Classification: Public

INDUSTRIAL CYBER SECURITY E INDUSTRIE4.0: OT DALLA FABBRICA CABLATA AI SISTEMI IN CLOUD

Enzo M. Tieghi – etieghi@servitecno.it

ServiTecno – www.servitecno.it

Classification: Public

TECNOLOGIA +

CONNECTIVITA’ =

EFFICIENZA

E VALORESiamo pronti per questa

“iper-connessione”?

Classification: PublicClassification: Public

I

IT BIGWHAT’S THE

DIFFERENCE?

O

OT

Classification: PublicClassification: Public

ITSecurity = al sicuro i dati

OTSecurity = proteggiamo critical assets

Persone

Ambiente

Assets/Impianti

RISCHIO e SAFETY

UPTIMEQualità e Performance

Classification: Public

IL CONTESTO E’ UNA SFIDA DIFFICILE…

ASPETTATIVE:

produrre sempre 24x7

Non si può sempre

controllare

l’ambiente ed il

contesto

Vulnerabilità e

Minacce non

facilmente identificabili,

e non vengono solo dai

“Sistemi”

Impatti: Qualsiasi

singolo incidente può

essere un intoppo per

l’intero impianto e la

produzione

Classification: PublicClassification: Public

INSPECTcommunications and commands

ENFORCEpolicy for all

processes

PROTECTcontrol systems

and assets

La soluzione ideale di Cyber Security Industriale ? Proteggere i CONTROL SYSTEMS

per proteggere i CRITICAL ASSETS

RESULTProtect critical assets

without disruption

Classification: PublicClassification: Public

INTERCONNECTIVITY

RISK

7

Classification: Public

Manufacturing

HealthcareClinical

Manufacturing

HealthcareClinical

ChemicalFood &

Beverage

Oil & Gas

Power

8

Classification: Public

Manufacturing

HealthcareClinical

Data Center

Manufacturing

HealthcareClinical

Chemical

Internet

Food &Beverage

ITNext GenFirewall

Real TimeService

Bus

Oil & Gas

Internet

Real TimeService

BusPower

Security Ops Center

Technicians Vendors

OutageMgmnt

HeaderBox

EnterpriseServices

Business Units

9

IT Priorities

1. Confidentiality

2. Integrity

3. Availability

Classification: Public

Manufacturing

HealthcareClinical

Data Center

OEM

Back Door

Switch

PLC

Manufacturing

HealthcareClinical

Chemical

Internet

Pump

Food &Beverage

ITNext GenFirewall

SCADA

Real TimeService

Bus

3rd Party

Oil & Gas

ITNext GenFirewall

Internet

SwitchSwitch

Switch

Switch

Controller

Controller

Controller

Real TimeService

BusPower

LoopSwitch

To: Business Enterprise Services

Security Ops Center

Technicians Vendors

OutageMgmnt

HeaderBox

Data CoreSwitch

Microwave

Modem

Microwave

Modem

Wind Control Engineering Work

Stations

Network #2Protection Network

Network #1

Substation

ProtectionRelay

Synchro-Phasor

EnterpriseServices

Business Units

LoopSwitch

LoopSwitch

10

Switch

PLC

SCADA

ITNext GenFirewall

LoopSwitch

Data CoreSwitch

LoopSwitch

LoopSwitch

OT Priorities

1. Availability

2. Integrity

3. Confidentiality

IT Priorities

1. Confidentiality

2. Integrity

3. Availability

Classification: Public

Manufacturing

HealthcareClinical

Data Center

OEM

Back Door

Switch

PLC

Manufacturing

HealthcareClinical

Chemical

Internet

Pump

Food &Beverage

ITNext GenFirewall

SCADA

Real TimeService

Bus

3rd Party

Oil & Gas

ITNext GenFirewall

Internet

SwitchSwitch

Switch

Switch

Controller

Controller

Controller

Real TimeService

BusPower

LoopSwitch

To: Business Enterprise Services

Security Ops Center

Technicians Vendors

OutageMgmnt

HeaderBox

Data CoreSwitch

Microwave

Modem

Microwave

Modem

Wind Control Engineering Work

Stations

Network #2Protection Network

Network #1

Substation

ProtectionRelay

Synchro-Phasor

EnterpriseServices

Business Units

LoopSwitch

LoopSwitch

11

OpShield

OpShield

OpShield

OpShield

OpShield

OpShield OpShield

OpShield

OpShield

Acknowledge / Clear

Automatic

YawCCW

Status

Local Control

Brake

IT Data

Unidentified OT Command

LEGEND

[OpShield IdentifiedOT Command]

Suspicious OT Command

Classification: PublicClassification: Public

ATTACK SURFACE

Enterprise Network

Internet

ITProteggere i dati

OTProteggere critical assets

Primary control center

SCADA Network

Remote stations

DCS Local production

DMZ

Classification: Public

“Wow, I didn’t realize that all

these things were talking on

the network. Why is CRM3

constantly pinging S1?”Scott, Technician

“Activating the white list is

going to give them a lot

more security.”

David, 3rd party Auditor

“We can’t believe how painless

that was.”

VP Engineering

“What are all those IP

addresses and what are

they doing on my network?”

Lead IEC Engineer

“Can you quote us 20 more

sites?”

David, 3rd party Auditor

PLUG IT IN TODAY.SLEEP WELL TONIGHT.

Classification: Public

WURLDTECH ACHILLES TEST

Achilles Test Platform• Monitor key operating parameters

• Network parameters

• Operational parameters

• Characterize device faults

• Drive repeatable results

Achilles Test Software• Has capabilities similar to ATP

• Enables easy provisioning to developers via VMs

• Enables testing earlier in the product life cycle for time and money savings

Page 14

Classification: Public

SECURED.

OPERATIONS

AND PRODUCTION.

Wurldtech Security Technologies Inc. reserves the right to make changes in specifications and

features, or discontinue the product or service described at any time, without notice or obligation.

These materials do not constitute a representation, warranty or documentation regarding the product

or service featured. Illustrations are provided for informational purposes, and your configuration may

differ.

This information does not constitute legal, financial, coding, or regulatory advice in connection with

your use of the product or service. Please consult your professional advisors for any such advice.

Wurldtech is a trademark of General Electric Company. Other trademarks and logos are the property

of their respective owners.

Copyright © 2016 Wurldtech Security Technologies Inc. All rights reserved.

Classification: PublicClassification: PublicEnzo M. Tieghi – etieghi@servitecno.it

ServiTecno – www.servitecno.it