The Siemens Cyber Security Operations Center (CSOC ... · PDF file... provides continuous...
Transcript of The Siemens Cyber Security Operations Center (CSOC ... · PDF file... provides continuous...
The Siemens Cyber Security Operations Center (CSOC) provides continuous monitoring against current and emerging cyber activities.
December 2015 | AdvancedManufacturing.org 61
Manufacturing Software
Locking Down the Factory Floor
Patrick WaurzyniakSenior Editor
New cybersecurity tools and
techniques for cloud-based
manufacturing software show
promise in the fight to secure
critical factory-floor data
and machinery
Cybersecurity casts a long shadow over networks of all
kinds, from banking and retail businesses to govern-
ment, energy, healthcare, utilities, and large-scale
industrial manufacturing operations. Hardly a day
passes without dire headlines warning of the latest consumer,
commercial or government data breaches over the Web, as
clever hackers employ myriad phishing schemes, viruses and
malware that exploit corporate network vulnerabilities and,
quite often, the gullibility of users unaware of cybersecurity
dangers. With more factory assets getting connected to the
Web, particularly with the coming explosion of Internet of
Things (IoT) devices, today’s manufacturing management must
look for rock-solid technologies for securing their factory-floor
machinery and the mission-critical intellectual property assets
that now often reside in cloud-based software.
Photo courtesy Siemens
62 AdvancedManufacturing.org | December 2015
Hack attacks on industrial manufacturing
networks have been more rare, with the highest-
profile case being the Stuxnet worm that infected
the industrial equipment controlling Iranian nuclear
centrifuges about five years ago. Since the attack,
it has been widely speculated that it was the result
of work by the US and Israel. In that case, Stuxnet
was a zero-day exploit worm designed to embed
computer code into the Siemens Simatic PLCs and
STEP 7 software used to control the Iranian cen-
trifuges. The worm caused the centrifuges to run
improperly and eventually damaged the systems.
More recently, a German steel manufacturing
plant’s operation was severely hampered last year
and shut down after cyber thieves breached its
security defenses. The German steel mill’s blast
furnace was compromised by malicious code that
entered the network through the company’s busi-
ness systems, causing an eventual plant shutdown.
Connected Factories’ Vulnerability
As manufacturers move toward more-connected factory
systems, there’s even greater demand for highly secure sys-
tems to keep hackers away from manufacturing networks’
wealth of IP data and mission-critical plant-floor equipment.
“In the lifecycle of product development, there is a wide
range of systems, and a lot of the elements along that chain
were not designed for security,” said Jim Barkley, associate
director, Digital Manufacturing Commons, at the Digital Man-
ufacturing and Design Innovation Institute (DMDII; Chicago),
of PLCs, network streams, and other factors. “Manufacturing
generates more data annually than any other sector of the
economy. There’s a lot of potential there. You need controls
at every trust boundary—at the machine level, the operating
layer, and at the PLCs.”
Securing industrial networks is exacerbated by the sheer
volume of newly connected machines, as machine tool
builders and machine control suppliers have embraced
newer technologies like the open-architecture MTConnect
XML-based standard for machine tool data exchange on
the shop floor, connecting and gathering much greater
volumes of manufacturing data to leverage the goldmine of
manufacturing process metrics coming off the shop floor
(see “Why Manufacturing Needs Data Collection” in the
October 2015 issue of Manufacturing Engineering and at
http://tinyurl.com/oq7kodn.)
Manufacturing Software
A new open-source Software Defined Perimeter (SDP) security approach
will bring easy-to-deploy, lower-cost cloud-based security to smaller
manufacturing operations. Waverley’s system is among those being
considered by the Digital Manufacturing Design and Innovation Institute’s
(DMDII) Digital Manufacturing Commons effort.
Imag
e co
urte
sy W
aver
ley
Labs
64 AdvancedManufacturing.org | December 2015
Industrial cyber attacks have largely
flown under the radar, without garnering the
widespread reporting required for those on
financial, government and other targets. “Most
manufacturing companies are not required to
publish information about cyber attacks. How-
ever, the Department of Homeland Security
ICS-CERT does maintain information, pub-
lished on an annual basis, on cybersecurity at-
tacks on industry,” said Rajiv Sivaraman, vice
president and Head of Plant Security Services,
Siemens US Digital Factory (Norcross, GA). In
fiscal year 2014, for example, the Department
of Homeland Security publication entitled ICS-
CERT Year in Review (2014) documented 245
reported incidents, he said. “Looking back at
prior reports, you will find that attacks focus-
ing on industrial networks and equipment are generally
increasing in frequency and sophistication.
“Aside from technological gaps, an important issue in
industrial control systems [ICS] cybersecurity is the general
lack of awareness,” Sivaraman said. “A lack of awareness
of potential attack can lead to reduced investment on early
detection and protection. This results in limited information
about whether or not an attack actually occurred and the
resulting impact.”
Leveraging Cloud Advantages
In many cases, going to cloud-based solutions offer orga-
nizations an edge in factors including lowered costs, speed
of deployment and software design. Cloud software also can
offer benefits in the cybersecurity realm, especially in costs
and cloud optimization.
“Cloud-based software and related network technology
enable more secure transmission of design data and
status information,” Sivaraman said. “The likelihood
of successful attacks that have the goal of stealing
IP [intellectual property] can be reduced if the data is
encrypted. Attacks that aim to disrupt operations, for
instance by injecting false data or instructions, similarly
can be reduced with encryption and other protection. With
cloud-based software and good security controls, the
confidentiality and integrity of design and production data
can be improved.
“In general, Industrial Security solutions require a holistic
approach based on different protection layers,” Sivaraman
said. “These involve plant security, network security, and
maintaining system integrity.” Plant security includes physical
LIFTING PERMANENT CLEAN UP• Flat lift ratings of 220 to 4,400 lbs.
• For OEM applications & machinery
• Push, hang & trailer-type sweepers
Manufacturing Software
Concurrent Technologies Corp., an applied science research and development
professional services firm, offers high-level security help for government and
large businesses as well as smaller manufacturers.
Imag
e co
urte
sy C
oncu
rrent
Tec
hnol
ogie
s Co
rp.
66 AdvancedManufacturing.org | December 2015
access to plant and industrial controls equipment, security
policies and processes, and security awareness, he added.
“Network security deals with the protection of automation
components based on segmented production networks,
secure separation of production and office networks, and the
use of security cells/zones concepts.”
Costs are a major factor in cloud systems’ favor, par-
ticularly for any smaller to medium-sized manufacturing
operation looking for securing systems
in the cloud.
“I do think cloud computing can
help,” said DMDII’s Barkley. “A lot of
people have misgivings about cloud,
but by and large I think the cloud
industry is taking care of that. The
cool thing about the cloud is it allows
for virtualization of a lot of services.
That’s the elastic sort of element to it,
and it gives us new ways to disrupt
hackers.”
The flexibility of the cloud gives us-
ers a real advantage, Barkley added, in
dealing with the “advanced persistent
threats” that can occur in cybersecurity
breach attempts. “If you can rapidly
switch IP addresses or networks, you
disrupt that cycle,” Barkley said.
Lower costs of the cloud systems
play a huge role, especially with a lot of
the small to medium-sized mom-and-
pop shops, he added. “They typically
don’t have the capital to afford the
top-end enterprise software suites,
which can be pretty expensive, when
you add in the costs of service, which
often account for a larger share of the
total cost of ownership of the lifecycle
of use than the initial purchase price of
the software.”
Open-Source Solutions
To counter the cost barrier, DMDII
has an open project call—the DM-
DII-15-13 Cyber Security for Intelligent
Machines—offering up to $2 million in
funding for developers to bid to supply
open-source cloud-based security
software. One of the manufacturing
research institutes created by the
Obama Administration in 2014, DMDII
Manufacturing Software
December 2015 | AdvancedManufacturing.org 67
is working on developing an open-source software tool that
will be an open-architecture communication platform, and
which will enable plug-and-play functionality across the entire
digital thread. This software is called the Digital Manufactur-
ing Commons, or DMC.
“We want to provide affordable
tools,” Barkley said. “Many may be
more of a SaaS [Software-as-a-Service]
type—low cost, one-time pass, mostly
automated.” The open-source soft-
ware will aim to provide more of an “à
la carte” type of approach to cyber-
security, to remove the cost burden
from shops that typically can’t afford
enterprise-scale software projects.
“Even on the modern controllers, security is
not adequate.”
Affordable solutions for cloud com-
puting are critical for smaller manufac-
turers looking to secure their networks.
Concurrent Technologies Corp. (CTC;
Johnstown, PA), an applied science
research and development professional
services organization, has recently
worked with smaller manufacturers in
the National Institute of Standards and
Technologies’ (NIST; Gaithersburg, MD)
Manufacturing Extension Partnership
(MEP) program working in Pennsylva-
nia. About 90% of its clients are gov-
ernment agencies, but CTC has started
working with smaller manufacturers
on projects involving the company’s
cloud computing and Big Data analyt-
ics platforms, noted Vicki Barbur, CTC
senior vice president and chief techni-
cal officer.
Manufacturers like Lockheed or
Raytheon can afford large, sophisti-
cated, cyber-secure network archi-
tectures, but smaller manufacturers
simply don’t have the resources,
Barbur said, and hence are much more vulnerable to cyber
attacks. “How do we do that in a very cost-effective way?”
Barbur said. “Small manufacturers are looking for cost-
effective, simple systems.”
A Global Name In
Cutting Tools
SCT’s coolant through port tools each have coolant holes to either 3 or 5 flutes to help reduce chatter. Coolant lowers the surface
temperature of the cutting zone making our tools better equipped to deal with the high temperatures that occur when machining a part.
Scientific Cutting Tools
Tel: (805) 584-9495 www.sct-usa.com
[email protected] NEW WEBSITE & CATALOG
Port ToolsThread MillsSingle Point Cavity Tools
Coolant ThroughIndexable ToolsSpecialty Tools
68 AdvancedManufacturing.org | December 2015
“The small manufacturers really don’t have the ability to
employ large systems,” said Dom Glavach, CTC principal IS
security engineer. “Everyone is definitely aware of the poten-
tial for breaches, and they’re looking for a starting point.”
CTC is helping small manufacturers with assessment
tools for determining the best cybersecurity systems to
fit their needs, he added, using the NIST Cybersecurity
Framework as a model. “I really think that’s a question
that every manufacturer needs to answer,” Glavach said.
“Number one, you have to figure out what are your most
important assets.”
Cloaking Your Cloud Assets
Among the more promising new applications is an open-
source cloud version of the Software Defined Perimeter
(SDP), a “Black Cloud” system that hides data from hackers,
developed by cyber and digital risk management consultant
Waverley Labs LLC (Waterford, VA).
While not quite a Star Trek Romulan cloaking device,
Waverley Labs’ Black Cloud makes corporate or manufac-
turing data essentially invisible to potential hackers, moving
or wrapping a company’s applications within an on-premises
or in a public or private cloud, demilitarized zones (DMZ), a
server in a data center, or even inside an application server.
The Black Cloud concept, which has been deployed in large-
scale systems at Lockheed Martin and other big manufac-
turers, is being adapted
to an open-source
model that Waverley
is developing, and the
company has submitted
a bid for the contract
with DMDII’s DMC open-
source system.
“If you look at the
grand security prac-
tices that have come
out from NIST and other
agencies, they require
patching, updating and
monitoring systems at
the infrastructure layer,”
said Juanita Koilpillai,
Waverley Labs’ founder
and CEO. Cloud vendors
do a lot of work at the
network, operating system level, and at the Software-as-a
Service infrastructure layer, she said, but at the Infrastruc-
ture-as-a-Service (IaaS) layer, the customer is fully respon-
sible for securing the operating systems. “Therein lies the
rub,” Koilpillai said. “Everyone says ‘We are more secure,’
but what piece of it is more secure?
“Ultimately the security has to be implemented at all layers
of the network stack, all the way from your wires to the user
interface in the application,” Koilpillai said, “and that’s what
the Software Defined Perimeter is all about. It’s actually a very
new approach to protecting network applications. The model
is set up so that only TCP [Transmission Control Protocol]
connections from authorized connections are allowed, and
the perimeter also issues the user-level access at the port
and protocol level after user authentication, and that way
connections cannot be recast or hijacked.”
The layer that validates and authenticates users and
devices is hidden from potential network intruders, she
noted. “It’s able to bring all that together to communicate
with a server that’s literally hidden behind a firewall, and the
firewall is only open when the user requests access. There’s
a pinhole punched through the firewall, the communication’s
performed, and then shut down. So the server is completely
hidden from all network scanning and the common kind of
efforts that are done by hackers initially to start looking for
what they can hack.”
Manufacturing Software
The cloud-enabled Esprit 2015 CAM software from DP Technology leverages machining tooling data
from MachiningCloud GmbH’s cloud-based databases.
Imag
e co
urte
sy D
P Te
chno
logy
Cor
p.
December 2015 | AdvancedManufacturing.org 69
For most manufacturing operations, handling these cy-
bersecurity tasks is difficult and time-consuming. “You have
to make a lot of smart decisions based on your application,”
Koilpillai said. “We feel that there’s a need for this.”
The company is collaborating on
the open-source version with the
Cloud Security Alliance, Verizon, NDX
and the NSA. A lot of Waverley’s work
is with the Department of Defense, she
added, and the Black Cloud concept
can be easily adapted to the manufac-
turing world. “They’re worried about it.
The TCP/IP type of communications
have been used in the Internet
“The likelihood of successful attacks that
have the goal of stealing IP [intellectual property]
can be reduced if the data is encrypted.”
for a long time,” Koilpillai said. “What’s
happening now is once you hook up
the network, you should extend your
perimeter, so you can hide the infra-
structure. They [manufacturers] want
to share their Big Data. This system
uses Mutual Transport Layer Security
[Mutual TLS] with mutual authentica-
tion,” she said. “Every message is
authenticated and encrypted.”
Securing, Testing the Cloud
As cloud-based enterprise software
has proliferated and become more
popular for cost savings and other rea-
sons, questions arose whether those
cloud-secured assets are as secure as
the on-premises versions of enterprise
software. But many experts believe
cloud software has many distinct
advantages over on-premises software,
including security.
“It’s pretty clear that attacks happen regularly,” said Kevin
Hurley, executive vice president, Technology, KeyedIn Solu-
tions Inc. (Minneapolis), developer of the KeyedIn Manufactur-
ing cloud-based enterprise resource planning (ERP) software.
ERITOOLHOLDING SOLUTIONS
www.eri-america • [email protected] • 877-374-8005
High Performance Holder Introductory Promotion
· Extreme temperature stability · Extreme high holding stability
· Vibration dampening effect· Extremely high transferable torque
· Usable with all cutting tool shank types
www.eri-america • [email protected] • 877-374-8005
KIT INCLUDE: 3/4” HPH TOOLHOLDER 1/8, 1/4, 3/8, 1/2 & 5/8” reduction sleeves
Part No. Taper Clamping Capacity
Gage Length
Standard Price
Promo Price
CV40-HPH-KIT CV40 1/8 - 3/4" 2.54" $890.00 $499.00BT40-HPH-KIT BT40 1/8 - 3/4" 2.85" $890.00 $499.00
C
M
Y
CM
MY
CY
CMY
K
ERI AMERICA-DEC-2015-ME.pdf 1 11/10/2015 4:55:12 PM
70 AdvancedManufacturing.org | December 2015
Securing cloud applications is a top priority, Hurley said,
and KeyedIn employs high-end security from third-party
supplier Dimension Data to lock down its ERP customers’
data. “You walk into some installations and it’s almost like
a prison—some of these facilities use biometrics to enter,”
Hurley said.
Cloud applications, properly executed, can offer users
more effective security than some on-premises installations.
“In some cases in an on-premises facility, people are busy
doing other things—maybe
security’s not the main prior-
ity, or they missed a security
patch, maybe they’re not
doing a denial of service
security, or the software’s
not the best from a security standpoint,” Hurley said. “Some
of these software systems can be 10, 15, 20 years old. Any
of those factors could put your on-premises systems at risk.”
With KeyedIn Manufacturing, users get an ISO 2700 com-
pliant SaaS application, and KeyedIn makes sure its custom-
ers follow up on security policies, Hurley added. Customers’
data also is segregated from other customer data, and even
within the client companies themselves, added Paul Leghorn,
KeyedIn vice president, SaaS Infrastructure.
“There’s only a very small number of people here that
can touch the data,” Leghorn said. With KeyedIn applica-
tions, customers also use two-step authentication, which
bolsters security levels. “Typically we don’t re-authenticate
within the session,” Leghorn added. “Your client administra-
tors are in charge of that. They can have the confidence
that no one can break in, because it’s your weakest point in
your chain.”
For cloud-based PLM software developer Arena Solutions
(Foster City, CA), security ranks at the top of the stack of
priorities. “When we start with a customer, we actually start
with how to secure their applications,” said Wenxiang Ma,
executive vice president, Engineering and Operations.
In addition to multiple firewalls, Arena offers users
dynamic access control, allowing administrators to have a
very limited number of people who can access information,
Ma said. “From the beginning, we do multiple firewalls. It’s a
combination of hardware and software,” he said.
Arena PLM’s security model features Secure Sockets Layer
(SSL) encryption, and username and password verification
is provided by a hardened authentication service maintained
separately from the main application service. Arena offers cus-
tomers IP-based access restriction as an option, as well as a
two-step authentication option, and data management secu-
rity is the strongest available currently supported by browsers,
using a 2048-bit RSA public key and up to 256-bit encryption.
Vigilance Required
Keeping hackers at bay requires not only innovation in
cloud-based designs, but also vigilance by cloud users. Per-
forming penetration tests on cloud network security is a must
in today’s world, and these
tests are best done by a
third party, Ma said. “We
go through a penetration
test with a third party, which
involves an application test
and a network test,” Ma said. “The third party actually sets it
up, but we pre-write it and then nobody knows when it will
happen.” The company usually does the network tests at
least once a year.
“We do our pen testing with a third-party IT security
consultancy,” said KeyedIn’s Leghorn. “They test the code,
the system and the SQL database, and the firewall itself.
What ports are open? What they can discover about your
system is important, because for hackers, this is their day
job—understanding what people can do. It provides useful
information and you have to do this on a regular basis, at
least annually.”
With its pen tests, KeyedIn’s policy is to share that
information under non-disclosure agreements with clients,
Leghorn added. “You don’t want to give anything away. As a
policy, we don’t allow the clients to do the pen testing, for the
protection and stability of the entire service.”
Manufacturing Software
?Arena Solutions 650-513-3500 / arenasolutions.com
Concurrent Technologies Corp. 800-CTC-4392 / ctc.com
DMDII/UILABS 312-281-6839 / http://dmdii.uilabs.org/
KeyedIn Solutions Inc. 888-960-5470 / keyedin.com
Siemens US Digital Factory 800-SIEMENS (800-743-6367) / http://www.siemens.com/businesses/us/en/digital-factory.htm
Waverley Labs LLC 800-401-5180 / waverleylabs.com
“That’s the elastic sort of element to it, and it gives us new ways
to disrupt hackers.”