WIXLIB

Industrial and OTCybersecurity in the digitalTransformationTÜV Rheinland Group

ReferentWOLFGANG KIENERBusiness Development ManagerTÜV Rheinland i-sec icherheit in der digitalen Transformation

Topics1TÜV Rheinland. Another Industrial Revolution?2What is Digital Transformation?3What is Business Transformation?4Industrial and OT Cybersecurity in the Digital Transformation.5Why OT Threat Detection and Response is paramount?326.02.2018Cybersicherheit in der digitalen Transformation

TÜV Rheinland. Another Industrial Revolution?Protecting society since 1872 2.3 BillionPrivately Held144 Years Old500 Locations69 Countries19,320 people!4Industry 1.0Industry 2.0Industry 3.0Industry 4.0MechanicalProductionMass Production& ElectricityElectronic &IT SystemsCyber-physical Systems,Social, Mobile, Analytics, CloudThe 4th Industrial Revolution will be defined by the use of “cyber-physical” systems.26.02.2018Cybersicherheit in der digitalen Transformation

TÜV Rheinland. Another Industrial Revolution?From a simple Product to Cyber Physical Systems and IoT.ProductsMechanical & Software components are not deeply intertwinedNot connected and “zero” intelligenceCyber Physical Systems (CPS)Internet of Things (IoT)Combination of mechanical andsoftware componentsConnected System (wired or wireless)Intelligent embedded SystemCONFIDENTIALITY526.02.2018Cybersicherheit in der digitalen TransformationCombination of mechanicaland software componentsNetwork of physical devices, vehicles, Intelligent embedded SystemCollect and exchange information

TÜV Rheinland. Another Industrial Revolution?Cybersecurity as a baseline for safety and privacySafetyCybersecurityProtection of the environmentagainst the IoT product.Protection of the IoT productagainst cybercriminals.PrivacyEnsuring the informational self-determination of theend customer and protection of customer’s data.!6Our business is highly affected by the dependencies between Safety, Cybersecurity and Privacy.26.02.2018Cybersicherheit in der digitalen Transformation

What is Digital Transformation?It goes beyond Industry formationLiving ChangesRegulationsUtilisationExpectationsDigital gital InfrastructureDigital Business ModelsDigital Value ChainChangeUse7UseDigital ceNation StateNew PossibilitiesEcological ChangesCybersicherheit in der digitalen TransformationRegulationsWork4.0

What is Business Transformation?Business Transformation requires Digital titiveAdvantageBlockChainIoTIncreaseMarket ShareBYODReduceCostsAICloudDev Ops!8Big DataSocial MediaDRIVERS OR REQUIREDNew Technology& InnovationContinuesChangeNew customersand interactionDigitalProcessesOrganisationalChangeNew partnersand interactionDataDrivenWay ofWorkingCulturalChangeDigital Transformation means most of all continues change, now and in future.26.02.2018Cybersicherheit in der digitalen Transformation

Cybersecurity in Digital TransformationWhat do car brakes and cybersecurity have in common?Why do we need car brakes?Why do we need ABS, ESP, EBD, ?!BUSINESS ENABLERCybersecurity is not just about cost and riskCybersecurity is more than a compulsory programCybersecurity increases efficiency and productivityCybersecurity supports the enterprise objectives!9BUSINESS INNOVATORCybersecurity requires shifting to be business drivenCybersecurity can be more than a business enablerInnovate cyber security culture enables faster growthSupport and adapt new technologies e.g. block chainCybersecurity experts need to think about how to securely grow the business– a cultural change is required.26.02.2018Cybersicherheit in der digitalen Transformation

Cybersecurity in Digital TransformationCybersecurity requires to be business drivenSAFETY, RELIABILITY AND PRIVACY: DIGITAL SECURITY IMPERATIVESThe New Modelfor Digital vailabilityReliabilitySource: Gartner Security & Risk Management Summit: “Tutorial: Gartner Essentials: Top Cybersecurity Trends for 2016 – 2017”; Earl Perkins, 12 – 13 Sept. 20161026.02.2018Cybersicherheit in der digitalen TransformationPeopleEnvironments

Key Domains in Industrial and OT SecurityIt is more than network segmentation and secure maintenance accessINDUSTRIAL AND OT SECURITY REQUIRES TO BE BUSINESS DRIVENRiskManagementOrganizationTraining and AwarenessWireless rocurementProceduresRecovery Plan (BCM)Segmentation and ZonesWhitelistingInventory OverviewProduct rivacySoftware SecurityApplication Security11Physical Security26.02.2018Cybersicherheit in der digitalen TransformationHardeningSupplier SecurityCloud SecurityThreat Detectionand ResponseMaintenance Access

Key Domains in Industrial and OT SecurityKey challenges we see at almost every manufacturerBusiness demand is increasing, hardly to resist – we should not resist.Convergence in OT and IT requires a cultural change in every organisation.Overarching and integrated RISK and ISMS management.Update to date inventory for a better understanding about residual risks.Managing identities: machines, products, partners, customers, .OT threat detection and response is paramount.1226.02.2018Cybersicherheit in der digitalen Transformation

Vulnerabilities and attacks continuously increaseDRAMATIC INCREASE IN ICS SECURITY VULNERABILITIES DISCLOSURES400GLOBAL TREND OF TARGETED INDUSTRIESManufacturingPower and UtilitiesTransportationTelecommunicationsOil and GasAutomativeWater/ Waste 01501005002000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015383229222010108882010203040Two-year rolling averageNearly every ICS vendor is affected by vulnerabilities; patches are notavailable for all discovered issues and even if patches are available;they cannot be applied in control systemsCommon Vulnerabilities in Industrial Control Systems include bufferoverflows, Unauthenticated Protocols, Weak User Authentication,Untimely Adoption Of Software, Poor Password Policies or ManagementSource: Fireeye1326.02.2018Manufacturing plants are targeted to obtain intellectual property, tradesecrets and engineering informationAttacks on public infrastructure like utility, transportation are motivated byfinancial gain (identity theft, card frauds) and hacktivism (political agenda)Source: Demonstrate relative attack frequency on industry based on sector reportsCybersicherheit in der digitalen Transformation

Vulnerabilities and attacks in the Purdue layersVULNERABILITY DISCLOSEDLevel 5Enterprise Business Zone (Internet, Servers, Corporate Applications)Enterprise SystemsLevel 4Business Unit Zone (Servers, Applications)Business Planning & LogisticsLevel 3.5Demilitarized Zone (Application Servers, Infrastructure)Infrastructure and IT SystemsLevel 3Operations Zone (Servers, Workstations)Site Manufacturing Operations & ControlLevel 2Supervisory Control Zone (SCADA, HMI, Engineering W/S Historian)Area & Supervisory ControlLevel 1Basic Control Zone (PLC, RTU)Level 0Control Zone (Sensors, Actuators)Basic Control DevicesSafety ZoneProcess I/O DevicesSafety Instrumented Systems1426.02.2018Cybersicherheit in der digitalen TransformationCYBER ATTACKS

OT Threat Detection and Response is paramountAttacks happen and vulnerabilities get exploited – we need to detect and respond.Passive; no interaction or overhead withindustrial automation and control processProactive monitoring against abnormalbehaviour protecting control systems from0-day and unknown unknownsComplement operational activities byidentifying process bottlenecks andassisting with root cause analysisSupport Most Industrial BeckhoffRockwell AutomationEmersonSchneider ElectricGeneral sicherheit in der digitalen TransformationSupport Most Industrial ProtocolsAspentech Cim/IOBeckhoff ADSCEI 79-5/2-3DNP3EtherNet/IP – CIPFoundation FieldbusHoneywellICCPIEC-60870-5-104IEC-61850 (MMS, GOOSE, SMV)Modbus/TCPMMSOPCPI-ConnectProfinetSiemens S7Regulatory Compliance

OT Threat Detection and Response is paramountAttacks happen and vulnerabilities get exploited – we need to detect and respond.Command centerService Delivery CapabilitiesLEVEL 4CorporateNetworkSIEMJSON, CEF, LEEF(SYSLOG)Active Directory/LDAPREST APITAXIISERVERManaged ThreatDetection & ResponseCMDBAsset Discovery and InventoryPotential ThreatsCommunication ProfileVulnerability AssessmentThreat HuntingCriticality RatingEfficient ComplianceThreat ModellingLEVEL 1ControlNetworkLEVEL 2SupervisoryNetworkLEVEL 3Operationsand ControlICS NETWORK 1ICSNETWORK 2WorkstationsHMIDomaincontrollerHistorianNetwork switchMonitoring sensorEngineeringworkstationDCS/SCADAserverNetwork switchMonitoring sensorService Delivery Models1. Assess inventory and communication flows (one time)2. OT Cybersecurity Risk Assessment (one time or regular)PLC/RTUPLC/RTUPLC/RTUNetwork switchMonitoring sensor3. Managed Service for OT Security Monitoring (continues protection)1626.02.2018Cybersicherheit in der digitalen Transformation

Summary. Key Takeaway.Cybersecurity must be a business innovator – not a cost driver.You do need brakes to drive faster and save!1726.02.2018Cybersicherheit in der digitalen Transformation

TÜV Rheinland OT CybersecurityProtecting the digital manufacturing processesEnvisioned Client Operating ModelEnterprise Risk ManagementTÜV Rheinland OT Cybersecurity Offering (extract)Industry 4.0 Cybersecurity Strategy18IT-OT Integrated Risk ManagementIT-OT Risk AssessmentsCybersecurity GovernanceReports & Metrics & TrendsBusiness Requirements & RisksBusiness Continuity Management26.02.2018Data Privacy ConsultingCISOIT Security Management& EngineeringOT Security Management& EngineeringOT Security Awareness ProgramOT Plant Blueprint ConsultingOT Architecture ReviewSecurity Manager(s)IT Operations(global, local)IT-OT Risk & Threat ModellingOT Operations(global, local)OT Vulnerability AssessmentsOT Security & Inventory MonitoringThreat Detection & ResponseIncident Response & RecoveryInformation & Operational TechnologyCybersicherheit in der digitalen TransformationSecure Maintenance ices

TÜV Rheinland OT CybersecurityProtecting the digital manufacturing processesEnvisioned Client Operating ModelTÜV Rheinland OT Cybersecurity Offering19Mastering Risk& ComplianceCybersecurity GovernanceReports & Metrics & TrendsBusiness Requirements & RisksEnterprise Risk Management26.02.2018CISOIT Security Management& EngineeringOT Security Management& EngineeringAdvanced CyberDefencesSecurity Manager(s)IT Operations(global, local)OT Operations(global, local)Secure CloudAdoptionInformation & Operational TechnologyCybersicherheit in der digitalen agedServices

Thank you.Wolfgang KienerBusiness Development Manager – CybersecurityPhone 49 174 1880217https://tuv.com/informationsecurityLEGAL DISCLAIMERThis document remains the property of TÜV Rheinland. It is supplied in confidence solely for information purposes forthe recipient. Neither this document nor any information or data contained therein may be used for any other purposes,or duplicated or disclosed in whole or in part, to any third party, without the prior written authorization by TÜV Rheinland.This document is not complete without a verbal explanation (presentation) of the content.TÜV Rheinland AG

Source: Gartner Security & Risk Management Summit: "Tutorial: Gartner Essentials: Top Cybersecurity Trends for 2016 - 2017"; Earl Perkins, 12 - 13 Sept. 2016 Cybersecurity in Digital Transformation 26.02.2018 Cybersicherheit in der digitalen Transformation Cybersecurity requires to be business driven The New Model for Digital Security .