Where Smart Data meets Data Security - Easyfairs€¦ · Where Smart Data meets Data Security...
Transcript of Where Smart Data meets Data Security - Easyfairs€¦ · Where Smart Data meets Data Security...
Where Smart Data meets Data Security Siemens Cloud for Industry powered by SAP HANA
April 2015
Nov 2015
Page 2
Think of a Number!
13642916
Nov 2015
Page 3
Prologue: Nineteenth-century Data Overkill
Nov 2015
Page 4
Prologue: Your Brain Story
Big Data in Industry What does it mean?
Nov 2015
Page 6
We are at the start of the next “Industrial Revolution“
From Industry 1.0 to Industry 4.0
1800 1900 2000 Time
Degree of complexity
First Industrial Revolution
Second Industrial Revolution
Third Industrial Revolution
Fourth Industrial Revolution
First mechanical loom, 1784
First conveyor belt, Cincinnati slaughterhouse, 1870
First programmable logic controller (PLC) Modicon 084, 1969
based on the introduction of mechanical production equipment driven by water and steam power
based on mass production achieved by division of labor concept and the use of electrical energy
based on the use of electronics and IT to further automate production
based on the use of cyber-physical systems
Repair shops Standardization / Process
knowledge
Software
Updates
Data Driven Services
Nov 2015
Page 7 Page 7 Confidential © Siemens AG 2015. All rights reserved
Our vision is a market place for industrial service applications based on
connectivity to devices
Source: Plant Cloud Services Team
A Collection of customers data.......
Nov 2015
Page 8 Page 8 Confidential © Siemens AG 2015. All rights reserved
Provide Visualisation in Dashboards
Out of the box analytics
Source: Plant Cloud Services Team
Nov 2015
Page 9
Drive Train Analytics
Nov 2015
Page 10
2020 it will be
45 Zettabyte
2015 it will be
7.4 Zettabyte
2012
3.1 Zettabyte
Big data / cloud applications
From machine to machine – the focus today and in the future
From person to person – that was the beginning
Machine2Machine
Sensors, meters, devices, industrial machines
Internet of Things/"Industry 4.0"
Enabling additional productivity levers and new business models
People2Machine
Medical technology, digital TV,
cameras, computers, mobile phones
People2People
Network of virtual communities
The total volume of
data generated on
earth summed up to
Source: Oracle, 2012, Roland Berger 2015
Industry Evolution: The future of big data and cloud applications will be in the
industrial space
10 21
1 Zettabyte = 1 sextillion bytes = 1000 Exabytes = 1 Billion Terabytes
Nov 2015
Page 11
Siemens and SAP collaborate to create a ‘Cloud for Industry’
Siemens and SAP are uniquely positioned to connect the world of
distributed assets to the world of data analytics and business
A joint ‘cloud for industry’ (platform as a service) would be the basis for
value added service applications by SAP, Siemens and others
Siemens and SAP decided to collaborate for ‘Cloud for Industry’:
Positive feedback from surveying 50 customers
Implemented two technological pilots
G2M started with first pilot customers
Nov 2015
Page 12
Siemens builds an open cloud-platform for industry customers
Optimization of plants and assets as well as
energy and resources
• Open standard (OPC) for connectivity to
Siemens and third-party products
• Plug-and-play connectivity of Siemens
products (engineering via TIA portal)
• Cloud for Industry with open application
interface for individual customer applications
• Selectable cloud infrastructure – Public cloud,
Private cloud or on premise Hybrid cloud
• Transparent pay-per-use pricing models
• Enablement of new business models
(e.g. selling machining hours instead of assets)
App. Develop. Apps End Customer Cloud for Industry Apps OEM Apps
Apps
Simatic Sinumerik Sinamics Scalance PC S7 Third-party-
products
Nov 2015
Page 13
Example Plant Cloud Services – Pump Management and Optimization
Nov 2015
Page 14
Cloud for Industry would enable data value services based on a global
platform and easy device connectivity
smart agent open agent protocol embedded agent lightweight agent
SAP / Siemens Cloud for Industry
Applications & Services Eco System
Device Connectivity / Agent Technology
extensibility / SDK
onboarding
status monitoring
remote access
device management
rule engine
pre/post processing
big data store
reporting
mobile UI’s
cockpit/dashboard
analytics engine
data acquisition
events / notifications
agent configuration
access authorization
device modeling
data management
analytics / rules visualization system
management
Fleet Service Management
data & event correlation
tuning advisory
consumption modeling device management vibration monitoring
& analytics
model-based failure prediction
energy reporting helpdesk & ticketing
…
…
Plant Analytics & Optimization
Energy Analytics & Optimization
Predictive Maintenance
Customer Specific Apps
Nov 2015
Page 15
A cloud structure......
Types of Cloud
Open Cloud Enterprise or
Private Cloud Hybrid Cloud
Models:
IaaS Infrastructure as a Service – The bases of Cloud models provides networking, storage etc
PaaS Platform as a Service - Combines Iaas with a set of services for software and Application development
DaaS Data as Service – Lets you connect and use the Cloud for data storage
SaaS Software as a Service – Multitennancy for business applications accessed by multiple users
Nov 2015
Page 16
Our customers start to innovate on data services - case studies
The Challenges
Some References1)
*) For details please refer to the back-up slides
• Protect intellectual property
• Accelerate development pipelines and contribute
to the environment
• Navigate volatile markets and intensified
competitive pace
Our Answers
Minerals
Antea Cement
(ALB)
Asset Analytics
EU Manufacturer
of asphalt
Energy Analytics
Saint Gobain (IN)
Ind. Network
Analytics
Pilkington (UK)
Energy Analytics
Int. Oil & Gas
company
Security Services
Int. Pharma
company
Energy Analytics
Glass Chemical Pharma
No unplanned
system downtimes 147% RoI 100% detection of
hidden network
problems
Over £1 million
energy cost
savings
12% energy cost
savings
0 % incidents
within
18 months
Cement
Nov 2015
Page 17
Maximize Process
Efficiency
Visualization &
recommendations
Extract new value from your existing data – Siemens Plant Data Services
Data analytics
and simulation
Enhance industrial
cyber-security
Data
collection
From Data… …to Value
Optimize energy
performance
Master asset
uptime
Secure storage and
data transfer
Cloud-based analytics ecosystem
Do I Need Security? Develop A Strategy
Nov 2015
Page 19
Threat Vectors
Sneaker-Net
WiFi BYOD Insider Social
Engineering Physical
Nov 2015
Page 20
Industrial Security
Impact on relevant vulnerabilities affecting automation products
2011 2010 2012 2013
Nov 2015
Page 21
Selected IT Security Standards, Guidelines and Committees
VDI/VDE
BSI Grundschutz
NIST
Roadmap to Secure
Control Systems in
the Energy Sector
IEC 62351
IEC TC 57
WG15
US-CERT Control
Systems Security
Center
SAC
TC 124
DKE
Committees Associations Governmental bodies
Standards
Guidelines
DHS
ChemSec
Roadmap
NERC-CIP
ISO/IEC
15408 WIB M-2784
ISO/IEC 2700x
IEC / ISA-62443 Siemens Focus
Nov 2015
Page 22
IACS environment / project specific
Independent of IACS environment
Industrial Automation and Control System
(IACS)
IACS, automation solution, control system
Automation solution
Operational and Maintenance policies and procedures
Product Supplier
System
Integrator
Asset Owner
develops
designs and deploys
operates
Control System
as a combination of
Host devices
Network components Applications
Embedded devices
is the base for
+
Nov 2015
Page 23
IEC / ISA-62443
covers all aspects of industrial security
Policies and procedures Component System General
Terminology
Concepts
Models
Compliance metrics
Security levels (SL)
System architecture, network
segmentation
Zones and conduits
SL for systems
Identification and authentication
control
Use control
System integrity
Data confidentiality
Restricted data flow
Timely response to events
Resource availability
Product development process
• PLCs
HMI devices
PC stations
Firewalls
Gateways
Switches
Functions
Applications
Data
‘Defense in Depth’ involves all stakeholders:
Asset owner, system integrator, component supplier
IEC / ISA-62443
Organization
Training / awareness
Policies, procedures
Information, documentation
management
Risk management and implementation
Incident planning and response
Continuity plan
Solution design and maintenance
Personnel security
Physical security
Network segmentation
Account administration
Authentication
Authorization
Nov 2015
Page 24
Independent of plant environment
Plant environment
Security Levels for
automation solution and control system
IEC 62443
3-3 System security
requirements and Security
levels
SL 1 Protection against casual or coincidental violation
SL 2 Protection against intentional violation using simple means with low resources, generic skills and low motivation
SL 3 Protection against intentional violation using sophisticated means with moderate resources, IACS specific skills and moderate motivation
SL 4
1. Part 3-2: asset owner / system integrator define zones and conduits with target SLs
2. Part 3-3: product supplier provides system features according to capability SLs
3. Capability SLs are deployed to match target SLs
Control System capabilities
Capabilty SLs
Automation solution
3-2 Security risk
assessment and system
design
Protection against intentional violation using sophisticated means with extended resources, IACS specific skills and high motivation
System architecture zones, conduits
Risk assessment
Achieved SLs
Target SLs
Nov 2015
Page 25
Industrial Security
The Siemens Solution
The Siemens solution reduces your risk with a well thought-out security concept.
Industrial Security Services Managed service and
consulting
Security Management Processes and policies
Products & Systems Secure PCs, controllers
and networks
© Siemens AG 2014. Alle Rechte vorbehalten. Answers for industry.
Thank You Paul Hingley Siemens Data Services