SlideShare uma empresa Scribd logo

Sfa community of practice a natural way of building

C
Chuck Speicher

A community of practice is natural way of building something through intuitive learning exercises ( lean development methodology) that people lack the knowledge to accomplish on their own. These barriers to enabling new markets have always existed from ancient times to present day. The "community of practice" bridges technology processes and people to naturally solve what people need to know and learn quickly.

Tecnologia
1 de 27
Baixar para ler offline
A Community of Practice A natural way of building Tuesday August 27, 2014
Vision To create a mass movement that will transform how security is designed in and how the management of intelligent devices operate within a common operating environment. Mission To build a community of practicing professionals who are committed to achieving end to end security within the ecosystem of all critical infrastructure by shaping the security fabric reference architecture as an interoperable system of systems. 8/27/20 “Community of Practice “ 14 2
Our strategy is to provide certified interoperability to the key devices controlling the grid. All points must connect to each other in an end-to-end system. Our solution would be embedded at each critical point in the energy infrastructure. 8/27/20 “Community of Practice” 14” 3 Management Agents
Introduction to the Security Fabric Alliance The Security Fabric Alliance is a working association dedicated to practical deployment of the power grid and critical infrastructure complex system solution in the United States: Utilities and telecommunications providers Systems integrators Manufacturers Technology partners National certification and interoperability entity The alliance is intended to give the CEO of a utility the purview of up-to-the moment knowledge of the options available to make wise investment decisions regarding infrastructure deployment for optimal returns. The variation includes the proper orientation for large, medium, and small utilities. “Community of Practice”
Semantics • Security Fabric Products • Security Fabric Architecture • Security Fabric Alliance “Community of Practice” 5 8/27/20 14 The embedded security system solution is composed of an interlocking arrangement of framework options The framework of embedded system components that provide the basis for end-to-end security and remote device management The Security Fabric Alliance is an informal collection of companies, organizations, and individuals that have through discussions designed conceptual reference architecture called the “Security Fabric”.
These are the seven tenets of security as described in the NIST-IR 7628 GuidelinesIST-IR 7628 Guidelines. 4. Audit – Records noteworthy events for later analysis 5. Confidentiality – Encrypts sensitive data for matters of privacy. 6. Integrity – Ensures that messages have not been altered. 7. Availability – Prevents denial of service attacks 1. Identity Management – Ensures the device identity is established genuinely 2. Mutual Authentication – Allows both the Device Node and the Controller to verify the trustworthiness their identity to each other. 3. Authorization – Manages permission to proceed with specific operations. To establish the secure communications from the Controller to the Device Node using the Security Fabric elements, you need to do all seven… not just some.
SFA Reference Builds The OMG is planning to standardize the Security Fabric for all critical infrastructure. The OMG process is more about establishing markets as opposed to just setting standards. Certification of Conformance & Interoperability
There are many participants at different levels in the Security Fabric Alliance. Utility Integration Research Customers • Integrated Architectures – SEIT • MACE Fusion - DoD • Kryptos Logic – Red Team Certification • M2M Dynamics • Drummond Group – C&IT • Intel Security - Distribution Subsystems Products Components • Intel – servers with Quark + TPM • Wind River – Security Connect • Middleware • RTI – DDS • GridStat • Indra - iSpeed • MultiSpeak • TeamF1 – Secure Communications • Secure Crossing – Protocol Whitelisting • PsiNaptic – Secure Service Distribution • SNMP Research – SNMP Agent • Freescale – HSM w/Vybrid SoC • Xilinx – CompactRIO SOC • Green Hills Software - INTEGRITY • Altera - tamper proofing • Microsoft – Active Directory • Red Hat – Auth Hub • General Electric – EMS • Alstom Grid – EMS • Viridity Energy – DR + DER + Microgrid • Energy One • Lemko – LTE systems • Intel Security – SIEM + GTI • Intel – Encanto + silicon support • Sypris – Supply Chain Root of Trust • TCIPG • EPRI – CIM Standards • MIT – Security & Privacy Standards • EPG – Phasor Data Portfolio • GridSense– NAN & Line Sensors • S&C IntelliTeam • SafeNet – Secure Key Management • Heart - Transverter • Freescale One Box • Cisco Cloud-in-a-Box ...First Stage…… • ERCOT • ONCOR • AEP • NRECA • NRTC Suppliers • Verizon • Level3 • AT&T • Internet2 • BT • ViaSat • Comcast • ARINC • Stratus • Symmetricom …Second Stage…… • APPA • SDG&E • PJM • NYISO • Southern Company • Duke Energy • CAISO • Pecan Street • Mueller Community • Pike Powers • PNNL – CyberSecurity Test Center • Lincoln Labs • OMG SIG • Industrial Intrnet Managed Services • Tazca – Connect • CSG International • Digi International • N-Dimension • SETI • Lockheed Martin • SAIC • Threat Connect
What is being asked for is a secure system of systems that blankets the complexity and delivers it autonomically. Security Fabric Interoperable Embedded Distributed This is the embedded side of the operation in addition to the companion enterprise side.
Separation of the Industrial Internet from the Generic Internet The Core Network Generic Internet Carrier Ethernet With Routing DWDM Isolation Core City Cooperative Control Centers Node Enterprise Systems Industrial Devices Substation Nodes Router+ Substation Controller Router+ Carrier Ethernet Isolation HAN Nodes Transverter Gateway NAN Nodes Wireless LTE 700 MHz? Wireless LTE PicoCell 2.5 GHz? Sensor We will eventually use a combination of DWDM separation plus Carrier Ethernet separation.
The policy logic is actually spread to each major active element. Understanding Information Decision Data in – Action out But sometimes semi-autonomic policy decisions are made and executed in the field. (at the small, the medium, and the large) MultiSpeak Initiative
The new Content Aware Firewall ( Secure Crossing) needs to be aware of what is flowing through the pipe(s). Transport Plugins Content Aware Firewall – Layers 4-6 IP Communications Stack – Layers 2-3 IPsec VPN Ethernet Controller UDPv4 UDPv6 Data Routing Services deals with: • Connections + • Sessions All packet prioritization and flow control are performed by Data Routing Services. The Content Aware Firewall deals with multiple layers and is state sensitive.
The Content Aware Firewall ( Secure Crossing )needs to be aware of: the Layer 6 socket level interface, as well as the intended sessions that will be flowing over it at Layer 5, so that it can use UDP connections at Layer 4, so that it can use the IPsec VPN to control encryption on the transport. Content Aware Firewall Layers 4-6 IP Communications Stack – Layers 2- 3 IPsec VPN Connections UDPv6 UDPv4 Sessions • Kerberos Get Credentials + Tickets • Get Extended Credentials • Kerberos Mutual Authentication • Get Precision Time • Register for Management + Configuration Synchronization • Service Locator • Service Provider • Multicast Alert • Unicast Command • Event Notification • SNMP Get/Set • Application Event: Send and Receive: • High Priority • Medium Priority • Low Priority Interface A Interface B The detailed requirements will be determined during the requirements assessment phase.
There are servers and agents in the industrial environment.
How does the Security Fabric work?
Essentially, the Security Fabric is an end-to-end approach to things. The Security Fabric is a semi-autonomous embedded device management agent and communications protocol set along with a central system and network management subsystem that bring security and other controls to the embedded world. Syxstem & Network Management Controller Device Device The Security Fabric Let’s build this as if we were building a house.
There are obviously going to need to be several different devices involved. Controller Device Device Our agent will be hidden right beside the application. We want to add our security agent to each of them to do what we will do.
The devices need to be able to talk to each other securely, and trust each other on a limited basis. Controller Device Device This means that the solution will need to be a system as opposed to a piece part. Intel and McAfee Confidential The agents talk to one another in a resilient middleware..
And all systems need to be administered relative to the configuration and policies that control them. Syxstem & Network Management Controller These three ingredients are the soul of the Security Fabric. Device The Tailored Trustworthy Space Device
The Security Fabric follows the guidelines required by the NIST 7628 for the Department of Energy. Syxstem & Network Management Controller Device The Security Fabric Device The industry as a whole is applauding this solution.
We always start by separating the management control agent from the payload application. Managed Device Device Application Management
The management agent always uses defense in depth. Managed Device Applications Device Management Communications Secure Secure Storage Policy Management Personal Data Vault
Close-up on Partition Structure Security Management Hypervisor DDS Routing Services Ethernet Controller Policy Management DDS Subagent Device Application Threads DDS Subagent Connection Connection Operating System. Transport Plugins Ring 1: Security – HSM Interface Ring 2: Policy Management Participant: Management Configuration & Route Mapping Ring 1: Data Reader Ring 1: Data Writer Routing Services is our inter-system + intra-device middleware; The DDS Subagent controls the private paths between processes. Secure IP I/O Driver UDPv4 UDPv6 GridStat Intra-Device DDS Subagent Connection Participant: Management Ring 2: Data Reader Ring 2: Data Writer Change Managem ent Problem Managem ent HSM Interface Kerberos Client + Session Key Manage ment Security Protocols Policy Execution Environment
What is really unfolding with the rise of the Internet of Things is the need for The Semi-Autonomous Policy Management Agent Each of the four compositions of rulesets is administered centrally and released to the remote device securely. The rulesets contain profiles, provisioned data, and Java-based rules. All distribution bundles are signed and are subject to local attestation and transition control. Autonomous Policy Management Agent IBM Autonomic Computing Model
The control of the smart grid is all about managing semi-autonomous devices. The Security Fabric is all about safely deploying this concept. The customer has to be able to delegate responsibility in small increments to the remote device to avoid the problem of unintended consequences.
Designed in Security Discussion www.securityfabricalliance.org
Sfa community of practice a natural way of building

Recomendados

Sfa community of practice a natural way of building
Sfa community of practice a natural way of buildingSfa community of practice a natural way of building
Sfa community of practice a natural way of buildingCharles "Chuck" Speicher Jr.
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesNir Cohen
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...Shah Sheikh
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks
 
SKIRE HOSTING SERVICES
SKIRE HOSTING SERVICESSKIRE HOSTING SERVICES
SKIRE HOSTING SERVICESwebhostingguy
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architectureijsrd.com
 
DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0Shah Sheikh
 
Routeco cyber security and secure remote access 1 01
Routeco cyber security and secure remote access 1 01Routeco cyber security and secure remote access 1 01
Routeco cyber security and secure remote access 1 01RoutecoMarketing
 

Recomendados

Sfa community of practice a natural way of building
Sfa community of practice a natural way of buildingSfa community of practice a natural way of building
Sfa community of practice a natural way of buildingCharles "Chuck" Speicher Jr.
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesNir Cohen
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...Shah Sheikh
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks
 
SKIRE HOSTING SERVICES
SKIRE HOSTING SERVICESSKIRE HOSTING SERVICES
SKIRE HOSTING SERVICESwebhostingguy
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architectureijsrd.com
 
DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0Shah Sheikh
 
Routeco cyber security and secure remote access 1 01
Routeco cyber security and secure remote access 1 01Routeco cyber security and secure remote access 1 01
Routeco cyber security and secure remote access 1 01RoutecoMarketing
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecRobb Boyd
 
Cevn Vibert. Thales UK. 28th January
Cevn Vibert. Thales UK. 28th JanuaryCevn Vibert. Thales UK. 28th January
Cevn Vibert. Thales UK. 28th JanuaryUKTI2014
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture InnoTech
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)Ivan Carmona
 
Build Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationBuild Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationWestermo Network Technologies
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Digital Bond
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing KeynoteDigital Bond
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomiIvan Carmona
 
Talk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bTalk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bSylvain Martinez
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCreekside Marketing Group, LLC
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagramSyed Ubaid Ali Jafri
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systemsAlan Tatourian
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsItex Solutions
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?Digital Bond
 
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADARITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADAcsandit
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
 
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...Digital Bond
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT securityJulien Vermillard
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISERobb Boyd
 
Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014iotisrael
 
Innovative lesson plan
Innovative lesson planInnovative lesson plan
Innovative lesson planJishad Salam
 
ใบงานที่ 8
ใบงานที่ 8ใบงานที่ 8
ใบงานที่ 8Alee Instance
 

Mais conteúdo relacionado

Mais procurados

TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecRobb Boyd
 
Cevn Vibert. Thales UK. 28th January
Cevn Vibert. Thales UK. 28th JanuaryCevn Vibert. Thales UK. 28th January
Cevn Vibert. Thales UK. 28th JanuaryUKTI2014
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture InnoTech
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)Ivan Carmona
 
Build Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationBuild Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationWestermo Network Technologies
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Digital Bond
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing KeynoteDigital Bond
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomiIvan Carmona
 
Talk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bTalk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bSylvain Martinez
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systemsAlan Tatourian
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsItex Solutions
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?Digital Bond
 
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADARITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADAcsandit
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
 
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...Digital Bond
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT securityJulien Vermillard
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISERobb Boyd
 
Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014iotisrael
 

Mais procurados (20)

TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSec
 
Cevn Vibert. Thales UK. 28th January
Cevn Vibert. Thales UK. 28th JanuaryCevn Vibert. Thales UK. 28th January
Cevn Vibert. Thales UK. 28th January
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
 
Build Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationBuild Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-Segmentation
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing Keynote
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomi
 
Talk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bTalk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2b
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagram
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systems
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
 
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADARITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
 
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISE
 
Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014
 

Destaque

Innovative lesson plan
Innovative lesson planInnovative lesson plan
Innovative lesson planJishad Salam
 
ใบงานที่ 8
ใบงานที่ 8ใบงานที่ 8
ใบงานที่ 8Alee Instance
 
Hashup slide share_standard
Hashup slide share_standardHashup slide share_standard
Hashup slide share_standardBryon Shannon
 
Casia tapmi agons
Casia tapmi agonsCasia tapmi agons
Casia tapmi agonstapmiagons
 
Jfe technip brazil generic vf2
Jfe technip brazil generic vf2Jfe technip brazil generic vf2
Jfe technip brazil generic vf2WebmasterRS21
 
Adaptaciones Curriculares
Adaptaciones CurricularesAdaptaciones Curriculares
Adaptaciones CurricularesJenny Johanna
 
Kom igång med content marketing
Kom igång med content marketingKom igång med content marketing
Kom igång med content marketingKristofer Sandberg
 
jabatan fungsional umum
jabatan fungsional umumjabatan fungsional umum
jabatan fungsional umumJodha Akbar
 
Reducing Timelines & Increasing Titres by Host Cell Lines with Improved Chara...
Reducing Timelines & Increasing Titres by Host Cell Lines with Improved Chara...Reducing Timelines & Increasing Titres by Host Cell Lines with Improved Chara...
Reducing Timelines & Increasing Titres by Host Cell Lines with Improved Chara...fujifilmdiosynth
 
TeachMeet Gloucestershire Presenter Slides
TeachMeet Gloucestershire Presenter SlidesTeachMeet Gloucestershire Presenter Slides
TeachMeet Gloucestershire Presenter Slidesbaldwj
 

Destaque (18)

Innovative lesson plan
Innovative lesson planInnovative lesson plan
Innovative lesson plan
 
ใบงานที่ 8
ใบงานที่ 8ใบงานที่ 8
ใบงานที่ 8
 
Gasification
GasificationGasification
Gasification
 
Ap
ApAp
Ap
 
Zoom in your life
Zoom in your lifeZoom in your life
Zoom in your life
 
Hashup slide share_standard
Hashup slide share_standardHashup slide share_standard
Hashup slide share_standard
 
Hashup Overview
Hashup OverviewHashup Overview
Hashup Overview
 
Google drive ana
Google drive anaGoogle drive ana
Google drive ana
 
Casia tapmi agons
Casia tapmi agonsCasia tapmi agons
Casia tapmi agons
 
Jfe technip brazil generic vf2
Jfe technip brazil generic vf2Jfe technip brazil generic vf2
Jfe technip brazil generic vf2
 
Voces de mando
Voces de mandoVoces de mando
Voces de mando
 
Modul Delphi ,buat pemula
Modul Delphi ,buat pemulaModul Delphi ,buat pemula
Modul Delphi ,buat pemula
 
Adaptaciones Curriculares
Adaptaciones CurricularesAdaptaciones Curriculares
Adaptaciones Curriculares
 
Kom igång med content marketing
Kom igång med content marketingKom igång med content marketing
Kom igång med content marketing
 
jabatan fungsional umum
jabatan fungsional umumjabatan fungsional umum
jabatan fungsional umum
 
Reducing Timelines & Increasing Titres by Host Cell Lines with Improved Chara...
Reducing Timelines & Increasing Titres by Host Cell Lines with Improved Chara...Reducing Timelines & Increasing Titres by Host Cell Lines with Improved Chara...
Reducing Timelines & Increasing Titres by Host Cell Lines with Improved Chara...
 
TeachMeet Gloucestershire Presenter Slides
TeachMeet Gloucestershire Presenter SlidesTeachMeet Gloucestershire Presenter Slides
TeachMeet Gloucestershire Presenter Slides
 
Gasification
GasificationGasification
Gasification
 

Semelhante a Sfa community of practice a natural way of building

Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET Journal
 
Infrastructure SecurityChapter 10Principles of Compute.docx
Infrastructure SecurityChapter 10Principles of Compute.docxInfrastructure SecurityChapter 10Principles of Compute.docx
Infrastructure SecurityChapter 10Principles of Compute.docxannettsparrow
 
Stop Wasting Energy on M2M
Stop Wasting Energy on M2MStop Wasting Energy on M2M
Stop Wasting Energy on M2MEurotech
 
IoT Agent Design Principles
IoT Agent Design PrinciplesIoT Agent Design Principles
IoT Agent Design Principlesardexateam
 
Software Defined Network Based Internet on thing Eco System for Shopfloor
Software Defined Network Based Internet on thing Eco System for ShopfloorSoftware Defined Network Based Internet on thing Eco System for Shopfloor
Software Defined Network Based Internet on thing Eco System for ShopfloorIRJET Journal
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DividePriyanka Aash
 

Semelhante a Sfa community of practice a natural way of building (20)

Agile Fractal Grid - 7-11-14
Agile Fractal Grid - 7-11-14Agile Fractal Grid - 7-11-14
Agile Fractal Grid - 7-11-14
 
Agile fractal grid 7-11-14
Agile fractal grid 7-11-14Agile fractal grid 7-11-14
Agile fractal grid 7-11-14
 
Aca presentation arm_
Aca presentation arm_Aca presentation arm_
Aca presentation arm_
 
ICC Networking Data Security
ICC Networking Data SecurityICC Networking Data Security
ICC Networking Data Security
 
ICC Networking Data Security
ICC Networking Data SecurityICC Networking Data Security
ICC Networking Data Security
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
 
Infrastructure SecurityChapter 10Principles of Compute.docx
Infrastructure SecurityChapter 10Principles of Compute.docxInfrastructure SecurityChapter 10Principles of Compute.docx
Infrastructure SecurityChapter 10Principles of Compute.docx
 
Stop Wasting Energy on M2M
Stop Wasting Energy on M2MStop Wasting Energy on M2M
Stop Wasting Energy on M2M
 
IoT Agent Design Principles
IoT Agent Design PrinciplesIoT Agent Design Principles
IoT Agent Design Principles
 
Cyber security
Cyber securityCyber security
Cyber security
 
CompTIA Security Plus Overview
CompTIA Security Plus OverviewCompTIA Security Plus Overview
CompTIA Security Plus Overview
 
2-25-2014 Part 1 - NRECA Kickoff Meeting v2
2-25-2014 Part 1 - NRECA Kickoff Meeting v22-25-2014 Part 1 - NRECA Kickoff Meeting v2
2-25-2014 Part 1 - NRECA Kickoff Meeting v2
 
Nreca kickoff meeting
Nreca kickoff meetingNreca kickoff meeting
Nreca kickoff meeting
 
Software Defined Network Based Internet on thing Eco System for Shopfloor
Software Defined Network Based Internet on thing Eco System for ShopfloorSoftware Defined Network Based Internet on thing Eco System for Shopfloor
Software Defined Network Based Internet on thing Eco System for Shopfloor
 
Lecture 07 networking
Lecture 07 networkingLecture 07 networking
Lecture 07 networking
 
nsx overview with use cases 1.0
nsx overview with use cases 1.0nsx overview with use cases 1.0
nsx overview with use cases 1.0
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity Divide
 
2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a
 

Último

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Último (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

Sfa community of practice a natural way of building

  • 1. A Community of Practice A natural way of building Tuesday August 27, 2014
  • 2. Vision To create a mass movement that will transform how security is designed in and how the management of intelligent devices operate within a common operating environment. Mission To build a community of practicing professionals who are committed to achieving end to end security within the ecosystem of all critical infrastructure by shaping the security fabric reference architecture as an interoperable system of systems. 8/27/20 “Community of Practice “ 14 2
  • 3. Our strategy is to provide certified interoperability to the key devices controlling the grid. All points must connect to each other in an end-to-end system. Our solution would be embedded at each critical point in the energy infrastructure. 8/27/20 “Community of Practice” 14” 3 Management Agents
  • 4. Introduction to the Security Fabric Alliance The Security Fabric Alliance is a working association dedicated to practical deployment of the power grid and critical infrastructure complex system solution in the United States: Utilities and telecommunications providers Systems integrators Manufacturers Technology partners National certification and interoperability entity The alliance is intended to give the CEO of a utility the purview of up-to-the moment knowledge of the options available to make wise investment decisions regarding infrastructure deployment for optimal returns. The variation includes the proper orientation for large, medium, and small utilities. “Community of Practice”
  • 5. Semantics • Security Fabric Products • Security Fabric Architecture • Security Fabric Alliance “Community of Practice” 5 8/27/20 14 The embedded security system solution is composed of an interlocking arrangement of framework options The framework of embedded system components that provide the basis for end-to-end security and remote device management The Security Fabric Alliance is an informal collection of companies, organizations, and individuals that have through discussions designed conceptual reference architecture called the “Security Fabric”.
  • 6. These are the seven tenets of security as described in the NIST-IR 7628 GuidelinesIST-IR 7628 Guidelines. 4. Audit – Records noteworthy events for later analysis 5. Confidentiality – Encrypts sensitive data for matters of privacy. 6. Integrity – Ensures that messages have not been altered. 7. Availability – Prevents denial of service attacks 1. Identity Management – Ensures the device identity is established genuinely 2. Mutual Authentication – Allows both the Device Node and the Controller to verify the trustworthiness their identity to each other. 3. Authorization – Manages permission to proceed with specific operations. To establish the secure communications from the Controller to the Device Node using the Security Fabric elements, you need to do all seven… not just some.
  • 7. SFA Reference Builds The OMG is planning to standardize the Security Fabric for all critical infrastructure. The OMG process is more about establishing markets as opposed to just setting standards. Certification of Conformance & Interoperability
  • 8. There are many participants at different levels in the Security Fabric Alliance. Utility Integration Research Customers • Integrated Architectures – SEIT • MACE Fusion - DoD • Kryptos Logic – Red Team Certification • M2M Dynamics • Drummond Group – C&IT • Intel Security - Distribution Subsystems Products Components • Intel – servers with Quark + TPM • Wind River – Security Connect • Middleware • RTI – DDS • GridStat • Indra - iSpeed • MultiSpeak • TeamF1 – Secure Communications • Secure Crossing – Protocol Whitelisting • PsiNaptic – Secure Service Distribution • SNMP Research – SNMP Agent • Freescale – HSM w/Vybrid SoC • Xilinx – CompactRIO SOC • Green Hills Software - INTEGRITY • Altera - tamper proofing • Microsoft – Active Directory • Red Hat – Auth Hub • General Electric – EMS • Alstom Grid – EMS • Viridity Energy – DR + DER + Microgrid • Energy One • Lemko – LTE systems • Intel Security – SIEM + GTI • Intel – Encanto + silicon support • Sypris – Supply Chain Root of Trust • TCIPG • EPRI – CIM Standards • MIT – Security & Privacy Standards • EPG – Phasor Data Portfolio • GridSense– NAN & Line Sensors • S&C IntelliTeam • SafeNet – Secure Key Management • Heart - Transverter • Freescale One Box • Cisco Cloud-in-a-Box ...First Stage…… • ERCOT • ONCOR • AEP • NRECA • NRTC Suppliers • Verizon • Level3 • AT&T • Internet2 • BT • ViaSat • Comcast • ARINC • Stratus • Symmetricom …Second Stage…… • APPA • SDG&E • PJM • NYISO • Southern Company • Duke Energy • CAISO • Pecan Street • Mueller Community • Pike Powers • PNNL – CyberSecurity Test Center • Lincoln Labs • OMG SIG • Industrial Intrnet Managed Services • Tazca – Connect • CSG International • Digi International • N-Dimension • SETI • Lockheed Martin • SAIC • Threat Connect
  • 9. What is being asked for is a secure system of systems that blankets the complexity and delivers it autonomically. Security Fabric Interoperable Embedded Distributed This is the embedded side of the operation in addition to the companion enterprise side.
  • 10. Separation of the Industrial Internet from the Generic Internet The Core Network Generic Internet Carrier Ethernet With Routing DWDM Isolation Core City Cooperative Control Centers Node Enterprise Systems Industrial Devices Substation Nodes Router+ Substation Controller Router+ Carrier Ethernet Isolation HAN Nodes Transverter Gateway NAN Nodes Wireless LTE 700 MHz? Wireless LTE PicoCell 2.5 GHz? Sensor We will eventually use a combination of DWDM separation plus Carrier Ethernet separation.
  • 11. The policy logic is actually spread to each major active element. Understanding Information Decision Data in – Action out But sometimes semi-autonomic policy decisions are made and executed in the field. (at the small, the medium, and the large) MultiSpeak Initiative
  • 12. The new Content Aware Firewall ( Secure Crossing) needs to be aware of what is flowing through the pipe(s). Transport Plugins Content Aware Firewall – Layers 4-6 IP Communications Stack – Layers 2-3 IPsec VPN Ethernet Controller UDPv4 UDPv6 Data Routing Services deals with: • Connections + • Sessions All packet prioritization and flow control are performed by Data Routing Services. The Content Aware Firewall deals with multiple layers and is state sensitive.
  • 13. The Content Aware Firewall ( Secure Crossing )needs to be aware of: the Layer 6 socket level interface, as well as the intended sessions that will be flowing over it at Layer 5, so that it can use UDP connections at Layer 4, so that it can use the IPsec VPN to control encryption on the transport. Content Aware Firewall Layers 4-6 IP Communications Stack – Layers 2- 3 IPsec VPN Connections UDPv6 UDPv4 Sessions • Kerberos Get Credentials + Tickets • Get Extended Credentials • Kerberos Mutual Authentication • Get Precision Time • Register for Management + Configuration Synchronization • Service Locator • Service Provider • Multicast Alert • Unicast Command • Event Notification • SNMP Get/Set • Application Event: Send and Receive: • High Priority • Medium Priority • Low Priority Interface A Interface B The detailed requirements will be determined during the requirements assessment phase.
  • 14. There are servers and agents in the industrial environment.
  • 15. How does the Security Fabric work?
  • 16. Essentially, the Security Fabric is an end-to-end approach to things. The Security Fabric is a semi-autonomous embedded device management agent and communications protocol set along with a central system and network management subsystem that bring security and other controls to the embedded world. Syxstem & Network Management Controller Device Device The Security Fabric Let’s build this as if we were building a house.
  • 17. There are obviously going to need to be several different devices involved. Controller Device Device Our agent will be hidden right beside the application. We want to add our security agent to each of them to do what we will do.
  • 18. The devices need to be able to talk to each other securely, and trust each other on a limited basis. Controller Device Device This means that the solution will need to be a system as opposed to a piece part. Intel and McAfee Confidential The agents talk to one another in a resilient middleware..
  • 19. And all systems need to be administered relative to the configuration and policies that control them. Syxstem & Network Management Controller These three ingredients are the soul of the Security Fabric. Device The Tailored Trustworthy Space Device
  • 20. The Security Fabric follows the guidelines required by the NIST 7628 for the Department of Energy. Syxstem & Network Management Controller Device The Security Fabric Device The industry as a whole is applauding this solution.
  • 21. We always start by separating the management control agent from the payload application. Managed Device Device Application Management
  • 22. The management agent always uses defense in depth. Managed Device Applications Device Management Communications Secure Secure Storage Policy Management Personal Data Vault
  • 23. Close-up on Partition Structure Security Management Hypervisor DDS Routing Services Ethernet Controller Policy Management DDS Subagent Device Application Threads DDS Subagent Connection Connection Operating System. Transport Plugins Ring 1: Security – HSM Interface Ring 2: Policy Management Participant: Management Configuration & Route Mapping Ring 1: Data Reader Ring 1: Data Writer Routing Services is our inter-system + intra-device middleware; The DDS Subagent controls the private paths between processes. Secure IP I/O Driver UDPv4 UDPv6 GridStat Intra-Device DDS Subagent Connection Participant: Management Ring 2: Data Reader Ring 2: Data Writer Change Managem ent Problem Managem ent HSM Interface Kerberos Client + Session Key Manage ment Security Protocols Policy Execution Environment
  • 24. What is really unfolding with the rise of the Internet of Things is the need for The Semi-Autonomous Policy Management Agent Each of the four compositions of rulesets is administered centrally and released to the remote device securely. The rulesets contain profiles, provisioned data, and Java-based rules. All distribution bundles are signed and are subject to local attestation and transition control. Autonomous Policy Management Agent IBM Autonomic Computing Model
  • 25. The control of the smart grid is all about managing semi-autonomous devices. The Security Fabric is all about safely deploying this concept. The customer has to be able to delegate responsibility in small increments to the remote device to avoid the problem of unintended consequences.
  • 26. Designed in Security Discussion www.securityfabricalliance.org