Post on 05-Aug-2020
Where Data meets Data SecuritySiemens Cloud for Industry powered by SAP HANAApril 2015
April 2015Page 2
Confidential © Siemens AG 2015. All rights reserved
Prologue: Nineteenth-century Data Overkill
April 2015Page 3
Confidential © Siemens AG 2015. All rights reserved
Prologue: Your Brain on Story
Big DataWhat does it mean?
April 2015Page 5
Confidential © Siemens AG 2015. All rights reserved
Page 5 Confidential © Siemens AG 2015. All rights reserved
Our vision is a market place for industrial service applications based onconnectivity to devices
Source: Plant Cloud Services Team
A Collection of customers data.......
April 2015Page 6
Confidential © Siemens AG 2015. All rights reserved
Page 6 Confidential © Siemens AG 2015. All rights reserved
Provide Visualization in Dashboards
Out of the box analytics
Source: Plant Cloud Services Team
April 2015Page 7
Confidential © Siemens AG 2015. All rights reserved
We are at the start of the next “Industrial Revolution“
From Industry 1.0 to Industry 4.0
1800 1900 2000 Time
Degree ofcomplexity
FirstIndustrialRevolution
SecondIndustrialRevolution
ThirdIndustrialRevolution
FourthIndustrialRevolution
First mechanical loom, 1784
First conveyorbelt, Cincinnatislaughterhouse, 1870
First programmablelogic controller (PLC)Modicon 084, 1969
based on the introductionof mechanical productionequipment driven bywater and steam power
based on mass productionachieved by division oflabor concept and the useof electrical energy
based on the use ofelectronics and IT tofurther automateproduction
based on the use ofcyber-physical systems
Repair shops Standardization / Processknowledge
SoftwareUpdates
Data Driven Services
April 2015Page 8
Confidential © Siemens AG 2015. All rights reserved
2020it will be
45Zettabyte
2015it will be
7.4Zettabyte
2012 3.1Zettabyte
Big data / cloud applications
From machine to machine – the focus today and in the future
From person to person – that was the beginning
Machine2MachineSensors, meters, devices, industrial machines
Internet of Things/"Industrie 4.0"Enabling additional productivity levers and new business models
People2MachineMedical technology, digital TV,cameras, computers, mobile phones
People2PeopleNetwork of virtual communities
The total volume ofdata generated on
earth summed up to
Source: Oracle, 2012, Roland Berger 2015
Industry Evolution: The future of big data and cloud applications will be in theindustrial space
April 2015Page 9
Confidential © Siemens AG 2015. All rights reserved
Siemens and SAP collaborate to create a ‘Cloud for Industry’
Siemens and SAP are uniquely positioned to connect the world ofdistributed assets to the world of data analytics and business
A joint ‘cloud for industry’ (platform as a service) would be the basis forvalue added service applications by SAP, Siemens and others
Siemens and SAP decided to collaborate for ‘Cloud for Industry’: Positive feedback from surveying 50 customers Implemented two technological pilots G2M started with first pilot customers
April 2015Page 10
Confidential © Siemens AG 2015. All rights reserved
‘Cloud for Industry’ targets an application ecosystem via open APIs andeasy connectivity
0110
0110
0110
0110
0110
0110
01001100101000100100110000100010010111000010001010011001010001001001100001000100101110000100010101010101010101010000100010100101000010010001000100110010100010010011000010001001011100001000101001100101000100100110000100010010111000010001000111010010001010100010101010101001000100000100
011001
●●●
011001
011001
011001
011001
011001
011001
011001
CustomerApplications andAnalytics
OME / Solution ProviderApplications andAnalytics
Siemens Applicationsand Analytics
SAP Applicationsand Analytics
01001100101000100100110000100010010111000010001010011001010001001001100001000100101110000100010001001011100000101010010010000101010101011000100110010100010010011000010001001011100001000101001100101000100100110000100010010111000010001000100101110000010010100101001001000100101100
Ecosystem of Applications andApplication Developers
Industry Cloud with ‘Open API’ and‘Open Connectivity’
Secure and Easy Connectivityvia ISB Agents
April 2015Page 11
Confidential © Siemens AG 2015. All rights reserved
Example Plant Cloud Services – Pump Management and Optimization
DEMONSTRATIONPREDICTIVE MAINTENANCE
DEMONSTRATIONENERGY OPTIMIZATION
April 2015Page 12
Confidential © Siemens AG 2015. All rights reserved
Cloud for Industry would enable data value services based on a globalplatform and easy device connectivity
smart agent open agent protocolembedded agent lightweight agent
SAP / Siemens Cloud for Industry
Applications & Services Eco System
Device Connectivity / Agent Technology
extensibility / SDK
onboarding
status monitoring
remote access
devicemanagement
rule engine
pre/post processing
big data store
reporting
mobile UI’s
cockpit/dashboard
analytics engine
data acquisition
events / notifications
agent configuration
access authorization
device modeling
datamanagement analytics / rules visualization system
management
Fleet ServiceManagement
data &event correlation
tuning advisory
consumption modelingdevice management vibration monitoring& analytics
model-basedfailure prediction energy reportinghelpdesk & ticketing
…
…
Plant Analytics& Optimization
Energy Analytics& Optimization
PredictiveMaintenance United Utilities Apps
April 2015Page 13
Confidential © Siemens AG 2015. All rights reserved
A cloud structure......
Types of Cloud
Open CloudEnterprise orPrivate Cloud Hybrid Cloud
Models:
IaaS Infrastructure as a Service – The bases of Cloud models provides networking, storage etc
PaaS Platform as a Service - Combines Iaas with a set of services for software and Application development
DaaS Data as Service – Lets you connect and use the Cloud for data storage
SaaS Software as a Service – Multitennancy for business applications accessed by multiple users
April 2015Page 14
Confidential © Siemens AG 2015. All rights reserved
SCI will be based on ISB, HCP while Cloud Foundry integration ensures IaaSprovider independence
HANA Big Data Platform: HANA, Hadoop,IQ, HANA Streaming
HANA Cloud Platform: Platform + Multi-tenancy
SAP SDKs (Software Developer Kits) (HCP/ UI5 +)
HCP App Management
SAP App Store
SAP / Siemens / 3rd Party Applications onHCP
SAP / Siemens Backbone Integration
SAP Service and Support
April 2015Page 15
Confidential © Siemens AG 2015. All rights reserved
Big Data Technology Stack
Michael Walkers Blog
April 2015Page 16
Confidential © Siemens AG 2015. All rights reserved
Our customers start to innovate on data services - case studies
The Challenges
Some References1)
*) For details please refer to the back-up slides
• Protect intellectual property• Accelerate development pipelines and contribute
to the environment• Navigate volatile markets and intensified
competitive pace
Our Answers
Minerals
Antea Cement(ALB)Asset Analytics
EU Manufacturerof asphaltEnergy Analytics
Saint Gobain (IN)Ind. NetworkAnalytics
Pilkington (UK)Energy Analytics
Int. Oil & GascompanySecurity Services
Int. PharmacompanyEnergy Analytics
Glass Chemical Pharma
No unplannedsystem downtimes
147% RoI 100% detection ofhidden networkproblems
Over £1 millionenergy costsavings
12% energy costsavings
0 % incidentswithin18 months
Cement
April 2015Page 17
Confidential © Siemens AG 2015. All rights reserved
Maximize ProcessEfficiency
Visualization &recommendations
Extract new value from your existing data – Siemens Plant Data Services
Data analyticsand simulation
Enhance industrialcyber-security
Datacollection
From Data… …to Value
Optimize energyperformance
Master assetuptime
Secure storage anddata transfer
Cloud-based analyticsecosystem
Do I Need Security?Develop A Strategy
April 2015Page 19
Confidential © Siemens AG 2015. All rights reserved
Threat Vectors
Sneaker-Net WiFi BYOD Insider Social
Engineering Physical
April 2015Page 20
Confidential © Siemens AG 2015. All rights reserved
Data security is our core expertiseSecure PCS 7 solution at Sinopec Qingdao Refinery
• Protect operations from disruptions due to e.g. virus infectionChallenge
• Clean operations: 0(zero) incidents or infections after the projectwith 18 months of safe operation
Benefits
• World's largest standalone industrial security services project• Lighthouse security project for Chinese petrochemicals
By the way
April 2015Page 21
Confidential © Siemens AG 2015. All rights reserved
Industrial SecurityImpact on relevant vulnerabilities affecting automation products
20112010 2012 2013
April 2015Page 22
Confidential © Siemens AG 2015. All rights reserved
Selected IT Security Standards, Guidelines and Committees
VDI/VDE
BSI Grundschutz
NIST
Roadmap to SecureControl Systems inthe Energy Sector
IEC 62351
IEC TC 57WG15
US-CERT ControlSystems Security
Center
SACTC 124
DKE
CommitteesAssociationsGovernmental bodies
Standards
Guidelines
DHSChemSecRoadmap
NERC-CIP
ISO/IEC15408
WIB M-2784
ISO/IEC 2700x
IEC / ISA-62443Siemens Focus
April 2015Page 23
Confidential © Siemens AG 2015. All rights reserved
IACS environment / project specific
Independent of IACS environment
Industrial Automation and Control System(IACS)
IACS, automation solution, control system
Automation solution
Operational and Maintenancepolicies and procedures
Product Supplier
SystemIntegrator
Asset Owner
develops
designs and deploys
operates
Control Systemas a combination of
Hostdevices
Networkcomponents ApplicationsEmbedded
devices
is the base for
+
April 2015Page 24
Confidential © Siemens AG 2015. All rights reserved
IEC / ISA-62443covers all aspects of industrial security
Policies and procedures ComponentSystemGeneralTerminologyConceptsModelsCompliance metricsSecurity levels (SL)
System architecture, networksegmentationZones and conduitsSL for systems
Identification and authenticationcontrolUse controlSystem integrityData confidentialityRestricted data flowTimely response to eventsResource availability
Product development process
PLCs
HMI devicesPC stations
FirewallsGatewaysSwitches
FunctionsApplicationsData
‘Defense in Depth’ involves all stakeholders:Asset owner, system integrator, component supplier
IEC / ISA-62443
OrganizationTraining / awarenessPolicies, procedures Information, documentation
management
Risk management and implementation Incident planning and responseContinuity plan
Solution design and maintenance
Personnel securityPhysical securityNetwork segmentationAccount administrationAuthenticationAuthorization
April 2015Page 25
Confidential © Siemens AG 2015. All rights reserved
Product life cycle
Product Supplier
Phases in product and IACS life cycles
IACS life cycle
Asset Owner Asset Owner(Service provider)
SystemIntegrator
Asset Owner
Operation / MaintenanceSpecification Integration / Commissioning Decommissioning
Automation solutionProject application
Configuration, User ManagementSecurity measures and settings
Automation solutionSecurity measures and settings
Operational policies andprocedures
Securitytargets
ControlSystems
Hostdevices
Networkcomponents ApplicationsEmbedded
devices
Specification Design Commercialization / maintenance Phase Out
Automation solution
Decommissioningpolicies andprocedures
April 2015Page 26
Confidential © Siemens AG 2015. All rights reserved
Independentof plant environment
Plant environment
Security Levels forautomation solution and control system
IEC 62443
3-3 System securityrequirements and Security
levels
SL 1 Protection against casual or coincidental violation
SL 2Protection against intentional violation using simplemeans with low resources, generic skills and lowmotivation
SL 3Protection against intentional violation usingsophisticated means with moderate resources, IACSspecific skills and moderate motivation
SL 4
1. Part 3-2: asset owner / system integrator define zones and conduits with target SLs2. Part 3-3: product supplier provides system features according to capability SLs3. Capability SLs are deployed to match target SLs
Control System capabilities
Capabilty SLs
Automation solution
3-2 Security riskassessment and system
design
Protection against intentional violation usingsophisticated means with extended resources, IACSspecific skills and high motivation
System architecturezones, conduits
Risk assessment
Achieved SLs
Target SLs
April 2015Page 27
Confidential © Siemens AG 2015. All rights reserved
Industrial SecurityThe Siemens Solution
The Siemens solution reduces your risk with a well thought-out security concept.
Industrial Security Services Managed service andconsulting
Security Management Processes and policies
Products & Systems Secure PCs, controllersand networks
© Siemens AG 2014. Alle Rechte vorbehalten. Answers for industry.
Thank YouPaul Hingley Siemens Data Services