalog - geetech group.pdf
siemens relays catalog - geetech group.pdfsiemens relays catalog - geetech group.pdf
siemens relays catalog - geetech group.pdf
 
Cloak your critical industrial control systems before they get hacked
Cloak your critical industrial control systems before they get hackedCloak your critical industrial control systems before they get hacked
Cloak your critical industrial control systems before they get hacked
 
Ccna v5-S1-Chapter 11
Ccna v5-S1-Chapter 11Ccna v5-S1-Chapter 11
Ccna v5-S1-Chapter 11
 
CCNA (R & S) Module 02 - Connecting Networks - Chapter 7
CCNA (R & S) Module 02 - Connecting Networks - Chapter 7CCNA (R & S) Module 02 - Connecting Networks - Chapter 7
CCNA (R & S) Module 02 - Connecting Networks - Chapter 7
 
Smart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of ThingsSmart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of Things
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
 

More from Schneider Electric

Secure Power Design Considerations
Secure Power Design ConsiderationsSecure Power Design Considerations
Secure Power Design Considerations
Schneider Electric
 
Digital International Colo Club: Attracting Investors
Digital International Colo Club: Attracting InvestorsDigital International Colo Club: Attracting Investors
Digital International Colo Club: Attracting Investors
Schneider Electric
 
32 phaseo power supplies and transformers briefing
32 phaseo power supplies and transformers briefing 32 phaseo power supplies and transformers briefing
32 phaseo power supplies and transformers briefing
Schneider Electric
 
Key Industry Trends, M&A Valuation Trends
Key Industry Trends, M&A Valuation TrendsKey Industry Trends, M&A Valuation Trends
Key Industry Trends, M&A Valuation Trends
Schneider Electric
 
EcoStruxure™ for Cloud & Service Providers
EcoStruxure™ for Cloud & Service Providers EcoStruxure™ for Cloud & Service Providers
EcoStruxure™ for Cloud & Service Providers
Schneider Electric
 
Magelis Basic HMI Briefing
Magelis Basic HMI Briefing Magelis Basic HMI Briefing
Magelis Basic HMI Briefing
Schneider Electric
 
Zelio Time Electronic Relay Briefing
Zelio Time Electronic Relay BriefingZelio Time Electronic Relay Briefing
Zelio Time Electronic Relay Briefing
Schneider Electric
 
Spacial, Thalassa, ClimaSys Universal enclosures Briefing
Spacial, Thalassa, ClimaSys Universal enclosures BriefingSpacial, Thalassa, ClimaSys Universal enclosures Briefing
Spacial, Thalassa, ClimaSys Universal enclosures Briefing
Schneider Electric
 
Relay Control Zelio SSR Briefing
Relay Control Zelio SSR BriefingRelay Control Zelio SSR Briefing
Relay Control Zelio SSR Briefing
Schneider Electric
 
Magelis HMI, iPC and software Briefing
Magelis HMI, iPC and software BriefingMagelis HMI, iPC and software Briefing
Magelis HMI, iPC and software Briefing
Schneider Electric
 
Where will the next 80% improvement in data center performance come from?
Where will the next 80% improvement in data center performance come from?Where will the next 80% improvement in data center performance come from?
Where will the next 80% improvement in data center performance come from?
Schneider Electric
 
EcoStruxure for Intuitive Industries
EcoStruxure for Intuitive IndustriesEcoStruxure for Intuitive Industries
EcoStruxure for Intuitive Industries
Schneider Electric
 
Systems Integrator Alliance Program 2017
Systems Integrator Alliance Program 2017Systems Integrator Alliance Program 2017
Systems Integrator Alliance Program 2017
Schneider Electric
 
EcoStruxure, IIoT-enabled architecture, delivering value in key segments.
EcoStruxure, IIoT-enabled architecture, delivering value in key segments.EcoStruxure, IIoT-enabled architecture, delivering value in key segments.
EcoStruxure, IIoT-enabled architecture, delivering value in key segments.
Schneider Electric
 
It's time to modernize your industrial controls with Modicon M580
It's time to modernize your industrial controls with Modicon M580It's time to modernize your industrial controls with Modicon M580
It's time to modernize your industrial controls with Modicon M580
Schneider Electric
 
A Practical Guide to Ensuring Business Continuity and High Performance in Hea...
A Practical Guide to Ensuring Business Continuity and High Performance in Hea...A Practical Guide to Ensuring Business Continuity and High Performance in Hea...
A Practical Guide to Ensuring Business Continuity and High Performance in Hea...
Schneider Electric
 
Connected Services Study – Facility Managers Respond to IoT
Connected Services Study – Facility Managers Respond to IoTConnected Services Study – Facility Managers Respond to IoT
Connected Services Study – Facility Managers Respond to IoT
Schneider Electric
 
Telemecanqiue Cabling and Accessories Briefing
Telemecanqiue Cabling and Accessories BriefingTelemecanqiue Cabling and Accessories Briefing
Telemecanqiue Cabling and Accessories Briefing
Schneider Electric
 
Telemecanique Photoelectric Sensors Briefing
Telemecanique Photoelectric Sensors BriefingTelemecanique Photoelectric Sensors Briefing
Telemecanique Photoelectric Sensors Briefing
Schneider Electric
 
Telemecanique Limit Switches Briefing
Telemecanique Limit Switches BriefingTelemecanique Limit Switches Briefing
Telemecanique Limit Switches Briefing
Schneider Electric
 

More from Schneider Electric (20)

Secure Power Design Considerations
Secure Power Design ConsiderationsSecure Power Design Considerations
Secure Power Design Considerations
 
Digital International Colo Club: Attracting Investors
Digital International Colo Club: Attracting InvestorsDigital International Colo Club: Attracting Investors
Digital International Colo Club: Attracting Investors
 
32 phaseo power supplies and transformers briefing
32 phaseo power supplies and transformers briefing 32 phaseo power supplies and transformers briefing
32 phaseo power supplies and transformers briefing
 
Key Industry Trends, M&A Valuation Trends
Key Industry Trends, M&A Valuation TrendsKey Industry Trends, M&A Valuation Trends
Key Industry Trends, M&A Valuation Trends
 
EcoStruxure™ for Cloud & Service Providers
EcoStruxure™ for Cloud & Service Providers EcoStruxure™ for Cloud & Service Providers
EcoStruxure™ for Cloud & Service Providers
 
Magelis Basic HMI Briefing
Magelis Basic HMI Briefing Magelis Basic HMI Briefing
Magelis Basic HMI Briefing
 
Zelio Time Electronic Relay Briefing
Zelio Time Electronic Relay BriefingZelio Time Electronic Relay Briefing
Zelio Time Electronic Relay Briefing
 
Spacial, Thalassa, ClimaSys Universal enclosures Briefing
Spacial, Thalassa, ClimaSys Universal enclosures BriefingSpacial, Thalassa, ClimaSys Universal enclosures Briefing
Spacial, Thalassa, ClimaSys Universal enclosures Briefing
 
Relay Control Zelio SSR Briefing
Relay Control Zelio SSR BriefingRelay Control Zelio SSR Briefing
Relay Control Zelio SSR Briefing
 
Magelis HMI, iPC and software Briefing
Magelis HMI, iPC and software BriefingMagelis HMI, iPC and software Briefing
Magelis HMI, iPC and software Briefing
 
Where will the next 80% improvement in data center performance come from?
Where will the next 80% improvement in data center performance come from?Where will the next 80% improvement in data center performance come from?
Where will the next 80% improvement in data center performance come from?
 
EcoStruxure for Intuitive Industries
EcoStruxure for Intuitive IndustriesEcoStruxure for Intuitive Industries
EcoStruxure for Intuitive Industries
 
Systems Integrator Alliance Program 2017
Systems Integrator Alliance Program 2017Systems Integrator Alliance Program 2017
Systems Integrator Alliance Program 2017
 
EcoStruxure, IIoT-enabled architecture, delivering value in key segments.
EcoStruxure, IIoT-enabled architecture, delivering value in key segments.EcoStruxure, IIoT-enabled architecture, delivering value in key segments.
EcoStruxure, IIoT-enabled architecture, delivering value in key segments.
 
It's time to modernize your industrial controls with Modicon M580
It's time to modernize your industrial controls with Modicon M580It's time to modernize your industrial controls with Modicon M580
It's time to modernize your industrial controls with Modicon M580
 
A Practical Guide to Ensuring Business Continuity and High Performance in Hea...
A Practical Guide to Ensuring Business Continuity and High Performance in Hea...A Practical Guide to Ensuring Business Continuity and High Performance in Hea...
A Practical Guide to Ensuring Business Continuity and High Performance in Hea...
 
Connected Services Study – Facility Managers Respond to IoT
Connected Services Study – Facility Managers Respond to IoTConnected Services Study – Facility Managers Respond to IoT
Connected Services Study – Facility Managers Respond to IoT
 
Telemecanqiue Cabling and Accessories Briefing
Telemecanqiue Cabling and Accessories BriefingTelemecanqiue Cabling and Accessories Briefing
Telemecanqiue Cabling and Accessories Briefing
 
Telemecanique Photoelectric Sensors Briefing
Telemecanique Photoelectric Sensors BriefingTelemecanique Photoelectric Sensors Briefing
Telemecanique Photoelectric Sensors Briefing
 
Telemecanique Limit Switches Briefing
Telemecanique Limit Switches BriefingTelemecanique Limit Switches Briefing
Telemecanique Limit Switches Briefing
 

Ensuring your plant is secure

  • 1. 1 Ensuring Your Plant is Secure Tim Johnson, Cyber Security Consultant
  • 2. The Foxboro EvoTM Process Automation System Addressing the needs across your operation today and tomorrow. Confidential Property of Schneider Electric 2
  • 3. 3 Industrial Control Systems Why Cyber Security Why Now
  • 4. Industrial Control System Cyber Security Headlines Confidential Property of Schneider Electric 4
  • 5. Industrial Control System Cyber Security In a “post-Stuxnet” world, a lot of attention is being given to the Industrial Control Systems running task for critical infrastructure and important manufacturing processes. Much of this attention is caused by a new wave of security research being performed on the security vulnerabilities that many of these systems possess. It is one thing to say that a system has security vulnerabilities, but it is something entirely different to say that the system is insecure,” http://www.securitybistro.com Confidential Property of Schneider Electric 5
  • 6. Industrial Control System Cyber Security Impact •More Corporate/Regulatory Compliance •Requirements to Reduce Environmental and Financial Risk •Decreases Plant Safety •Non-Secure Plant to the Enterprise Network Connections •Increased Downtime •Decreased Network Performance Confidential Property of Schneider Electric 6
  • 7. 7 Industrial Control Systems Protect
  • 8. Industrial Control System Cyber Security Basics Seven Building Blocks Required for Cyber Security 1. Identify what should be protected • Identify what is Critical to the Process 2. Electronic Access Controls • Firewall Network Segmentation 3. User Access Controls • Least Privilege Methodology for Users 4. Patching • OS and Software 5. Anti-Virus • Advanced Anti-Virus technologies i.e. Device Control 6. Disaster Recovery (Backups) • Backup & Recovery Planning 7. Logging & Alerting • Failed and Successful Logins Confidential Property of Schneider Electric 8
  • 9. Industrial Control Systems Best Practices *Network Segregation *Electronic Access Point Access Controls *System Hardening Confidential Property of Schneider Electric 9
  • 10. Industrial Control Systems Best Practices - Continued *Network Segregation *Electronic Access Point Access Controls *System Hardening *User Access Controls *Malicious Software Prevention - Antivirus - Device Control *Patching Server *Backups *Performance Monitoring & Alerting *Logging Server Confidential Property of Schneider Electric 10
  • 11. 11 Industrial Control Systems Maintain
  • 12. Industrial Control Systems Centralized Cyber Management Management Server *Malicious Software Prevention - Antivirus - Device Control *Patching Server *Backups *Performance Monitoring & Alerting *Malicious Software Prevention *Patching Server *Centralized Backups *Malicious Software Prevention Confidential Property of Schneider Electric 12
  • 13. 13 Foxboro EvoTM Process Automation System Cyber Security
  • 14. Foxboro EvoTM Enabling Cyber Security Product Features for Secure Deployments: – McAfee ePO Centralized Management and configuration for: • Anti-Virus Settings and DAT updates based on Computer memberships • Advanced protections based on users, security groups and computer memberships • Data Loss Prevention (Removable Media/USB device controls) • Whitelisting – Centralized Account Management for Operating System (Active Directory) • Ability to utilize single or shared user account methodologies • Operating System GUI set based on user login • Computer Security Settings set by simple drag and drop methodogy – System Access Controls for Users and Computers Management (Active Directory GPOs) • Locked Windows GUI • Preliminary Operating System Hardening – System configuration Baseline and Reports (Station Assessment Tool “SAT”) – Backup and Recovery (BESR) Confidential Property of Schneider Electric 14
  • 15. Foxboro EvoTM Looking to the Future Adopting New Technologies: – Virtualization for Foxboro Stations: • Helps lower cost for maintain cyber security programs – Less hardware to track, maintain and warrantee – Snapshot recovery facilitates patching programs – Snapshot recovery reduces dependence on similar hardware and reduces system recovery times – Single Active Directory Deployment Methodologies • Off MESH and Existing Active Directory Integration support as standard product feature – Leverage existing DCS Active Directory Installations – Create new Active Directory deployments for managing user access controls across your whole plant – McAfee ePO Advanced Threat Management Mitigitations • Application Whitelisting • File Integrity Control Confidential Property of Schneider Electric 15
  • 16. 16 Industrial Control Systems Critical Infrastructure Security Practice (CISP)
  • 17. CISP Operation Technology • Experienced with IT technologies but with a Industrial Control System mindset • Bridge technology gap for today’s heavily technology based Process Automation Systems • Providing Cyber Security and Technology services for Industrial Control Systems since 2001 • CISP Consultants are focused on Critical Infrastructure Market • Cyber Security implementations across varying industries • Cyber Security and Technology solutions covering your whole Plant • Vendor Independent Cyber Security Solutions Confidential Property of Schneider Electric 17
  • 18. CISP Services & Solutions • Expanding Cyber Security for Foxboro EvoTM • Foxboro EvoTMCyber Security integration into Non-Foxboro systems • Advanced Active Directory integration • Network Alarming and Event Management • Patching solutions for Foxboro and Non-Foxboro systems • Technology Assessments and Remediation • Cyber Security Assessments and Remediation • NERC CIP Workshops • Services and Solutions for meeting Corporate Cyber Security requirements placed on Industrial Control Systems Confidential Property of Schneider Electric 18
  • 19. 19 Ensuring Your Plant is Secure Putting it all together
  • 20. Ensuring Your Plant is Secure *Cyber Security implementation capable of supporting other Vendors *Ability to Integrate Active Directory (Plant Wide Active Directory Solution) *Network Segmentation *MGT Server for Centralized Server Dedicated to Cyber Security Task (Plant Wide Solution) - ePO Server, Patching Server, Logging Server, Centralized Backup Repository, Performance Monitoring and Alerting *Thin Clients lowering Management and Maintenance cost *Relay Zone Server Creates a Bastion Host limiting Direct Access from Un-Trusted Networks to DCS Trusted Networks - Dedicated to RDP access only - View only or Engineering Server Options - Additional Active Directory security measure may be implemented Confidential Property of Schneider Electric 20
  • 21. Ensuring Your Plant is Secure Schneider Electric Cyber Security Asset Identification CISP Cyber Solutions Your Plant is Secure User Access Controls Electronic Access Controls Logging Network Design & Management Backup and Restoration Anti Malware Patching Platform Hardening Foxboro EvoTM Cyber Security Confidential Property of Schneider Electric 21
  • 22. 22 ©2014 Schneider Electric. All Rights Reserved. All trademarks are owned by Schneider Electric Industries SAS or its affiliated companies or their respective owners.