End-to-End Security for Industry 4 - Deutsche Messe...
Transcript of End-to-End Security for Industry 4 - Deutsche Messe...
24-04-2017
24-04-2017
No Industry 4.0 without Security
Introduction to Atos and Industry 4.0
| 24-04-2017 | Winfried Holz: “No Industry 4.0 without security“ | © Atos
Who is Atos? At a glance
Revenue 2016 (M EUR) *
12,000
Employees 2016 (Global)
100,000
Employees 2016 (Germany)
12,000
Countries
72
European in Hybrid Cloud
European in Big Data
European in Cybersecurity
European in High-Performance Computing
In terms of hosting and storage of European data
| 22-07-2016 | Workshop Cybersecurity & Industrie 4.0 GBU | Germany | © Atos - For internal use 5
Barriers for Industry 4.0 Data security; more than half of the participants expressed fundamental concerns
Surveys concerning Industry 4.0
Source: Market study Bosch Software Innovations
High investment costs and concerns about data security and data protection are regarded to be problematic
| 24-04-2017 | Winfried Holz: “No Industry 4.0 without security“ | © Atos
The Challenge IT versus OT security
Availability Confidentiality
Integrity Confidentiality
Integrity Availability
Availability
Installation
Assessment
Protection
Patching
Network disruptions < 300 ms
Plant personnel
Audits, pentest and monitoring no common practice
Active protection mechanisms can shutdown operation
Often not possible
Minutes are acceptable
Network professionals
Frequent audits, penetration tests, monitoring
Active protection mechanisms
Common practice
Investment cycle Min. 10-20 years Every 2-3 years
IT Security Industrial Security
6
| 24-04-2017 | Winfried Holz: “No Industry 4.0 without security“ GBU | Germany | © Atos 7
Developments and challenges for Industry 4.0
▶ Dynamic networks – value networks
– further flexibility
– interaction
▶ Exchange of confidential data – trustworthy relationships
▶ Autonomous systems – components making independent
decisions
Developments
▶ Globally trusted relationships – independent authority
– standardized secure infrastructure
– assessment methods for trustworthiness
▶ Protection of intellectual property and personalized data – secure and correct exchange of data
▶ Allocated security – security by design/development
– holistic security
– staged security
– secure and trustworthy components
Challenges
| 24-04-2017 | Winfried Holz: “No Industry 4.0 without security“ | © Atos 8
Hacking ICS devices is terribly easy
Step 1: Identify target Step 2a: Access system: No password Set
Source: VNCKeyhole
Step 2a: Access system: Use default password
Source: Defpass
Security Architecture for Industry 4.0
| 24-04-2017 | Winfried Holz: “No Industry 4.0 without security“ 10
Reference architecture model for Industry 4.0 (RAMI) and security
Layers: Security concerns all layers. Risks have to be assesses with a holistic approach
Value stream: Security has to be assessed throughout the whole life cycle of the objects by the owner.
Hierarchy levels: All objects and assets are subject to security analysis (risk analysis) and need to have security features matching their tasks and protection.
| 24-04-2017 | Winfried Holz: “No Industry 4.0 without security“ | © Atos
IT in industrial facilities from communication islands to complex landscapes
Office network ERP and MES systems
Ethernet WLAN WLAN
UMTS, GPRS, etc.
Internet and mobile network
Control Network Partner
11
Atos – Siemens partnership
| 24-04-2017 | Winfried Holz: “No Industry 4.0 without security“ | © Atos
Atos and Siemens cooperation Aligned cybersecurity portfolio to cover both IT and OT needs
Manage security
Comprehensive security through monitoring and proactive
protection:
Monitor to detect indicators of compromise
Manage to keep security up-to-date
React fast to security-relevant threats
+ Certify
Certification and
preparation of
certification
13
IT assessments by ATOS
• ISO/IEC 27001 security assessments
• Security maturity assessments
• Penetration tests & source code analysis
• …
OT assessments by SIEMENS
• IEC 62443 assessment
• ISO 27001 assessment
• SIMATIC PCS 7 & WinCC assessment
• …
IT by ATOS
• Information security
Management systems
• Security awareness
• Data protection
• … OT by SIEMENS
• Security awareness training
• Security policy and network
consulting
• Perimeter firewall installation
• …
IT by ATOS
• Security monitoring
• Emergency response
• Network security
• …
OT by Siemens
• Industrial security monitoring
• Remote incident handling
• Perimeter firewall management
• …
Assess security
Evaluation of the current security
status of an ICS environment
Implement security
Risk mitigation through implementation of
security measures for reactive protection
Atos, the Atos logo, Atos Codex, Atos Consulting, Atos Worldgrid, Worldline, BlueKiwi, Bull, Canopy the Open Cloud Company, Unify, Yunano, Zero Email, Zero Email Certified and The Zero Email Company are registered trademarks of the Atos group. November 2016. © 2016 Atos. Confidential information owned by Atos, to be used by the recipient only. This document, or any part of it, may not be reproduced, copied, circulated and/or distributed nor quoted without prior written approval from Atos.
Thanks For more information please contact: Winfried Holz