Cyber Security Challenges – How are we facing them?
Bart de Wijs, Head of Cyber Security, ABB Power Systems
Focus of todays talk
1. Advanced security architectures?
2. What are the main Cyber Security challenges?
3. How should the challenges be addressed?
4. What does ABB offer and how can ABB help?
4 key questions
© ABB Group 21 October, 2013 | Slide 2
Image: edudemic.com
Substation Automation SystemsAdvanced Security Architecture
© ABB Group 21 October, 2013 | Slide 3
Disabled ports / services
Removable media access
Individual User Accounts
Malware protection
Firewall
Router
Encryptet communication
Industrial Defender Agent
Patch Management
Automation Systems Manager
Legend:
Advanced Service Appliance (ASA)
The Biggest ChallengesOrganizational
Images: www.guardianconsultants.co.uk wegilant.com www.floris-cm.nl blogpool4tool.com
Risk Management Awareness
Competence Management Disruptive Changes
21 October, 2013 | Slide 4© ABB Group
The Biggest ChallengesTechnical
Images: www.zazzle.co.nz www.zoho.com blog.monitorscout.com www.leadthefish.com nl.123rf.com www.ccure.it
Compliance
Situational AwarenessInstalled Base
Heterogeneity
Sustaining Security
Vulnerabilities
21 October, 2013 | Slide 5© ABB Group
How should the challenges be addressed?4 key questions
Images: www.techieapps.com technorati.com www.calibersecurity.com cert.org
Can we really defend ourselves?
Do we know our infrastructure and systems?
Can we identify potentially malicious activities?
Can we recover from any incident?
21 October, 2013 | Slide 6© ABB Group
How should the challenges be addressed?Better preparation
Image: howstuffworks.com blog.optimizely.com lisagroup.com.au dhs.org cve.mitre.org securityfocus.com www.marketingzen.com
Monitor vulnerability disclosures
Know the behavior of your infrastructure and systems
Requires a change from all of us!
Compare your actual with your baseline
Make an inventory of what you have
Patch your systems and stay up to date
21 October, 2013 | Slide 7© ABB Group
What ABB offers – A holistic approach to Cyber SecurityDefense in Depth in all phases of the System Lifecycle
Procedures and PoliciesPhysical SecuritySecurity UpdatesUser Access ControlIntrusion ProtectionIntrusion DetectionHigh availability solutions
21 October, 2013 | Slide 8© ABB Group
Conclusions
21 October, 2013 | Slide 9© ABB Group
Cyber security is a key aspect of ICS in Critical Infrastructure
Cyber security is a real challenge and must become a high priority item for all involved stakeholders
Effective cyber security solutions require a joint effort by vendors, integrators, operating system providers, end users and governments
Effective cyber security will require solutions that cover both legacy and new installations
Security is about risk management - perfect security is neither existent nor economically feasible
Contact informationQuestions, Comments, etc.
www.abb.com/cybersecurity
© ABB Group21 October, 2013 | Slide 10