2016 imawmf tieghi_security_ ics_r
-
Upload
enzo-m-tieghi -
Category
Internet
-
view
123 -
download
0
Transcript of 2016 imawmf tieghi_security_ ics_r
![Page 1: 2016 imawmf tieghi_security_ ics_r](https://reader031.fdocuments.in/reader031/viewer/2022030318/58f21a491a28ab333b8b456b/html5/thumbnails/1.jpg)
Security and Network Protection are difficult challenges for Industrial Internet and for Industrial Internet Of Things (IIOT)Enzo M. Tieghi [email protected]
![Page 2: 2016 imawmf tieghi_security_ ics_r](https://reader031.fdocuments.in/reader031/viewer/2022030318/58f21a491a28ab333b8b456b/html5/thumbnails/2.jpg)
Is still possible to define a perimeter?ICT Security & Control System Protection: where?
![Page 3: 2016 imawmf tieghi_security_ ics_r](https://reader031.fdocuments.in/reader031/viewer/2022030318/58f21a491a28ab333b8b456b/html5/thumbnails/3.jpg)
3
ANSI/ISA95 Functional Hierarchy www.isa.org
Level 4
Level 1
Level 2
Level 3
Business Planning & Logistics
Plant Production Scheduling,Operational Management, etc
Manufacturing Operations Management
Dispatching Production, Detailed ProductionScheduling, Reliability Assurance, ...
BatchControl
DiscreteControl
ContinuousControl
1 - Sensing the production process, manipulating the production process
2 - Monitoring, supervisory control and automated control of the production process
3 - Work flow / recipe control to produce the desired end products. Maintaining records and optimizing the production process.
Time FrameDays, Shifts, hours, minutes, seconds
4 - Establishing the basic plant schedule -production, material use, delivery, and shipping. Determining inventory levels.
Time FrameMonths, weeks, days
Level 0 0 - The actual production process
Level 4
Level 1
Level 2
Level 3
Business Planning & Logistics
Plant Production Scheduling,Operational Management, etc
Manufacturing Operations Management
Dispatching Production, Detailed ProductionScheduling, Reliability Assurance, ...
BatchControl
DiscreteControl
ContinuousControl
1 - Sensing the production process, manipulating the production process
2 - Monitoring, supervisory control and automated control of the production process
3 - Work flow / recipe control to produce the desired end products. Maintaining records and optimizing the production process.
Time FrameDays, Shifts, hours, minutes, seconds
4 - Establishing the basic plant schedule -production, material use, delivery, and shipping. Determining inventory levels.
Time FrameMonths, weeks, days
Level 0 0 - The actual production process
![Page 4: 2016 imawmf tieghi_security_ ics_r](https://reader031.fdocuments.in/reader031/viewer/2022030318/58f21a491a28ab333b8b456b/html5/thumbnails/4.jpg)
Say no to ”flat networks” with:Seg/Seg:
Segment+ Segregate=Secure?
![Page 5: 2016 imawmf tieghi_security_ ics_r](https://reader031.fdocuments.in/reader031/viewer/2022030318/58f21a491a28ab333b8b456b/html5/thumbnails/5.jpg)
Follow the Zones & Conduits model (according to ISA99/IEC62443)
DataServer
File/PrintServer
App.Server
WorkstationLaptop computer
Router
Plant A Zone
Controller Controller
I/O I/O
App.Server
DataServer
Maint.Server
Plant A Control ZoneFirewall
DataServer
File/PrintServer
App.Server
WorkstationLaptop computer
Router
Plant B Zone
DataServer
File/PrintServer
App.Server
WorkstationLaptop computer
Router
Plant C Zone
MainframeWorkstationLaptop computer Server Server
Enterprise Zone
Firewall
Enterprise Conduit
Plant Control Conduit
Controller Controller
I/O I/O
App.Server
DataServer
Maint.Server
Plant B Control ZoneFirewall
Firewall
Plant Control Conduit
Controller Controller
I/O I/O
App.Server
DataServer
Maint.Server
Plant C Control ZoneFirewall
Firewall
Plant Control Conduit
![Page 6: 2016 imawmf tieghi_security_ ics_r](https://reader031.fdocuments.in/reader031/viewer/2022030318/58f21a491a28ab333b8b456b/html5/thumbnails/6.jpg)
Here is an example taken from tech literature
Enterprise Control Network
Manufacturing Operations
Network
Perimeter Control Network
Control System
Network
Process Control Network
Source: Siemens
![Page 7: 2016 imawmf tieghi_security_ ics_r](https://reader031.fdocuments.in/reader031/viewer/2022030318/58f21a491a28ab333b8b456b/html5/thumbnails/7.jpg)
Zone & Conduits with Firewalls protection (multilayered defence)
Corporate Firewall
Industrial Firewall
Source: Byres - Tofino
![Page 8: 2016 imawmf tieghi_security_ ics_r](https://reader031.fdocuments.in/reader031/viewer/2022030318/58f21a491a28ab333b8b456b/html5/thumbnails/8.jpg)
Process plant with remote connection
8
![Page 9: 2016 imawmf tieghi_security_ ics_r](https://reader031.fdocuments.in/reader031/viewer/2022030318/58f21a491a28ab333b8b456b/html5/thumbnails/9.jpg)
Local Network protection (batch production)
9
![Page 10: 2016 imawmf tieghi_security_ ics_r](https://reader031.fdocuments.in/reader031/viewer/2022030318/58f21a491a28ab333b8b456b/html5/thumbnails/10.jpg)
Wired vs Wi-Fi
![Page 11: 2016 imawmf tieghi_security_ ics_r](https://reader031.fdocuments.in/reader031/viewer/2022030318/58f21a491a28ab333b8b456b/html5/thumbnails/11.jpg)
Il wireless arriva in fabbrica
Smart Control Systems
Smart Analytical
Smart FinalControl
Smart AssetOptimization
Smart Safety
Smart Measurement
Smart MachineryHealth
Smart Wireless
11
![Page 12: 2016 imawmf tieghi_security_ ics_r](https://reader031.fdocuments.in/reader031/viewer/2022030318/58f21a491a28ab333b8b456b/html5/thumbnails/12.jpg)
SCADAServer
Client Scada-Historian-KPI
1
3
4
67
Mobile BI- KPI/ Allarmi
RTU onAPNPrivate/Public
2
5
Datacenter/HistorianServer
KPI/ALM Server
CLOUD, MOBILE, BYOD….
![Page 13: 2016 imawmf tieghi_security_ ics_r](https://reader031.fdocuments.in/reader031/viewer/2022030318/58f21a491a28ab333b8b456b/html5/thumbnails/13.jpg)