SlideShare a Scribd company logo
1 of 22
1
SecuringCriticalInfrastructure whileEnabling
Innovation, Transformation,and Resiliency
2
From the Bottom of the Oceans… to the Depths of Space & Cyberspace
Over 80,000
employees
68 Countries
Global presence
1bn € Self-funded
R&D*
*Does not
include externally financed
R&D
Sales in 2019
19bn €
€
Digital Identity
and Security
Defence and
Security Aerospace
Space
z
Ground
Transportation
Thales
Global Business Areas
#1
Worldwide in data
protection
#1
Worldwide in air traffic
management
#2
Worldwide in civil
satellite systems
#2
Worldwide in rail
signaling
#2
Worldwide in inflight
entertainment
#3
Worldwide in
commercial avionics
#1
European provider of
advanced sensors
#1
Worldwide in safe &
smart airport solutions
3
World Leader in Data Protection
130+
PARTNERS
PARTNERSHIPS
WITH LEADING
PROVIDERS OF
CLOUD COMPUTING,
DIGITAL PAYMENTS
AND MORE
DATA
PROTECTION
FOR 21NATO
COUNTRIES
PROTECTION OF THE
WORLD’S BANKING
TRANSACTIONS 80%
SECURITY FOR 19OF THE
20 LARGEST BANKS
YEARS OF
SECURING THE
WORLD’S MOST
SENSTIVE DATA
DEEP EXPERTISE AND
TRACK RECORD IN
APPLIED
CRYPTOGRAPHY
40+
SECURITY FOR 4OF THE 5
LARGEST ENERGY COMPANIES
LONGSTANDING
HISTORY OF INDUSTRY
CERTIFICATIONS AND
VALIDATION
4 Thales Group Open
An Unrivalled Data Protection Portfolio for Encrypting Everything
The Market Leading Data Encryption Products
in Support of your Data Security Strategy
payShield HSM
Luna
Network HSM
Thales
Cloud HSM
On Demand
#1
#1
#1
Payment HSMs
General Purpose HSMs
Cloud HSMs
#1 Key Management
#1Data Encryption
Thales CN Series
High-Speed Network Encryptors
#1Network Encryption
Thales
CV1000 Virtual
Encryptor
CipherTrust Data Security Platform
5
The nextgenerationof critical infrastructure
relies on innovation
Technological innovation is driving the next generation of critical infrastructure, allowing enterprises to improve service,
optimize operations, and ultimately deliver better value to stakeholders
Analyze Optimize Deliver
Analyze data in big data repositories
and leverage artificial intelligence (AI)
to power better decision making.
Optimize operations by acting on
insights quickly using all digital
controls to manage distributed
infrastructure such as “Smart Grids”.
Deliver on commitments to
customers with digital customer
experience, better reliability, lower
cost, and adoption of renewables.
Gather Communicate Aggregate
Gather valuable information through
sensors, cameras, and drones
throughout the infrastructure
footprint.
Communicate data in real time
through IoT and other connected
systems.
Aggregate data in central
management consoles to automate
remote production or distribution
facilities.
6
Utilities and energy industries advance digital
transformation
Critical infrastructure sectors, such as utilities and energy, are adopting new
platforms and environments at a fast pace, transforming the capabilities of both
their Information Technology (IT) and Operational Technology (OT) platforms.
1: ReportLinker.com: IoT in Utilities Market by Component, Application, Region - Global Forecast to 2024
2: Power-Technology.com: Big data and modelling data: Encoord on data in energy
3: ReportLinker.com: Global Artificial Intelligence (AI) in Energy Market: Focus on Product Type, Industry Applications, Funding – Analysis and Forecast, 2019-2024
4: DailyEnergyInsiderr.com: Utilities increasingly turn to cloud software, despite security concerns
Spending on Internet
ofThings (IoT) Big Data analytics
Spending on Internet of Things (IoT) in the
utilities sector is set to grow by 85% in five
years, providing connectivity and a host of
new possibilities to a widely distributed
infrastructure.1
The Big Data analytics market in the energy
sector is expected to grow 70% by 2026,
allowing enterprises to gain insights faster for
better decision making and competitive
advantages.2
Artificial Intelligence
(AI) Cloudadoption
Artificial Intelligence (AI) usage in the energy
industry is expected to grow 22.5% a year in
the energy sector, helping increase efficiency
and automate decentralized power
generation.3
Cloud adoption by utilities has grown from
45% to 71% in just 3 years, helping advance
customer experience, and address the needs
of data management and processing.4
85%
Growth in spending
on IoT in 5 years
70%
Increase in Big Data
spending until 2026
22.5%
CAGR of AI in the
energy sector
71%
Adoption of
cloud by utilities
Ransomwareattacks
The averagecost
ofcyberattacks
Ransomware attacks hit 649 critical
infrastructure entities in US alone according
to the FBI, and 80% of critical infrastructure
organizations experienced a ransomware
attack in 2021.7
The average cost of cyber attacks in the
energy sector reached US$4.65M according
Ponemon Institute cost of data breach report.
The largest share of the cost is composed of
lost business and reputational damage.8
7
Hacker groups target weaknesses in critical global
infrastructure
The devastating cyberattack that derailed a pipeline operator for a week and
impacted 45% of the U.S. East Coast’s fuel supply in 2020 was an eye opener for
the broader public as to the vulnerability of the critical infrastructure sector.
5: World Economic Forum: Protecting critical infrastructure from a cyber pandemic
6: Skybox Security: Cybersecurity risk underestimated by operational technology organizations
7: FBI: Ransomware hit 649 critical infrastructure entities in 2021
8: IBM & Ponemon Institute: Cost of Data Breach Report
Cyberattacks OperationalTechnology(OT)
Cyber attacks on critical infrastructure
organizations in the US alone have increased
by 300% in 2021 according to the World
Economic Forum.5
Operational Technology (OT) proved a major
vulnerability for the critical infrastructure
sector, with 83% of organizations suffering OT
cybersecurity breaches in the last 36 months.6
300%
increase in cyber
attacks on critical US
infrastructure in 2021
83%
of critical infrastructure
organizations suffered OT
cybersecurity breaches
649
ransomware
attacks
in 2021 targeted
critical
infrastructure in the
US
$4.65m
was the average
cost of cyber attacks
in the energy
sector in 2021
8
Protectingtier 1
data across
Hybrid IT for global
energy provider
Protecting high value data on-premises
and in the cloud
Challenge
• A highly regulated global energy company with operations in multiple countries
needed to protect high-value data across multiple platforms.
• Even though the customer already had advanced security, it wanted the highest level of
security for its most sensitive “tier 1” data to protect against not only external attacks, but
also insider privilege abuse and government subpoenas.
• The customer also needed to ensure no downtime when protecting production data.
Solution
• Thales CipherTrust Transparent Encryption was deployed to protect a wide variety of
formats and data stores.
• Granular controls allowed only specific data to be decrypted when needed by authorized
users while keeping encrypted all other data, whether on-premises or in the cloud.
• CipherTrust Live Data Transformation allowed the energy company to protect
production data with minimum downtime.
Results
• Addressed Federal Energy Regulatory Commission (FERC) and GDPR regulatory
requirements as well as global and regional mandates and standards.
• Achieved protection in the cloud against subpoena or external and internal threats with
Bring Your Own Encryption (BYOE) platform for multiple cloud instances.
• Enabled the protection of live data without moving databases offline for critical
with large and essential datasets, such as SAP Hana on premises and in the cloud.
Case Study
9
Protect critical infrastructure
communicationsfor major energy
operator
End-to-end high-speed encryption for critical
data in motion during pandemic
Challenge
• A major UK energy operator needed to connect to other utilities via the National Grid
Network.
• Data within the network is of critical national importance and mandates stipulate that the
highest levels of security be deployed.
• High performance end-to-end encryption of data in motion was required to ensure data
was secure.
• Deployment had to be done remotely because of the start of the COVID 19 pandemic.
Solution
• Thales CN6010 High Speed Encryptors were deployed by the energy operator to
protect sensitive data in motion between the energy utility and the National Grid
Network.
• The FIPS 140-2 Level 3 and Common Criteria CN6010 provided high speed
communication with the highest levels of standards-based security.
Results
• Protected sensitive data communicated between the utility and the network and was
able to immediately detect manipulated data packets and shut down compromised
transmissions.
• Improved overall resilience of energy infrastructure by delivering large volumes of data
at high speed for analysis and action.
• Achieved quick deployment by remotely designing, delivering, and deploying the
solution within 3 months even with the COVID 19 pandemic in full swing.
Case Study
10
10
Business Challenges
Movement of Large Volumes
of Sensitive Data
Dedicated Layer 2 Network
infrastructure
Multi-site, hub and spoke
topology
Physical intrusion
safeguards
Prevent Data Corruption or
Injection
Compliance Obligation and
Business Continuity
11
Secure High Speed Communications
Ethernet Encryption Between Datacenters
Challenge:
• Securing the Smart Grid
• Safety, traceability &
Transparency is vital to business
• Risk factors identified include
wire tapping and data
manipulation
• Enable Data Security without
compromising performance and
data integrity
12
Thales High Speed Encryption
Thales High Speed Encryption (HSE) protect data in motion
across high-speed networks.
Dedicated encryption devices offering maximum security without
impacting on network or application performance.
Features
Efficiency
• Excellent TCO through a mix of network bandwidth
savings, ease of management and longevity
• FPGA technology for maximum operational flexibility,
including use of custom encryption and in-field
upgradability
Security
• Certified FIPS 140-2 L3, CC, NATO, UC APL
• True end-to-end, authenticated encryption
• State-of-the-art encryption key management
Performance
• Operating anywhere from 10 Mbps or 100 Gbps
• Zero/Low overhead
• Microsecond latency
Versatility
• Supports any network topology
• Flexible, centralized and remote management
• Support for flexible encryption at Layer 2,3 & 4
Data-in-Motion Security without Compromise
13
CV1000 CN4000 Series
CN6000 Series
• 100 Mbps-1 Gbps Ethernet Encryptor
• Certified, low-cost, high-performance
• Small form factor ideal for remote locations
• Hardened virtual encryption function
• Ideal for Software Defined Networks (SDN) and
Server-to-Server communications
• 1 to 10 Gbps Ethernet Encryptor
• Rack-mountable, fully redundant robust design
• Ideal for private networks and datacenter
interconnects
CN9000
Series
• Certified mulitpoint 100Gbps encryptors
• Designed for next gen datacenters and core
networks
HSE Products at a Glance
14
HSE for traditional networks
▌Data Center to Data Center
Lowest overhead – up to 100Gbps performance
Maximum security
▌SCADA/CCTV/Edge
Message Integrity
Micro-Second Latency
▌Core Networks
Supports full mesh and hub-and-spoke environments
All products interoperate
15
HSE for next generation networks
▌SD-WAN
vHSE supports uCPE and VNF environments
Concurrent L2/3/4 Support
▌5G
Max throughput and low latency
VLAN based encryption for network slicing
▌Cloud
VPC-to-VPC
East West Traffic
16
Transport Independent Mode by Thales High Speed Encryption
Allows to Enable Encryption at Different Network Layers. From
Layer 2 up to Layer 4
POLICY TOPOLOGY DESTINATION
Multi-layer
Encryption
Topology-based,
Max Load Encryption
Destination Defined
LAYER 2
Data Link
Layer
LAYER 3
Network
Layer
LAYER 4
Transport
Layer
17
17
Transport Independent Mode Benefits
Retain traffic visibility even
in the presence of
encryption
Simpler troubleshooting
with tunnel free encryption
Works on MPLS networks
with Carrier/ISP managed
CE routers.
The flexibility to encrypt
where it most makes sense
18
Crypto Agility – Control and future proof
▌User Control
User establishes security policy
Full control of keys; lifecycle management
Bring your own – Curves, Entropy, AES Modifications
Supports Zero Trust architecture
▌Field programmable
Field updates w/o performance degradation
Post-Quantum Crypto (PQC) Support
▌Separation of Duties
Outperforms legacy solutions (i.e. IPSec and MACsec)
Extends life of encryption solution and other network elements (routers/switches)
Quantum Resistant
Algorithms
Choice of
algorithms
Support for customer
curves and entropy
Quantum-ready
(compatible with
QKD)
Upgradable
Ciphers
Quantum
Entropy
sources
Hybrid
Quantum/Cl
assical
Certificates
In-field programmable
FPGA encryption
engine
19
Live Testing – HSE hardware vs. IPsec hardware
Measured Throughput (1427 Frame)
Toronto to Quebec City through wired ENCQR 5G Transport Core
20
Packet Comparisons – IPsec vs. Thales HSE
Thales AES-256 Encryption Over IP +28 Bytes
IP Packet in Ethernet Frame
IPsec ESP-AES-256 ESP-SHHA-HMAC +76 Bytes
ORIGINAL UNSECURED PACKET
ORIGINAL PACKET WITH IPSEC
ORIGINAL PACKET with Thales HSE Encryption
Difference between Original Packet and IPsec
Diff between
orig. &
Thales
DA SA
S-
tag
E-
Ty
pe
IP-Header
UDP
Header
RTP
Header
UNENCRYPTED
PAYLOAD
FCS
GCM AUTH
DA SA
S-
tag
E-
Ty
pe
IP-Header
UDP
Header
RTP
Header
ENCRYPTED
PAYLOAD
FCS
SHIM
Encrypted
PAYLOAD
DA SA
S-
tag
E-
Ty
pe
IP Tunnel
Header
ESP
Header
IP GRE Header IP-Header
UDP
Header
RTP
Header
ENCRYPTED
PAYLOAD
FCS
ESP Pad and
Timer
ICV
ESP-AES IV
Improved Performance
&
Better Security
Common Transport Overhead
Additional Security Overhead
Data Payload
21
The Thales HSE Difference – Better Security, Better Performance
IPSEC Thales HSE
Data Rate through 1Gbps Link 255 Mbps 983 Mbps
Average Network Efficiency 45% 93%
Average Latency 4.0 MILLI seconds 40 MICRO seconds
Average Jitter 15 Microseconds 0
FIPS Certification YES YES
Common Criteria Certified YES YES
AES 256 Algorithms YES YES
Control over Key Material NO YES
Quantum Safe NO YES
Better
Performance
Better
Security
22
22
Key Thales HSE Benefits
Maximum
Security
Zero Impact on
Network Performance
Prevents Injection of
Rogue Data
Physical Intrusion
Safeguards – Tamper
Resistant Hardware
Scalable and
Interoperable
Ease of Deployment
and Management
Versatile, in-field
Encryption
Low Total Cost of
Ownership

More Related Content

Similar to CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e criptografia de comunicações em ambientes industriais

Industrial IoT and OT/IT Convergence
Industrial IoT and OT/IT ConvergenceIndustrial IoT and OT/IT Convergence
Industrial IoT and OT/IT Convergence
Michelle Holley
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
ArianeSpano
 
Prédictions 2021, étude Deloitte
Prédictions 2021, étude DeloittePrédictions 2021, étude Deloitte
Prédictions 2021, étude Deloitte
Paperjam_redaction
 

Similar to CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e criptografia de comunicações em ambientes industriais (20)

Data cloudasia2018 final
Data cloudasia2018 finalData cloudasia2018 final
Data cloudasia2018 final
 
Optical Encryption Market Competitive Research And Precise Outlook 2023 To 2030
Optical Encryption Market Competitive Research And Precise Outlook 2023 To 2030Optical Encryption Market Competitive Research And Precise Outlook 2023 To 2030
Optical Encryption Market Competitive Research And Precise Outlook 2023 To 2030
 
Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issues
 
Telecoms in a convergent world - Emerging issues
Telecoms in a convergent world - Emerging issuesTelecoms in a convergent world - Emerging issues
Telecoms in a convergent world - Emerging issues
 
What are the 5G network security issues?
What are the 5G network security issues?What are the 5G network security issues?
What are the 5G network security issues?
 
What are the 5G network security issues?
What are the 5G network security issues?What are the 5G network security issues?
What are the 5G network security issues?
 
What brings 2020 and beyond?
What brings 2020 and beyond?What brings 2020 and beyond?
What brings 2020 and beyond?
 
The Internet of Things - beyond the hype and towards ROI
The Internet of Things - beyond the hype and towards ROIThe Internet of Things - beyond the hype and towards ROI
The Internet of Things - beyond the hype and towards ROI
 
Evolution of Mobile Communication(1G-6G) and IoT
Evolution of Mobile Communication(1G-6G) and IoTEvolution of Mobile Communication(1G-6G) and IoT
Evolution of Mobile Communication(1G-6G) and IoT
 
Global IoT Technology and Digital transformation
Global IoT Technology and Digital transformationGlobal IoT Technology and Digital transformation
Global IoT Technology and Digital transformation
 
Top 10 digital trends for power and utilities
Top 10 digital trends for power and utilities Top 10 digital trends for power and utilities
Top 10 digital trends for power and utilities
 
Why IoT needs Fog Computing ?
Why IoT needs Fog Computing ?Why IoT needs Fog Computing ?
Why IoT needs Fog Computing ?
 
E-Toll Payment Using Azure Cloud
E-Toll Payment Using Azure CloudE-Toll Payment Using Azure Cloud
E-Toll Payment Using Azure Cloud
 
Effect of Mixing and Compaction Temperatures on the Indirect Tensile Strength...
Effect of Mixing and Compaction Temperatures on the Indirect Tensile Strength...Effect of Mixing and Compaction Temperatures on the Indirect Tensile Strength...
Effect of Mixing and Compaction Temperatures on the Indirect Tensile Strength...
 
A Wake-Up Call for IoT
A Wake-Up Call for IoT A Wake-Up Call for IoT
A Wake-Up Call for IoT
 
Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018
 
Industrial IoT and OT/IT Convergence
Industrial IoT and OT/IT ConvergenceIndustrial IoT and OT/IT Convergence
Industrial IoT and OT/IT Convergence
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
 
Prédictions 2021, étude Deloitte
Prédictions 2021, étude DeloittePrédictions 2021, étude Deloitte
Prédictions 2021, étude Deloitte
 
White Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked SocietyWhite Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked Society
 

More from TI Safe

More from TI Safe (20)

CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
 
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
 
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
 CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor... CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
 
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
 
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
 
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
 
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
 
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
 
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
 
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
 
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
 
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
 
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
 
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
 
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
 
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
Webinar cci    por que nao se deve contratar so cs de ti hibridos para proteg...Webinar cci    por que nao se deve contratar so cs de ti hibridos para proteg...
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
 
Retrospectiva
RetrospectivaRetrospectiva
Retrospectiva
 
Pacote TI Safe ONS Ready v1
Pacote TI Safe ONS Ready v1Pacote TI Safe ONS Ready v1
Pacote TI Safe ONS Ready v1
 
Palestra eb 02 07-19
Palestra eb 02 07-19Palestra eb 02 07-19
Palestra eb 02 07-19
 

Recently uploaded

Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
UK Journal
 

Recently uploaded (20)

ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024   Teams Premium - Pretty SecureECS 2024   Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 

CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e criptografia de comunicações em ambientes industriais

  • 2. 2 From the Bottom of the Oceans… to the Depths of Space & Cyberspace Over 80,000 employees 68 Countries Global presence 1bn € Self-funded R&D* *Does not include externally financed R&D Sales in 2019 19bn € € Digital Identity and Security Defence and Security Aerospace Space z Ground Transportation Thales Global Business Areas #1 Worldwide in data protection #1 Worldwide in air traffic management #2 Worldwide in civil satellite systems #2 Worldwide in rail signaling #2 Worldwide in inflight entertainment #3 Worldwide in commercial avionics #1 European provider of advanced sensors #1 Worldwide in safe & smart airport solutions
  • 3. 3 World Leader in Data Protection 130+ PARTNERS PARTNERSHIPS WITH LEADING PROVIDERS OF CLOUD COMPUTING, DIGITAL PAYMENTS AND MORE DATA PROTECTION FOR 21NATO COUNTRIES PROTECTION OF THE WORLD’S BANKING TRANSACTIONS 80% SECURITY FOR 19OF THE 20 LARGEST BANKS YEARS OF SECURING THE WORLD’S MOST SENSTIVE DATA DEEP EXPERTISE AND TRACK RECORD IN APPLIED CRYPTOGRAPHY 40+ SECURITY FOR 4OF THE 5 LARGEST ENERGY COMPANIES LONGSTANDING HISTORY OF INDUSTRY CERTIFICATIONS AND VALIDATION
  • 4. 4 Thales Group Open An Unrivalled Data Protection Portfolio for Encrypting Everything The Market Leading Data Encryption Products in Support of your Data Security Strategy payShield HSM Luna Network HSM Thales Cloud HSM On Demand #1 #1 #1 Payment HSMs General Purpose HSMs Cloud HSMs #1 Key Management #1Data Encryption Thales CN Series High-Speed Network Encryptors #1Network Encryption Thales CV1000 Virtual Encryptor CipherTrust Data Security Platform
  • 5. 5 The nextgenerationof critical infrastructure relies on innovation Technological innovation is driving the next generation of critical infrastructure, allowing enterprises to improve service, optimize operations, and ultimately deliver better value to stakeholders Analyze Optimize Deliver Analyze data in big data repositories and leverage artificial intelligence (AI) to power better decision making. Optimize operations by acting on insights quickly using all digital controls to manage distributed infrastructure such as “Smart Grids”. Deliver on commitments to customers with digital customer experience, better reliability, lower cost, and adoption of renewables. Gather Communicate Aggregate Gather valuable information through sensors, cameras, and drones throughout the infrastructure footprint. Communicate data in real time through IoT and other connected systems. Aggregate data in central management consoles to automate remote production or distribution facilities.
  • 6. 6 Utilities and energy industries advance digital transformation Critical infrastructure sectors, such as utilities and energy, are adopting new platforms and environments at a fast pace, transforming the capabilities of both their Information Technology (IT) and Operational Technology (OT) platforms. 1: ReportLinker.com: IoT in Utilities Market by Component, Application, Region - Global Forecast to 2024 2: Power-Technology.com: Big data and modelling data: Encoord on data in energy 3: ReportLinker.com: Global Artificial Intelligence (AI) in Energy Market: Focus on Product Type, Industry Applications, Funding – Analysis and Forecast, 2019-2024 4: DailyEnergyInsiderr.com: Utilities increasingly turn to cloud software, despite security concerns Spending on Internet ofThings (IoT) Big Data analytics Spending on Internet of Things (IoT) in the utilities sector is set to grow by 85% in five years, providing connectivity and a host of new possibilities to a widely distributed infrastructure.1 The Big Data analytics market in the energy sector is expected to grow 70% by 2026, allowing enterprises to gain insights faster for better decision making and competitive advantages.2 Artificial Intelligence (AI) Cloudadoption Artificial Intelligence (AI) usage in the energy industry is expected to grow 22.5% a year in the energy sector, helping increase efficiency and automate decentralized power generation.3 Cloud adoption by utilities has grown from 45% to 71% in just 3 years, helping advance customer experience, and address the needs of data management and processing.4 85% Growth in spending on IoT in 5 years 70% Increase in Big Data spending until 2026 22.5% CAGR of AI in the energy sector 71% Adoption of cloud by utilities
  • 7. Ransomwareattacks The averagecost ofcyberattacks Ransomware attacks hit 649 critical infrastructure entities in US alone according to the FBI, and 80% of critical infrastructure organizations experienced a ransomware attack in 2021.7 The average cost of cyber attacks in the energy sector reached US$4.65M according Ponemon Institute cost of data breach report. The largest share of the cost is composed of lost business and reputational damage.8 7 Hacker groups target weaknesses in critical global infrastructure The devastating cyberattack that derailed a pipeline operator for a week and impacted 45% of the U.S. East Coast’s fuel supply in 2020 was an eye opener for the broader public as to the vulnerability of the critical infrastructure sector. 5: World Economic Forum: Protecting critical infrastructure from a cyber pandemic 6: Skybox Security: Cybersecurity risk underestimated by operational technology organizations 7: FBI: Ransomware hit 649 critical infrastructure entities in 2021 8: IBM & Ponemon Institute: Cost of Data Breach Report Cyberattacks OperationalTechnology(OT) Cyber attacks on critical infrastructure organizations in the US alone have increased by 300% in 2021 according to the World Economic Forum.5 Operational Technology (OT) proved a major vulnerability for the critical infrastructure sector, with 83% of organizations suffering OT cybersecurity breaches in the last 36 months.6 300% increase in cyber attacks on critical US infrastructure in 2021 83% of critical infrastructure organizations suffered OT cybersecurity breaches 649 ransomware attacks in 2021 targeted critical infrastructure in the US $4.65m was the average cost of cyber attacks in the energy sector in 2021
  • 8. 8 Protectingtier 1 data across Hybrid IT for global energy provider Protecting high value data on-premises and in the cloud Challenge • A highly regulated global energy company with operations in multiple countries needed to protect high-value data across multiple platforms. • Even though the customer already had advanced security, it wanted the highest level of security for its most sensitive “tier 1” data to protect against not only external attacks, but also insider privilege abuse and government subpoenas. • The customer also needed to ensure no downtime when protecting production data. Solution • Thales CipherTrust Transparent Encryption was deployed to protect a wide variety of formats and data stores. • Granular controls allowed only specific data to be decrypted when needed by authorized users while keeping encrypted all other data, whether on-premises or in the cloud. • CipherTrust Live Data Transformation allowed the energy company to protect production data with minimum downtime. Results • Addressed Federal Energy Regulatory Commission (FERC) and GDPR regulatory requirements as well as global and regional mandates and standards. • Achieved protection in the cloud against subpoena or external and internal threats with Bring Your Own Encryption (BYOE) platform for multiple cloud instances. • Enabled the protection of live data without moving databases offline for critical with large and essential datasets, such as SAP Hana on premises and in the cloud. Case Study
  • 9. 9 Protect critical infrastructure communicationsfor major energy operator End-to-end high-speed encryption for critical data in motion during pandemic Challenge • A major UK energy operator needed to connect to other utilities via the National Grid Network. • Data within the network is of critical national importance and mandates stipulate that the highest levels of security be deployed. • High performance end-to-end encryption of data in motion was required to ensure data was secure. • Deployment had to be done remotely because of the start of the COVID 19 pandemic. Solution • Thales CN6010 High Speed Encryptors were deployed by the energy operator to protect sensitive data in motion between the energy utility and the National Grid Network. • The FIPS 140-2 Level 3 and Common Criteria CN6010 provided high speed communication with the highest levels of standards-based security. Results • Protected sensitive data communicated between the utility and the network and was able to immediately detect manipulated data packets and shut down compromised transmissions. • Improved overall resilience of energy infrastructure by delivering large volumes of data at high speed for analysis and action. • Achieved quick deployment by remotely designing, delivering, and deploying the solution within 3 months even with the COVID 19 pandemic in full swing. Case Study
  • 10. 10 10 Business Challenges Movement of Large Volumes of Sensitive Data Dedicated Layer 2 Network infrastructure Multi-site, hub and spoke topology Physical intrusion safeguards Prevent Data Corruption or Injection Compliance Obligation and Business Continuity
  • 11. 11 Secure High Speed Communications Ethernet Encryption Between Datacenters Challenge: • Securing the Smart Grid • Safety, traceability & Transparency is vital to business • Risk factors identified include wire tapping and data manipulation • Enable Data Security without compromising performance and data integrity
  • 12. 12 Thales High Speed Encryption Thales High Speed Encryption (HSE) protect data in motion across high-speed networks. Dedicated encryption devices offering maximum security without impacting on network or application performance. Features Efficiency • Excellent TCO through a mix of network bandwidth savings, ease of management and longevity • FPGA technology for maximum operational flexibility, including use of custom encryption and in-field upgradability Security • Certified FIPS 140-2 L3, CC, NATO, UC APL • True end-to-end, authenticated encryption • State-of-the-art encryption key management Performance • Operating anywhere from 10 Mbps or 100 Gbps • Zero/Low overhead • Microsecond latency Versatility • Supports any network topology • Flexible, centralized and remote management • Support for flexible encryption at Layer 2,3 & 4 Data-in-Motion Security without Compromise
  • 13. 13 CV1000 CN4000 Series CN6000 Series • 100 Mbps-1 Gbps Ethernet Encryptor • Certified, low-cost, high-performance • Small form factor ideal for remote locations • Hardened virtual encryption function • Ideal for Software Defined Networks (SDN) and Server-to-Server communications • 1 to 10 Gbps Ethernet Encryptor • Rack-mountable, fully redundant robust design • Ideal for private networks and datacenter interconnects CN9000 Series • Certified mulitpoint 100Gbps encryptors • Designed for next gen datacenters and core networks HSE Products at a Glance
  • 14. 14 HSE for traditional networks ▌Data Center to Data Center Lowest overhead – up to 100Gbps performance Maximum security ▌SCADA/CCTV/Edge Message Integrity Micro-Second Latency ▌Core Networks Supports full mesh and hub-and-spoke environments All products interoperate
  • 15. 15 HSE for next generation networks ▌SD-WAN vHSE supports uCPE and VNF environments Concurrent L2/3/4 Support ▌5G Max throughput and low latency VLAN based encryption for network slicing ▌Cloud VPC-to-VPC East West Traffic
  • 16. 16 Transport Independent Mode by Thales High Speed Encryption Allows to Enable Encryption at Different Network Layers. From Layer 2 up to Layer 4 POLICY TOPOLOGY DESTINATION Multi-layer Encryption Topology-based, Max Load Encryption Destination Defined LAYER 2 Data Link Layer LAYER 3 Network Layer LAYER 4 Transport Layer
  • 17. 17 17 Transport Independent Mode Benefits Retain traffic visibility even in the presence of encryption Simpler troubleshooting with tunnel free encryption Works on MPLS networks with Carrier/ISP managed CE routers. The flexibility to encrypt where it most makes sense
  • 18. 18 Crypto Agility – Control and future proof ▌User Control User establishes security policy Full control of keys; lifecycle management Bring your own – Curves, Entropy, AES Modifications Supports Zero Trust architecture ▌Field programmable Field updates w/o performance degradation Post-Quantum Crypto (PQC) Support ▌Separation of Duties Outperforms legacy solutions (i.e. IPSec and MACsec) Extends life of encryption solution and other network elements (routers/switches) Quantum Resistant Algorithms Choice of algorithms Support for customer curves and entropy Quantum-ready (compatible with QKD) Upgradable Ciphers Quantum Entropy sources Hybrid Quantum/Cl assical Certificates In-field programmable FPGA encryption engine
  • 19. 19 Live Testing – HSE hardware vs. IPsec hardware Measured Throughput (1427 Frame) Toronto to Quebec City through wired ENCQR 5G Transport Core
  • 20. 20 Packet Comparisons – IPsec vs. Thales HSE Thales AES-256 Encryption Over IP +28 Bytes IP Packet in Ethernet Frame IPsec ESP-AES-256 ESP-SHHA-HMAC +76 Bytes ORIGINAL UNSECURED PACKET ORIGINAL PACKET WITH IPSEC ORIGINAL PACKET with Thales HSE Encryption Difference between Original Packet and IPsec Diff between orig. & Thales DA SA S- tag E- Ty pe IP-Header UDP Header RTP Header UNENCRYPTED PAYLOAD FCS GCM AUTH DA SA S- tag E- Ty pe IP-Header UDP Header RTP Header ENCRYPTED PAYLOAD FCS SHIM Encrypted PAYLOAD DA SA S- tag E- Ty pe IP Tunnel Header ESP Header IP GRE Header IP-Header UDP Header RTP Header ENCRYPTED PAYLOAD FCS ESP Pad and Timer ICV ESP-AES IV Improved Performance & Better Security Common Transport Overhead Additional Security Overhead Data Payload
  • 21. 21 The Thales HSE Difference – Better Security, Better Performance IPSEC Thales HSE Data Rate through 1Gbps Link 255 Mbps 983 Mbps Average Network Efficiency 45% 93% Average Latency 4.0 MILLI seconds 40 MICRO seconds Average Jitter 15 Microseconds 0 FIPS Certification YES YES Common Criteria Certified YES YES AES 256 Algorithms YES YES Control over Key Material NO YES Quantum Safe NO YES Better Performance Better Security
  • 22. 22 22 Key Thales HSE Benefits Maximum Security Zero Impact on Network Performance Prevents Injection of Rogue Data Physical Intrusion Safeguards – Tamper Resistant Hardware Scalable and Interoperable Ease of Deployment and Management Versatile, in-field Encryption Low Total Cost of Ownership