12 ABB DCS in connected industries

Setting Standards For The Connected Industry

Bernhard Hennicke - ABB Automation Business Unit Control Technology

© ABB| Slide 2

Security in a connected world

Month DD, YYYY

The risk of being social

© ABB| Slide 3

A global leader in power and automation technologies

Month DD, YYYY

Leading market positions in main businesses

© ABB| Slide 4

ABB organization

Month DD, YYYY

Five global divisions

© ABB| Slide 5November 19, 2015

Division Process AutomationBusiness Unit Control Technology

• Global organization with world wide locations• Developing SW and HW• Manufacturing• Logistics• Product management• Training• Consulting• Repair• Support and trouble shooting

BU CT


ABB Distributed Control SystemsDCS for all industry applications


ABB Distributed Control SystemsThe story so far….

§ More operator support§ Better handling of suboptimal situations§ Faster alarm handling§ More efficient engineering§ Process optimization§ Additional resources to control§ Maintenance management

Ø Increased productivity

Continuous improvements

© ABB| Slide 8

ERP

Scheduling

Material tracking

November 19, 2015

DCS are more connected Connectivity is not an option

Remote Service

Remote diagnostic

Remote support

Databases

Quality system

Production records

Maintenance mgmt.

Industry 4.0

Cloud Services

Internet of Things

Today connectivity is the key to further increase productivity


Cyber SecurityRisks come with connectivity

§ Lock server room,§ Use thin clients§ Lock USB interfaces§ Maintain user rights§ Access control with chip cards

These measures are all valuable. But quarantine is not enough.

How to handle increasing risks?


Cyber SecurityA process during the full lifecycle

Maintenance“Secure in Deployment”Service activities

R&D“Secure by Design”Development centers

Setup“Secure by Default”Project teams


Developing secure productsTraining R&D

Coding guidelinesCode reviewUse certified librariesFollow guidelines for operating systemGate model for each product development until release

Coding

Automated testsTest against threadsTest by independent ABB security specialist Test by external specialists

Testing


Developing secure productsImplement up-to-date security technologies

§ Implement encrypted communication over the network

§ Keep track of allowed ABB devices in a network and block other network communication that try to attack

§ Implement defense strategies against known attacks

§ Deactivate Windows resources that are not needed to avoid unnecessary risks

Products


Developing secure productsProviding updates and maintain lifecycles

§ Implement newest known defense into the products§ Provide updates to serve the installed base§ Maintain lifecycles of all products§ Support customers with updates and migrations

DCS Component Existing2009

Phase I2010

Phase II2011

Phase III2012

Phase IV2013

Phase V2014

Phase VI

Communications OCS Comm OCS Comm OPC OPC OPC OPC OPCBatch

Engineering Tools Tool R1 Tool R2 Tool R2 Tool R2 Tool R2 Tool R2 Tool R2Funct Desig Funct Desig Funct Desig

Information Mgmt/HistoryHuman System Interface Console R1 Console R2 800xA PP 800xA PP 800xA PP 800xA PP 800xA PP

Controller Gen 1 Gen 1 Gen 1 Gen 1 AC800M AC800M AC800MGen 2 Gen 2 Gen 2 Gen 2 Gen 2 Gen 2 Gen 2

Evolution PlanWhat are the new features ?

Some are not visible to you..






© ABB| Slide 15

ABB project teams

Month DD, YYYY

Secure by Default

Follow ABB guidelines to plan and install a repeatable und secure Control System

© ABB| Slide 16

Node prep

System Configuration Console

Node 1Node 2Node 3

Node 1Node 2Node 3

ABB project teamsSecure by Default


ABB project teamsSetup a secure new control system

§ Plan how to set up maintenance during the systems lifecycle to keep the system as secure as it is

§ Plan training for customer operators and maintenance personnel

§ Provide backup and recovery strategies

Follow the guidelines


Backup and recoveryHow to recover from an attack

§ What need to be included in the backup?§ How many data can be lost between last backup and an accident?§ How long can be production be interrupted?

A good preparation of backup, redundancy and spare parts can significantly reduce cost of interrupted production






© ABB| Slide 20

ABB service teamsSecure by deployment

Antivirus softwareSecurity updatesAccount managementComputer guidelinesFirewalls and architectureProcedures and guidelinesPhysical security

Monitor the Levels of Security :

Process Controlsystems

System Netzwerk Anlage

Protection

© ABB Group November 19, 2015 | Slide 20


Secure by DeploymentWhy do we need to monitor ?

Reviews with the users :

§ Understanding the threats§ Analyze the risks

§ Define security measures§ Maintain existing or implement

new security measures

§ Operating the system for years§ Implement new expansions

§ And now ? Still secure ?


Monitoring Cyber SecurityCyber Security Report

§ A tool that scans all system resources and generates a detailed report§ Can be expanded with manual checks§ Can be operated as part of agreed maintenance activities.


The next levelService Port

§ Continuous monitoring of Cyber Security § Remote diagnostics and support§ Providing patches and updates

§ Operates under user security guidelines§ Offline § Temporary online by user interaction§ Online

§ Uses DMZ, VPN etc. for secure communication

Continuous monitoring


Next levelTesting patches and updates from 3rd Party

§ ABB is driving a test-center with most common system setups

§ All virus definition updates from Symantec and McAfee are tested

§ All relevant Microsoft patches are tested against ABB Software

ABB is publishing these relevant 3rd Party Patches and Updates cyclically in a bulletin.ABB is providing the relevant SW packets on a dedicated “ABB Security Update Server” (ASUS)


The next levelDeployment of patches and updates

The ABB Security Update Server enables the download of thenewest patches and updates Define with the end-user when update shall be installed, some updates require a reboot…

McAfeeMicrosoft Symantec


Patches and updates for ABB softwareContinuous improvements

PatchesABB is improving the software as continuous processPatches are provided as downloadable packetsABB keeps track of installed software versions The available patches for a specific installation can be downloaded on demand

Serving the installed base


Patches and updates for ABB softwareContinuous improvements

UpdatesSW improvements can not always be implemented in previous versionsABB is providing a lifecycle plan for the Control ProductsABB offers tool based updates That again brings security by default

Serving the installed baseDCS Component Existing

2009 Phase I

2010 Phase II

2011 Phase III

2012 Phase IV

2013 Phase V

2014 Phase VI

Communications OCS Comm OCS Comm OPC OPC OPC OPC OPCBatch

Engineering Tools Tool R1 Tool R2 Tool R2 Tool R2 Tool R2 Tool R2 Tool R2Funct Desig Funct Desig Funct Desig

Information Mgmt/HistoryHuman System Interface Console R1 Console R2 800xA PP 800xA PP 800xA PP 800xA PP 800xA PP

Controller Gen 1 Gen 1 Gen 1 Gen 1 AC800M AC800M AC800MGen 2 Gen 2 Gen 2 Gen 2 Gen 2 Gen 2 Gen 2

Evolution Plan


Connected industriesThere is no way back

Improvements in productivity need connected industriesWith connectivity come the risksCyber security can also be increased by fast networked measures

Documents

12 ABB DCS in connected industries