SlideShare a Scribd company logo

Practical Approaches to Securely Integrating Business and Production

Download as PPTX, PDF
Jim Gilsinn
Jim Gilsinn

Presented @ 2016 ISA Process Control & Safety Symposium, November 10, 2016 The exchange of key information between business operations, suppliers, customers, production, and ultimately the production equipment itself can provide significant financial and productivity advantages. This presentation will discuss some practical approaches to utilizing the cyber security principles from ISA/IEC 62443 in order to integrate the business and production environments. It will also present some of the different solutions for meeting a variety of scenarios, such as data historians, patching/updating, and remote maintenance.

Technology
1 of 26
Standards Certification Education & Training Publishing Conferences & Exhibits Practical Approaches to Securely Integrating Business and Production Jim Gilsinn
Presenter • Jim Gilsinn – Senior Investigator, Kenexis – ISA99, Co-Chair – ISA99-WG2, Co-Chair – CEH, CISSP – ISA/IEC 62443 Expert – 25 Years Eng. Experience – MSEE
Overview • Why Integrate Business & Production? • Things to Consider • Potential Solutions • Questions
Why Integrate Business & Production? • Production to Business – Production Data – Historical Data – Regulatory Requirements – Network/Security Monitoring • Business to Production – Remote Maintenance – Patch Management – File Exchange – Configuration Data Complete isolation is rarely an option
THINGS TO CONSIDER
Things to Consider • Isolated Zones • Network Segmentation • Wireless Integration • Remote Connections • Public Infrastructure Integration • File/Data Transfer • Monitoring
Isolated Zones • Are there zones that require network isolation? • Safety-related systems are a good example • Set it & forget it! • May require re-calibration over time • Can be connected via signal wiring
Network Segmentation • Firewall vs. Data Diode – Is bidirectional communication required? – Human interaction vs. automated bi-directional communication – “Air-gap” requirement – Mixed firewall & data diode • Multi-legged vs. Dual Firewall – Establish DMZ – Product diversity – IT/OT
Wireless Integration • Will wireless be used? • What communication protocols? • What frequency bands? • Point-to-point vs. omnidirectional? • Star vs. mesh topology? • Bandwidth requirements? • Tolerance for drop-outs? • Where to integrate into architecture?
Remote Connections • Personnel, vendors, contractors, MSSP? • On-site vs. off-site access? • Continuous vs. scheduled vs. sporadic connectivity? • Method of connectivity? • Single-factor vs. multi-factor authentication? • Connection points within architecture? • Types of communication allowed?
Public Infrastructure Integration • More of an issue with SCADA • Wired vs. terrestrial wireless vs. satellite • Dedicated vs. leased-line connections • Service level agreements for ISP • Contingencies for backup/secondary communications
File/Data Transfer • Restricting data flows through zone boundaries • Direct communications vs. servers in DMZ • File transfer server vs. removable media • File transfer through remote management connections
Monitoring • Malware checking • Ingress/egress filtering • Continuous monitoring vs. human interaction • Push vs. pull of monitoring data • Legacy equipment • HIDS/NIDS • Non-networked equipment
People Will Get Things Done • One way or another, people will get their job done • Security can’t be seen as an impediment to that • Provide methods that work easily, but are more secure
POTENTIAL SOLUTIONS
Engineering User
File Transfer
Administrator User – Patch Management
Remote Maintenance
Historian Replication
Domain Controllers
Web Access – License Activation Server
SUMMARY
Summary • There are benefits to connecting business and production networks • There are a variety of things that need to be considered when connecting business and production networks • There are practical solutions for security
Questions
Standards Certification Education & Training Publishing Conferences & Exhibits Thank You for Attending! Enjoy the rest of the conference.

Recommended

Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMJim Gilsinn
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Yokogawa1
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
 
Integrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsIntegrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsJim Gilsinn
 
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...Digital Bond
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
 
IEC and cyber security (June 2018)
IEC and cyber security (June 2018)IEC and cyber security (June 2018)
IEC and cyber security (June 2018)International Electrotechnical Commission (IEC)
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCreekside Marketing Group, LLC
 

Recommended

Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMJim Gilsinn
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Yokogawa1
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
 
Integrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsIntegrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsJim Gilsinn
 
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...Digital Bond
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
 
IEC and cyber security (June 2018)
IEC and cyber security (June 2018)IEC and cyber security (June 2018)
IEC and cyber security (June 2018)International Electrotechnical Commission (IEC)
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCreekside Marketing Group, LLC
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)Byres Security Inc.
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Smart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of ThingsSmart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of ThingsCreekside Marketing Group, LLC
 
Lowering Industrial Network Total Cost of Ownership
Lowering Industrial Network Total Cost of OwnershipLowering Industrial Network Total Cost of Ownership
Lowering Industrial Network Total Cost of OwnershipCreekside Marketing Group, LLC
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?Digital Bond
 
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Digital Bond
 
Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...Jiunn-Jer Sun
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
Contributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsContributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsYokogawa1
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar Nnull The Open Security Community
 
Introduction to Industrial Cybersecurity for Water and Waste Water Operators
Introduction to Industrial Cybersecurity for Water and Waste Water OperatorsIntroduction to Industrial Cybersecurity for Water and Waste Water Operators
Introduction to Industrial Cybersecurity for Water and Waste Water OperatorsSean R. Bouchard, P.Eng
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsItex Solutions
 
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Jim Gilsinn
 
Attacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaAttacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaDigital Bond
 
Critical Infrastructure and Security
Critical Infrastructure and SecurityCritical Infrastructure and Security
Critical Infrastructure and SecurityCan Demirel
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorEnergySec
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing KeynoteDigital Bond
 
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Digital Bond
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 
Havex Deep Dive (English)
Havex Deep Dive (English)Havex Deep Dive (English)
Havex Deep Dive (English)Digital Bond
 
Dynamic Zoning Based On Situational Activity in ICS (Japanese)
Dynamic Zoning Based On Situational Activity in ICS (Japanese)Dynamic Zoning Based On Situational Activity in ICS (Japanese)
Dynamic Zoning Based On Situational Activity in ICS (Japanese)Digital Bond
 

More Related Content

What's hot

Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)Byres Security Inc.
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?Digital Bond
 
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Digital Bond
 
Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...Jiunn-Jer Sun
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
Contributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsContributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsYokogawa1
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar Nnull The Open Security Community
 
Introduction to Industrial Cybersecurity for Water and Waste Water Operators
Introduction to Industrial Cybersecurity for Water and Waste Water OperatorsIntroduction to Industrial Cybersecurity for Water and Waste Water Operators
Introduction to Industrial Cybersecurity for Water and Waste Water OperatorsSean R. Bouchard, P.Eng
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsItex Solutions
 
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Jim Gilsinn
 
Attacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaAttacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaDigital Bond
 
Critical Infrastructure and Security
Critical Infrastructure and SecurityCritical Infrastructure and Security
Critical Infrastructure and SecurityCan Demirel
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorEnergySec
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing KeynoteDigital Bond
 
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Digital Bond
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 

What's hot (20)

Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing Framework
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Smart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of ThingsSmart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of Things
 
Lowering Industrial Network Total Cost of Ownership
Lowering Industrial Network Total Cost of OwnershipLowering Industrial Network Total Cost of Ownership
Lowering Industrial Network Total Cost of Ownership
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
 
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
 
Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
 
Contributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsContributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity Standards
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
 
Introduction to Industrial Cybersecurity for Water and Waste Water Operators
Introduction to Industrial Cybersecurity for Water and Waste Water OperatorsIntroduction to Industrial Cybersecurity for Water and Waste Water Operators
Introduction to Industrial Cybersecurity for Water and Waste Water Operators
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
 
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
 
Attacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaAttacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar Asia
 
Critical Infrastructure and Security
Critical Infrastructure and SecurityCritical Infrastructure and Security
Critical Infrastructure and Security
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy Sector
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing Keynote
 
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
 

Viewers also liked

Havex Deep Dive (English)
Havex Deep Dive (English)Havex Deep Dive (English)
Havex Deep Dive (English)Digital Bond
 
Dynamic Zoning Based On Situational Activity in ICS (Japanese)
Dynamic Zoning Based On Situational Activity in ICS (Japanese)Dynamic Zoning Based On Situational Activity in ICS (Japanese)
Dynamic Zoning Based On Situational Activity in ICS (Japanese)Digital Bond
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Digital Bond
 
ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & Risques
ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & RisquesASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & Risques
ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & RisquesCyber Security Alliance
 
ICS Security Training ... What Works and What Is Needed (Japanese)
ICS Security Training ... What Works and What Is Needed (Japanese)ICS Security Training ... What Works and What Is Needed (Japanese)
ICS Security Training ... What Works and What Is Needed (Japanese)Digital Bond
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseChris Sistrunk
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS CommunicationsDigital Bond
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)Digital Bond
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSFDigital Bond
 

Viewers also liked (10)

Havex Deep Dive (English)
Havex Deep Dive (English)Havex Deep Dive (English)
Havex Deep Dive (English)
 
Dynamic Zoning Based On Situational Activity in ICS (Japanese)
Dynamic Zoning Based On Situational Activity in ICS (Japanese)Dynamic Zoning Based On Situational Activity in ICS (Japanese)
Dynamic Zoning Based On Situational Activity in ICS (Japanese)
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)
 
ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & Risques
ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & RisquesASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & Risques
ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & Risques
 
ICS Security Training ... What Works and What Is Needed (Japanese)
ICS Security Training ... What Works and What Is Needed (Japanese)ICS Security Training ... What Works and What Is Needed (Japanese)
ICS Security Training ... What Works and What Is Needed (Japanese)
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA Defense
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS Communications
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
 
Cisco ASA
Cisco ASACisco ASA
Cisco ASA
 

Similar to Practical Approaches to Securely Integrating Business and Production

Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...Lviv Startup Club
 
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?Edunomica
 
The Website Resiliency Imperative
The Website Resiliency ImperativeThe Website Resiliency Imperative
The Website Resiliency ImperativeDistil Networks
 
gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2Anne Starr
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
How to Architect Microgrids for the Industrial Internet of Things
How to Architect Microgrids for the Industrial Internet of ThingsHow to Architect Microgrids for the Industrial Internet of Things
How to Architect Microgrids for the Industrial Internet of ThingsReal-Time Innovations (RTI)
 
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...Eduardo Gonzalez Loumiet, MBA, PMP, CPHIMS
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloudAjay Rathi
 
Distributed data processing
Distributed data processingDistributed data processing
Distributed data processingAyisha Kowsar
 
Hadoop Migration to databricks cloud project plan.pptx
Hadoop Migration to databricks cloud project plan.pptxHadoop Migration to databricks cloud project plan.pptx
Hadoop Migration to databricks cloud project plan.pptxyashodhannn
 
dtechnClouologyassociatepart2
dtechnClouologyassociatepart2dtechnClouologyassociatepart2
dtechnClouologyassociatepart2Anne Starr
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
Science DMZ security
Science DMZ securityScience DMZ security
Science DMZ securityJisc
 
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...Deepak Shankar
 
Implementing a Disconnected Mobile Application with DSI for Field Operations
Implementing a Disconnected Mobile Application with DSI for Field OperationsImplementing a Disconnected Mobile Application with DSI for Field Operations
Implementing a Disconnected Mobile Application with DSI for Field OperationsSmartbridge
 
Well_Monitoring_System_DataComm_Technology.pdf
Well_Monitoring_System_DataComm_Technology.pdfWell_Monitoring_System_DataComm_Technology.pdf
Well_Monitoring_System_DataComm_Technology.pdfHari Prasetyo Utomo
 
AARNet Enterprise Services presentation at QUESTNET 2018
AARNet Enterprise Services presentation at QUESTNET 2018AARNet Enterprise Services presentation at QUESTNET 2018
AARNet Enterprise Services presentation at QUESTNET 2018James Sankar
 
Edge UPDATED.pptx
Edge UPDATED.pptxEdge UPDATED.pptx
Edge UPDATED.pptxandre241421
 
What is Cloud Security, and Can I Have Some?
What is Cloud Security, and Can I Have Some?What is Cloud Security, and Can I Have Some?
What is Cloud Security, and Can I Have Some?John Kinsella
 
NetIDEAS Inc. - Enabling Global Design Teams with hosted Windchill
NetIDEAS Inc. - Enabling Global Design Teams with hosted WindchillNetIDEAS Inc. - Enabling Global Design Teams with hosted Windchill
NetIDEAS Inc. - Enabling Global Design Teams with hosted WindchillJeff Kiesel
 

Similar to Practical Approaches to Securely Integrating Business and Production (20)

Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...
 
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?
Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?
 
The Website Resiliency Imperative
The Website Resiliency ImperativeThe Website Resiliency Imperative
The Website Resiliency Imperative
 
gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
How to Architect Microgrids for the Industrial Internet of Things
How to Architect Microgrids for the Industrial Internet of ThingsHow to Architect Microgrids for the Industrial Internet of Things
How to Architect Microgrids for the Industrial Internet of Things
 
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloud
 
Distributed data processing
Distributed data processingDistributed data processing
Distributed data processing
 
Hadoop Migration to databricks cloud project plan.pptx
Hadoop Migration to databricks cloud project plan.pptxHadoop Migration to databricks cloud project plan.pptx
Hadoop Migration to databricks cloud project plan.pptx
 
dtechnClouologyassociatepart2
dtechnClouologyassociatepart2dtechnClouologyassociatepart2
dtechnClouologyassociatepart2
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
Science DMZ security
Science DMZ securityScience DMZ security
Science DMZ security
 
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
 
Implementing a Disconnected Mobile Application with DSI for Field Operations
Implementing a Disconnected Mobile Application with DSI for Field OperationsImplementing a Disconnected Mobile Application with DSI for Field Operations
Implementing a Disconnected Mobile Application with DSI for Field Operations
 
Well_Monitoring_System_DataComm_Technology.pdf
Well_Monitoring_System_DataComm_Technology.pdfWell_Monitoring_System_DataComm_Technology.pdf
Well_Monitoring_System_DataComm_Technology.pdf
 
AARNet Enterprise Services presentation at QUESTNET 2018
AARNet Enterprise Services presentation at QUESTNET 2018AARNet Enterprise Services presentation at QUESTNET 2018
AARNet Enterprise Services presentation at QUESTNET 2018
 
Edge UPDATED.pptx
Edge UPDATED.pptxEdge UPDATED.pptx
Edge UPDATED.pptx
 
What is Cloud Security, and Can I Have Some?
What is Cloud Security, and Can I Have Some?What is Cloud Security, and Can I Have Some?
What is Cloud Security, and Can I Have Some?
 
NetIDEAS Inc. - Enabling Global Design Teams with hosted Windchill
NetIDEAS Inc. - Enabling Global Design Teams with hosted WindchillNetIDEAS Inc. - Enabling Global Design Teams with hosted Windchill
NetIDEAS Inc. - Enabling Global Design Teams with hosted Windchill
 

More from Jim Gilsinn

ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToJim Gilsinn
 
Network Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksNetwork Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksJim Gilsinn
 
Cook Like a Hacker!
Cook Like a Hacker!Cook Like a Hacker!
Cook Like a Hacker!Jim Gilsinn
 
ICS Performance Lab
ICS Performance LabICS Performance Lab
ICS Performance LabJim Gilsinn
 
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSJim Gilsinn
 
Low-Cost ICS Network Performance Testing
Low-Cost ICS Network Performance TestingLow-Cost ICS Network Performance Testing
Low-Cost ICS Network Performance TestingJim Gilsinn
 
You name it, we analyze it
You name it, we analyze itYou name it, we analyze it
You name it, we analyze itJim Gilsinn
 
Wireshark Network Protocol Analyzer
Wireshark Network Protocol AnalyzerWireshark Network Protocol Analyzer
Wireshark Network Protocol AnalyzerJim Gilsinn
 
Network Packet Analysis with Wireshark
Network Packet Analysis with WiresharkNetwork Packet Analysis with Wireshark
Network Packet Analysis with WiresharkJim Gilsinn
 
Test Tool for Industrial Ethernet Network Performance (June 2009)
Test Tool for Industrial Ethernet Network Performance (June 2009)Test Tool for Industrial Ethernet Network Performance (June 2009)
Test Tool for Industrial Ethernet Network Performance (June 2009)Jim Gilsinn
 

More from Jim Gilsinn (10)

ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How To
 
Network Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksNetwork Security: Protecting SOHO Networks
Network Security: Protecting SOHO Networks
 
Cook Like a Hacker!
Cook Like a Hacker!Cook Like a Hacker!
Cook Like a Hacker!
 
ICS Performance Lab
ICS Performance LabICS Performance Lab
ICS Performance Lab
 
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICS
 
Low-Cost ICS Network Performance Testing
Low-Cost ICS Network Performance TestingLow-Cost ICS Network Performance Testing
Low-Cost ICS Network Performance Testing
 
You name it, we analyze it
You name it, we analyze itYou name it, we analyze it
You name it, we analyze it
 
Wireshark Network Protocol Analyzer
Wireshark Network Protocol AnalyzerWireshark Network Protocol Analyzer
Wireshark Network Protocol Analyzer
 
Network Packet Analysis with Wireshark
Network Packet Analysis with WiresharkNetwork Packet Analysis with Wireshark
Network Packet Analysis with Wireshark
 
Test Tool for Industrial Ethernet Network Performance (June 2009)
Test Tool for Industrial Ethernet Network Performance (June 2009)Test Tool for Industrial Ethernet Network Performance (June 2009)
Test Tool for Industrial Ethernet Network Performance (June 2009)
 

Recently uploaded

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

Recently uploaded (20)

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 

Practical Approaches to Securely Integrating Business and Production

  • 1. Standards Certification Education & Training Publishing Conferences & Exhibits Practical Approaches to Securely Integrating Business and Production Jim Gilsinn
  • 2. Presenter • Jim Gilsinn – Senior Investigator, Kenexis – ISA99, Co-Chair – ISA99-WG2, Co-Chair – CEH, CISSP – ISA/IEC 62443 Expert – 25 Years Eng. Experience – MSEE
  • 3. Overview • Why Integrate Business & Production? • Things to Consider • Potential Solutions • Questions
  • 4. Why Integrate Business & Production? • Production to Business – Production Data – Historical Data – Regulatory Requirements – Network/Security Monitoring • Business to Production – Remote Maintenance – Patch Management – File Exchange – Configuration Data Complete isolation is rarely an option
  • 6. Things to Consider • Isolated Zones • Network Segmentation • Wireless Integration • Remote Connections • Public Infrastructure Integration • File/Data Transfer • Monitoring
  • 7. Isolated Zones • Are there zones that require network isolation? • Safety-related systems are a good example • Set it & forget it! • May require re-calibration over time • Can be connected via signal wiring
  • 8. Network Segmentation • Firewall vs. Data Diode – Is bidirectional communication required? – Human interaction vs. automated bi-directional communication – “Air-gap” requirement – Mixed firewall & data diode • Multi-legged vs. Dual Firewall – Establish DMZ – Product diversity – IT/OT
  • 9. Wireless Integration • Will wireless be used? • What communication protocols? • What frequency bands? • Point-to-point vs. omnidirectional? • Star vs. mesh topology? • Bandwidth requirements? • Tolerance for drop-outs? • Where to integrate into architecture?
  • 10. Remote Connections • Personnel, vendors, contractors, MSSP? • On-site vs. off-site access? • Continuous vs. scheduled vs. sporadic connectivity? • Method of connectivity? • Single-factor vs. multi-factor authentication? • Connection points within architecture? • Types of communication allowed?
  • 11. Public Infrastructure Integration • More of an issue with SCADA • Wired vs. terrestrial wireless vs. satellite • Dedicated vs. leased-line connections • Service level agreements for ISP • Contingencies for backup/secondary communications
  • 12. File/Data Transfer • Restricting data flows through zone boundaries • Direct communications vs. servers in DMZ • File transfer server vs. removable media • File transfer through remote management connections
  • 13. Monitoring • Malware checking • Ingress/egress filtering • Continuous monitoring vs. human interaction • Push vs. pull of monitoring data • Legacy equipment • HIDS/NIDS • Non-networked equipment
  • 14. People Will Get Things Done • One way or another, people will get their job done • Security can’t be seen as an impediment to that • Provide methods that work easily, but are more secure
  • 18. Administrator User – Patch Management
  • 22. Web Access – License Activation Server
  • 24. Summary • There are benefits to connecting business and production networks • There are a variety of things that need to be considered when connecting business and production networks • There are practical solutions for security
  • 26. Standards Certification Education & Training Publishing Conferences & Exhibits Thank You for Attending! Enjoy the rest of the conference.