Securing the Manufacturing Digital Thread

Frank Backes President - CTRAC

Center for Technology, Research and Commercialization

Why Security

Business Stability & Profitability Improving Safety, Reliability and Availability Customer/Market Imposed Requirements Regulatory Requirements Corporate Image and Reputation Legal Liabilities

Potential Consequences Physical – Economic – Social

National Security

Loss of Production

Injury

Damage to Equipment

Environmental Damage

Product Contamination

Loss of Intellectual Property

Impacted Reputation

WHO

Information Technology

Operations Technology

Build and Train a Cross-Functional Team

CSO Control Engineers

Control Systems Operators Subject Mater Experts

CIO Network Engineers IT Administrators

IT Support

TRADITION

Step 1 – Assess Existing Systems Step 2 – Document Policies & Procedures Step 3 – Train Personnel & Contractors Step 4 – Segment the Control System Network Step 5 – Control Access to the System Step 6 – Harden the Components of the System Step 7 – Monitor & Maintain System Security

EFFECTIVE • PREDICTABLE • COMPLEX • SLOW • EXPENSIVE • HARD TO GET STARTED

AGILE SECURITY

ASSESS PRIORITIZE EXECUTE ITTERATE

START NOW – ONE PROJECT – INCREMENTAL IMPROVEMENT

FIRST PROJECT NETWORK SEGREGATION

CONTROL NETWORK

COPORATE NETWORK

Users

Control Server

DMZ

HMI

Data Historian

Data Server

Cross Domain Guard Protocol B

Protocol A

NIST Recommendation

QUESTIONS?