Embed Size (px)
Citation preview
4.0 19 12 03
Industrial Cyber Security
Attacks and Relevant Events
INTRODUCTION
INDUSTRIAL CYBER SECURITY
IT Cyber Security
The Information Technology has themain target to protect theconfidentiality and the integrity ofthe data exchanged and guaranteenetwork availability.
OT Cyber Security
Operation Technology is orientedto protect the infrastructure andits operability. The availability ofoperation infrastructure is themain target.
Information Technology
Cyber security(DATA ORIENTED)
Operational Technology
Cyber security(INFRASTRUCTURE
ORIENTED)
IT vs OT
INDUSTRIAL CYBER SECURITY
Today the Operation Technology is
connected with the IT world in
several ways and the volume of
data exchanged growing up quickly.
The technology used for the
network infrastructure is in
continuously merging between IT
and OT.
2010 Stuxnet
Developed by America’s National Security Agency, working in conjunction with Israeli intelligence, themalware was a computer worm, or code that replicates itself from computer to computer without humanintervention. Most likely smuggled in on a USB stick, it targeted programmable logic controllers whichgovern automated processes, and caused the destruction of centrifuges used in the enrichment ofuranium at a facility in Iran.
2013 Havex
Havex was designed to snoop on systems controlling industrial equipment, presumably so that hackerscould work out how to mount attacks on the gear. The code was a remote access Trojan, or RAT, which iscyber-speak for software that lets hackers take control of computers remotely. Havex targeted thousandsof US, European, and Canadian businesses, and especially ones in the energy and petrochemicalindustries.
OT CYBER ATTACKS
2015 BlackEnergy
BlackEnergy, which is another Trojan, had been circulating in the criminal underworld for a while before itwas adapted by Russian hackers to launch an attack in December 2015 on several Ukranian powercompanies that helped trigger blackouts. The malware was used to gather intelligence about the powercompanies’ systems, and to steal log-in credentials from employees.
2016 CrashOverride
Also known as Industroyer, this was developed by Russian cyber warriors too, who used it to mount anattack on a part of Ukraine’s electrical grid in December 2016. The malware replicated the protocols, orcommunications languages, that different elements of a grid used to talk to one another. This let it dothings like show that a circuit breaker is closed when it’s really open. The code was used to strike anelectrical transmission substation in Kiev, blacking out part of the city for a short time.
OT CYBER ATTACKS
.01
2014-today TRITON – The First ICS Cyber Attack on Safety Instrument Systems
First detected in 2017, when it was targeting the Saudi Arabian petrol company Petro Rabigh, this malwarecould have caused enormous harm, including marine pollution, a spike in petrol prices, and even deaths dueto explosion. It work by reprogramming the controllers of the Triconex Safety Instrumented System (SIS).
OT CYBER ATTACKS
According to the latest reports on this cyberattack, Triton went unnoticedfor three years before being detected. An unsettling piece of news, nowthat the malware seems to have resurfaced in April 2019.
OT CYBER ATTACKS
Many people think that hackers don't understand control systems -this is nolonger true. In addition, hacking is no longer for fun - hackers now sell zero-day exploits to organized crime.
Unintentional80%
Intentional20%
ICS Incident types
Targeted worms for very specific applications or victims are now becomingcommon (and in some cases available for free). SCADA and process controlsystems are now common topics at hacker's "Blackhat" conferences.
You don't have to be a target to be a victim, 80% of actual control systemsecurity incidents are unintentional, and in some cases generated using theprinciple of “ransom”.
OT CYBER ATTACKS
OT CYBER ATTACKS NOW BECOMES KNOWN
The OT cyber attacks victims prefer not to
divulge details about how their systems have
been compromised and the amount of loss are
confidential information, but from 2016 some
cyber attacks have not be contained within the
company limits and had become known. In
some cases the consequences have been of
public domain...
OT CYBER ATTACKS NOW BECOMES KNOWN
Critical infrastructures are one of the first targets ofcybercrime, the attacks on it ramps quickly more than thefinancial sector (banks, atm, credit cards, etc.).
Cyber Security
Differences between IT and OT
There are important differencesbetween IT systems and IACS.
Problems occur because assumptionsthat are valid in an IT environmentmay not be valid on the plant floor andthe IACS Cyber Security must addressissues of safety, which is not usually anissue with conventional IT CyberSecurity
Pri
ori
ty
Integrity
Availability
Confidentiality
Integrity
Confidentiality
Availability
IACS Cybersecurity IT Information Security
INDUSTRIAL CYBER SECURITY IT vs OT
ICS Cyber Security
Threats and Vulnerabilities
ANATOMY OF A CYBER ATTACK
A cyber attack generally follows a process
allowing the attacker to perform reconnaissance
or discovery of the targeted business, then
develops and executes the attack, and finally
uses the attacker’s command and control
presence to extract data and/or achieve the
attacker’s goals on the target system.
• Characterize the system
• Find exploitable vulnerabilities
• Exploit vulnerabilities (people, system and components)
• Data extraction
• Compromise Functionality
• Uncontrolled shutdown
ANATOMY OF A CYBER ATTACK
Threat:
Circumstance or event with the potential to
adversely affect operations (including mission,
functions, image or reputation), assets, control
systems or individuals via unauthorized access,
destruction, disclosure, modification of data
and/or denial of service (IEC 62443-2-1 3.1.46).
Control Systems are more vulnerable today than
ever before because:
• Now use commercial technology (COTS)
• Highly connected
• Offer remote access
• Technical information is publically available
• Hackers are now targeting control systems
OT VULNERABILITIES
The OT vulnerabilities affect more or less allindustrial control system platformindependently from the manufacturer, brand ortechnology used.
This list is an extract, only for the 2019, of allvulnerability advice listed by The Cybersecurityand Infrastructure Security Agency (CISA).
https://www.us-cert.gov/ics/advisories?page=0
OT VULNERABILITIES
OT VULNERABILITIES
System vulnerabilities are related tointerconnecting and how the equipment hasbeen set up. Firewall, layer 3 switches, routeretc. are often misconfigured allowingunauthorized access or network misuse.
Vulnerabilities are also hidden into thearchitecture, think that one firewall on accesspoint could be enough is one of the mostcommon vulnerabilities put in place.
THE HUMAN FACTOR
The first one weakness or vulnerability for an ICS are the humans.
Humans are a vulnerability that can be exploited. The social engineer is able
to take advantage of people to obtain information with or without the use
of technology.
A Social Engineering attack is articulated in 4 steps:
1. Footprinting
2. Establishing Trust
3. Psychological Manipulation
4. The Exit
Now, after all the actual informationhas been extracted, the Social Engineerhas to make a clear exit in such a wayso as not to divert any kind ofunnecessary suspicion to himself.
TRUSTEDDCS login
credentials
OR
Social Engineering
From: [email protected]: [email protected]: New Career Opportunities
Gain network login
credentials
THE HUMAN FACTOR
ICS Cyber Security
How to attack,
Countermeasures and Defense Strategy
Attacks directly from Internet to Internet-connected ICSdevices.
Establish direct access deep into the ICS systems.
Attacks initiated using remote access credentials stolenor hijacked from authorized ICS organization users.
Establish direct access deep into the ICS systems.
Attacks on the external business web interface.
Leverage exploits to vulnerabilities existing in the webservices.
CYBER PROTECTION PRINCIPLES
CYBER PROTECTION PRINCIPLES
INDUSTRIAL CYBER SECURITY
LAWS AND STANDARDS:
THE IEC 62443
TOPICS
• Introduction: Worldwide Laws and Applicable Standards for OT Cyber Security
• The ISA / IEC 62443 standard as a method
• Risk Assessment
• Addressing risk with a Cyber Security Management System (CSMS)
• Security Levels allocation
• Systems: Foundational & System requirements
• Equipment: Security Lifecycle and requirements
• Monitoring and improving with a CSMS
Applicable Worldwide Laws and Standards
for OT Cyber Security
INTRODUCTION
POTENTIAL CONSEQUENCES
One of the main difference between Cyber Security and Information Security lies on potential
consequences. The consequences of a Cyber Attack on OT infrastructures may have impacts on a larger
scope than IT. Among others, the standards gathers the following:
• Health and Safety
• Environment
• Social utilities availability
• Financial loss or impacts
• Damages to company image
• Loss on production
• Products quality
• ….
LAWS AND STANDARDS
Several countries are adopting at law level OT Cyber Security frameworks. A few examples:
The State of Art
COUNTRIES ACT AUTHORITY WEB
EUROPENIS DIRECTIVE 2016/1148Cybersecurity Act 2019/881 ENISA https://www.enisa.europa.eu/
ITALY D.Lgs. 65/2018 Several https://www.csirt-ita.it/
RUSSIAN FEDERATIONFZ-187/2017Order 239/2017 FSTEC https://fstec.ru/
UNITED STATESCybersecurity and Infrastructure Security Agency Acts of 2013/18
CISANIST
https://www.cisa.gov/https://www.nist.gov/
AUSTRALIASecurity of Critical Infrastructure Act2018 (No. 29, 2018) Australian Gov. -
CHINA Cybersecurity Law - 2017 CAC http://www.cac.gov.cn/
INTERNATIONAL STANDARDS FOR CYBER SECURITY
International Electrotechnical Commission
IEC 62443 (series) Industrial Communication Networks -
Network and System Security
International Society for Automation
ISA 99 (series) Industrial Automation and Control
System (IACS) Security
SP 800-82 Guide to Industrial Control System (ICS) Security
NISTIR 7628 Guidelines for Smart Grid Cyber Security
Critical Infrastructure Protection (CIP) -002
through -011
Guidance for Addressing Cyber Security in the
Chemical Industry
Protecting Industrial Control Systems
Recommendations for Europe and Member States
Guidance of Security for Industrial Control Systems
THE IEC 62443
A Framework for OT Cyber Security
ISA/IEC 62443 STRUCTURE
ISA/IEC 62443 STRUCTURE
IEC 62443-2-1 BASICS
Cyber Security Lifecycle and
Management System (CSMS)
CYBER SECURITY LIFECYCLE
The IEC 62443-2-1 specifies the elements required for a CSMS. The Cyber
Security Management Systems is divided in three categories:
• ASSESS
• IMPLEMENT
• MAINTAIN
Each of these is further divided into elements group and/or elements.
ASSESS
IMPLEMENT
MAINTAIN
MAIN STEPS OF A CSMS
Each of these is further divided into elements group.
ASSESS
IMPLEMENTMAINTAIN
The first main category of the CSMS is Risk Assessment.
Security policy,
organization and
awareness
Organize for security
Staff training and
security awareness
Business continuity
plan
Security policies and
procedures
Selected security
countermeasures
Personnel security
Physical and
environment
Network
segmentation
Access control:
Account admin
Access control:
Authentication
Access control:
Authorization
Implementation
Risk Management
and implementation
System development
and maintenance
Information
Management
Incident planning
and response
Risk Analysis
Addressing risk with the CSMS
Monitoring & Improving
CSMS Scope
Review, improve and
maintainConformance
Business RationaleRisk identification/
assessment
IEC 62443-2-1:
High Level and Detailed Risk Assessment
SYSTEMATIC APPROACH
The first category contains much of the background
information that feeds into many of the other
elements in the CSMS.
The first set of requirements presents the actions
an organization takes to carry out both a High Level
and a Detailed Risk Assessment that incorporates
vulnerability assessment in a chronological order.
Security policy,
organization and
awareness
Selected security
countermeasuresImplementation
Risk Analysis
Monitoring & Improving
Risk identification/
assessmentBusiness Rationale
Addressing risk with the CSMS
Risk Assessment
BUSINESS RATIONALE
The organization should develop a Business Rationale
as a basis:
• Prioritized Business Consequences (as potential
consequences).
• Prioritized Threats (as potential and credible
threats).
• Estimated Business Impact (the highest priority
items and estimate of the annual business
impact).
Security policy,
organization and
awareness
Selected security
countermeasuresImplementation
Risk Analysis
Monitoring & Improving
Risk identification/
assessmentBusiness Rationale
Addressing risk with the CSMS
HIGH LEVEL AND DETAILED RISK ANALYSIS
Risk Analysis identifies:
• Assets
• Threats (from BR and expanded)
• Vulnerabilities
• Consequences (from BR)
• Likelihood of Successful Attack
• Countermeasures
Security policy,
organization and
awareness
Selected security
countermeasuresImplementation
Risk Analysis
Monitoring & Improving
Risk identification/
assessment
Addressing risk with the CSMS
Business Rationale
HIGH LEVEL AND DETAILED RISK ANALYSIS
Risk is formally defined as an expectation of loss expressed as the probability that a particular threat will exploit a
particular vulnerability with a particular consequence.
RISK = THREAT x VULNERABILITY x CONSEQUENCE
Risk assessment can be carried out at several levels. The standard IEC 62443-2-1 requires risk assessment at two levels of
detail, called High Level Risk Assessment and Detailed Risk Assessment.
IEC 62443-2-1 and IEC 62443-3-2
Addressing Risks with a
CSMS Security Level Allocation
CYBER SECURITY MANAGEMENT SYSTEM
An IACS cannot be safe at 100%Security is really a balance of Risk versus Cost.
The foundation of any CSMS or security program
is to maintain risk at an acceptable level.
.
CSMS
ADDRESSING RISKS WITH THE CSMS
Standards typically provide guidance on what should be
included in a Management System, but do not provide
guidance on how to go about developing the Management
System.
Security policy,
organization and
awareness
Security policies and
procedures
Selected security
countermeasures
Personnel security
Physical and
environment
Network
segmentation
Access control:
Account admin
Access control:
Authentication
Access control:
Authorization
Implementation
Risk Management
and implementation
System development
and maintenance
Incident planning
and response
Organize for security
Staff training and
security awareness
Business continuity
plan
CSMS Scope
Information
Management
Addressing Cyber Security on an organization-wide basis
can be seen like a daunting task.
Unfortunately, there is no simple cookbook for security and
there is not a one-size-fits-all set of security practices.
SAFETY LEVELS (SL)
SLs have been broken down into 3 different types:
1. Target SLs (SL-T) which are the desired level of security for a
particular system, usually determined by performing a risk
assessment.
2. Achieved SLs (SL-A) which are the actual level of security for a
particular system used to establish whether a security system is
meeting the goals.
3. Capability SLs (SL-C) which are the security levels that components or
systems (in general a subsystem) can provide when properly
configured. These levels state that a component or system can meet
the target SLs natively.
SECURITY LEVELS (SL)
IEC 62443-3-3 expands 7 Foundational
Requirements (FR) into System Requirements (SR).
Each SR has further Requirement Enhancements
(REs) for stronger security. All 7 FRs have a defined
set of 4 SLs.
IEC 62443-1-1
Security Levels
Foundational Requirements
SAFETY LEVELS (SL)
As defined in IEC-62443-1-1 there are a total of 7 FRs:
1. Identification and authentication control (lAC),
2. Use control (UC),
3. System integrity (SI),
4. Data confidentiality (DC),
5. Restricted data flow (RDF),
6. Timely response to events (TRE), and
7. Resource availability (RA).
FOUNDATIONAL REQUIREMENTS (FR)
These seven requirements are the
foundation for control system capability
SLs, SL-C (control system).
The IEC 62443-3-3 provides detailed
technical control System Requirements
(SRs) associated with this seven
Foundational Requirements (FRs).
IEC 62443-3-3
Security Levels System Requirements
SAFETY LEVELS (SL)
System integrators, product suppliers and service providers shall evaluate
whether products and services can provide the Functional Security
Capability that meets the asset owner's target security level (SL-T)
requirements.
SECURITY LEVELS SYSTEM REQUIREMENTS
As with the assignment of SL-Ts, the applicability of individual control system
requirements (SRs) and Requirement Enhancements (REs) needs to be
based on an asset owner's security policies, procedures and risk assessment
in the context of their specific site.
SAFETY LEVELS (SL)EXAMPLES OF SL SYSTEM REQUIREMENTS
SRs and REs SL 1 SL 2 SL 3 SL 4
FR 1 - Identification and authentication control (IAC)
SR 1.1 -Human user identification and authentication X X X X
RE (1) Unique identification and authentication X X X
RE (2) Multifactor authentication for untrusted networks X X
RE (3) Multifactor authentication for all networks X
SR 1.2 - Software process and device identification and authentication X X X
RE (1) Unique identification and authentication X X
SR 1.3- Account management X X X X
RE (1) Unified account management X X
SR 1.4 - Identifier management X X X X
SR 1.5 - Authenticator management X X X X
RE (1) Hardware security for software process identity credentials X X
IEC 62443-4-1
Equipment: Security Lifecycle
SAFETY LEVELS (SL)
The IEC 62443-4-1 provides a framework to address a secure by
design, approach to defense-in-depth designing, maintaining and
retiring products.
EQUIPMENT SECURITY LIFECYCLE AND EVALUATION TECHNIQUES
Security Management
Security guidelines
Specification of security
requirements
Security V&V
testing
Secure Implementation
Security by design
Defense – In –Depht
StrategyThe framework is composed by 8 practices.
The standard defines the requirements to align the development
process with the elevated security needs of product users of IACS.
SAFETY LEVELS (SL)
• Practice 1 – Security management
• Practice 2 – Specification of security requirements
• Practice 3 – Secure by design
• Practice 4 – Secure implementation
• Practice 5 – Security verification and validation testing
• Practice 6 – Management of security-related issues
• Practice 7 – Security update management
• Practice 8 – Security guidelines
EQUIPMENT SECURITY LIFECYCLE AND EVALUATION TECHNIQUES
IEC 62443-4-2
Equipment: Security Requirements
SAFETY LEVELS (SL)
• Component Requirements (CR)
• Software Application Requirements (SAR)
• Embedded Device Requirements (EDR)
• Host Device Requirements (HDR)
• Network Device Requirements (NDR)
TECHNICAL SECURITY REQUIREMENTS FOR IACS COMPONENTS
SAFETY LEVELS (SL)TECHNICAL SECURITY REQUIREMENTS FOR IACS COMPONENTS
IEC 62443-2-1
Monitoring and Improving with a CSMS
MAINTAIN AND IMPROVING THE CSMS
The last category is the monitoring and improving the CSMS.
ASSESS
IMPLEMENTMAINTAIN
This category is important to ensure the safety
performance along the entire system life.
Security policy,
organization and
awareness
Selected security
countermeasuresImplementation
Risk Analysis
Monitoring & Improving
Review, Improve and
Maintain the CSMSConformance
Addressing risk with the CSMS
THANK YOU!
H-ON ConsultingPrato | Viadana | Houston | Glasgow
Tel. +39 0574 870 800 [email protected] www.h-on.it
Follow us on
Industrial Security for Digital IndustriesBologna – 03.12.2019
• siemens.com/industrial-networks• Unrestricted © Siemens 2019
Unrestricted © Siemens 2019
Digital Transformation: ne possiamo fare a meno?
Senza dimenticarsi della Security!
Massimizzare la
FlessibilitàIncrementare la
QualitàAumentare l’
EfficienzaRiduzione dei
Costi
Unrestricted © Siemens 2019
Sta cambiando il modo di lavorare …
Dalla produzione tradizionale… …alla produzione IoT-enabled
Unrestricted © Siemens 2019
Edge e IoT mettono a nudo i limiti delle architetturetradizionali…
Maggiore comunicazione = Più complessità da gestire!
Office (IT)
Field
Control
Enterprise
Management
Produzione (OT) Operator
Interoperability
Digital Connectivity
Oggetti Smart / “Things”
Modelli di Business
Applicazioni
Piattaforme
Networking e Security
Key Innovations
Ind
us
tria
l 5
G
5G
Clo
ud
Co
nn
ect
TS
N
TSN
Industrial Security
Ide
nti
fic
ati
on
sys
tem
s
Ind
us
tria
l
Co
mm
un
ica
tio
n
Ne
two
rks
Re
al –
Tim
e
Lo
ca
tin
g
Sys
tem
s
Ne
two
rk M
an
ag
em
en
t
Le reti industriali sono sicure?
Soluzioni Siemens per l’Industrial Security
Unrestricted © Siemens 2019
April 2019Page 65
Unrestricted © Siemens 2019
Industrial
Security
Non tutti gli oggetti dellaproduzione sono nati “Sicuri”!
Impianti obsoleti ma che devonofunzionare!
E gli attacchi si fanno sempre + sofisticati!
Industrial Security vs IT Security
https://www.shodan.io/
Unrestricted © Siemens 2019
• Divieto utilizzo ModbusTCP
• Mandatorio utilizzo switch managed
• Network HardeningPL 1
• OPC UA
• Scalance XC200 e superiori
• Production Backbone
PL 2• Firewall con Scalance S
• Sinec NMS
• Mandatoria la separazione fisica delle reti
• Mandatorio un sistema di gestione dei dispositivi e
l’inventory
• …
PL 3• Tracciamento automatico delle attività di logging e security
per identificare eventi anomali
• …
• Syslog e/o SIEM
• Industrial Anomaly Detection
PL 4• Filtering dei pacchetti a livello applicativo
• …
• Next Generation Firewall
• Intrusion Prevention System
Soluzioni Siemens in funzione del PL
Unrestricted © Siemens 2019
IEC 62443
Plant Security
Network Security
System Integrity
Defense in Depth
Unrestricted © Siemens 2019
Cloud Connect
Enterprise
Network
Production
Backbone
Production
Cell
Core
Layer
Industrial
Network
La Security parte da una corretta architettura di Rete
Industrial Data Center
Backbone
DMZ
Aggregation 1 Aggregation 2 Aggregation n
Syrup Handler Dosing
Syrup Room
Blow Molder Filler Packer
Carbonated Soft Drink PET Line
Filling/Packing
Functional Safety
TIA
Mobile Applications
IoT Connectivity
Network Manage-ment
Remote Communi-cation
Network Security
Process
Unrestricted © Siemens 2019
Factory Automation
Pro-duction 4
Production 3Production 2Production 1
DMZ
Office Network
Plant
Security
Network
Security
System
Integrity
• Physical protection• Security management• Security operation center
Cell 1 Cell 2
Industrial Security
Approccio ”Olistico” alla Security
Network Hardening
Production Backbone
Unrestricted © Siemens 2019
Plant Security
Industrial Security Check
Industrial Network Check
Assessment IEC62443
Risk e Vulnerability Assessment
Vulnerability Risk score
Flat network architecture/No DMZ available
x.x
Flat network architecture/No network segmentation
x.x
Unsecure/Not controlled remote activities
x.x
No system hardening/Unneeded applications and services installed
x.x
Unpatched operating system x.x
Obsolete Antivirus database x.x
Windows firewall not active x.x
Uncontrolled USB interfaces x.x
Red (7.5 – 10) = Unaccaptable risk; Urgent action is necessary
Orange (5 – 7.5) = Unaccaptable risk; Acrtion is required
Yellow (2.5 – 5) = Accaptable risk; Subject to management approval
Green (0 – 2.5) = Accaptable risk; No action required
Unrestricted © Siemens 2019
Asset Inventory
e IAD/IDS
Situazione attuale:
Non si conoscono tutti i dispositivipresenti negli impianti
Monitoraggio continuo della rete
Avviso in caso di attacchi e anomalie (interni ed esterni)
Unrestricted © Siemens 2019
Industrial
Security
Solution
Ruggedcom RX1500 + APE
Software di terze parti certificati con funzionalità
quali:• Anomaly Based Intrusion Detection System
• Next Generation Firewalls
https://new.siemens.com/global/en/products/automation/industrial-
communication/rugged-communications/technology-highlights/cybersecurity.html
Soluzione flessibile che va a coprirele esigenze del mercato unendoHW e SW certificati
Soluzione di Automated Network Assessments
Non è la panacea di tutti i mali: la rete deve essere stabile!
Unrestricted © Siemens 2019
Network
Security
GO MANAGED!
Ridondanza
Usare Password
Usare VLAN
Abilitare ACL
Limitare Broadcast (DoS)
Disabilitare porte non utilizzate
Loop Detection
Abilitare SNMP V3
Unrestricted © Siemens 2019
Network
Security
Celle di produzione “protette” tramite Firewall Scalance S
Teleassistenza
Integrazione IT e OT
OT Network
IT Network
Unrestricted © Siemens 2019
Control Center
Machine 1
Machine 2
Machine 3
Office Factory
Factory A
Secure RemoteAccess
Con Sinema Remote Connect
Accesso efficiente a impianti, macchine e applicazioni mobili
Connessione sicura e flessibile alle varie infrastrutture dei clientiSoluzioni versatili alle varie esigenze!
Unrestricted © Siemens 2019
Macchina #1
Macchina #N
OT Network
IT Network
DMZ
Firewall
IT/OT
VPN Tunnel
External
Firewall
esterno
Mobile User
Remote Desktop Session
Scalance SOpen VPN Tunnel
Ethernet
Engineering
Station
Sinema RC
Server
Remote Desktop
Sinema RC Client
TIA
ES Ring
Protection CellProduction
Backbone
Scalance S
Architettura
Unrestricted © Siemens 2019
Network
Monitoring
Con SINEC NMS
Massima trasparenza di tutta la rete industriale
Riduzione dei fermi di rete non preventivati
Configurazione dell’intera rete tramite policies (fino a 12500 dispositivi)
Unrestricted © Siemens 2019
System
Integrity
Controllori con funzionalità di sicurezza integrate
• OPC UA• SSL/TLS• Protezione Accesso• Protezione Know-how• Protezione Copia• Firma digitale
Unrestricted © Siemens 2019
IndustrialSecurity
Siemens Product Cert
Use Cases
Unrestricted © Siemens 2019
Unrestricted © Siemens 2019
“Le reti industriali sono un tema trasversale. (.....) Siemens ci ha supportato -attraverso corsi di formazione iniziale e poi durante la pianificazione dettagliata, la progettazione e la prima messa in servizio. Questo ci ha permesso di approfondire e ampliare il nostro know-ledge su temi come la sicurezza - e ora siamo in grado di amministrare la rete da soli..”
October 2019Page 82 V2.0
– Sven Ostertag, Plant Engineer,Simon Group
Unrestricted © Siemens 2019
“Con una tecnologia di rete ad alte prestazioni e la competenza di tutte le persone coinvolte, abbiamo raggiunto i nostri obiettivi e implementato una rete di produzione veloce, protetta dall'accesso, a prova di guasti e quindi altamente disponibile..”
October 2019Page 83
Holger Wiedel, Managing Directorof HWI IT
V2.0
Unrestricted © Siemens 2019
Marcello ScalfiSales Specialist
Industrial Networks & SecuritySiemens Spa
Via Vipiteno, 420128 – Milano
mailto: [email protected]
THANK YOU!
H-ON ConsultingPrato | Viadana | Houston | Glasgow
Tel. +39 0574 870 800 [email protected] www.h-on.it
Follow us on
