ie-net ingenieursvereniging vzw, profile picture
Uploaded byie-net ingenieursvereniging vzw
PDF, PPTX1,153 views

Hima cyber security

HIMA specializes in safety solutions, contributing to plant safety and operational availability through innovative safety systems and life cycle services. The document highlights the importance of functional safety and cybersecurity in industrial control systems, outlining the need for robust safety measures to mitigate risks associated with cyber threats. It emphasizes the integration of safety and security strategies to ensure the protection of industrial processes and assets.

Embed presentation

Download as PDF, PPTX
HIMA Cyber Security Josse Brys Senior Manager Sales and Regional Development Antwerpen 25 October 2018
© HIMA Paul Hildebrandt GmbH 2017 2 HIMA Mission Our Mission is to contribute to Plant Safety and Operational Availability by implementing unique Smart Safety Solutions and life cycle Services
3 HIMA History 1908 1936 1950 1965 1970 1986 1997 1999 2008 20131929 2017
4 HIMA: The leading Expert in Safety Solutions ▪ Headquarters in Germany Brühl ▪ Worldwide local service and support ▪ Over 40,000 safety systems installed ▪ More then 800 people dedicated to safety ▪ R&D investment with 125 experts
© HIMA Paul Hildebrandt GmbH 2018 5 Experienced recently while being airborne … • How would you feel? • Would you be worried? • Will the plane be in trouble?
- autonomous, computer-based devices, used extensively in: - oil refining, - chemical processing, - electrical generation - other industries where the creation of a product is based on a continuous series of processes being applied to raw materials. 6© HIMA Paul Hildebrandt GmbH 2018 Industrial Control Systems (ICS) is: By deploying and programming ICS devices, engineers have the ability to remotely monitor and control the different variables of the industrial process. Supervisory Control and Data Acquisition (SCADA) systems, or distributed control systems (DCS), and programmable logic controllers (PLCs))
A subcategory of ICS, and is used to protect - humans, - industrial plants - and the environment in case of a monitored process going beyond the allowed control margins. 7© HIMA Paul Hildebrandt GmbH 2018 Safety Instrumental Systems (SIS) is: These devices are not intended for controlling the process itself, but rather provide an overriding signal, so that immediate actions are taken if the process control systems fail.
© HIMA Paul Hildebrandt GmbH 2017 8 What makes HIMA unique? Safety solutions Other companies HIMA understands Safety better than any other company Automation Solutions Smart Safety solutions Safety is our DNA
© HIMA Paul Hildebrandt GmbH 2017 9 Safeguards your plant/operations 9 e.g. pressure relief valve Public and plant-specifc measures e.g. retention basin SIS (safety instrumented system) DCS / BPCS and people DCS / BPCS Disaster prevention Damage mitigation Mechanical protection MonitoringProcess alarm Safety instrumented systemSafety shutdown Operation Monitored Process value Cyber Security M I T I G A T I O N P R E V E N A T I O N
© HIMA Group 2018 10 Functional Safety Standards
© HIMA Group 2018 11 SIL - Safety Integrity Level SIL is how we measure the performance of safety functions carried out by the safety instrumented systems ‣ Process owners: Which safety functions do I need and how much SIL do I need? ‣ Engineering companies, system integrators, product developers: How do I build SIL compliant safety devices, functions or systems? ‣ Process operators: How do I operate, maintain and repair safety functions and systems to maintain the identified SIL levels? SIL has 3 sides to the story
© HIMA Group 2018 12 SIL Levels Risk reduction
© HIMA Group 2018 13 SIL Levels PFDavg = Probability of Failure on Demand average Most famous SIL requirement is the Probability of Failure on Demand
14 Cyber security Risksecurity = threat * vulnerability * potential of the damage Functional safety Risksafety = probability of a damage * potential of the damage World Sys. Safety + What is Safety World Sys. World Sys.
It takes two to Tango: Safety and Security
© HIMA Group 2018 16 100% GUARANTEE See IEC 61508. Measures to reduce risk to tolerable level once (and for ever) for Safety there is none for Security there is none See IEC 62443. Programmable Safety Systems can be compromised.
AvoidanceofFailures Security (andothertechnology- dependentaspects) ControlofFailures ReliabilityEvaluation Management of Functional Safety 17 How to be prepared to tango Safe Operation © HIMA Paul Hildebrandt GmbH 2018
18 Safety and security interacting closely, nevertheless 1. Both are focused on totally different aspects 2. Safety and security recommendations have no automatic correlation 3. Alignment of safety and security requires a special strategy To tango requires common understanding © HIMA Paul Hildebrandt GmbH 2018
19 Principle 1: Protection of safety functions Security effectively prevents safety against negative influences of threats. Safety evaluations are based on the assumption of effective security measures. Principle 2: Compatibility of implementations Security does not interfere with safety and vice versa. Principle 3: Protection of security countermeasures The safety implementations do not negatively compromise the effectiveness of security implementations. Source: IEC/TR 63069 Guiding principles of applying Safety & Security IEC 61508 & IEC 62443 Alignment of both dancing partners © HIMA Paul Hildebrandt GmbH 2018
20 Reviewed in Safety Lifecycle Intervals Safety Design Security Design Secure Safety Setup Security Setup Security Environment • To protect the perimeters of the Security environment • To protect the internal Interactions • To protect the individual functional units Reviewed in Security Lifecycle Intervals 1. Updates in years 2. Focus on malfunctions 3. Looking at (own) operational experiences I. Updates in weeks II. Focus on vulnerabilities III. Looking at community experiences Coordination of both Lifecycles Our tango lasts longer © HIMA Paul Hildebrandt GmbH 2018
HIMA Security Environment for Functional Safety HIMA Secure Safety Core 21 Cyber secure down to its core Gateway CPU I/O COM Interface Interface4..20 mA HART DCS Information Domain HIMA MMI Plant Security Zone © HIMA Paul Hildebrandt GmbH 2018 DCS – Automation Domain HIMA
ZONE DZONE C ZONE B ZONE A 22 MES OfficeVirtual Plant WWW ENG/MAIN FieldbusHART4..20 mA Level 0: Instrumentation Level 1: Real Time Data Processing Level 2: MMI/Maintenance Level 3: Local Office ERP (local) Level 4: WWW ERP (global) SIS, HARTSIS Zones & Conduits (IEC 62443) Historian AA A A A © HIMA Paul Hildebrandt GmbH 2018
Do you have full visibility of the risks on your SIS / IOT system? 23© HIMA Paul Hildebrandt GmbH 2018
You think it will never happens to me.. Until you are the target.. 24© HIMA Paul Hildebrandt GmbH 2018
25© HIMA Paul Hildebrandt GmbH 2018 - Common vulnerability (e.g. SQL injection) - Zero-day exploit - USB keys - Insider threat - Physical access to devices - Interactive social engineering - Spear Phising Common Attack methods:
© HIMA Group 2018 26 See Netflix film: LO and Behold: Reveries of the connected World From 53 min
27© HIMA Paul Hildebrandt GmbH 2018 Petya-ransomware Attack 2017 – Again Only this time a Worldwide hack Cyber attacks are real
28© HIMA Paul Hildebrandt GmbH 2018 Russia GRU caught hacking into OPCW via WIFI October 2018 Example of the WIFI hack Cyber attacks are real
29 Cyber attacks are real
30 Cyber attacks are real
© HIMA Group 2018 31 Cyber attacks are real www.meltdownattack.com www.github.com/ICSrepo/TRISIS-TRITON-HATMAN Incident Summary The attacker gained remote access to an SIS engineering workstation and deployed the TRITON attack framework to reprogram the SIS controllers Triton /Trisis/ HATMAN December 2017 Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure
© HIMA Group 2018 32 MELTDOWN / SPECTRE January 2018 • Critical weak points in chip hardware weaken nearly all IT systems worldwide. (CPU chips) • HIMA operating systems strictly segregate the memory they access. • Meltdown and Spectre have no effect on HIMA security systems! Cyber attacks are real www.meltdownattack.com
33© HIMA Paul Hildebrandt GmbH 2018 The malware also named Trojan-Spy.0485 or Malware-Cryptor.Win32.Inject.gen.2 The drivers where registered in the virus database under the name Rootkit.TmpHider and SScope.Rootkit.TmpHider.2 Uranium Plant - Iran Cyber attacks are real Stuxnet Let’s look in detail Stuxnet
34 Stuxnet
© HIMA Group 2018 35 Stuxnet Targets specific Siemens PLC • Each PLC must be configured before use • Configuration is stored in system data blocks (SDB) • Stuxnet parses these blocks • Look for magic bytes 2C CB 00 01 at offset 50h • Signifies a Profibus network card is attached - CP 342-5 • Looks for 7050h and 9500h • Must have more than 33 of these values • Injects different code based on number of occurrences
© HIMA Group 2018 36 Stuxnet Programming the PLC • Simatic or Step 7 software used to write code in STL • STL code is compiled to MC7 byte code • MC7 byte code is transferred to the PLC • Control PC can now be disconnected
© HIMA Group 2018 37 Stuxnet Stuxnet: Man-in-the-Middle Attack on PLCs • Step7 uses a library to access the PLC S7otbxdx.dll • Stuxnet replaces that dll with its own version • Stuxnet version intercepts, read and write to the PLC and changes the code at this point. Request code block from PLC Show code block from PLC to user Modified STL code block Step7 S7blk_read STL code block S7otbxdx.dll STL code block PLC
© HIMA Group 2018 38 Stuxnet • Stuxnet: C7 Byte code • Malicoius dll contains at least 70 blobs of data • They are binary and encoded • These are actually blocks of MC7 byte code • This is the code that is injected into the PLC's • Must be converted back to STL to understand it
© HIMA Group 2018 39 Stuxnet • OB1 and OB35 Stuxnet changes these blocks • OB1 = main on PLCs -Stuxnet inserts its own code at the beginning of OB1 so it runs first • OB35 is a 100ms interrupt routine - Used to monitor inputs that would require fast action - Stuxnet infects OB35 too • Stuxnet will return clean versions of these functions when they are read from the PLC
© HIMA Group 2018 40 Stuxnet 15000 lines of code
© HIMA Group 2018 41 Stuxnet 984 centrifuges (unhappy) Electrical IO Reality blocker PLC program (happy)
© HIMA Group 2018 42 Last Security Incidents www.meltdownattack.com www.github.com/ICSrepo/TRISIS-TRITON-HATMAN Wetware The Human Factor
© HIMA Group 2018 43 See Netflix film: LO and Behold: Reveries of the connected World From 59 min
44© HIMA Paul Hildebrandt GmbH 2018 Again, are you sure – that you are Secure?
45© HIMA Paul Hildebrandt GmbH 2018 - Every Week? How often do you monitor your : - Procedures - Policies - 3rd Party Hard- and Software Vendors - Cause & Effects - KPI’s - Log files - Security Reports - Risk Assessments - Every Month? - Never?
46© HIMA Paul Hildebrandt GmbH 2018 How can you reduce the risk and protect your SIS / IOT Environments? - Build higher walls - Industrial Control System (ICS) Security will save you - Adopt a new thinking
47© HIMA Paul Hildebrandt GmbH 2018 How become from Reactive to Proactive?
48 Example cases of Cyber Security Risks © HIMA Paul Hildebrandt GmbH 2018
49 SIS Awareness Concept – Example 1 Broken SIS Engineering Station swapped (temporarily) with a Back Office workstation © HIMA Paul Hildebrandt GmbH 2018
SIS IT-Infrastructure BPCS/DCS/HMI Peripherals Extended SIS Zone SIS Engineering Station SIS OPC Server & HMI COM CPU IO SIS Network (safeethernet) Core SIS Zone Field Devices 50 SIS Awareness Concept – Example 1 © HIMA Paul Hildebrandt GmbH 2018
SIS IT-Infrastructure BPCS/DCS/HMI Peripherals Extended SIS Zone SIS Engineering Station SIS OPC Server & HMI COM CPU IO SIS Network (safeethernet) Core SIS Zone Field Devices 51 SIS Awareness Concept – Example 1 © HIMA Paul Hildebrandt GmbH 2018
SIS IT-Infrastructure BPCS/DCS/HMI Peripherals Extended SIS Zone SIS OPC Server & HMI COM CPU IO SIS Network (safeethernet) Core SIS Zone Field Devices 52 SIS Awareness Concept – Example 1 © HIMA Paul Hildebrandt GmbH 2018
SIS IT-Infrastructure BPCS/DCS/HMI Peripherals Extended SIS Zone ‘Temp.’ Replace Back Office Station SIS OPC Server & HMI COM CPU IO SIS Network (safeethernet) Core SIS Zone Field Devices 53 SIS Awareness Concept – Example 1 © HIMA Paul Hildebrandt GmbH 2018
SIS IT-Infrastructure BPCS/DCS/HMI Peripherals Extended SIS Zone ‘Temp.’ Replace Back Office Station SIS OPC Server & HMI COM CPU IO SIS Network (safeethernet) Core SIS Zone Field Devices 54 SIS Awareness Concept – Example 1 Internet © HIMA Paul Hildebrandt GmbH 2018
55 SIS Awareness Concept – Example 2 Undetected switch/Router in your SIS © HIMA Paul Hildebrandt GmbH 2018
SIS IT-Infrastructure BPCS/DCS/HMI Peripherals Extended SIS Zone SIS Engineering Station SIS OPC Server & HMI COM CPU IO SIS Network (safeethernet) Core SIS Zone Field Devices 56 SIS Awareness Concept – Example 2 © HIMA Paul Hildebrandt GmbH 2018
SIS IT-Infrastructure BPCS/DCS/HMI Peripherals Extended SIS Zone SIS OPC Server & HMI COM CPU IO SIS Network (safeethernet) Core SIS Zone Field Devices 57 SIS Awareness Concept – Example 2 © HIMA Paul Hildebrandt GmbH 2018
SIS IT-Infrastructure BPCS/DCS/HMI Peripherals Extended SIS Zone Unmanaged Switch / Router SIS OPC Server & HMI COM CPU IO SIS Network (safeethernet) Core SIS Zone Field Devices 58 SIS Awareness Concept – Example 2 SIS Engineering Station © HIMA Paul Hildebrandt GmbH 2018
SIS IT-Infrastructure BPCS/DCS/HMI Peripherals Extended SIS Zone Unmanaged Switch / Router SIS OPC Server & HMI COM CPU IO SIS Network (safeethernet) Core SIS Zone Field Devices 59 SIS Awareness Concept – Example 2 SIS Engineering Station Un- controlled Network Devicees © HIMA Paul Hildebrandt GmbH 2018
SIS IT-Infrastructure BPCS/DCS/HMI Peripherals Extended SIS Zone Unmanaged Switch / Router SIS OPC Server & HMI COM CPU IO SIS Network (safeethernet) Core SIS Zone Field Devices 60 SIS Awareness Concept – Example 2 SIS Engineering Station Internet Un- controlled Network Devicees © HIMA Paul Hildebrandt GmbH 2018
© HIMA Paul Hildebrandt GmbH 2018 61  Actual Cyber Security threats No clear/Not up to date of:  - Policies; - Procedures; - Network drawing; - IP Database; - Backup; Disaster Recovery - Actual Hardware registration; - Actual in- and external User Accounts;  - Registration of visitors; No Supervision of Visitors;  - CTTV; Door; Keys; Batch-IDs; USB-Sticks;  - Open Unused Switch Ports; Network Device Registration; Up-to-Date Network Drawings  Tampering with these systems can lead to:  You need to know, who is who in the Office & don’t leave them (alone) in Restricted Area’s  Possibly environmental disasters, due to loss of data  … Equipment damage  Production loss  Loss of valuable production recipes and installation data Awareness of Cyber Security in SIS / OT environments
© HIMA Paul Hildebrandt GmbH 2018 62 Nowadays Threats • Software Bugs • Unauthorized physical access • Unauthorized network access • Abuse (e.g. disgruntled employee) • Human error (e.g. No virus check on USB) Awareness of Cyber Security in SIS / OT environments
© HIMA Paul Hildebrandt GmbH 2018 63 Actual Cyber Security threats  The BadUSB attack 2.0 A few weeks ago, a new version of this BadUSB attack is already found which this time only requires a USB cable, such as charge cable for your smartphone. The cable continues to retain the ability to charge the connected device, but on the side of the computer it acts as a Human Input Device (HID), such as a keyboard or mouse and then it will install malicious software Awareness of Cyber Security in SIS / OT environments
64© HIMA Paul Hildebrandt GmbH 2018 Minimum Effort – Maximum Security Awareness of Cyber Security in SIS / OT environments
SIS COM CPU IO SIS Network (safeethernet) Core SIS Zone Field Devices 65 Awareness of Cyber Security in SIS / OT environments © HIMA Paul Hildebrandt GmbH 2018
Extended SIS Zone SIS Engineering Station SIS COM CPU IO SIS Network (safeethernet) Core SIS Zone Field Devices 66 SIS OPC Server & HMI Protection needed Awareness of Cyber Security in SIS / OT environments © HIMA Paul Hildebrandt GmbH 2018
SIS IT-Infrastructure BPCS/DCS/HMI Peripherals Extended SIS Zone SIS Engineering Station SIS OPC Server & HMI COM CPU IO SIS Network (safeethernet) Core SIS Zone Field Devices 67 Protection needed Firewall & VLAN Technology SIS Awareness Concept – Zones and Conduits © HIMA Paul Hildebrandt GmbH 2018
68 SIS Awareness Scope of Support Assets - SIS - Engineering Station - OPC Server Station - Tofino Firewall Technology - Hirschmann VLAN Technology - Network Infrastructure … Policies & Procedures - Hardening - Patch Management - User Management - Logging Management - Change Management - Verification - Backup/Restore … Detail Definition - Hardware (LSM) - Software (Off-Line) Patches - Windows - Antivirus Software - Patches / Firmware - Network Overview (As-Build) - Documentation - Organisation - Users - … © HIMA Paul Hildebrandt GmbH 2018
• Maintain integrity of SIS to its designed functionality Overview on the current status of the SIS • Comply with regulatory requirements Practical base for improvements or further IT/OT risk assessments • Manage risk Help to reveal undetected vulnerabilities of the SIS Network before a plant disruption or malfunction • Expertise of independent Cyber Security Specialists Safety focus ensure that SIS specific configurations are covered SIS Awareness Benefits 69© HIMA Paul Hildebrandt GmbH 2018
© HIMA Group 2018 70 HIMA Security MeasuresSecurity in Safety Instrumented Systems Source: NAMUR NA 163
© HIMA Group 2018 71 HIMA Security Measures PC-Infrastructure Controller Hardware and Firmware Lifecycle Management Engineering ToolCommunication Infrastructure SIS, HARTSIS A A Security in ICS depends on five areas
© HIMA Group 2018 72 • 100% HIMA Software • Extremely low software error rate (similar to military and aircraft) • Automated code analysis • Unused ethernet ports locked physically • No access to program code during operation • No backdoors • No common cause failures SIS/BPCS • … Controller Hardware and Firmware
© HIMA Group 2018 73 • 100% HIMA Software • Single-purpose Engineering tool • Proprietory database file for efficient Recovery Backup • Two-factor authentication for project and controller data • Diagnoses and time stamps cannot be deleted (audit trail) • Key switches for RELOAD, FORCE, READ possible • Monitoring of program changes • Enforced change of passwords • Well-defined User management incl. Security Admin Role • Function blocks with password protection (locking/read-only) Engineering Tool
© HIMA Group 2018 74 • Secure BIOS Management • Reduced access rights • Only required Windows services activated • No double-use of Engineering- and Office Laptops • Minimal set of application programs • Intelligent Password management • … PC Infrastructure
© HIMA Group 2018 75 • Separated protection layers between CPU and COM – Modules • Proprietory and superior protocol for controller communication: SafeEthernet • Achilles-Certificate by Wurldtech • Consequent separation of networks in each installation • Tap-proof controler communication • … Communication Infrastructure
© HIMA Group 2018 76 • HIMA Group Company • ISO 27001 Certification ongoing • Security Certification (Achilles, ISASecure EDSA, TÜV, …) • Penetration-testing (Customers, Service-providers, Universities) • Need-to-know principle: Access to source code and internal documents restricted to developers • Separate development network • Active collaboration in standardization committees like IEC and OpenGroup • Services for our customers • Security is integral part of HIMA Services and Engineering • Basic Security Check of HIMA safety systems • System hardening of safety systems and safety system environments Lifecycle Management
© HIMA Group 2018 77 www.meltdownattack.com www.github.com/ICSrepo/TRISIS-TRITON-HATMAN Fiber optic cable Cyber secure?
© HIMA Group 2018 78 https://www.youtube.com/watch?v=bnzeyBK3kAY
© HIMA Paul Hildebrandt GmbH 2018 79 Summary • Safety and cyber security are connected • Cyber security needs your attention • Separate safety from operations • Think not only about the hardware
© HIMA Group 2018 80 Josse Brys E-mail: info@hima.com Internet: www.hima.com HIMA Group Albert-Bassermann-Str. 28 68782 Brühl, Germany Phone: +49 6202 709-0 Fax: +49 6202 709-107 Thank You. J.brys@hima.com

More Related Content

PPTX
SC-900 Intro
byFredBrandonAuthorMCP
 
PDF
introduction to Azure Sentinel
byRobert Crane
 
PPTX
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
byFredBrandonAuthorMCP
 
PDF
Secure Systems Security and ISA99- IEC62443
byYokogawa1
 
PDF
Enterprise Identity and Access Management Use Cases
byWSO2
 
PDF
Best Practices for Implementing Data Loss Prevention (DLP)
bySarfaraz Chougule
 
PPTX
SC-900 Capabilities of Microsoft Compliance Solutions
byFredBrandonAuthorMCP
 
PPTX
ISA/IEC 62443: Intro and How To
byJim Gilsinn
 
SC-900 Intro
byFredBrandonAuthorMCP
 
introduction to Azure Sentinel
byRobert Crane
 
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
byFredBrandonAuthorMCP
 
Secure Systems Security and ISA99- IEC62443
byYokogawa1
 
Enterprise Identity and Access Management Use Cases
byWSO2
 
Best Practices for Implementing Data Loss Prevention (DLP)
bySarfaraz Chougule
 
SC-900 Capabilities of Microsoft Compliance Solutions
byFredBrandonAuthorMCP
 
ISA/IEC 62443: Intro and How To
byJim Gilsinn
 

What's hot

PDF
Cybersecurity roadmap : Global healthcare security architecture
byPriyanka Aash
 
PDF
Kaseya msp starterguide
byeveryd
 
PPT
Information Security Management Systems(ISMS) By Dr Wafula
byDiscover JKUAT
 
PPTX
SC-900 Capabilities of Microsoft Security Solutions
byFredBrandonAuthorMCP
 
PPTX
SC-900 Concepts of Security, Compliance, and Identity
byFredBrandonAuthorMCP
 
PPTX
MS. Cybersecurity Reference Architecture
byangelohammond
 
PDF
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
byJiunn-Jer Sun
 
PPT
Lesson 3
byMLG College of Learning, Inc
 
PDF
Security architecture
byDuncan Unwin
 
PPT
Secure by design and secure software development
byBill Ross
 
PPSX
Application Security: AI LLMs and ML Threats & Defenses
byRobert Grupe, CSSLP CISSP PE PMP
 
PDF
1. Security and Risk Management
bySam Bowne
 
PPT
Physical Security.ppt
bymaritesalcantara5
 
PPTX
Risk Assessment and Threat Modeling
bysedukull
 
PPTX
Cyber Security Best Practices
byEvolve IP
 
PDF
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
byElasticsearch
 
PPTX
Security operation center
byMuthuKumaran267
 
PDF
Modern Devices Management
byAtanas Gergiminov
 
PDF
NIST Cybersecurity Framework 101
byErick Kish, U.S. Commercial Service
 
PDF
Information Security Benchmarking 2015
byCapgemini
 
Cybersecurity roadmap : Global healthcare security architecture
byPriyanka Aash
 
Kaseya msp starterguide
byeveryd
 
Information Security Management Systems(ISMS) By Dr Wafula
byDiscover JKUAT
 
SC-900 Capabilities of Microsoft Security Solutions
byFredBrandonAuthorMCP
 
SC-900 Concepts of Security, Compliance, and Identity
byFredBrandonAuthorMCP
 
MS. Cybersecurity Reference Architecture
byangelohammond
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
byJiunn-Jer Sun
 
Lesson 3
byMLG College of Learning, Inc
 
Security architecture
byDuncan Unwin
 
Secure by design and secure software development
byBill Ross
 
Application Security: AI LLMs and ML Threats & Defenses
byRobert Grupe, CSSLP CISSP PE PMP
 
1. Security and Risk Management
bySam Bowne
 
Physical Security.ppt
bymaritesalcantara5
 
Risk Assessment and Threat Modeling
bysedukull
 
Cyber Security Best Practices
byEvolve IP
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
byElasticsearch
 
Security operation center
byMuthuKumaran267
 
Modern Devices Management
byAtanas Gergiminov
 
NIST Cybersecurity Framework 101
byErick Kish, U.S. Commercial Service
 
Information Security Benchmarking 2015
byCapgemini
 

Similar to Hima cyber security

PDF
Industrial networks safety & security - e+h june 2018 ben murphy
byPROFIBUS and PROFINET InternationaI - PI UK
 
PDF
Cybersecurity for Industrial Control Systems SCADA DCS PLC HMI and SIS 1st Ed...
bypatenekernaf
 
PDF
DTS Solution - SCADA Security Solutions
byShah Sheikh
 
PPT
Cybersecurity for Control Systems: Current State and Future Vision pt.1
byEnergySec
 
PPT
Control system including PLC cybersecurity
byDr.Maged Mikhail
 
PDF
Conférence ENGIE ACSS 2018
byAfrican Cyber Security Summit
 
PPTX
THE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDS
byiQHub
 
PDF
Industrial Control Security USA Sacramento California Oct 13/14
byJames Nesbitt
 
PDF
Cybersecurity for Industrial Control Systems SCADA DCS PLC HMI and SIS 1st Ed...
bysoulefsunek
 
PDF
PMCD Fall 2015 Newsletter
bySandeep Raju
 
PDF
Cybersecurity For Industrial Control Systems Scada Dcs Plc Hmi And Sis 1st Ed...
byjnjnoguu1594
 
PDF
ICS security
byAhmed Shitta
 
PPTX
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
byDawn Yankeelov
 
PDF
Cybersecurity for Industrial Control Systems SCADA DCS PLC HMI and SIS 1st Ed...
byhlpxqgnhw2011
 
PPT
Power Grid Communications & Control Systems
byfajjarrehman
 
PDF
How to Get into ICS Security byChris Sistrunk
byEC-Council
 
PPTX
Hacker Halted 2016 - How to get into ICS security
byChris Sistrunk
 
PDF
115.pdf
byAhmHamza
 
PPTX
Ics presentation
by🖥 Chad Hunter
 
PDF
Sb securing-industrial-control-systems-with-fortinet
byIvan Carmona
 
Industrial networks safety & security - e+h june 2018 ben murphy
byPROFIBUS and PROFINET InternationaI - PI UK
 
Cybersecurity for Industrial Control Systems SCADA DCS PLC HMI and SIS 1st Ed...
bypatenekernaf
 
DTS Solution - SCADA Security Solutions
byShah Sheikh
 
Cybersecurity for Control Systems: Current State and Future Vision pt.1
byEnergySec
 
Control system including PLC cybersecurity
byDr.Maged Mikhail
 
Conférence ENGIE ACSS 2018
byAfrican Cyber Security Summit
 
THE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDS
byiQHub
 
Industrial Control Security USA Sacramento California Oct 13/14
byJames Nesbitt
 
Cybersecurity for Industrial Control Systems SCADA DCS PLC HMI and SIS 1st Ed...
bysoulefsunek
 
PMCD Fall 2015 Newsletter
bySandeep Raju
 
Cybersecurity For Industrial Control Systems Scada Dcs Plc Hmi And Sis 1st Ed...
byjnjnoguu1594
 
ICS security
byAhmed Shitta
 
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
byDawn Yankeelov
 
Cybersecurity for Industrial Control Systems SCADA DCS PLC HMI and SIS 1st Ed...
byhlpxqgnhw2011
 
Power Grid Communications & Control Systems
byfajjarrehman
 
How to Get into ICS Security byChris Sistrunk
byEC-Council
 
Hacker Halted 2016 - How to get into ICS security
byChris Sistrunk
 
115.pdf
byAhmHamza
 
Ics presentation
by🖥 Chad Hunter
 
Sb securing-industrial-control-systems-with-fortinet
byIvan Carmona
 

More from ie-net ingenieursvereniging vzw

PDF
Ultrasoon_Clamp-on.pdf
byie-net ingenieursvereniging vzw
 
PDF
Elektromagnetische_debietmeters.pdf
byie-net ingenieursvereniging vzw
 
PDF
SGS Skybase (NL) .pdf
byie-net ingenieursvereniging vzw
 
PDF
VEGA-Radar vs US-26APR2022-NL.pdf
byie-net ingenieursvereniging vzw
 
PDF
From process to emission
byie-net ingenieursvereniging vzw
 
PDF
Contactloos volume flow meting op transportbanden (ENG.)
byie-net ingenieursvereniging vzw
 
PDF
Connecting fieldbus power and knowledge
byie-net ingenieursvereniging vzw
 
PDF
Frequentieregelaars
byie-net ingenieursvereniging vzw
 
PDF
Breekplaten beademingsmachines vlamdover (NED.)
byie-net ingenieursvereniging vzw
 
PDF
Veiligheden rond de tank
byie-net ingenieursvereniging vzw
 
PDF
Veiligheden rond de tank
byie-net ingenieursvereniging vzw
 
PDF
Vik g.haekens-atex risico evaluatie
byie-net ingenieursvereniging vzw
 
PDF
Hoe maak ik de omgeving van mijn opslagtank veilig efficient
byie-net ingenieursvereniging vzw
 
PDF
Checklist tankcontrole 2018 bacd
byie-net ingenieursvereniging vzw
 
PDF
Controle en ingebruikname van uw opslagtank
byie-net ingenieursvereniging vzw
 
PDF
Certainly not explosive (Eng)
byie-net ingenieursvereniging vzw
 
PDF
Elektrische installaties in ruimtes met stofexplosiegevaar (Nl.)
byie-net ingenieursvereniging vzw
 
PDF
Elektrische installaties in ruimtes met stofexplosiegevaar (1.3 Mb) (Nl.)
byie-net ingenieursvereniging vzw
 
PDF
Tuev sued-drives-and-controls-2014-presentation
byie-net ingenieursvereniging vzw
 
PDF
Pressure Relief Devices
byie-net ingenieursvereniging vzw
 
Ultrasoon_Clamp-on.pdf
byie-net ingenieursvereniging vzw
 
Elektromagnetische_debietmeters.pdf
byie-net ingenieursvereniging vzw
 
SGS Skybase (NL) .pdf
byie-net ingenieursvereniging vzw
 
VEGA-Radar vs US-26APR2022-NL.pdf
byie-net ingenieursvereniging vzw
 
From process to emission
byie-net ingenieursvereniging vzw
 
Contactloos volume flow meting op transportbanden (ENG.)
byie-net ingenieursvereniging vzw
 
Connecting fieldbus power and knowledge
byie-net ingenieursvereniging vzw
 
Frequentieregelaars
byie-net ingenieursvereniging vzw
 
Breekplaten beademingsmachines vlamdover (NED.)
byie-net ingenieursvereniging vzw
 
Veiligheden rond de tank
byie-net ingenieursvereniging vzw
 
Veiligheden rond de tank
byie-net ingenieursvereniging vzw
 
Vik g.haekens-atex risico evaluatie
byie-net ingenieursvereniging vzw
 
Hoe maak ik de omgeving van mijn opslagtank veilig efficient
byie-net ingenieursvereniging vzw
 
Checklist tankcontrole 2018 bacd
byie-net ingenieursvereniging vzw
 
Controle en ingebruikname van uw opslagtank
byie-net ingenieursvereniging vzw
 
Certainly not explosive (Eng)
byie-net ingenieursvereniging vzw
 
Elektrische installaties in ruimtes met stofexplosiegevaar (Nl.)
byie-net ingenieursvereniging vzw
 
Elektrische installaties in ruimtes met stofexplosiegevaar (1.3 Mb) (Nl.)
byie-net ingenieursvereniging vzw
 
Tuev sued-drives-and-controls-2014-presentation
byie-net ingenieursvereniging vzw
 
Pressure Relief Devices
byie-net ingenieursvereniging vzw
 

Recently uploaded

PPTX
Unit-2: Network Models--OSI Reference Model, TCP/IP Reference Model
bySuvarnaSharma5
 
PPTX
We-Optimized-Everything-Except-Decision-Quality-Maintenance-MaintWiz.pptx
byMaintWiz Technologies Private Limited
 
PDF
ERTMS-conference-WS8_Presentations_v0.pdf
byEduardo147194
 
PDF
10 Tips for Successfully Purchasing Twitter Accounts.pdf
bymarketing
 
PPTX
Optimized access control techniques in Cloud Computing with Security and Scal...
bymareswariesteru
 
PPTX
Fake News Detection System | Plagiarism detection
bysurajkanojiya13
 
PDF
2025-12-06 Overview of Lifting and Hoisting related Standards by Cranes for Y...
byCranes For You B.V.
 
PPTX
TELECOMMUNICATION FOR SOCIETY to all over
bymadagonikranthikumar
 
PPTX
UNIT 2 _8051.pptx ,INSTRUCTION SET OF 8051,EXAMPLES OF ARITHMETIC,LOGICAL.BRA...
byrekhabalaji2607
 
PDF
Fire fighting arrangement in public assembly buildings
byxaliaboyzz
 
PPTX
The Half-Life of Preventive Maintenance: Why PM Compliance Fails & How to Res...
byMaintWiz Technologies Private Limited
 
PPTX
WOWVerse Workshop: Agentic AI & LLM Workshop
byram27belitkar
 
PPTX
SketchUp Pro 2026 – Advanced 3D Modeling Software
byHoka Moka
 
PDF
Chip Designer's Code - Linux Terminal Part 7.1 - Text Processing
byAmr Adel
 
PDF
CME397 SURFACE ENGINEERING UNIT 1 FULL NOTES
bykarthi keyan
 
PPTX
Origin of Soil and Grain Size with Introduction and explanation
byMahmoodKhalid11
 
PDF
Day 01- Basic Knowledge for LPG system design.pdf
bykmas1612
 
PPTX
Concord Deco Training by Stolle- Safety.pptx
bymorachatgpt123
 
PDF
Chip Designer's Code - Linux Terminal Part 6 - Text Viewers
byAmr Adel
 
PPTX
What TPM Looks Like When You’re Short-Staffed and Still Make It Work | Lean T...
byMaintWiz Technologies Private Limited
 
Unit-2: Network Models--OSI Reference Model, TCP/IP Reference Model
bySuvarnaSharma5
 
We-Optimized-Everything-Except-Decision-Quality-Maintenance-MaintWiz.pptx
byMaintWiz Technologies Private Limited
 
ERTMS-conference-WS8_Presentations_v0.pdf
byEduardo147194
 
10 Tips for Successfully Purchasing Twitter Accounts.pdf
bymarketing
 
Optimized access control techniques in Cloud Computing with Security and Scal...
bymareswariesteru
 
Fake News Detection System | Plagiarism detection
bysurajkanojiya13
 
2025-12-06 Overview of Lifting and Hoisting related Standards by Cranes for Y...
byCranes For You B.V.
 
TELECOMMUNICATION FOR SOCIETY to all over
bymadagonikranthikumar
 
UNIT 2 _8051.pptx ,INSTRUCTION SET OF 8051,EXAMPLES OF ARITHMETIC,LOGICAL.BRA...
byrekhabalaji2607
 
Fire fighting arrangement in public assembly buildings
byxaliaboyzz
 
The Half-Life of Preventive Maintenance: Why PM Compliance Fails & How to Res...
byMaintWiz Technologies Private Limited
 
WOWVerse Workshop: Agentic AI & LLM Workshop
byram27belitkar
 
SketchUp Pro 2026 – Advanced 3D Modeling Software
byHoka Moka
 
Chip Designer's Code - Linux Terminal Part 7.1 - Text Processing
byAmr Adel
 
CME397 SURFACE ENGINEERING UNIT 1 FULL NOTES
bykarthi keyan
 
Origin of Soil and Grain Size with Introduction and explanation
byMahmoodKhalid11
 
Day 01- Basic Knowledge for LPG system design.pdf
bykmas1612
 
Concord Deco Training by Stolle- Safety.pptx
bymorachatgpt123
 
Chip Designer's Code - Linux Terminal Part 6 - Text Viewers
byAmr Adel
 
What TPM Looks Like When You’re Short-Staffed and Still Make It Work | Lean T...
byMaintWiz Technologies Private Limited
 

Hima cyber security

  • 1.
    HIMA Cyber Security JosseBrys Senior Manager Sales and Regional Development Antwerpen 25 October 2018
  • 2.
    © HIMA PaulHildebrandt GmbH 2017 2 HIMA Mission Our Mission is to contribute to Plant Safety and Operational Availability by implementing unique Smart Safety Solutions and life cycle Services
  • 3.
    3 HIMA History 1908 19361950 1965 1970 1986 1997 1999 2008 20131929 2017
  • 4.
    4 HIMA: The leadingExpert in Safety Solutions ▪ Headquarters in Germany Brühl ▪ Worldwide local service and support ▪ Over 40,000 safety systems installed ▪ More then 800 people dedicated to safety ▪ R&D investment with 125 experts
  • 5.
    © HIMA PaulHildebrandt GmbH 2018 5 Experienced recently while being airborne … • How would you feel? • Would you be worried? • Will the plane be in trouble?
  • 6.
    - autonomous, computer-baseddevices, used extensively in: - oil refining, - chemical processing, - electrical generation - other industries where the creation of a product is based on a continuous series of processes being applied to raw materials. 6© HIMA Paul Hildebrandt GmbH 2018 Industrial Control Systems (ICS) is: By deploying and programming ICS devices, engineers have the ability to remotely monitor and control the different variables of the industrial process. Supervisory Control and Data Acquisition (SCADA) systems, or distributed control systems (DCS), and programmable logic controllers (PLCs))
  • 7.
    A subcategory ofICS, and is used to protect - humans, - industrial plants - and the environment in case of a monitored process going beyond the allowed control margins. 7© HIMA Paul Hildebrandt GmbH 2018 Safety Instrumental Systems (SIS) is: These devices are not intended for controlling the process itself, but rather provide an overriding signal, so that immediate actions are taken if the process control systems fail.
  • 8.
    © HIMA PaulHildebrandt GmbH 2017 8 What makes HIMA unique? Safety solutions Other companies HIMA understands Safety better than any other company Automation Solutions Smart Safety solutions Safety is our DNA
  • 9.
    © HIMA PaulHildebrandt GmbH 2017 9 Safeguards your plant/operations 9 e.g. pressure relief valve Public and plant-specifc measures e.g. retention basin SIS (safety instrumented system) DCS / BPCS and people DCS / BPCS Disaster prevention Damage mitigation Mechanical protection MonitoringProcess alarm Safety instrumented systemSafety shutdown Operation Monitored Process value Cyber Security M I T I G A T I O N P R E V E N A T I O N
  • 10.
    © HIMA Group2018 10 Functional Safety Standards
  • 11.
    © HIMA Group2018 11 SIL - Safety Integrity Level SIL is how we measure the performance of safety functions carried out by the safety instrumented systems ‣ Process owners: Which safety functions do I need and how much SIL do I need? ‣ Engineering companies, system integrators, product developers: How do I build SIL compliant safety devices, functions or systems? ‣ Process operators: How do I operate, maintain and repair safety functions and systems to maintain the identified SIL levels? SIL has 3 sides to the story
  • 12.
    © HIMA Group2018 12 SIL Levels Risk reduction
  • 13.
    © HIMA Group2018 13 SIL Levels PFDavg = Probability of Failure on Demand average Most famous SIL requirement is the Probability of Failure on Demand
  • 14.
    14 Cyber security Risksecurity= threat * vulnerability * potential of the damage Functional safety Risksafety = probability of a damage * potential of the damage World Sys. Safety + What is Safety World Sys. World Sys.
  • 15.
    It takes twoto Tango: Safety and Security
  • 16.
    © HIMA Group2018 16 100% GUARANTEE See IEC 61508. Measures to reduce risk to tolerable level once (and for ever) for Safety there is none for Security there is none See IEC 62443. Programmable Safety Systems can be compromised.
  • 17.
    AvoidanceofFailures Security (andothertechnology- dependentaspects) ControlofFailures ReliabilityEvaluation Management of FunctionalSafety 17 How to be prepared to tango Safe Operation © HIMA Paul Hildebrandt GmbH 2018
  • 18.
    18 Safety and securityinteracting closely, nevertheless 1. Both are focused on totally different aspects 2. Safety and security recommendations have no automatic correlation 3. Alignment of safety and security requires a special strategy To tango requires common understanding © HIMA Paul Hildebrandt GmbH 2018
  • 19.
    19 Principle 1: Protectionof safety functions Security effectively prevents safety against negative influences of threats. Safety evaluations are based on the assumption of effective security measures. Principle 2: Compatibility of implementations Security does not interfere with safety and vice versa. Principle 3: Protection of security countermeasures The safety implementations do not negatively compromise the effectiveness of security implementations. Source: IEC/TR 63069 Guiding principles of applying Safety & Security IEC 61508 & IEC 62443 Alignment of both dancing partners © HIMA Paul Hildebrandt GmbH 2018
  • 20.
    20 Reviewed in Safety LifecycleIntervals Safety Design Security Design Secure Safety Setup Security Setup Security Environment • To protect the perimeters of the Security environment • To protect the internal Interactions • To protect the individual functional units Reviewed in Security Lifecycle Intervals 1. Updates in years 2. Focus on malfunctions 3. Looking at (own) operational experiences I. Updates in weeks II. Focus on vulnerabilities III. Looking at community experiences Coordination of both Lifecycles Our tango lasts longer © HIMA Paul Hildebrandt GmbH 2018
  • 21.
    HIMA Security Environmentfor Functional Safety HIMA Secure Safety Core 21 Cyber secure down to its core Gateway CPU I/O COM Interface Interface4..20 mA HART DCS Information Domain HIMA MMI Plant Security Zone © HIMA Paul Hildebrandt GmbH 2018 DCS – Automation Domain HIMA
  • 22.
    ZONE DZONE C ZONEB ZONE A 22 MES OfficeVirtual Plant WWW ENG/MAIN FieldbusHART4..20 mA Level 0: Instrumentation Level 1: Real Time Data Processing Level 2: MMI/Maintenance Level 3: Local Office ERP (local) Level 4: WWW ERP (global) SIS, HARTSIS Zones & Conduits (IEC 62443) Historian AA A A A © HIMA Paul Hildebrandt GmbH 2018
  • 23.
    Do you havefull visibility of the risks on your SIS / IOT system? 23© HIMA Paul Hildebrandt GmbH 2018
  • 24.
    You think itwill never happens to me.. Until you are the target.. 24© HIMA Paul Hildebrandt GmbH 2018
  • 25.
    25© HIMA PaulHildebrandt GmbH 2018 - Common vulnerability (e.g. SQL injection) - Zero-day exploit - USB keys - Insider threat - Physical access to devices - Interactive social engineering - Spear Phising Common Attack methods:
  • 26.
    © HIMA Group2018 26 See Netflix film: LO and Behold: Reveries of the connected World From 53 min
  • 27.
    27© HIMA PaulHildebrandt GmbH 2018 Petya-ransomware Attack 2017 – Again Only this time a Worldwide hack Cyber attacks are real
  • 28.
    28© HIMA PaulHildebrandt GmbH 2018 Russia GRU caught hacking into OPCW via WIFI October 2018 Example of the WIFI hack Cyber attacks are real
  • 29.
  • 30.
  • 31.
    © HIMA Group2018 31 Cyber attacks are real www.meltdownattack.com www.github.com/ICSrepo/TRISIS-TRITON-HATMAN Incident Summary The attacker gained remote access to an SIS engineering workstation and deployed the TRITON attack framework to reprogram the SIS controllers Triton /Trisis/ HATMAN December 2017 Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure
  • 32.
    © HIMA Group2018 32 MELTDOWN / SPECTRE January 2018 • Critical weak points in chip hardware weaken nearly all IT systems worldwide. (CPU chips) • HIMA operating systems strictly segregate the memory they access. • Meltdown and Spectre have no effect on HIMA security systems! Cyber attacks are real www.meltdownattack.com
  • 33.
    33© HIMA PaulHildebrandt GmbH 2018 The malware also named Trojan-Spy.0485 or Malware-Cryptor.Win32.Inject.gen.2 The drivers where registered in the virus database under the name Rootkit.TmpHider and SScope.Rootkit.TmpHider.2 Uranium Plant - Iran Cyber attacks are real Stuxnet Let’s look in detail Stuxnet
  • 34.
  • 35.
    © HIMA Group2018 35 Stuxnet Targets specific Siemens PLC • Each PLC must be configured before use • Configuration is stored in system data blocks (SDB) • Stuxnet parses these blocks • Look for magic bytes 2C CB 00 01 at offset 50h • Signifies a Profibus network card is attached - CP 342-5 • Looks for 7050h and 9500h • Must have more than 33 of these values • Injects different code based on number of occurrences
  • 36.
    © HIMA Group2018 36 Stuxnet Programming the PLC • Simatic or Step 7 software used to write code in STL • STL code is compiled to MC7 byte code • MC7 byte code is transferred to the PLC • Control PC can now be disconnected
  • 37.
    © HIMA Group2018 37 Stuxnet Stuxnet: Man-in-the-Middle Attack on PLCs • Step7 uses a library to access the PLC S7otbxdx.dll • Stuxnet replaces that dll with its own version • Stuxnet version intercepts, read and write to the PLC and changes the code at this point. Request code block from PLC Show code block from PLC to user Modified STL code block Step7 S7blk_read STL code block S7otbxdx.dll STL code block PLC
  • 38.
    © HIMA Group2018 38 Stuxnet • Stuxnet: C7 Byte code • Malicoius dll contains at least 70 blobs of data • They are binary and encoded • These are actually blocks of MC7 byte code • This is the code that is injected into the PLC's • Must be converted back to STL to understand it
  • 39.
    © HIMA Group2018 39 Stuxnet • OB1 and OB35 Stuxnet changes these blocks • OB1 = main on PLCs -Stuxnet inserts its own code at the beginning of OB1 so it runs first • OB35 is a 100ms interrupt routine - Used to monitor inputs that would require fast action - Stuxnet infects OB35 too • Stuxnet will return clean versions of these functions when they are read from the PLC
  • 40.
    © HIMA Group2018 40 Stuxnet 15000 lines of code
  • 41.
    © HIMA Group2018 41 Stuxnet 984 centrifuges (unhappy) Electrical IO Reality blocker PLC program (happy)
  • 42.
    © HIMA Group2018 42 Last Security Incidents www.meltdownattack.com www.github.com/ICSrepo/TRISIS-TRITON-HATMAN Wetware The Human Factor
  • 43.
    © HIMA Group2018 43 See Netflix film: LO and Behold: Reveries of the connected World From 59 min
  • 44.
    44© HIMA PaulHildebrandt GmbH 2018 Again, are you sure – that you are Secure?
  • 45.
    45© HIMA PaulHildebrandt GmbH 2018 - Every Week? How often do you monitor your : - Procedures - Policies - 3rd Party Hard- and Software Vendors - Cause & Effects - KPI’s - Log files - Security Reports - Risk Assessments - Every Month? - Never?
  • 46.
    46© HIMA PaulHildebrandt GmbH 2018 How can you reduce the risk and protect your SIS / IOT Environments? - Build higher walls - Industrial Control System (ICS) Security will save you - Adopt a new thinking
  • 47.
    47© HIMA PaulHildebrandt GmbH 2018 How become from Reactive to Proactive?
  • 48.
    48 Example cases ofCyber Security Risks © HIMA Paul Hildebrandt GmbH 2018
  • 49.
    49 SIS Awareness Concept– Example 1 Broken SIS Engineering Station swapped (temporarily) with a Back Office workstation © HIMA Paul Hildebrandt GmbH 2018
  • 50.
    SIS IT-Infrastructure BPCS/DCS/HMI Peripherals Extended SIS Zone SIS Engineering Station SISOPC Server & HMI COM CPU IO SIS Network (safeethernet) Core SIS Zone Field Devices 50 SIS Awareness Concept – Example 1 © HIMA Paul Hildebrandt GmbH 2018
  • 51.
    SIS IT-Infrastructure BPCS/DCS/HMI Peripherals Extended SIS Zone SIS Engineering Station SISOPC Server & HMI COM CPU IO SIS Network (safeethernet) Core SIS Zone Field Devices 51 SIS Awareness Concept – Example 1 © HIMA Paul Hildebrandt GmbH 2018
  • 52.
    SIS IT-Infrastructure BPCS/DCS/HMI Peripherals Extended SIS Zone SISOPC Server & HMI COM CPU IO SIS Network (safeethernet) Core SIS Zone Field Devices 52 SIS Awareness Concept – Example 1 © HIMA Paul Hildebrandt GmbH 2018
  • 53.
    SIS IT-Infrastructure BPCS/DCS/HMI Peripherals Extended SIS Zone ‘Temp.’ Replace BackOffice Station SIS OPC Server & HMI COM CPU IO SIS Network (safeethernet) Core SIS Zone Field Devices 53 SIS Awareness Concept – Example 1 © HIMA Paul Hildebrandt GmbH 2018
  • 54.
    SIS IT-Infrastructure BPCS/DCS/HMI Peripherals Extended SIS Zone ‘Temp.’ Replace BackOffice Station SIS OPC Server & HMI COM CPU IO SIS Network (safeethernet) Core SIS Zone Field Devices 54 SIS Awareness Concept – Example 1 Internet © HIMA Paul Hildebrandt GmbH 2018
  • 55.
    55 SIS Awareness Concept– Example 2 Undetected switch/Router in your SIS © HIMA Paul Hildebrandt GmbH 2018
  • 56.
    SIS IT-Infrastructure BPCS/DCS/HMI Peripherals Extended SIS Zone SIS Engineering Station SISOPC Server & HMI COM CPU IO SIS Network (safeethernet) Core SIS Zone Field Devices 56 SIS Awareness Concept – Example 2 © HIMA Paul Hildebrandt GmbH 2018
  • 57.
    SIS IT-Infrastructure BPCS/DCS/HMI Peripherals Extended SIS Zone SISOPC Server & HMI COM CPU IO SIS Network (safeethernet) Core SIS Zone Field Devices 57 SIS Awareness Concept – Example 2 © HIMA Paul Hildebrandt GmbH 2018
  • 58.
    SIS IT-Infrastructure BPCS/DCS/HMI Peripherals Extended SIS Zone Unmanaged Switch/ Router SIS OPC Server & HMI COM CPU IO SIS Network (safeethernet) Core SIS Zone Field Devices 58 SIS Awareness Concept – Example 2 SIS Engineering Station © HIMA Paul Hildebrandt GmbH 2018
  • 59.
    SIS IT-Infrastructure BPCS/DCS/HMI Peripherals Extended SIS Zone Unmanaged Switch/ Router SIS OPC Server & HMI COM CPU IO SIS Network (safeethernet) Core SIS Zone Field Devices 59 SIS Awareness Concept – Example 2 SIS Engineering Station Un- controlled Network Devicees © HIMA Paul Hildebrandt GmbH 2018
  • 60.
    SIS IT-Infrastructure BPCS/DCS/HMI Peripherals Extended SIS Zone Unmanaged Switch/ Router SIS OPC Server & HMI COM CPU IO SIS Network (safeethernet) Core SIS Zone Field Devices 60 SIS Awareness Concept – Example 2 SIS Engineering Station Internet Un- controlled Network Devicees © HIMA Paul Hildebrandt GmbH 2018
  • 61.
    © HIMA PaulHildebrandt GmbH 2018 61  Actual Cyber Security threats No clear/Not up to date of:  - Policies; - Procedures; - Network drawing; - IP Database; - Backup; Disaster Recovery - Actual Hardware registration; - Actual in- and external User Accounts;  - Registration of visitors; No Supervision of Visitors;  - CTTV; Door; Keys; Batch-IDs; USB-Sticks;  - Open Unused Switch Ports; Network Device Registration; Up-to-Date Network Drawings  Tampering with these systems can lead to:  You need to know, who is who in the Office & don’t leave them (alone) in Restricted Area’s  Possibly environmental disasters, due to loss of data  … Equipment damage  Production loss  Loss of valuable production recipes and installation data Awareness of Cyber Security in SIS / OT environments
  • 62.
    © HIMA PaulHildebrandt GmbH 2018 62 Nowadays Threats • Software Bugs • Unauthorized physical access • Unauthorized network access • Abuse (e.g. disgruntled employee) • Human error (e.g. No virus check on USB) Awareness of Cyber Security in SIS / OT environments
  • 63.
    © HIMA PaulHildebrandt GmbH 2018 63 Actual Cyber Security threats  The BadUSB attack 2.0 A few weeks ago, a new version of this BadUSB attack is already found which this time only requires a USB cable, such as charge cable for your smartphone. The cable continues to retain the ability to charge the connected device, but on the side of the computer it acts as a Human Input Device (HID), such as a keyboard or mouse and then it will install malicious software Awareness of Cyber Security in SIS / OT environments
  • 64.
    64© HIMA PaulHildebrandt GmbH 2018 Minimum Effort – Maximum Security Awareness of Cyber Security in SIS / OT environments
  • 65.
    SIS COM CPU IO SIS Network (safeethernet) Core SISZone Field Devices 65 Awareness of Cyber Security in SIS / OT environments © HIMA Paul Hildebrandt GmbH 2018
  • 66.
    Extended SIS Zone SIS Engineering Station SIS COM CPU IO SISNetwork (safeethernet) Core SIS Zone Field Devices 66 SIS OPC Server & HMI Protection needed Awareness of Cyber Security in SIS / OT environments © HIMA Paul Hildebrandt GmbH 2018
  • 67.
    SIS IT-Infrastructure BPCS/DCS/HMI Peripherals Extended SIS Zone SIS Engineering Station SISOPC Server & HMI COM CPU IO SIS Network (safeethernet) Core SIS Zone Field Devices 67 Protection needed Firewall & VLAN Technology SIS Awareness Concept – Zones and Conduits © HIMA Paul Hildebrandt GmbH 2018
  • 68.
    68 SIS Awareness Scopeof Support Assets - SIS - Engineering Station - OPC Server Station - Tofino Firewall Technology - Hirschmann VLAN Technology - Network Infrastructure … Policies & Procedures - Hardening - Patch Management - User Management - Logging Management - Change Management - Verification - Backup/Restore … Detail Definition - Hardware (LSM) - Software (Off-Line) Patches - Windows - Antivirus Software - Patches / Firmware - Network Overview (As-Build) - Documentation - Organisation - Users - … © HIMA Paul Hildebrandt GmbH 2018
  • 69.
    • Maintain integrityof SIS to its designed functionality Overview on the current status of the SIS • Comply with regulatory requirements Practical base for improvements or further IT/OT risk assessments • Manage risk Help to reveal undetected vulnerabilities of the SIS Network before a plant disruption or malfunction • Expertise of independent Cyber Security Specialists Safety focus ensure that SIS specific configurations are covered SIS Awareness Benefits 69© HIMA Paul Hildebrandt GmbH 2018
  • 70.
    © HIMA Group2018 70 HIMA Security MeasuresSecurity in Safety Instrumented Systems Source: NAMUR NA 163
  • 71.
    © HIMA Group2018 71 HIMA Security Measures PC-Infrastructure Controller Hardware and Firmware Lifecycle Management Engineering ToolCommunication Infrastructure SIS, HARTSIS A A Security in ICS depends on five areas
  • 72.
    © HIMA Group2018 72 • 100% HIMA Software • Extremely low software error rate (similar to military and aircraft) • Automated code analysis • Unused ethernet ports locked physically • No access to program code during operation • No backdoors • No common cause failures SIS/BPCS • … Controller Hardware and Firmware
  • 73.
    © HIMA Group2018 73 • 100% HIMA Software • Single-purpose Engineering tool • Proprietory database file for efficient Recovery Backup • Two-factor authentication for project and controller data • Diagnoses and time stamps cannot be deleted (audit trail) • Key switches for RELOAD, FORCE, READ possible • Monitoring of program changes • Enforced change of passwords • Well-defined User management incl. Security Admin Role • Function blocks with password protection (locking/read-only) Engineering Tool
  • 74.
    © HIMA Group2018 74 • Secure BIOS Management • Reduced access rights • Only required Windows services activated • No double-use of Engineering- and Office Laptops • Minimal set of application programs • Intelligent Password management • … PC Infrastructure
  • 75.
    © HIMA Group2018 75 • Separated protection layers between CPU and COM – Modules • Proprietory and superior protocol for controller communication: SafeEthernet • Achilles-Certificate by Wurldtech • Consequent separation of networks in each installation • Tap-proof controler communication • … Communication Infrastructure
  • 76.
    © HIMA Group2018 76 • HIMA Group Company • ISO 27001 Certification ongoing • Security Certification (Achilles, ISASecure EDSA, TÜV, …) • Penetration-testing (Customers, Service-providers, Universities) • Need-to-know principle: Access to source code and internal documents restricted to developers • Separate development network • Active collaboration in standardization committees like IEC and OpenGroup • Services for our customers • Security is integral part of HIMA Services and Engineering • Basic Security Check of HIMA safety systems • System hardening of safety systems and safety system environments Lifecycle Management
  • 77.
    © HIMA Group2018 77 www.meltdownattack.com www.github.com/ICSrepo/TRISIS-TRITON-HATMAN Fiber optic cable Cyber secure?
  • 78.
    © HIMA Group2018 78 https://www.youtube.com/watch?v=bnzeyBK3kAY
  • 79.
    © HIMA PaulHildebrandt GmbH 2018 79 Summary • Safety and cyber security are connected • Cyber security needs your attention • Separate safety from operations • Think not only about the hardware
  • 80.
    © HIMA Group2018 80 Josse Brys E-mail: info@hima.com Internet: www.hima.com HIMA Group Albert-Bassermann-Str. 28 68782 Brühl, Germany Phone: +49 6202 709-0 Fax: +49 6202 709-107 Thank You. J.brys@hima.com