— OI L , G A S A N D CH EM I C A L S

Cyber Security Life Cycle ManagementProtect your control system against security threats

OverviewABB Cyber Security Life Cycle Management is acombination of software and services that mitigatethe risk of unauthorized use, access, disruption ormodification to the control system.It helps identify, mitigate and monitor systemvulnerabilities to thwart attacks or misuse andensures that the process control system is operatedaccording to best practices based on internationalstandards and ABB experience.

Benefits• Enhances risk mitigation against a cyber security

attack or human error.• Improves system availability by ensuring

production remains uninterrupted.• Increases plant, environment and community

protection.• Helps ensure compliance with international

standards and internal security policies.• Provides comprehensive overview of cyber

security status.

Services and supportNo matter where you are in your cyber securitystrategy, ABB has comprehensive offerings to fityour needs.

DiagnoseCyber Security Benchmark:The Cyber Security Benchmark collects security data from the 800xA system to identify areas that may be vulnerable to security breaches. The result of this service is a color-coded report, highlighting areas in need for improvement.

Cyber Security Fingerprint:Cyber Security Fingerprint identifies system strengths and weaknesses by use of an ABB analysis tool. Security data is collected from systems config-urations and it also includes a questionnaire for cus-tomer key personnel. The fingerprint is carried out through a site visit by an ABB service engineer. The resulting report provides detailed recommenda-tions how to reduce cyber security vulnerabilities.

Cyber Security Assessment:Cyber Security Assessment performs an in-depth survey with visual review of infrastructure and docu-mentation to obtain status about your system from a cyber security point of view. By using this informa-tion, ABB can propose measures on how to deploy and maintain Cyber Security Services.

—Comprehensive cyber security

Cyber security is an integral andcontinuous part of the productlife cycle, from early design anddevelopment, through testingand commissioning, to lifetimesupport. For any life cycle phase,ABB Cyber Security Life CycleManagement helps create a barrieragainst intrusion.

9A

KK

10

671

3A6

256

-02

—We reserve the right to make technical changes or modify the contents of this document without prior notice. With re-gard to purchase orders, the agreed par-ticulars shall prevail. ABB does not accept any responsibility whatsoever for potential errors or possible lack of information in this document.

We reserve all rights in this document and in the subject matter and illustrations con-tained therein. Any reproduction, disclo-sure to third parties or utilization of its contents – in whole or in parts – is forbidden without prior written consent of ABB. Copyright© 2017 ABBAll rights reserved

—ABB ASOle Deviks vei 10Postboks 6359, EtterstadN-0603 Oslo, NorwayContact center: +47 22 87 20 00Email: contact.center@no.abb.com

abb.com/oilandgas

Implement: Deploy solutions to mitigate vulnerable areas and take proactive measures to prevent inappropriate use or access of the control system.

Security Patch Management: - Specifies requirements and recommendations

for implementation and deployment of system security updates for third-party software.

Malware Protection Management: - Specifies requirements and recommendations

for implementation and deployment of antivirusupdates.

User & Access Management: - Ensures users always have the approved and

relevant access rights.

Backup & Recovery Management: - Provides strategy development for recovery,

including robust backup system that can provide system restore to ensure business continuity.

Network Security Management: - Builds a robust network, including firewalls an

controlled interfaces to protect against outside intrusion.

SustainSecurity Monitoring and execution of scheduled maintenance.

Cyber Security Monitoring: - Continuous, remote monitoring and periodic

security reviews, including alarm triggers.

System Security Management: - 24/7 security monitoring of assets along with

preventive measures and actionable intelligence. - This service will catch the intrusions when they

happen and neutralize them fast.

Cyber Security Maintenance: - Defines maintenance modules for safe control

systems.

ConsultingCyber Security Risk Assessment:Contains an IEC 62443 based process for perform-ing the assessment. It aims to guide the organiza-tion through the process of assessing the cyber security risks to the control system, and propose a plan for prioritizing the threats/risks.

Compliance Management:This service will contain a number of sub-services for compliance management according to IEC 62443. Evaluate whether the asset owner’s target security level (SL-T) requirements have been met by the Industrial Automation and Control System (IACS) solution, identifies security gaps and defines a security roadmap to resolve issues.