Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
siemens.com© Siemens AG 2018
IIOT..Ind 4.0..A Thirst for Data..Connected Manufacturing 2018
Unrestricted © Siemens AG 2018Page 2 ESH 2018 Conference
Who am i?
Paul Hingley
Data Services Business Manager / PSSO GB&I
Siemens
20 years at Siemens involved in industrial Networks, Safety and Security. Prior tothis an Electrical / Automation Engineer in the Process and Discreteengineering mainly focused in the Automotive, Steel and logistics Industries.
CAS (Cloud Application Solutions) MindSphereSafety Systems and ConsultancyPSSO (Product Solution Security Officer)CBM (Condition Based Monitoring Solutions)
Name:
Job Title:
Company:
Background:
Job Responsibilities:
Unrestricted © Siemens AG 2018Page 3 ESH 2018 Conference
Industry 4.0….moving into a fourth Industrial Revolution
Unrestricted © Siemens AG 2018Page 4 ESH 2018 Conference
Connected Devices
2000 2004 2008 2012 2016 20201996
(2003) 0.5B
1988 1992
(1992) 1M
50.1B (2020)
IoT Inception (2009)
8.7B (2012)
11.2B (2013)
14.2B (2014)
18.2B (2015)
22.9B (2016)
28.4B (2017)
34.8B (2018)
42.1B (2019)
MindSphere –The cloud-based,
open IoT operatingsystem
…through new service and business models
Differentiate in the Market …
…through development of applications &digital services
Build Digital Business …
…powered by digital transformation
Increase Performance …
The Internet of Things(projected number of connected assets)
Unrestricted © Siemens AG 2018Page 5 ESH 2018 Conference
2020it will be
45Zettabyte
2015it will be
7.4Zettabyte
2012 3.1Zettabyte
Big data / cloud applications
From machine to machine – the focus today and in the future
From person to person – that was the beginning
Machine2MachineSensors, meters, devices, industrial machines
Internet of Things/"Industry 4.0"Enabling additional productivity levers and new business models
People2MachineMedical technology, digital TV,cameras, computers, mobile phones
People2PeopleNetwork of virtual communities
The total volume ofdata generated on
earth summed up to
Source: Oracle, 2012, Roland Berger 2015
Industry Evolution: The future of big data and cloud applications willbe in the industrial space
1 Zettabyte = 1 sextillion bytes = 1000 Exabytes = 1 Billion Terabytes
Unrestricted © Siemens AG 2018Page 6 ESH 2018 Conference
Major industries facing these challenges are adopting the IoTBiggest year-over-year gainers: IoT initiatives
+ 8.2%
+ 4.5% + 4.3% + 3.7%
Facilitiesautomation
Mobile devicemanagement
Fleetmanagement
Smartcity
Source: 451 Research VoTE: Internet of Things, Organizational Dynamics 2017
Unrestricted © Siemens AG 2018Page 7 ESH 2018 Conference
IIOT makes data actionableHow it works
• Connect – Integrate new andexisting assets and sensors tosystems
• Collect – Aggregate data in realtime and over time
• Transform – Data profiling, trendanalysis, predictive modeling
• Visualize – Visual dataflowcreator, visual data analyzer,dashboards
• Insight – Highlight trends andanomalies
• Actions – Predictive maintenance,health monitoring and status, KPIs,all operations dashboard, energytuning
Insight and actionsTransform and visualizeConnect and collect
Key capabilities
Unrestricted © Siemens AG 2018Page 8 ESH 2018 Conference
Technological forces transforming industry
Changingthe way
productscome to life
GENERATIVEDESIGN
INTELLIGENTMODELS
SYSTEMS OFSYSTEMS
Changingthe way
productsare realized
MACHINELEARNING
ADDITIVEMANUFACTURING
ADVANCEDROBOTICS
Changingthe way
productsevolve
CLOUDTECHNOLOGY
KNOWLEDGEAUTOMATION
BIG DATAANALYTICS
Unrestricted © Siemens AG 2018Page 9 ESH 2018 Conference
Technological forces transforming industryManufacturers must embrace the technologiesand transform their business into a Digital Enterprise
GENERATIVEDESIGN
INTELLIGENTMODELS
SYSTEMS OFSYSTEMS
MACHINELEARNING
ADDITIVEMANUFACTURING
ADVANCEDROBOTICS
CLOUDTECHNOLOGY
KNOWLEDGEAUTOMATION
BIG DATAANALYTICS
Changingthe way
productscome to life
Changingthe way
productsare realized
Changingthe way
productsevolve
Ideation UtilizationRealization
Unrestricted © Siemens AG 2018Page 10 ESH 2018 Conference
Continuously improve product and productionThe complete digital twin
Unrestricted © Siemens AG 2018Page 11 ESH 2018 Conference
User
Customer
Supplier
PARTNER
IT/OT convergence supporting New Business and Collaboration Models
Customer
Consumer
Connected machines
R&D
PARTNER
Connected
customers
Connected products
Connected
consumers
Connected R&D
Connected Suppliers
Connected Enterprise
Field Level
Control Level
Enterprise Level
Management Level
Operator Level
Unrestricted © Siemens AG 2018Page 12 ESH 2018 Conference
We're seeing an increasing digitization of industries
Based on "Smart Service Welt" report/Accenture visualization
Degree of maturity ofdigital business models
Energy
To help protect your privacy, PowerPoint has blocked automatic download of this picture.
Discrete &Process
Industries
To help protect your privacy, PowerPoint has blocked automatic download of this picture.
Health
To help protect your privacy, PowerPoint has blocked automatic download of this picture.
Mobility
To help protect your privacy, PowerPoint has blocked automatic download of this picture.
Trade
To help protect your privacy, PowerPoint has blocked automatic download of this picture.
Media
To help protect your privacy, PowerPoint has blocked automatic download of this picture.
Less complex industry
Easy to digitize industries have already started to change ……more complex industries will follow
Digitization, Sensors,Connectivity, Bandwidth,Data Capturing andStorage, Clouds,Analytics …
New Business Models,Ecosystem concept andParadigm shift: Fromproduct-focused touser-centric mindset …
Technical Drivers
Business Drivers
More complex industry
1
2
Tipping-Point!
Why do I need Security ?13
Unrestricted © Siemens AG 2018Page 14 ESH 2018 Conference
ICS Attack surface is growingChallenges: Increasing vulnerability, high connectivity.
Introduction of malware via removablemedia and external hardware
Human error and sabotage
Intrusion via remote access
Control componentsconnected to the Internet
Compromising of smartphonesin the production environment
Compromising of extranetand cloud components
Malware infection via theInternet and Intranet
(Distributed) denial-of-service ((D)DOS) attacks
Technical malfunctions
Source © BSI analysis on cyber security 2016, German Federal Office for Information Security
Social engineering and phishing
Unrestricted © Siemens AG 2018Page 15 ESH 2018 Conference
Differences between office and manufacturing networks
Unrestricted © Siemens AG 2018Page 16 ESH 2018 Conference
Industrial Security ServicesDefinition IT-Security vs. OT- (Industrial) Security
AvailabilityConfidentialityIntegrity
ConfidentialityIntegrityAvailability
Availability
Installation
Topology
Location
Device
Downtime < 300 ms
Plant-ICS-Staff
Plant specific
Industrial environment
Low, Switches with fewer ports
Range in minutes is acceptable
Network Specialists
Ring structure
Air conditioned environment
High, Switches with many ports
What is it about?Increasing attacks on devices
Investment Cycles Min 5-15 YearsAll 2-3 Years
IT-Security Industrial Security
16November 18
Unrestricted © Siemens AG 2018Page 17 ESH 2018 Conference
ChallengesProductivity, Cost Pressure and Regulations
17
Protect against
• externally caused incidentsthrough increasing connectivity
• internal misbehavior
• the evolving Threat Landscape
Costs
• for qualified personnel
• for essential SecurityTechnologies
Comply to
• Reporting Requirements
• Minimum Standards
• Security Knowhow
Protect Productivity Reduce cost Comply to regulations
§§
§
Unrestricted © Siemens AG 2018Page 18 ESH 2018 Conference
Selected IT Security Standards, Guidelines and Committees
VDI/VDE
BSI Grundschutz
NIST
Roadmap to SecureControl Systems inthe Energy Sector
IEC 62351
IEC TC 57WG15
US-CERT ControlSystems Security
Center
SACTC 124
DKE
CommitteesAssociationsGovernmental bodies
Standards
Guidelines
DHSChemSecRoadmap
NERC-CIP
ISO/IEC15408
WIB M-2784
ISO/IEC 2700x
IEC / ISA-62443Siemens Focus
GDPRGeneral Data Protection
Regulation
NISNetwork and Information
Systems
Unrestricted © Siemens AG 2018Page 19 ESH 2018 Conference
NIS1
1)Wording from NCSC/DCMS
What is it? An EU Directive on Security of Networks & Information Systemsthat will come into UK legislation 9th May 2018
Who is leading implementation? The Department for Digital, Culture, Media and Sport (DCMS)
What is the aim? Raise the level of overall security and resilience of networkand information systems.
• Have a national framework for security to include: a National Cyber security strategy, a CSIRT2, a SPOC3
and a NIS competent authority (CA)
What is expected of member states?
• Set up a Cooperation Group among Member States to support and facilitate strategic cooperation and the exchange ofinformation among Member States. Member States will also need to participate in a CSIRT Network to promote swiftand effective operational cooperation on specific network and information system security incidents and as well assharing information about risks.
• Ensure that businesses within vital sectors which rely heavily on information networks, for example utilities,healthcare, transport, and digital infrastructure sectors, are identified by each Member State as “operators ofessential services” (OES). Those OES will have to take appropriate and proportionate security measures tomanage risks to their network and information systems, and they will be required to notify serious incidents to therelevant national authority. Engagement with industry is therefore crucial in the implementation of the directive.
2)Computer Security Incident Response Team3)Single Point of Contact
Unrestricted © Siemens AG 2018Page 20 ESH 2018 Conference
NIS1 - continued
What is the NCSC’s role in preparing for the implementation of the NIS Directive?The NCSC is providing technical support and guidance to other government departments and CAs through:
a set of cyber security principles for securing essential services
a collection of supporting guidance
a Cyber Assessment Framework (CAF), incorporating indicators of Good Practice
implementation guidance and support to CAs to enable them to:
• adapt the NCSC NIS principles for use in their sectors
• plan and undertake assessments using the CAF, and interpret the results.
Once the NIS Directive is live in May 2018, we expect our role to be:Single Point of Contact (SPOC) - we'll act as the contact point for engagement with EU partners, coordinating requests for action orinformation and submitting annual incident statistics.
CSIRT (Computer Security Incident Response Team) - we will receive all incident reports and will provide advice and support on thecyber aspects to operators and Digital Service providers in the event of an incident. We will be responsible for the dissemination ofappropriate risk and incident information to Competent Authorities and other relevant stakeholders.
Technical Authority on Cyber Security - the NCSC will support CAs with security advice and guidance and act as a source of technicalexpertise. We'll tailor some generic guidance to individual sectors to support CAs.
1)Wording from NCSC/DCMS
Aiming to be CAAlso see OG86
Unrestricted © Siemens AG 2018Page 21 ESH 2018 Conference
Standards
NIST 800-82, 800-30,800-53
ISA 99
ISA/IEC 62443
NERC-CIP 4
ISO 27032
NIS Directive
2018 May 9thUK Law, priority is CNI companies.
WIB M2784
ISO 27002ISO 27001
Unrestricted © Siemens AG 2018Page 22 ESH 2018 Conference
Framework
CDV* 4Q17
Unrestricted © Siemens AG 2018Page 23 ESH 2018 Conference
Each stakeholder can create vulnerabilitiesExample User Identification and Authentication
IACS environment / project specific
Independent of IACS environment
Industrial Automation and Control System(IACS)
Product Supplier
SystemIntegrator
Asset Owner
develops
designs and deploys
operates
Control Systemas a combination of
Hostdevices
Networkcomponents ApplicationsEmbedded
devices
is the base for
+
Operational and Maintenancepolicies and procedures
Automation solutionBasic Process
Control System(BPCS)
Safety InstrumentedSystem (SIS)
ComplementaryHardware and
Software
Hard coded passwords
Elevation of privileges
Default passwords notchanged
Temporary accounts notdeleted
Non confidential passwords
Passwords not renewedcan createweaknesses
can createweaknesses
can createweaknesses
Example: User Identification and Authentication
Invalid accounts notdeleted
Unrestricted © Siemens AG 2018Page 24 ESH 2018 Conference
Independent of IACS environment
IACS environment / project specific
Various parts of IEC / ISA-62443 are addressing Defense in Depth
2-4
3-2
2-1
2-4
3-3
4-2
4-1
Asset Owner
Operational and Maintenancespolicies and procedures
System Integrator
Policies and procedures
3-3
Product Supplier
Development process
Security capabilities of the products
Security capabilities of theAutomation Solution
TRUST…….25
Charter of Truston Cybersecurity
charter-of-trust.com | #Charter of TrustUnrestricted © Siemens AG 2018
Unrestricted © Siemens AG 2018April 2018Page 27 Charter of Trust for a secure digital world
Unrestricted © Siemens AG 2018April 2018Page 27 Charter of Trust for a secure digital world
Digitalizationchanges
everythingArtificial intelligence and big data analytics are revolutionizing the way wemake decisions. And billions of devices are being connected by the Internetof Things and are interacting on an entirely new level and scale.
Unrestricted © Siemens AG 2018April 2018Page 28 Charter of Trust for a secure digital world
Unrestricted © Siemens AG 2018April 2018Page 28
As much as these advances are improving our livesand economies, the risk of exposure to maliciouscyber attacks is also growing dramatically.
– Crucial to the success of thedigital economy.
– Users need to trust that their digitaltechnologies are safe and secure.
– Digitalization and cybersecuritymust evolve hand in hand.
Cybersecurity –A critical factor for the successof the digital economy
Unrestricted © Siemens AG 2018April 2018Page 29 Charter of Trust for a secure digital world
Cybersecurity – an increasingly critical factorfor the success of the digital economy
Digital ConnectivityDigital InformationProcessing Digital Automation and Intelligence
1950s – 1960sMilitary, governments andother organizations implementcomputer systems
1980sComputers make theirway into schools, homes,business and industry
2020sInternet of Things, Smartand autonomous systems,Artificial Intelligence, Big Data
1999The globe isconnectedby the internet
1970sHome computeris introduced
1991The World WideWeb becomespublicly accessible
2010sCloud computingenters themainstream
1990sDigital enhancementof electrification andautomation
2020sIndustry 4.0
2000sMobile flexibility
Blue Boxing
Cryptovirology
AOHell
Level Seven Crew hackDenial-of-service attacks
Cloudbleedsl1nk SCADA hacks
Meltdown/SpectreInfinion/TPM
AT&T Hack
Morris WormMelissa Worm
ILOVEYOU
WannaCry
NotPetya
HeartbleedIndustroyer/Chrashoverride
Stuxnet
Unrestricted © Siemens AG 2018April 2018Page 30 Charter of Trust for a secure digital world
“We can’t expect people to actively support thedigital transformation if the security of data andnetworked systems is not guaranteed.”
1. Protecting the data of individuals and companies
2. Preventing damage from people, companies and infrastructures
3. Establishing a reliable foundation on which confidencein a networked, digital world can take root and grow
That’s why Siemens will be working with partners from industry,government and society to sign a “Charter of Trust” –a charter aimed at three important objectives:
Unrestricted © Siemens AG 2018April 2018Page 31 Charter of Trust for a secure digital world
Unrestricted © Siemens AG 2018April 2018Page 31 Charter of Trust for a secure digital world
We sign forcybersecurity!
We sign theCharter of Trust.
Unrestricted © Siemens AG 2018Page 32 ESH 2018 Conference
Guidance
National Cyber Security Centre
CPNI – SICS FrameworkOperational Guidance OG86
Thank you
Unrestricted © Siemens AG 2018Page 34 ESH 2018 Conference
Security Information
Siemens provides products and solutions with industrial security functions that support the secure operation of plants, systems, machinesand networks.In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintaina holistic, state-of-the-art industrial security concept. Siemens’ products and solutions only form one element of such a concept.
Customer is responsible to prevent unauthorized access to its plants, systems, machines and networks. Systems, machines andcomponents should only be connected to the enterprise network or the internet if and to the extent necessary and with appropriate securitymeasures (e.g. use of firewalls and network segmentation) in place.
Additionally, Siemens’ guidance on appropriate security measures should be taken into account. For more information about industrialsecurity, please visit http://www.siemens.com/industrialsecurity.
Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly recommends to applyproduct updates as soon as available and to always use the latest product versions. Use of product versions that are no longer supported,and failure to apply latest updates may increase customer’s exposure to cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial Security RSS Feed underhttp://www.siemens.com/industrialsecurity.
Unrestricted © Siemens AG 2018Page 35 ESH 2018 Conference
Questions
Unrestricted © Siemens AG 2018Page 36 ESH 2018 Conference
Contact Information
Paul HingleyData Services Business ManagerDF DS GB
Sir William Siemens House
Princess Road
Manchester
M20 2UR
Phone:Mobile: +44 (0) 7808 822265
E-mail: [email protected]
siemens.com/simatic-pcs7