Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security Workplace 1.0.1

Published byKerstin Becke Modified over 6 years ago

Similar presentations

Presentation on theme: "Cyber Security Workplace 1.0.1"— Presentation transcript:

1 Cyber Security Workplace 1.0.1
Industrial automation – power generation Cyber Security Workplace 1.0.1 Customer Presentation 2018

2 Current state of Global Cyber Security

3 Customer Challenges Increased Attacks on Power Gen ICS – Unpatched systems still a major threat vector In the news In the second half of 2016, about 20 thousand different modifications or malware representing over two thousand different malware families were detected in total in industrial automation systems Threat Landscape for Industrial Automation Systems, 2nd half 2016, Kaspersky Lab ICS CERT As the WannaCry pandemic has shown once again, the up to date patching of generic systems like Windows OS is a crucial security measure. Currently these are run regularly (at least fortnightly) by six in ten of the sample, with the remainder taking this action more infrequently. The State of Industrial Cybersecurity 2017 67% perceived severe or high levels of threat to control systems, up from 43% in 2015. SANS 2016 State of ICS Security Survey of 236 companies operating ICS, (utilities = 26% of respondents) November 30, 2018

4 Customer Challenges Increased Attacks on Power Gen ICS – Unpatched systems still a major threat vector In The News In FY 2016, ICS-CERT coordinated 2,272 vulnerabilities. This number is significantly greater than the number of vulnerabilities reported in prior years. The dramatic increase is primarily due to two vulnerability reports containing hundreds of vulnerabilities, identified by using automated scanning tools.2 The scanning tools expedite the detection process and make it easier to detect out-of-date third-party software. Annual Vulnerability Coordination Report Industrial Control Systems Cyber Emergency Response Team, US Department of Homeland Security November 30, 2018

5 Customer Challenges It’s hard to hire and staff security related roles needed to maintain industrial control systems State of Cybersecurity Some numbers Leading to: 54% of industrial organization have had more than one cyber incident in the last 12 months. 1.2 million per year is the annual price of ineffective security solutions in industrial organizations. 50% of respondents find it difficult to hire the ICS cybersecurity employees with the right skills. A report fro Cisco puts the global figure at one million cybersecurity job openings. Demand is expected to rise to six million globally by 2019, with a projected shortfall of 1.5 million, says Michael Brown, CEO at Symantec, the world’s largest software vendor. Greater burdens on plant staff: These security requirements create more work for plant staff. On average, staff at power generation facilities can spend between 15 to 40 hours per month on basic DCS security maintenance, including system hardening, patch management, patch and AV application and back up. Greater demands on corporate security and IT staff: Corporate teams are often asked to track and report to auditors and enterprise risk group metrics that reflect patch level, frequency of back ups and status of system hardening. These corporate teams seek more automated reporting tools that can make it easier to report on the security posture of all the plants in their fleet. November 30, 2018

6 Cyber Security Workplace 1.0.1
A suite of security applications that offers our customers a roadmap to achieve improved reliability and automate efforts to utilize the latest cyber security tools and techniques.

7 Cyber Security Workplace
Solution to automate, manage and foundational security controls for Symphony and System 800xA 5.1 Features Benefits Secure Patch/ Anti-virus deployment (applicable and tested updates) Automated Backup and Restore function Status reports for Patch Management, Backup/Restore, Hardening and Antivirus updates DCS system hardening support: Identification of un-necessary software components Windows Firewall configuration to close unnecessary communications ports Windows Service configuration to disable unnecessary operating system services Reduce internal labor required to maintain and update ICS security every month Provide greater visibility to access ICS security status reporting Minimize risk of updates not being completed on a timely basis or potential operational impacts from manual application (i.e., impact to communication from un approved patch being applied) Automated Solution for Security Maintenance on Symphony Plus and System 800xA November 30, 2018

8 Cyber Security Workplace
Our solution Why ABB Industrial Automation Power Generation? Return on Investment “ABB recognizes the importance of cyber security in control-based systems and solutions for infrastructure and industry, and is working closely with our customers to address the new challenges.” ABB CEO Ulrich Spiesshofer As the designer and service provider of the DCS, ABB is able to assure security updates are made without impacting availability ABB understands the demands of operating power generation plants and has created a system that allows operators to maintain their plants’ security posture while minimizing impacts on labor and processes Cyber Security Workplace Return on Investment per power block* assuming monthly patching & reporting: 2 hrs/ month: download applicable updates 8 hrs/month: complete back-ups before & after patching 10 hrs/month: apply patches & create audit reports 4 hr/month: reviewing patches applied & aggregating input corporate risk reporting Total Annual Benefit = $ 43,200 24 hours per labor cost of $150/hour *Assuming site has 2 servers + 6 nodes Operator Corp Security November 30, 2018

9 Cyber Security Workplace
How it works Getting Started Monthly Updates At installation, ABB Control System is backed up, patched to current levels and systems are hardened through removal of unnecessary software components, ports and services Each month ABB securely sends, with documented chain of custody, an update disk that includes all tested and applicable OS updates and Anti Virus Signatures Back Ups Operator Engagement Reporting The update disk is applied to the Cyber Security Workplace, all HMIs, servers, engineering work stations and historians are backed up before patches are applied Patches are applied serially based on an operator acknowledged command and schedule The operator can use Cyber Security Workplace to generate a report showing all OS and AV updates were completed. This provides a handy artifact to show compliance to internal standards or national regulations November 30, 2018

10 Cyber Security Workplace 1.0.1 – At a glance
Network topology CSWP 1.0.1 ABB approved patches Security patches & Antivirus updates Backup & Recovery System hardening Patch Status Antivirus Status Backup Status Hardening Status Symphony Plus or 800xA system Control and I/O November 30, 2018

11 Cyber Security Workplace - Supporting foundation security controls
Support for international standards, national regulations and recommended best practices IEC/ISA Including Solution Hardening: Ongoing support of system hardening, including Identification of un-necessary software, components and unnecessary ports, services and programs are removed or disabled Automated identification of missing patches Anti-Virus provided for Servers and nodes and capabilities for validating/installing latest definitions Patch Management: Centralized service to audit and deploy security patches Patches are tested in ABB labs to validate applicability and compatibility Procedures or patching and work arounds for unapproved patches Patches are developed and delivered to customer via secured supply chain, allowing customer to meet chain of custody requirements Backup and Recovery: Best practices, documentation and automation to support backup/recovery November 30, 2018

12 Cyber Security Workplace 1.0.1 – At a glance
Features Security Patch Updates Scans the system and reports Patch status and gaps Automatically deploys the ABB Security Patch Disc Anti-Virus Management (AV) Scans the system and reports AV status and gaps Updates Malware Definition Files (DAT) Backup & Restore Configure backup routines and schedule them automatically Restore previously backed-up system data System hardening status and deployment Detects gaps in the system Secured-Deployment status in terms of unused software, OS services, firewall settings Status monitoring Traffic light dashboards showing details for each node Detailed report for each node on user request November 30, 2018

13 Cyber Security Workplace
Reliability - Compliance Best Practices Industry best practices for DCS include a critical focus on vulnerability management Obtain structured vulnerability and patch feeds that cover a wide variety of sources. 1 Match the vulnerability disclosures and patch announcements against their asset inventory. 2 Prioritize vulnerability remediation efforts by considering ICS architecture location, simplicity of exploitation and possible impact on the controlled industrial process. 3 November 30, 2018

14 Cyber Security Workplace - Customer Use Case
High cyber priority plant in Western USA Customer requirement: Reduce compliance work load, simplify/ automate increasing compliance and corporate risk reporting Improved resiliency, automate backup and restore after a cyber/ operational incident Automate routine security tasks (increasing cyber work load on small cyber focused team) ABB solution: Cyber Security Workplace Automates and enforces foundational security best practices: automated patching, backup/restore and system hardening Benefits: Significant reduction of monthly manual efforts Reduced patch related audit prep hours by 85% Technology enforces and automates security best practices, providing greater resiliency Cyber Security Workplace Procedures and Protocols Computer Settings Group Security Policies November 30, 2018

15 Why ABB? Reduce system vulnerability while increasing system reliability Solutions to cost-effectively meet corporate/regulatory requirements Maintain system data integrity and operational availability Meet cyber and regulatory security requirements (NERC-CIP, NIST , ISA-99, IEC 62443)

16 November 30, 2018

Download ppt "Cyber Security Workplace 1.0.1"

Similar presentations

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
1 Storage Today Victor Hatridge – CIO Nashville Electric Service (615) 747-3735.

1 Storage Today Victor Hatridge – CIO Nashville Electric Service (615)
1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.

1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Www.lumension.com © Copyright 2008 - Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.

© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Network security policy: best practices

Network security policy: best practices
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
Www.skyboxsecurity.com Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.

Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
1 Panda Malware Radar Discovering hidden threats Channel Presentation Name Date.

1 Panda Malware Radar Discovering hidden threats Channel Presentation Name Date.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Module 14: Configuring Server Security Compliance

Module 14: Configuring Server Security Compliance
AREVA T&D Security Focus Group - 09/14/091 Security Focus Group A Vendor & Customer Collaboration EMS Users Conference September 14, 2009 Rich White AREVA.

AREVA T&D Security Focus Group - 09/14/091 Security Focus Group A Vendor & Customer Collaboration EMS Users Conference September 14, 2009 Rich White AREVA.

Similar presentations

Ads by Google