Download to read offline
Uploaded byEnzo M. Tieghi
Sicurezza Industrie4.0 - E M Tieghi templ Assintel_short
This document discusses security and business continuity in digitalized manufacturing facilities. It emphasizes the importance of protecting industrial control systems and automation systems from cyber incidents. It outlines four levels in the ANSI/ISA95 functional hierarchy for industrial automation and control systems. It stresses the need to evaluate security across the entire lifecycle of systems, including networks, programmable logic controllers, distributed control systems, and supervisory control and data acquisition systems. It also recommends performing risk analysis for cyber risks, securely segmenting and segregating networks, and using techniques like virtual private networks, IPsec, and OpenVPN to securely connect systems.
More Related Content
Similar to Sicurezza Industrie4.0 - E M Tieghi templ Assintel_short
Sicurezza Industrie4.0 - E M Tieghi templ Assintel_short
- 1. Industrie4.0: Security eBusiness Continuity nella fabbrica digitalizzata. Proteggiamo da incidenti cyber i Sistemi di controllo e automazione Andrea Zapparoli Manzoni – Coordinatore GdL Security Assintel Enzo M. Tieghi - ServiTecno – Socio Assintel etieghi@servitecno.it
- 2. Dove, questi sistemi? Ovunque:Industrial Internet, Processes, Buildings, Manufacturing & Infrastructures
- 3. 3 ANSI/ISA95 Functional Hierarchywww.isa.org Level 4 Level 1 Level 2 Level 3 Business Planning & Logistics Plant Production Scheduling, Operational Management, etc Manufacturing Operations Management Dispatching Production, Detailed Production Scheduling, Reliability Assurance, ... Batch Control Discrete Control Continuous Control 1 - Sensing the production process, manipulating the production process 2 - Monitoring, supervisory control and automated control of the production process 3 - Work flow / recipe control to produce the desired end products. Maintaining records and optimizing the production process. Time Frame Days, Shifts, hours, minutes, seconds 4 - Establishing the basic plant schedule - production, material use, delivery, and shipping. Determining inventory levels. Time Frame Months, weeks, days Level 0 0 - The actual production process Level 4 Level 1 Level 2 Level 3 Business Planning & Logistics Plant Production Scheduling, Operational Management, etc Manufacturing Operations Management Dispatching Production, Detailed Production Scheduling, Reliability Assurance, ... Batch Control Discrete Control Continuous Control 1 - Sensing the production process, manipulating the production process 2 - Monitoring, supervisory control and automated control of the production process 3 - Work flow / recipe control to produce the desired end products. Maintaining records and optimizing the production process. Time Frame Days, Shifts, hours, minutes, seconds 4 - Establishing the basic plant schedule - production, material use, delivery, and shipping. Determining inventory levels. Time Frame Months, weeks, days Level 0 0 - The actual production process
- 4. Sicurezza Impianti, Security oltrealla safety (EN ISO 13849-1/2, IEC/EN 62061, IEC/EN 61508, IEC/EN61511)… • valutiamo la Security? • Life Cycle dei sistemi? • Documentazione di progetto? • Cambiamenti sull’impianto? • Reti, PLC, DCS, SCADA? • Chi? Quando? Dove? Perchè?
- 5. • Risk Analysisper rischio cyber? • rete e sistemi di fabbrica sicuri? • Back-up del sistema (e dei dati) ? • Mai provato il recovery? • E le connessioni sono «protette»?
- 6. Sicurezza in profondità: retie sistemi senza protezione
- 7. No alle “retipiatte”: Seg/Seg Segmentare & Segregare
- 8. Zones & Conduits(ISA99/IEC62443)
- 9. Esempio di “SecurityArchitecture” nei sistemi di automazione e controllo Enterprise Control Network Manufacturing Operations Network Perimeter Control Network Control System Network Process Control Network Source: Byres Security
- 10. Protezione di Zone& Conduits con Firewalls (multilayered defence) Corporate Firewall Industrial Firewall Source: Byres - Security
- 11. Introduzione alla SecurityIndustriale - Enzo M. Tieghi Esempio di rete “con protezioni”
- 12. Connessioni «protette»: VPN, IPSec,OpenVPN 12
- 14. Enzo Maria Tieghi •Amministratore Delegato di ServiTecno (da oltre 25 anni software industriale) • Socio Assintel, attivo in associazioni e gruppi di studio per la cyber security industriale (ISA s99 info member) • In Advisory Board, gruppi e progetti internazionali su Industrial Security e CIP (Critical Infrastructure Protection) • Co-autore ed autore pubblicazioni, articoli e memorie 14
- 15. Dubbi? Domande? Enzo M.Tieghi etieghi@servitecno.it