SlideShare uma empresa Scribd logo

Where and Why to Start Your ICS Security Journey

Rockwell Automation
Rockwell Automation

This document discusses where to start with industrial control system (ICS) security. It begins by explaining why ICS security is important given past attacks targeting these systems. It then outlines a strategic and tactical approach to ICS security that involves developing a security program, conducting assessments, and creating an improvement plan. Specific tactical steps are also discussed, such as implementing firewalls, patch management, asset management, and threat detection. The document emphasizes taking a holistic, risk-based approach that addresses people, processes, and technologies.

Tecnologia
1 de 35
Baixar para ler offline
Security: Where and Why do I start
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 3 Agenda Why should we be concerned? Where do we start? What should we do?
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 4 -Voltaire “Everything’s fine today, that is our illusion”
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 5 Why should we be concerned with ICS Security?
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 6 ICS-Focused Campaigns, Attacks, Frequency 20172010 2011 2012 2013 2014 STUXNET Worm Targeting SCADA and Modifying PLCs OPERATION AURORA APT Cyber Attack on 20+ High Tech, Security & Defense Companies NIGHT DRAGON Advanced Persistent Threat Targeting Global Energy SHAMOON Virus Targeting Energy Sector Largest Wipe Attack RED OCTOBER Cyber-Espionage Malware Targeting Gov’t & Research Organizations FLAME Virus use for Targeted Cyber Espionage in the Middle East DUQU Worm Targeting ICS Information Gathering and Stealing GAUSS Information Stealer Malware HAVEX Industrial Control System Remote Access Trojan & Information Stealer HEARTBLEED Security Bug and Vulnerability Exploited by Attackers 2015 2016 BLACKENERGY Malware Injected into Ukrainian Power Company Network, Cut Power to the Affected Region. OP GHOUL Spear-phishing Campaign Targeting Middle East Industrial Organizations 140 197 257 245 295 BLACKENERGY Malware Injected into Power Company Network, Attackers Cut Power to the Affected Region. ICS CERT INCIDENT COUNT **Only Reported Incidents in U.S. NOTPETYA Ransomware Malware Based On Stolen NSA Exploits that Impacted ICS Systems 290 INDUSTROYER Malware Targeting Electric Utility – Used in 2016 Ukraine Grid Attack WANNACRY General ransomware which impacted ICS Systems
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 7 ICS THREAT ACTORS Insiders Cyber CriminalsHacktivists Nation States Terrorists > 40% Cyber Events
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 9 ICS THREAT VECTORS DMZ Email, Intranet, Business Planning & Logistics Network IT Network OT Network ICS Supply Chain www SIEM/SOC Servers Remote Maintenance SCADA Server Historian HMI PLC Pump Engineering Station Operator Work Station PLC Actuator PLC Valve PLC Sensor On-Site Maintenance Direct Attack on Plant Network Direct Attack via IT Network USB Indirect Attack Sneaker-Net (Compromised VPN) (Compromised Device) VPN Device External Adversaries Insider Threat
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 10 What is Risk?
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 11 Safety and Security
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 12 Where do we start?
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 13 Strategic  Develop an OT cybersecurity program  Adopt an industry framework  Understand business drivers and risk tolerances to drive target profiles  Conduct assessments to develop an understanding of gaps  Create an improvement plan to drive the tactical approach Tactical  Execute on filling gaps as defined and prioritized in the strategic approach  Utilize validated designs and architectures  Implement pre-engineered infrastructure and software solutions to achieve targets The Approach
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 14 Holistic View A secure application depends on multiple layers of protection and industrial security must be implemented as a system.  Openness  Flexibility  Consistency
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 15 Methodology Securing your operations environments with a risk based approach
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 16 OT vs. IT Priority is on reliability and integrity of the system. Priority is pervasiveness of data and confidentiality of such data. End-points are of heterogeneous make and task specific with long lifespans End-points are of homogenous make and multi-purpose with short lifespans Architectures are ubiquitous in nature and consist of mutli-tiered systems to encourage wide accessibility Architectures are of proprietary nature and consist of isolated, task specific systems. Outcomes are physical Outcomes are digital
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 17 Compliance & Standards Certified Products, Architectures and Solution Delivery Applies to those responsible for designing, manufacturing, implementing, or managing industrial control systems:  End-users (i.e. asset owner)  System integrators  Security practitioners  ICS product/systems vendors ISA/IEC 62443: Series of standards that define procedures for implementing electronically secure Industrial Automation and Control Systems (IACS). *Equivalence to ISO 27001 and NIST Cybersecurity Framework
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 18 Rockwell Automation’s Approach Addressing Cybersecurity Concerns With an ever evolving threat landscape, companies must look at security holistically, one that involves a multi-layer, risk-based approach and addresses people, process and technologies. Strategic Advisor IT/OT Security Practitioner Trusted Supplier We can help you develop a strategic risk management program focused on balancing objectives and tolerance in alignment with industry standards and frameworks. Industry-leading Partners Leverage our deep expertise to realize the Connected Enterprise through an expansive set of consultative and managed services. Solutions and product providers must consider security throughout the product lifecycle in alignment with industry standards. Our partner ecosystem consists of security expertise and technologies to help address security concerns holistically across the enterprise.
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 19 BEFORE Identify & Protect Detect Respond & Recover Asset Inventory Services Qualified Patch Management Vulnerability and Risk Assessments ICS Security Zone and Countermeasure Deployment Real-Time Threat Detection Services Remote Monitoring and Administration Services Backup and Recovery Solutions Incident Handling and Response Incident Response and Disaster Recovery Planning Services BUILD A SECURE, ROBUST, FUTURE-READY NETWORK FOR YOUR CONNECTED ENTERPRISE DURING AFTER ASSESS DESIGN IMPLEMENT MONITOR Strategic Advisor and Security Practioner
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 20 Risk Assessment Cloud Governance Council Mandatory USB Training Secure Development Environment Insider Risk Program Cyber Tabletop Exercises Product Security Office Third Party Risk Management Program Trusted Supplier Focus on Customer Security
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 21 Trusted Supplier Security Built-in Vendors must build security into products with a focus on security throughout the products lifecycle…  Product Security Office  Secure Development Lifecycle
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 22 Trusted Supplier New Security Capabilities Secure communications with EtherNet/IP  Authentication – helps prevent unauthorized devices from establishing connections  Integrity – helps prevent tampering or modification of communications  Confidentiality – helps prevent snooping or disclosure of data Notable features:  System management  Easily create and deploy security policies to many devices, all at once  Micro-segmentation  Segment your automation application into smaller cell/zones.  Device-based firewall  Enable/disable available ports/protocols of devices (ie./ HTTP/HTTPS)  Legacy Systems Support  Whitelisting – authorize specific communications based on IP address  Retrofit 1756 based systems with the new 1756-EN4TR  Leverage a “proxy device” in front of legacy products (Future) FactoryTalk® Policy Manager Software FactoryTalk® Directory PC Connections Via FactoryTalk® Linx Device Communications With EtherNet/IP System Components Security Admin
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 23 Industry-Leading Partners Complimentary Solutions Rockwell Automation Integrated Control & Information Cisco Wireless, Security, Switching & Routing Panduit Physical Layer Network Infrastructure, Zone Enclosures VMware Data Center Virtualization ROCKWELL AUTOMATION & PARTNER PORTFOLIO Microsoft Operating Systems, Database / Cloud Infrastructure, & Application Security PartnerNetwork™ program Alliances, Encompass™ partner, Distributors, System Integrators, OEMs Claroty Industrial Control System Threat Detection
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 24 Converged Plantwide Ethernet Reference Architectures Industry-leading Partners 24 Tested and Validated Architectures As plants invest in the modernization of their network architectures, internal and external security drivers are pushing companies to invest in pervasive security solutions beyond the traditional firewall. • Extend visibility of proven IT security technologies and tactics to the OT network. • Leverage IT competencies of existing team with tools they know and trust. • Enable alignment between not only IT and OT, but also with solution and machine providers.
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 25 What should I do?
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 26 Network Infrastructure Networks  Converged Plantwide Architecture  Co-developed with Cisco leveraging Industry Standards and best practices (NIST, IEC, etc.)  DMZ Servers as demarcation point  Full portfolio of Stratix® Managed and Lightly Managed switches Security Appliances  Cisco Firewalls  Stratix® 5950 Cell/Zone Firewalls Level 3.5-4 DMZ / IT Network Level 3 Site Ops Network Level 2 Area Supervisory Network Level 0-1 Controller / Sensor Network Site Network IDMZ Firewalls Maint. Laptop EWS Infrastructure & Automation Servers Proxy Services Enterprise Services Security Operations OT Core Switch IT Core Switch
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 27 Cisco Security Integration Enterprise Integration  FactoryTalk® Network Manager™ Software  IPS/IDS with FirePower  Network Access Control: Identity Services Engine  Netflow Analysis: Stealthwatch Level 3.5-4 DMZ / IT Network Level 3 Site Ops Network Level 2 Area Supervisory Network Level 0-1 Controller / Sensor Network Site Network IDMZ Firewalls Maint. Laptop ISE Policy Node Infrastructure & Automation Servers Proxy Services Enterprise Services Security Operations OT Core Switch IT Core Switch FTNM
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 28 Asset Management Asset Inventory  FactoryTalk® AssetCentre Software  Claroty Vulnerability Management Disaster Recovery  Automated back-up  Application change detection Reporting Level 3.5-4 DMZ / IT Network Level 3 Site Ops Network Level 2 Area Supervisory Network Level 0-1 Controller / Sensor Network Site Network IDMZ Firewalls Maint. Laptop FactoryTalk® Asset Centre FactoryTalk® Directory Proxy Services Enterprise Services Security Operations OT Core Switch IT Core Switch Claroty Platform Passive Active
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 29 Patch Management Operating System Patching  Patch Qualification Testing Lab  Delivery of a curated set of Windows patches catered to your specific Rockwell Automation software and operating system combination  Remote Patch Administration Services Level 3.5-4 DMZ / IT Network Level 3 Site Ops Network Level 2 Area Supervisory Network Level 0-1 Controller / Sensor Network Site Network Supply Chain (Third Party Vendors) IDMZ Firewalls Maint. Laptop EWS Infrastructure & Automation Servers Proxy Services Enterprise Services RA Azure WSUS OT Core Switch IT Core Switch OEM Laptop OTSecurity Services Remote Support Cloud (Microsoft Azure) Plant WSUS/SCCM Microsoft
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 30 Authentication and Authorization Windows Domain Architecture  Active Directory  Authentication Best Practices FactoryTalk® Security  Integration into Windows Domain Architecture  Authentication and Authorization services for FactoryTalk® and Studio 5000® Software  Local and Centralized audit trail Remote Access  Secure Vendor Access Level 3.5-4 DMZ / IT Network Level 3 Site Ops Network Level 2 Area Supervisory Network Level 0-1 Controller / Sensor Network Site Network IDMZ Firewalls Maint. Laptop FactoryTalk® Asset Centre FactoryTalk® Directory Proxy Services Enterprise Services Security Operations OT Core Switch IT Core Switch Active Directory 1 2 3 Secure Remote Access Server EWS
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 31 Computers & Endpoint Protection Anti Virus and Application Whitelisting  Symantec Endpoint Protection  Symantec Critical Systems Protection Thin clients and Content Management  Reduced attack surface  Centralize OS management  Enhanced authentication capabilities Level 3.5-4 DMZ / IT Network Level 3 Site Ops Network Level 2 Area Supervisory Network Level 0-1 Controller / Sensor Network Site Network IDMZ Firewalls Maint. Laptop Secure Remote Access Server Infrastructure & Application Servers Proxy Services Enterprise Services RA Azure WSUS OT Core Switch IT Core Switch WSUS
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 32 Threat Detection Threat Detection Services  Inventory to Baseline  Real-Time alerting on deviations  Incident Response Planning  Remote Support Services Level 3.5-4 DMZ / IT Network Level 3 Site Ops Network Level 2 Area Supervisory Network Level 0-1 Controller / Sensor Network Site Network Supply Chain (Third Party Vendors) IDMZ Firewalls Maint. Laptop EWS Infrastructure & Automation Servers Proxy Services Enterprise Services Remote Support Services OT Core Switch IT Core Switch OEM Laptop OTSecurity Services Threat Detection Platform
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 33 Industrial Security Landing webpage http://rockwellautomation.com/security Security Resources Security Advisory Index Microsoft Patch QualificationReference Architectures secure@ra.rockwell.com Services Services Security Technology Security FAQ
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 34 Integrated Architecture® System from Rockwell Automation Addresses OT Cybersecurity Leveraging a multi-layer, risk based approach. Strategic Advisor IT/OT Security Practitioner Trusted Supplier Industry-leading Partners DURINGBEFORE AFTER PEOPLE, PROCESS, AND TECHNOLOGY
PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 35 Share your feedback Please complete the session survey on the mobile app Select TechEd and login Use your email and last name that you used to register for the event. Click on Schedule on the main menu • Select the session you are attending • Click on the survey tab • Complete the survey and submit 2 3 Download the Events ROK mobile app 1
www.rockwellautomation.com Thank you

Recomendados

Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overviewCisco Canada
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportIftikhar Ali Iqbal
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applicationsForcepoint LLC
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallCisco Canada
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingCrowdStrike
 
Presentation NetScaler SD-WAN
Presentation NetScaler SD-WANPresentation NetScaler SD-WAN
Presentation NetScaler SD-WANMichelle Guerrero Montalvo
 
Building a Security Architecture
Building a Security ArchitectureBuilding a Security Architecture
Building a Security ArchitectureCisco Canada
 

Recomendados

Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overviewCisco Canada
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportIftikhar Ali Iqbal
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applicationsForcepoint LLC
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallCisco Canada
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingCrowdStrike
 
Presentation NetScaler SD-WAN
Presentation NetScaler SD-WANPresentation NetScaler SD-WAN
Presentation NetScaler SD-WANMichelle Guerrero Montalvo
 
Building a Security Architecture
Building a Security ArchitectureBuilding a Security Architecture
Building a Security ArchitectureCisco Canada
 
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextDavid Sweigert
 
SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0Maganathin Veeraragaloo
 
SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0Maganathin Veeraragaloo
 
Meraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopMeraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopCisco Canada
 
Splunk Webinar: Full-Stack End-to-End SAP-Monitoring mit Splunk
Splunk Webinar: Full-Stack End-to-End SAP-Monitoring mit SplunkSplunk Webinar: Full-Stack End-to-End SAP-Monitoring mit Splunk
Splunk Webinar: Full-Stack End-to-End SAP-Monitoring mit SplunkSplunk
 
Introduction to Tenable
Introduction to TenableIntroduction to Tenable
Introduction to TenableBharat Jindal
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 
Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Iftikhar Ali Iqbal
 
Cisco Security portfolio update
Cisco Security portfolio updateCisco Security portfolio update
Cisco Security portfolio updateAtanas Gergiminov
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptxaungyekhant1
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptDelforChacnCornejo
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
What is SASE
What is SASEWhat is SASE
What is SASEAdi Ruppin
 
ICS security
ICS securityICS security
ICS securityAhmed Shitta
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Cloud Reference Architecture - Part 1 Foundation
Cloud Reference Architecture - Part 1 FoundationCloud Reference Architecture - Part 1 Foundation
Cloud Reference Architecture - Part 1 FoundationAmmar Hasayen
 
Apache metron - An Introduction
Apache metron - An IntroductionApache metron - An Introduction
Apache metron - An IntroductionBaban Gaigole
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020Guido Marchetti
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 
GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE디지털 월드테크 브로셔(GE Digital Wurldtech)GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE디지털 월드테크 브로셔(GE Digital Wurldtech)GE코리아
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 

Mais conteúdo relacionado

Mais procurados

SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextDavid Sweigert
 
Meraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopMeraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopCisco Canada
 
Splunk Webinar: Full-Stack End-to-End SAP-Monitoring mit Splunk
Splunk Webinar: Full-Stack End-to-End SAP-Monitoring mit SplunkSplunk Webinar: Full-Stack End-to-End SAP-Monitoring mit Splunk
Splunk Webinar: Full-Stack End-to-End SAP-Monitoring mit SplunkSplunk
 
Introduction to Tenable
Introduction to TenableIntroduction to Tenable
Introduction to TenableBharat Jindal
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 
Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Iftikhar Ali Iqbal
 
Cisco Security portfolio update
Cisco Security portfolio updateCisco Security portfolio update
Cisco Security portfolio updateAtanas Gergiminov
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptxaungyekhant1
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptDelforChacnCornejo
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Cloud Reference Architecture - Part 1 Foundation
Cloud Reference Architecture - Part 1 FoundationCloud Reference Architecture - Part 1 Foundation
Cloud Reference Architecture - Part 1 FoundationAmmar Hasayen
 
Apache metron - An Introduction
Apache metron - An IntroductionApache metron - An Introduction
Apache metron - An IntroductionBaban Gaigole
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 

Mais procurados (20)

SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 context
 
SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0
 
SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0
 
Meraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopMeraki Cloud Networking Workshop
Meraki Cloud Networking Workshop
 
Splunk Webinar: Full-Stack End-to-End SAP-Monitoring mit Splunk
Splunk Webinar: Full-Stack End-to-End SAP-Monitoring mit SplunkSplunk Webinar: Full-Stack End-to-End SAP-Monitoring mit Splunk
Splunk Webinar: Full-Stack End-to-End SAP-Monitoring mit Splunk
 
Introduction to Tenable
Introduction to TenableIntroduction to Tenable
Introduction to Tenable
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
 
Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)
 
Cisco Security portfolio update
Cisco Security portfolio updateCisco Security portfolio update
Cisco Security portfolio update
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
 
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.ppt
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
What is SASE
What is SASEWhat is SASE
What is SASE
 
ICS security
ICS securityICS security
ICS security
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Cloud Reference Architecture - Part 1 Foundation
Cloud Reference Architecture - Part 1 FoundationCloud Reference Architecture - Part 1 Foundation
Cloud Reference Architecture - Part 1 Foundation
 
Apache metron - An Introduction
Apache metron - An IntroductionApache metron - An Introduction
Apache metron - An Introduction
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 

Semelhante a Where and Why to Start Your ICS Security Journey

GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE디지털 월드테크 브로셔(GE Digital Wurldtech)GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE디지털 월드테크 브로셔(GE Digital Wurldtech)GE코리아
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareCloudera, Inc.
 
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)Gerardo Pardo-Castellote
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxYoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxVictoriaChavesta
 
Top firewall companies 2020 converted
Top firewall companies 2020 convertedTop firewall companies 2020 converted
Top firewall companies 2020 convertedemmaelice
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Jason Jolley
 
RA TechED 2019 - NT03 - Building Converged Plantwide Ethernet Architectures
RA TechED 2019 - NT03 - Building Converged Plantwide Ethernet ArchitecturesRA TechED 2019 - NT03 - Building Converged Plantwide Ethernet Architectures
RA TechED 2019 - NT03 - Building Converged Plantwide Ethernet ArchitecturesRockwell Automation
 
WatchGuard Corporate Presentation.pptx
WatchGuard Corporate Presentation.pptxWatchGuard Corporate Presentation.pptx
WatchGuard Corporate Presentation.pptxRachatrinTongrungroj1
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Security for the IoT - Report Summary
Security for the IoT - Report SummarySecurity for the IoT - Report Summary
Security for the IoT - Report SummaryAccenture Technology
 
Cisco Connected Factory - Security
Cisco Connected Factory - SecurityCisco Connected Factory - Security
Cisco Connected Factory - SecurityConnected Futures
 
iFluids Cybersecurity Seminar CIC Qatar 2018 Agenda
iFluids Cybersecurity Seminar CIC Qatar 2018 AgendaiFluids Cybersecurity Seminar CIC Qatar 2018 Agenda
iFluids Cybersecurity Seminar CIC Qatar 2018 AgendaJohn Kingsley
 

Semelhante a Where and Why to Start Your ICS Security Journey (20)

GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE디지털 월드테크 브로셔(GE Digital Wurldtech)GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE디지털 월드테크 브로셔(GE Digital Wurldtech)
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
 
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
 
Industrial IOT Data Connectivity Standard
Industrial IOT Data Connectivity StandardIndustrial IOT Data Connectivity Standard
Industrial IOT Data Connectivity Standard
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Top firewall companies 2020 converted
Top firewall companies 2020 convertedTop firewall companies 2020 converted
Top firewall companies 2020 converted
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!
 
IntelAdapt
IntelAdaptIntelAdapt
IntelAdapt
 
RA TechED 2019 - NT03 - Building Converged Plantwide Ethernet Architectures
RA TechED 2019 - NT03 - Building Converged Plantwide Ethernet ArchitecturesRA TechED 2019 - NT03 - Building Converged Plantwide Ethernet Architectures
RA TechED 2019 - NT03 - Building Converged Plantwide Ethernet Architectures
 
WatchGuard Corporate Presentation.pptx
WatchGuard Corporate Presentation.pptxWatchGuard Corporate Presentation.pptx
WatchGuard Corporate Presentation.pptx
 
ICC Networking Data Security
ICC Networking Data SecurityICC Networking Data Security
ICC Networking Data Security
 
ICC Networking Data Security
ICC Networking Data SecurityICC Networking Data Security
ICC Networking Data Security
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Security for the IoT - Report Summary
Security for the IoT - Report SummarySecurity for the IoT - Report Summary
Security for the IoT - Report Summary
 
CloudWALL Profile ENG
CloudWALL Profile ENGCloudWALL Profile ENG
CloudWALL Profile ENG
 
Cisco Connected Factory - Security
Cisco Connected Factory - SecurityCisco Connected Factory - Security
Cisco Connected Factory - Security
 
iFluids Cybersecurity Seminar CIC Qatar 2018 Agenda
iFluids Cybersecurity Seminar CIC Qatar 2018 AgendaiFluids Cybersecurity Seminar CIC Qatar 2018 Agenda
iFluids Cybersecurity Seminar CIC Qatar 2018 Agenda
 

Mais de Rockwell Automation

RA TechED 2019 - PR03 - Implementation of PlantPAx Systems
RA TechED 2019 - PR03 - Implementation of PlantPAx SystemsRA TechED 2019 - PR03 - Implementation of PlantPAx Systems
RA TechED 2019 - PR03 - Implementation of PlantPAx SystemsRockwell Automation
 
RA TechED - DE10 - Simulation and Optimization of Lines using RAPID, Line Bal...
RA TechED - DE10 - Simulation and Optimization of Lines using RAPID, Line Bal...RA TechED - DE10 - Simulation and Optimization of Lines using RAPID, Line Bal...
RA TechED - DE10 - Simulation and Optimization of Lines using RAPID, Line Bal...Rockwell Automation
 
RA TechED 2019 - PR24 - FactoryTalk Brew Designed to Help Large Brewer's Succeed
RA TechED 2019 - PR24 - FactoryTalk Brew Designed to Help Large Brewer's SucceedRA TechED 2019 - PR24 - FactoryTalk Brew Designed to Help Large Brewer's Succeed
RA TechED 2019 - PR24 - FactoryTalk Brew Designed to Help Large Brewer's SucceedRockwell Automation
 
RA TechED 2019 - SY07- Next-Gen Device Library of Preconfigured Objects
RA TechED 2019 - SY07- Next-Gen Device Library of Preconfigured ObjectsRA TechED 2019 - SY07- Next-Gen Device Library of Preconfigured Objects
RA TechED 2019 - SY07- Next-Gen Device Library of Preconfigured ObjectsRockwell Automation
 
RA TechED 2019 - SY22 - The Future of Software Purchase and Maintenance
RA TechED 2019 - SY22 - The Future of Software Purchase and MaintenanceRA TechED 2019 - SY22 - The Future of Software Purchase and Maintenance
RA TechED 2019 - SY22 - The Future of Software Purchase and MaintenanceRockwell Automation
 
RA TechED 2019 - SY08 - Developing Information Ready Applications using Smart...
RA TechED 2019 - SY08 - Developing Information Ready Applications using Smart...RA TechED 2019 - SY08 - Developing Information Ready Applications using Smart...
RA TechED 2019 - SY08 - Developing Information Ready Applications using Smart...Rockwell Automation
 
RA TechED 2019 - SS14 - Electronic Lockout Tagout Management Systems
RA TechED 2019 - SS14 - Electronic Lockout Tagout Management SystemsRA TechED 2019 - SS14 - Electronic Lockout Tagout Management Systems
RA TechED 2019 - SS14 - Electronic Lockout Tagout Management SystemsRockwell Automation
 
RA TechED 2019 - SS08 - What's New and Coming Soon in Safety Automation Archi...
RA TechED 2019 - SS08 - What's New and Coming Soon in Safety Automation Archi...RA TechED 2019 - SS08 - What's New and Coming Soon in Safety Automation Archi...
RA TechED 2019 - SS08 - What's New and Coming Soon in Safety Automation Archi...Rockwell Automation
 
RA TechED 2019 - IN12 Microsoft - Digitalize Your Production to Capitalize on...
RA TechED 2019 - IN12 Microsoft - Digitalize Your Production to Capitalize on...RA TechED 2019 - IN12 Microsoft - Digitalize Your Production to Capitalize on...
RA TechED 2019 - IN12 Microsoft - Digitalize Your Production to Capitalize on...Rockwell Automation
 
RA TechED 2019 - IN10 - What Machine Learning can do for you using FactoryTal...
RA TechED 2019 - IN10 - What Machine Learning can do for you using FactoryTal...RA TechED 2019 - IN10 - What Machine Learning can do for you using FactoryTal...
RA TechED 2019 - IN10 - What Machine Learning can do for you using FactoryTal...Rockwell Automation
 
RA TechED 2019 - IN03 - Develop Analytics That Scale Using FactoryTalk Innova...
RA TechED 2019 - IN03 - Develop Analytics That Scale Using FactoryTalk Innova...RA TechED 2019 - IN03 - Develop Analytics That Scale Using FactoryTalk Innova...
RA TechED 2019 - IN03 - Develop Analytics That Scale Using FactoryTalk Innova...Rockwell Automation
 
RA TechED 2019 - IN02 - Empower Your Connected Enterprise with FactoryTalk In...
RA TechED 2019 - IN02 - Empower Your Connected Enterprise with FactoryTalk In...RA TechED 2019 - IN02 - Empower Your Connected Enterprise with FactoryTalk In...
RA TechED 2019 - IN02 - Empower Your Connected Enterprise with FactoryTalk In...Rockwell Automation
 
RA TechED 2019 - CL05 Reduce Waste with Logixai
RA TechED 2019 - CL05 Reduce Waste with LogixaiRA TechED 2019 - CL05 Reduce Waste with Logixai
RA TechED 2019 - CL05 Reduce Waste with LogixaiRockwell Automation
 
RA TechED 2019 - CL02 - Integrated Architecture System Software What's New
RA TechED 2019 - CL02 - Integrated Architecture System Software What's NewRA TechED 2019 - CL02 - Integrated Architecture System Software What's New
RA TechED 2019 - CL02 - Integrated Architecture System Software What's NewRockwell Automation
 
RA TechED 2019 - CL01 - Integrated Architecture System Hardware - what's new
RA TechED 2019 - CL01 - Integrated Architecture System Hardware - what's newRA TechED 2019 - CL01 - Integrated Architecture System Hardware - what's new
RA TechED 2019 - CL01 - Integrated Architecture System Hardware - what's newRockwell Automation
 
Robert Murphy Driving Value from Smart Manufacturing
Robert Murphy Driving Value from Smart ManufacturingRobert Murphy Driving Value from Smart Manufacturing
Robert Murphy Driving Value from Smart ManufacturingRockwell Automation
 
Exploring the Functionality of the Rockwell Automation® Library of Process Ob...
Exploring the Functionality of the Rockwell Automation® Library of Process Ob...Exploring the Functionality of the Rockwell Automation® Library of Process Ob...
Exploring the Functionality of the Rockwell Automation® Library of Process Ob...Rockwell Automation
 
Designing Machine-level HMI with Studio 5000 View Designer® Demonstration
Designing Machine-level HMI with Studio 5000 View Designer® DemonstrationDesigning Machine-level HMI with Studio 5000 View Designer® Demonstration
Designing Machine-level HMI with Studio 5000 View Designer® DemonstrationRockwell Automation
 
FactoryTalk® AssetCentre: Overview
FactoryTalk® AssetCentre: OverviewFactoryTalk® AssetCentre: Overview
FactoryTalk® AssetCentre: OverviewRockwell Automation
 
Virtual Plant Design with Arena® Simulation
Virtual Plant Design with Arena® SimulationVirtual Plant Design with Arena® Simulation
Virtual Plant Design with Arena® SimulationRockwell Automation
 

Mais de Rockwell Automation (20)

RA TechED 2019 - PR03 - Implementation of PlantPAx Systems
RA TechED 2019 - PR03 - Implementation of PlantPAx SystemsRA TechED 2019 - PR03 - Implementation of PlantPAx Systems
RA TechED 2019 - PR03 - Implementation of PlantPAx Systems
 
RA TechED - DE10 - Simulation and Optimization of Lines using RAPID, Line Bal...
RA TechED - DE10 - Simulation and Optimization of Lines using RAPID, Line Bal...RA TechED - DE10 - Simulation and Optimization of Lines using RAPID, Line Bal...
RA TechED - DE10 - Simulation and Optimization of Lines using RAPID, Line Bal...
 
RA TechED 2019 - PR24 - FactoryTalk Brew Designed to Help Large Brewer's Succeed
RA TechED 2019 - PR24 - FactoryTalk Brew Designed to Help Large Brewer's SucceedRA TechED 2019 - PR24 - FactoryTalk Brew Designed to Help Large Brewer's Succeed
RA TechED 2019 - PR24 - FactoryTalk Brew Designed to Help Large Brewer's Succeed
 
RA TechED 2019 - SY07- Next-Gen Device Library of Preconfigured Objects
RA TechED 2019 - SY07- Next-Gen Device Library of Preconfigured ObjectsRA TechED 2019 - SY07- Next-Gen Device Library of Preconfigured Objects
RA TechED 2019 - SY07- Next-Gen Device Library of Preconfigured Objects
 
RA TechED 2019 - SY22 - The Future of Software Purchase and Maintenance
RA TechED 2019 - SY22 - The Future of Software Purchase and MaintenanceRA TechED 2019 - SY22 - The Future of Software Purchase and Maintenance
RA TechED 2019 - SY22 - The Future of Software Purchase and Maintenance
 
RA TechED 2019 - SY08 - Developing Information Ready Applications using Smart...
RA TechED 2019 - SY08 - Developing Information Ready Applications using Smart...RA TechED 2019 - SY08 - Developing Information Ready Applications using Smart...
RA TechED 2019 - SY08 - Developing Information Ready Applications using Smart...
 
RA TechED 2019 - SS14 - Electronic Lockout Tagout Management Systems
RA TechED 2019 - SS14 - Electronic Lockout Tagout Management SystemsRA TechED 2019 - SS14 - Electronic Lockout Tagout Management Systems
RA TechED 2019 - SS14 - Electronic Lockout Tagout Management Systems
 
RA TechED 2019 - SS08 - What's New and Coming Soon in Safety Automation Archi...
RA TechED 2019 - SS08 - What's New and Coming Soon in Safety Automation Archi...RA TechED 2019 - SS08 - What's New and Coming Soon in Safety Automation Archi...
RA TechED 2019 - SS08 - What's New and Coming Soon in Safety Automation Archi...
 
RA TechED 2019 - IN12 Microsoft - Digitalize Your Production to Capitalize on...
RA TechED 2019 - IN12 Microsoft - Digitalize Your Production to Capitalize on...RA TechED 2019 - IN12 Microsoft - Digitalize Your Production to Capitalize on...
RA TechED 2019 - IN12 Microsoft - Digitalize Your Production to Capitalize on...
 
RA TechED 2019 - IN10 - What Machine Learning can do for you using FactoryTal...
RA TechED 2019 - IN10 - What Machine Learning can do for you using FactoryTal...RA TechED 2019 - IN10 - What Machine Learning can do for you using FactoryTal...
RA TechED 2019 - IN10 - What Machine Learning can do for you using FactoryTal...
 
RA TechED 2019 - IN03 - Develop Analytics That Scale Using FactoryTalk Innova...
RA TechED 2019 - IN03 - Develop Analytics That Scale Using FactoryTalk Innova...RA TechED 2019 - IN03 - Develop Analytics That Scale Using FactoryTalk Innova...
RA TechED 2019 - IN03 - Develop Analytics That Scale Using FactoryTalk Innova...
 
RA TechED 2019 - IN02 - Empower Your Connected Enterprise with FactoryTalk In...
RA TechED 2019 - IN02 - Empower Your Connected Enterprise with FactoryTalk In...RA TechED 2019 - IN02 - Empower Your Connected Enterprise with FactoryTalk In...
RA TechED 2019 - IN02 - Empower Your Connected Enterprise with FactoryTalk In...
 
RA TechED 2019 - CL05 Reduce Waste with Logixai
RA TechED 2019 - CL05 Reduce Waste with LogixaiRA TechED 2019 - CL05 Reduce Waste with Logixai
RA TechED 2019 - CL05 Reduce Waste with Logixai
 
RA TechED 2019 - CL02 - Integrated Architecture System Software What's New
RA TechED 2019 - CL02 - Integrated Architecture System Software What's NewRA TechED 2019 - CL02 - Integrated Architecture System Software What's New
RA TechED 2019 - CL02 - Integrated Architecture System Software What's New
 
RA TechED 2019 - CL01 - Integrated Architecture System Hardware - what's new
RA TechED 2019 - CL01 - Integrated Architecture System Hardware - what's newRA TechED 2019 - CL01 - Integrated Architecture System Hardware - what's new
RA TechED 2019 - CL01 - Integrated Architecture System Hardware - what's new
 
Robert Murphy Driving Value from Smart Manufacturing
Robert Murphy Driving Value from Smart ManufacturingRobert Murphy Driving Value from Smart Manufacturing
Robert Murphy Driving Value from Smart Manufacturing
 
Exploring the Functionality of the Rockwell Automation® Library of Process Ob...
Exploring the Functionality of the Rockwell Automation® Library of Process Ob...Exploring the Functionality of the Rockwell Automation® Library of Process Ob...
Exploring the Functionality of the Rockwell Automation® Library of Process Ob...
 
Designing Machine-level HMI with Studio 5000 View Designer® Demonstration
Designing Machine-level HMI with Studio 5000 View Designer® DemonstrationDesigning Machine-level HMI with Studio 5000 View Designer® Demonstration
Designing Machine-level HMI with Studio 5000 View Designer® Demonstration
 
FactoryTalk® AssetCentre: Overview
FactoryTalk® AssetCentre: OverviewFactoryTalk® AssetCentre: Overview
FactoryTalk® AssetCentre: Overview
 
Virtual Plant Design with Arena® Simulation
Virtual Plant Design with Arena® SimulationVirtual Plant Design with Arena® Simulation
Virtual Plant Design with Arena® Simulation
 

Último

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 

Último (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 

Where and Why to Start Your ICS Security Journey

  • 2.
  • 3. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 3 Agenda Why should we be concerned? Where do we start? What should we do?
  • 4. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 4 -Voltaire “Everything’s fine today, that is our illusion”
  • 5. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 5 Why should we be concerned with ICS Security?
  • 6. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 6 ICS-Focused Campaigns, Attacks, Frequency 20172010 2011 2012 2013 2014 STUXNET Worm Targeting SCADA and Modifying PLCs OPERATION AURORA APT Cyber Attack on 20+ High Tech, Security & Defense Companies NIGHT DRAGON Advanced Persistent Threat Targeting Global Energy SHAMOON Virus Targeting Energy Sector Largest Wipe Attack RED OCTOBER Cyber-Espionage Malware Targeting Gov’t & Research Organizations FLAME Virus use for Targeted Cyber Espionage in the Middle East DUQU Worm Targeting ICS Information Gathering and Stealing GAUSS Information Stealer Malware HAVEX Industrial Control System Remote Access Trojan & Information Stealer HEARTBLEED Security Bug and Vulnerability Exploited by Attackers 2015 2016 BLACKENERGY Malware Injected into Ukrainian Power Company Network, Cut Power to the Affected Region. OP GHOUL Spear-phishing Campaign Targeting Middle East Industrial Organizations 140 197 257 245 295 BLACKENERGY Malware Injected into Power Company Network, Attackers Cut Power to the Affected Region. ICS CERT INCIDENT COUNT **Only Reported Incidents in U.S. NOTPETYA Ransomware Malware Based On Stolen NSA Exploits that Impacted ICS Systems 290 INDUSTROYER Malware Targeting Electric Utility – Used in 2016 Ukraine Grid Attack WANNACRY General ransomware which impacted ICS Systems
  • 7. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 7 ICS THREAT ACTORS Insiders Cyber CriminalsHacktivists Nation States Terrorists > 40% Cyber Events
  • 8. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 9 ICS THREAT VECTORS DMZ Email, Intranet, Business Planning & Logistics Network IT Network OT Network ICS Supply Chain www SIEM/SOC Servers Remote Maintenance SCADA Server Historian HMI PLC Pump Engineering Station Operator Work Station PLC Actuator PLC Valve PLC Sensor On-Site Maintenance Direct Attack on Plant Network Direct Attack via IT Network USB Indirect Attack Sneaker-Net (Compromised VPN) (Compromised Device) VPN Device External Adversaries Insider Threat
  • 9. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 10 What is Risk?
  • 10. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 11 Safety and Security
  • 11. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 12 Where do we start?
  • 12. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 13 Strategic  Develop an OT cybersecurity program  Adopt an industry framework  Understand business drivers and risk tolerances to drive target profiles  Conduct assessments to develop an understanding of gaps  Create an improvement plan to drive the tactical approach Tactical  Execute on filling gaps as defined and prioritized in the strategic approach  Utilize validated designs and architectures  Implement pre-engineered infrastructure and software solutions to achieve targets The Approach
  • 13. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 14 Holistic View A secure application depends on multiple layers of protection and industrial security must be implemented as a system.  Openness  Flexibility  Consistency
  • 14. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 15 Methodology Securing your operations environments with a risk based approach
  • 15. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 16 OT vs. IT Priority is on reliability and integrity of the system. Priority is pervasiveness of data and confidentiality of such data. End-points are of heterogeneous make and task specific with long lifespans End-points are of homogenous make and multi-purpose with short lifespans Architectures are ubiquitous in nature and consist of mutli-tiered systems to encourage wide accessibility Architectures are of proprietary nature and consist of isolated, task specific systems. Outcomes are physical Outcomes are digital
  • 16. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 17 Compliance & Standards Certified Products, Architectures and Solution Delivery Applies to those responsible for designing, manufacturing, implementing, or managing industrial control systems:  End-users (i.e. asset owner)  System integrators  Security practitioners  ICS product/systems vendors ISA/IEC 62443: Series of standards that define procedures for implementing electronically secure Industrial Automation and Control Systems (IACS). *Equivalence to ISO 27001 and NIST Cybersecurity Framework
  • 17. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 18 Rockwell Automation’s Approach Addressing Cybersecurity Concerns With an ever evolving threat landscape, companies must look at security holistically, one that involves a multi-layer, risk-based approach and addresses people, process and technologies. Strategic Advisor IT/OT Security Practitioner Trusted Supplier We can help you develop a strategic risk management program focused on balancing objectives and tolerance in alignment with industry standards and frameworks. Industry-leading Partners Leverage our deep expertise to realize the Connected Enterprise through an expansive set of consultative and managed services. Solutions and product providers must consider security throughout the product lifecycle in alignment with industry standards. Our partner ecosystem consists of security expertise and technologies to help address security concerns holistically across the enterprise.
  • 18. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 19 BEFORE Identify & Protect Detect Respond & Recover Asset Inventory Services Qualified Patch Management Vulnerability and Risk Assessments ICS Security Zone and Countermeasure Deployment Real-Time Threat Detection Services Remote Monitoring and Administration Services Backup and Recovery Solutions Incident Handling and Response Incident Response and Disaster Recovery Planning Services BUILD A SECURE, ROBUST, FUTURE-READY NETWORK FOR YOUR CONNECTED ENTERPRISE DURING AFTER ASSESS DESIGN IMPLEMENT MONITOR Strategic Advisor and Security Practioner
  • 19. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 20 Risk Assessment Cloud Governance Council Mandatory USB Training Secure Development Environment Insider Risk Program Cyber Tabletop Exercises Product Security Office Third Party Risk Management Program Trusted Supplier Focus on Customer Security
  • 20. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 21 Trusted Supplier Security Built-in Vendors must build security into products with a focus on security throughout the products lifecycle…  Product Security Office  Secure Development Lifecycle
  • 21. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 22 Trusted Supplier New Security Capabilities Secure communications with EtherNet/IP  Authentication – helps prevent unauthorized devices from establishing connections  Integrity – helps prevent tampering or modification of communications  Confidentiality – helps prevent snooping or disclosure of data Notable features:  System management  Easily create and deploy security policies to many devices, all at once  Micro-segmentation  Segment your automation application into smaller cell/zones.  Device-based firewall  Enable/disable available ports/protocols of devices (ie./ HTTP/HTTPS)  Legacy Systems Support  Whitelisting – authorize specific communications based on IP address  Retrofit 1756 based systems with the new 1756-EN4TR  Leverage a “proxy device” in front of legacy products (Future) FactoryTalk® Policy Manager Software FactoryTalk® Directory PC Connections Via FactoryTalk® Linx Device Communications With EtherNet/IP System Components Security Admin
  • 22. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 23 Industry-Leading Partners Complimentary Solutions Rockwell Automation Integrated Control & Information Cisco Wireless, Security, Switching & Routing Panduit Physical Layer Network Infrastructure, Zone Enclosures VMware Data Center Virtualization ROCKWELL AUTOMATION & PARTNER PORTFOLIO Microsoft Operating Systems, Database / Cloud Infrastructure, & Application Security PartnerNetwork™ program Alliances, Encompass™ partner, Distributors, System Integrators, OEMs Claroty Industrial Control System Threat Detection
  • 23. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 24 Converged Plantwide Ethernet Reference Architectures Industry-leading Partners 24 Tested and Validated Architectures As plants invest in the modernization of their network architectures, internal and external security drivers are pushing companies to invest in pervasive security solutions beyond the traditional firewall. • Extend visibility of proven IT security technologies and tactics to the OT network. • Leverage IT competencies of existing team with tools they know and trust. • Enable alignment between not only IT and OT, but also with solution and machine providers.
  • 24. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 25 What should I do?
  • 25. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 26 Network Infrastructure Networks  Converged Plantwide Architecture  Co-developed with Cisco leveraging Industry Standards and best practices (NIST, IEC, etc.)  DMZ Servers as demarcation point  Full portfolio of Stratix® Managed and Lightly Managed switches Security Appliances  Cisco Firewalls  Stratix® 5950 Cell/Zone Firewalls Level 3.5-4 DMZ / IT Network Level 3 Site Ops Network Level 2 Area Supervisory Network Level 0-1 Controller / Sensor Network Site Network IDMZ Firewalls Maint. Laptop EWS Infrastructure & Automation Servers Proxy Services Enterprise Services Security Operations OT Core Switch IT Core Switch
  • 26. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 27 Cisco Security Integration Enterprise Integration  FactoryTalk® Network Manager™ Software  IPS/IDS with FirePower  Network Access Control: Identity Services Engine  Netflow Analysis: Stealthwatch Level 3.5-4 DMZ / IT Network Level 3 Site Ops Network Level 2 Area Supervisory Network Level 0-1 Controller / Sensor Network Site Network IDMZ Firewalls Maint. Laptop ISE Policy Node Infrastructure & Automation Servers Proxy Services Enterprise Services Security Operations OT Core Switch IT Core Switch FTNM
  • 27. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 28 Asset Management Asset Inventory  FactoryTalk® AssetCentre Software  Claroty Vulnerability Management Disaster Recovery  Automated back-up  Application change detection Reporting Level 3.5-4 DMZ / IT Network Level 3 Site Ops Network Level 2 Area Supervisory Network Level 0-1 Controller / Sensor Network Site Network IDMZ Firewalls Maint. Laptop FactoryTalk® Asset Centre FactoryTalk® Directory Proxy Services Enterprise Services Security Operations OT Core Switch IT Core Switch Claroty Platform Passive Active
  • 28. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 29 Patch Management Operating System Patching  Patch Qualification Testing Lab  Delivery of a curated set of Windows patches catered to your specific Rockwell Automation software and operating system combination  Remote Patch Administration Services Level 3.5-4 DMZ / IT Network Level 3 Site Ops Network Level 2 Area Supervisory Network Level 0-1 Controller / Sensor Network Site Network Supply Chain (Third Party Vendors) IDMZ Firewalls Maint. Laptop EWS Infrastructure & Automation Servers Proxy Services Enterprise Services RA Azure WSUS OT Core Switch IT Core Switch OEM Laptop OTSecurity Services Remote Support Cloud (Microsoft Azure) Plant WSUS/SCCM Microsoft
  • 29. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 30 Authentication and Authorization Windows Domain Architecture  Active Directory  Authentication Best Practices FactoryTalk® Security  Integration into Windows Domain Architecture  Authentication and Authorization services for FactoryTalk® and Studio 5000® Software  Local and Centralized audit trail Remote Access  Secure Vendor Access Level 3.5-4 DMZ / IT Network Level 3 Site Ops Network Level 2 Area Supervisory Network Level 0-1 Controller / Sensor Network Site Network IDMZ Firewalls Maint. Laptop FactoryTalk® Asset Centre FactoryTalk® Directory Proxy Services Enterprise Services Security Operations OT Core Switch IT Core Switch Active Directory 1 2 3 Secure Remote Access Server EWS
  • 30. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 31 Computers & Endpoint Protection Anti Virus and Application Whitelisting  Symantec Endpoint Protection  Symantec Critical Systems Protection Thin clients and Content Management  Reduced attack surface  Centralize OS management  Enhanced authentication capabilities Level 3.5-4 DMZ / IT Network Level 3 Site Ops Network Level 2 Area Supervisory Network Level 0-1 Controller / Sensor Network Site Network IDMZ Firewalls Maint. Laptop Secure Remote Access Server Infrastructure & Application Servers Proxy Services Enterprise Services RA Azure WSUS OT Core Switch IT Core Switch WSUS
  • 31. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 32 Threat Detection Threat Detection Services  Inventory to Baseline  Real-Time alerting on deviations  Incident Response Planning  Remote Support Services Level 3.5-4 DMZ / IT Network Level 3 Site Ops Network Level 2 Area Supervisory Network Level 0-1 Controller / Sensor Network Site Network Supply Chain (Third Party Vendors) IDMZ Firewalls Maint. Laptop EWS Infrastructure & Automation Servers Proxy Services Enterprise Services Remote Support Services OT Core Switch IT Core Switch OEM Laptop OTSecurity Services Threat Detection Platform
  • 32. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 33 Industrial Security Landing webpage http://rockwellautomation.com/security Security Resources Security Advisory Index Microsoft Patch QualificationReference Architectures secure@ra.rockwell.com Services Services Security Technology Security FAQ
  • 33. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 34 Integrated Architecture® System from Rockwell Automation Addresses OT Cybersecurity Leveraging a multi-layer, risk based approach. Strategic Advisor IT/OT Security Practitioner Trusted Supplier Industry-leading Partners DURINGBEFORE AFTER PEOPLE, PROCESS, AND TECHNOLOGY
  • 34. PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 35 Share your feedback Please complete the session survey on the mobile app Select TechEd and login Use your email and last name that you used to register for the event. Click on Schedule on the main menu • Select the session you are attending • Click on the survey tab • Complete the survey and submit 2 3 Download the Events ROK mobile app 1