Security for Industry 4 -...
Transcript of Security for Industry 4 -...
Security for Industry 4.0T d Ch ll O t itiTrends -- Challenges -- OpportunitiesDr. Wolfgang Klasen, Siemens Corporate Technology and Member of the German Platform Industry 4.0
siemens.com/innovationUnrestricted © Siemens AG 2016
Increasing intelligence and open communication drive security requirements in various industrial environments
Process Automation Factory Automation Urban Infrastructures
Building Automation Energy Automation Mobility Systems
Unrestricted © Siemens AG 2016
June 2016Page 2 Dr. Wolfgang Klasen
Our industrial society confesses a growing demand for IT-Security
IT Security trends are determined by drivers such as‒ Industry infrastructures changes (Digitalization)‒ More networked embedded systems‒ Increasing device-to-device communication‒ Need to manage intellectual propertyAndAnd‒ Increasing international organized crime ‒ Privacy‒ Compliance enforcement p‒ Cyber war fare ‒ Cloud/Virtualization‒ PDAs, Smart Mobiles
Unrestricted © Siemens AG 2016
June 2016Page 3 Dr. Wolfgang Klasen
‒ Social Networks / data mining concepts‒ ….
Productivity, speed and flexibility remain the biggest challenges for production industries …
Increased competitiveness
SpeedProductivity FlexibilityQuality
Shorter innovation cycles for ever more
complex products
Speed
Energy efficiencyand resource
efficiency are critical
Productivity
Individualizedmass productionin increasingly
Flexibility
Closed-loop control and comprehensive traceability become
Quality
… but the focal points of these requirements are changing in the wake of digitalization
complex productsefficiency are critical competitive factors
in increasingly volatile markets
traceability become quality characteristics
Unrestricted © Siemens AG 2016
June 2016Page 4 Dr. Wolfgang Klasen
… but the focal points of these requirements are changing in the wake of digitalization
Digitalization meets industry: The German concept of “Industrie 4.0” –Seamlessly connecting and improving all steps along the plant lifecycle
Product Design Process and Pl t D i
Engineering andC i i i Operation Service
“Industrie 4.0”M i h l l i h i di i l i
g Plant Design Commissioning p
Merging the real plant with its digital twin – consistent data on all levels and throughout all life cycle phases by integrating engineering software and
Low CAPEX optimal OPEX
g g g gplant automation
Unrestricted © Siemens AG 2016
June 2016Page 5 Dr. Wolfgang Klasen
Low CAPEX, optimal OPEX
The Internet is revolutionizing the business world andcreates major challenges and opportunities for manufacturing companies
• Customers are increasingly able to g ytell their manufacturers directly via the net, what exactly they want and when
• Formerly isolated processes are getting connected throughconnected through internet based services influencing B2C and B2B
Unrestricted © Siemens AG 2016
June 2016Page 6 Dr. Wolfgang Klasen
Cyber Physical Systems include physical and digital representation
• software / HW • mechanical devices
Cyber-Physisches System (CPS)
• geographical information• identities
Contains all information on:
• mechanical devices• electronics• automation, HMI• safety, security
i tphysical production di it l d l
• identities• status information• release information• interfaces
+
The digital twin will be updated and maintained across the entire life cycle
• maintenancephysical production digital model • …
iproduction production
Unrestricted © Siemens AG 2016
June 2016Page 7 Dr. Wolfgang Klasen
servicesproductionproduction planningdesign production
engineering
Security within Industry 4.0:Security by design & security by default
Security by design as a superior principle Subsequent enrichment of systems is not sufficient. Security measures have to be integrated (up to application level)
Adaptive security architectures Agile security profiles have to be adaptable in a dynamic way.
Security measures have to be integrated (up to application level).
Security for the digital model Security for the physical instance, its digital twin and their
Fast configuration must include security.
Prevention and reaction are still needed Security will remain moving target There will be no final
Security for the physical instance, its digital twin and theirinteractions must take place in a concerted way.
Unrestricted © Siemens AG 2016
June 2016Page 8 Dr. Wolfgang Klasen
Security will remain moving target. There will be no finalI4.0 security solution without a need for further measures.
The Future of Industry: Security for Industry 4.0 – (some) constraints and requirements
Authentication and Secure Identities for Devices
Unforgeable identities and trust anchors are needed. Keys respectively security credentials must be bound to the device. y p y y
B2B vs. B2C communication
Individual and short-term consideration of customer requests(“batch-size 1”) need enhanced security
IT Security as enabler of business models
Digitalization of business processes often mandate additionalmeasures regarding IT security. Ease of use and plug & operate
i i i f h f iare important pre-requisites for the acceptance of security measures.
Standardization enables secure infrastructures
Security requires standardized specifications of interfaces and protocols to support requirements and to negotiate and operate security
Unrestricted © Siemens AG 2016
June 2016Page 9 Dr. Wolfgang Klasen
protocols to support requirements and to negotiate and operate securityprofiles (security semantics) between different domains.
Different factors are driving the research demand for IT Security
E ample E amplesE amples
New Functionality Quality of SecuritySecurity Use Case
Example• Device connectivity, IP to the field• Connectivity of devices and systems to
public networks• Data analytics predictive maintenance
Examples• Robust • Easy to use• Long term security
Examples• Know-how protection• Industry 4.0 scenarios, IoT,…• Discovering new/additional threats
Data analytics, predictive maintenance• 5G
Unrestricted © Siemens AG 2016
June 2016Page 10 Dr. Wolfgang Klasen
German National Funded Project: IUNO
Basis of the project are four I4.0 application scenarios:
Trust in Industry 4.0 requires adequate security measures
• Customer individual production• Technology market place• Remote access and trusted partners• Remote access and trusted partners• Visual security control center for production
IUNO follows the security-by-design principle to consider i t it f th li ti i f thappropriate security measures for the application scenarios from the
beginning (threat and risk assessment) until the end (evaluation of integrated security measures).Project result will be transferred to small and medium enterprises.
Unrestricted © Siemens AG 2016
June 2016Page 11 Dr. Wolfgang Klasen
Setting standards requires engagement of all stake holders
Security standards need global acceptance Examples of organizations issuing security standards or guidelines
• Increasing need to protect intellectual property and business cases with globally defined and accepted quality
Global Europe Germany
EG2 SGIS/M490
accepted quality• Specific standards and guidelines
regarding security and privacy are getting established
Regulatory: g yFDA, NERC CIP, CFATS, CPNI, KRITIS
Standards relevant for secure automation: ISA 99 IEC 62443 HIS SAE J
Unrestricted © Siemens AG 2016
June 2016Page 12 Dr. Wolfgang Klasen
ISA 99, IEC 62443, HIS, SAE J 3061, …
Industrial SecurityEnhanced Defense in Depth will be Based on IEC 62443
Control of the physicalaccess to plants or critical
+ Security management processes and
+• Intelligent physical access to buildings and l t
+ •Self learning security management processes
+
infrastructures technical measures
N t k t ti +
plants•Self synchronizing access control
g p•Dynamic threat analysis and adaption
D i fl iblPlant security
Network segmentation with zones and conduits
+•Dynamic, flexible network architectures
•Permanent monitoring of networks and communications
++ Network security
System integrity
System integrity with integrated security f ti
+Security Services forthe protection of the plant d i th h l lif l
+ Unambiguous andsecure integrity of products, processes and
+Protection and proof of the integrity of the overall system during the hole
+
CPS
Unrestricted © Siemens AG 2016
June 2016Page 13 Dr. Wolfgang Klasen
functionsduring the hole lifecycle p , pmachines
y glifecycle
Questions and answerssiemens.com/innovationUnrestricted © Siemens AG 2016