IT SECURITY IN CONTEXT OF INDUSTRIE 4.0 ... 1_ 1000-1050_ Dr...Technology Data –Market Place...
Transcript of IT SECURITY IN CONTEXT OF INDUSTRIE 4.0 ... 1_ 1000-1050_ Dr...Technology Data –Market Place...
© Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS
IT SECURITY IN CONTEXT OF INDUSTRIE 4.0 –PROTECTION OF PRODUCTION DATA
IUNOGermany’s National reference project for IT‐Security in Industrie 4.0
© Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS
AGENDA
Fraunhofer SIT
Industrie 4.0
State‐of‐the‐art
IUNO – BMWI Project
Research & Solutions
Expertise & Competences
© Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS
FRAUNHOFER INSTITUTE FOR SECURE INFORMATION TECHNOLOGY
© Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS
FRAUNHOFER INSTITUTE FOR SECURE INFORMATION TECHNOLOGY
© Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS
FRAUNHOFER INSTITUTE FOR SECURE INFORMATION TECHNOLOGY
Prof. Dr. Michael Backes
Center for IT‐Security, Privacy and Accountability (CISPA)
Kompetenzzentrum für angewandte Sicherheitstechnologie
Center for Research in Security and Privacy
Prof. Dr. Michael WaidnerProf. Dr. Jörn Müller‐Quade
© Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS
Idea
Order
Development
Realisation
Provision
Maintenance
Recycling
© Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS
© Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS
The Three Layers of I4.0
CommunicationIntegration InformationIdentity
Identity
Place
PathCondtion
History
CloudBig Data
CPS
Collection
Construktion
Orchestration
Organisation
Operation
Machine 2020 Projekt, http://maschine2020.com/
© Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS
Series 1 Product
Competitive Cost Models
On Customer Demand
Optimized Co2 Footprint
Agile Market‐Respond
Ergonomic Use
Technology Oriented
Individual Unique Product
© Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS
IT‐Security for Industrie 4.0
© Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS
Relevant
German Steal MillMassive damage Manipulation of control‐systems
Bitkom StudyStudy over 2 year duration51% victims of industrial espionage 51 MEUR damage p.a.52% MA
All production sites equipped with industrial firewalling, anti‐virus systems, etc.
IT‐Security for Industrie 4.0
© Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS
INS2014 / ENISA-Study Protecting Industrial Control Systems, 2011 – European IT-Security Maturity
IT‐Security for Industrie 4.0
© Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS
• Executive Summary (40 Pages)• Summary of all significant results • Matrix of the most important recommendations
• Full Document (254 Pages)• Management Summary• Detailed analysis of use cases • Reference model• Comprehensive matrix of all recommendation
BMWI‐Study „IT‐Security for Industrie 4.0“ Production, Products, Services of Tomorrow as a part of globalised value chains
IUNONational Reference ProjektIT-Security for Industrie 4.0
Dr. Thorsten HenkelFraunhofer SIT - Industrial Security SolutionsDarmstadt, 15.02.2016
IUNO combines the German expertise inIT-Security and Industrie 4.0
Software Innovations GmbH
Use Cases
National Reference Implementation
Project‐ & Knowledge Management
Advisory Board (BSI, Industry, Research, Associations)
Request Analysis
Models and Specification
Tool Box
Individual Production
Technology Data – Market Place
Web‐based Remote Control
Visual Security‐Dashboard
Secure Processes
Secure Data
Secure Services
Secure Interaction
IUNO develops IT‐Security for Industrie 4.0
Basics MethodologyDevelopment
Industrial Usage
Security by Design forIndustrie 4.0
Secure Framework
IT‐Security‐Reference Architecture
Hardware‐orientedSecurity
Encryption for I4.0 Architectures
Evaluation of Methods
Feedback of Results
Individual Production
Technology Data – Market Place
Web‐based Remote Control
Visual Security‐Dashboard
Secure Processes
Secure Data
Secure Services
Secure Interaction
Industrial Usage
Evaluation of Methods
Feedback of Results
Solutions
Digital Identities for Productions Systems
Pirate Protection
Secure Patch‐Management of Industrial Production Sites
Secure Autonomous Configuration of CPPS
Individual Production
Technology Data – Market Place
Web‐based Remote Control
Visual Security‐Dashboard
Secure Processes
Secure Data
Secure Services
Secure Interaction
IUNO develops IT‐Security for Industrie 4.0
Industrial Usage
Evaluation of Methods
Feedback of Results
Solutions
Product‐oriented Data Usage Control
Authentication in Real Time Environments
Secure Transmission
Digital Rights Management Production
Individual Production
Technology Data – Market Place
Web‐based Remote Control
Visual Security‐Dashboard
Secure Processes
Secure Data
Secure Services
Secure Interaction
IUNO develops IT‐Security for Industrie 4.0
Industrial Usage
Evaluation of Methods
Feedback of Results
Solutions
Identity Management and Remote Control
Production‐Public Key Infrastructure
Secure Ad‐Hoc Networks of CPS
Trusted Computing Standards for
Embedded Systems
Individual Production
Technology Data – Market Place
Web‐based Remote Control
Visual Security‐Dashboard
Secure Processes
Secure Data
Secure Services
Secure Interaction
IUNO develops IT‐Security for Industrie 4.0
Industrial Usage
Evaluation of Methods
Feedback of Results
Solutions
Trust Management & Boundaries for I4.0
Secure Hardware for Production Systems
Anomaly Notification in Production Systems
Secure Usage of mobile Systems and Data Storages
Individual Production
Technology Data – Market Place
Web‐based Remote Control
Visual Security‐Dashboard
Secure Processes
Secure Data
Secure Services
Secure Interaction
IUNO develops IT‐Security for Industrie 4.0
IT‐Security for Industrie 4.0Hannover Fair 2015 – Industrial‐Rights‐Management Prototype
IT‐Security for Industrie 4.0Hannover Fair 2015 – Industrial‐Rights‐Management Prototype
Deployment of a PKI Infra structure Encryption on CAD premise site
Decryption on printer site
Limitation of printed objects
Printing on dedicated printers
Full data and IP control
IT‐Security for Industrie 4.0German IT‐Summit 2015 – Berlin TPM Trusted Core Network Prototype
Distributed Health‐Checks inIndustrial Networks Peer‐to‐Peer mutual attestation
Distributed Security‐Checks
Early Warning System
IT‐Security for Industrie 4.0
IT‐Security for Industrie 4.0IUNO – Pirate & Machine Integrity Protection
IT‐Security for Industrie 4.0IUNO – Pirate & Machine Integrity Protection
Integrity Check of Industrial Production Systems
All Components have to prove their authenticity
Provision of cryptographic Identities for all compartments of a machine
Usage of BSI‐certified cryptographic algorithms
IT‐Security for Industrie 4.0IUNO – Production Line Information Management Approach
IT‐Security for Industrie 4.0
Continuously tracking and tracing Collection of field bus data
Pattern analysis and evaluation
Identification of IT‐Security Issues
Localisation of problems
Planned as a Cloud Service
IUNO – Production Line Information Management Approach
IT‐Security for Industrie 4.0IUNO – Remote Maintenance / Managed Machine Service
IT‐Security for Industrie 4.0IUNO – Remote Maintenance / Managed Machine Service
IT‐Security for Industrie 4.0IUNO – Technology Data Market Place
Quelle: H-P Bock, Trumpf
PurchaserOrder
OperatorCutting Grinding Bending Welding
Raw material supplierPlate Pipe Operating Tools/
supplies instruments
Machine manufacturer
Technology data
Marketplace
Technology data
Further participantsin the market
Technology data
Technology data
Delivery incl. Basic amount oftechnology data(singular)
IT‐Security for Industrie 4.0IUNO – Technology Data Market Place
Quelle: H-P Bock, Trumpf
PurchaserOrder
OperatorCutting Grinding Bending Welding
Raw material supplierPlate Pipe Operating Tools/
supplies instruments
Machine manufacturer
Technology data
Marketplace
Technology data
Further participantsin the market
Technology data
Technology data
Delivery incl. Basic amount oftechnology data(singular)
Machine operator Marketplace operator
IT‐Security for Industrie 4.0IUNO – Industrial Security Policy Development
IT‐Security Protection Goals
Data‐ Confidentiality
Data‐ Authenticity
Data‐ Integrity
Data‐ Availability
IT‐Security for Industrie 4.0IUNO – Industrial Security Policy Development
IT‐Security for Industrie 4.0IUNO – Industrial Security Policy Development
IT‐Security for Industrie 4.0IUNO – Industrial Security Policy Development – Microsoft SDL
IT‐Security for Industrie 4.0IUNO – Industrial Security Policy Development ‐ TRIKE
IT‐Security for Industrie 4.0IUNO – Industrial Security Policy Development ‐ CORAS
IT‐Security for Industrie 4.0IUNO – Industrial Security Policy Development – Model Based Approaches
IT‐Security for Industrie 4.0IUNO – Industrial Security Policy Development – Catalogue Based Approaches
IT‐Security for Industrie 4.0Empiric Evaluation
3 Analysists (1,3,8 years experience)
Effort 1 Day/Project
Over 30 Threats / Analyst
More than 70 Threats
Intersection 2
IT‐Security for Industrie 4.0IUNO – Industrial Security Policy Development
Method
Criteria Definition of Models
Usability Abstraction
Capability
Aggregation
Capability
Re-Usability Tool Support Formal (F) /
Open (O)
Integration
Capability
Trike + + n/a n/a + F
Attack
Trees n/a n/a n/a n/a n/a n/a n/a
CORAS o o n/a - + F/O +
PASTA n/a n/a n/a n/a n/a n/a n/a
MoRA n/a n/a n/a n/a n/a n/a n/a
SecureUM
L
n/a n/a n/a n/a n/a n/a n/a
UMLsec n/a n/a n/a n/a n/a n/a n/a
Misuse
Cases n/a n/a n/a n/a n/a n/a n/a
SDL n/a n/a n/a n/a n/a n/a n/a
VDI 2182 n/a n/a n/a n/a n/a n/a n/a
ISO/IEC
62443
n/a n/a n/a n/a n/a n/a n/a
CC n/a n/a n/a n/a n/a n/a n/a
FMEA n/a n/a n/a n/a n/a n/a n/a
IT‐Security for Industrie 4.0IUNO – Industrial Security Policy Development
IT‐Security for Industrie 4.0IUNO – Industrial Security Policy Development
IUNO Three Step Threat Modeling Approach Information Collection,
Identification of components, technical functions, specifications, data, interfaces and surrounding infra structure
Protection Goal Description,Development of attack classes, realization of a value catalogue, identification of protection goals
Threat Analysis,Systematic identification of threats and development of e threat catalogue
© Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS
FRAUNHOFER INSTITUTE FOR SECURE INFORMATION TECHNOLOGYExpertise & Competences
Method Competences
Analysis and Evaluation of Industrial Security Concepts
Testing of Regulation and Control Systems
Development and Evaluation of Apps
Development of Information Security Concepts
Secure Engineering Methods for Regulation and Control Systems Software Engineering
Technology Competences
Development of Technologies for Product‐ and Pirate Protection
Development of Technologies for secure Identification of components and efficient Key Management
Development of Technologies for distributed Security‐Monitoring of Components
Development of Secure Engineering Test‐tools
© Fraunhofer SIT 2016 Dr. Th. Henkel SIT/ISS
FRAUNHOFER INSTITUTE FOR SECURE INFORMATION TECHNOLOGY
Fraunhofer‐Institute forSecure Information Technology
Rheinstraße 7564295 Darmstadt, Germany
www.fraunhofer.de www.sit.fraunhofer.de
Dr. Thorsten [email protected]