verticale

Convergenza Cyber Security and Safety nel petrolchimico

(in lingua Inglese)

A comprehensive approach to security
Cybersecurity driving concepts
Triconex Technology Outlook
Safety Instrumented System (SIS)
Zones and Conduits


Scarica il PDF Scarica il PDF
Aggiungi ai preferiti Aggiungi ai preferiti


Atti di convegni o presentazioni contenenti case history
mcT Safety, Security, Anti-Fire Milano novembre 2018 ATEX, Sicurezza e Antincendio negli impianti a rischio

Pubblicato
da Benedetta Rampini
mcT Safety, Security, Anti-Fire Milano 2018Segui aziendaSegui




Settori: 

Parole chiave: 


Estratto del testo
Milano, 29 novembre 2018 Gli atti dei convegni e più di 10.000 contenuti su www.verticale.net ATEX Alimentare Petrolchimico Petr Safety System against Cyber Attack
Addressing safety and security concerns Umberto Cattaneo ' Technical Sales Consultant Cyber Security Fabio Beda ' Technical Sales Consultant Process Systems Confidential Property of Schneider Electric Maintain the Plant control and availability by: Protecting the system against hacking ' Intentional Protecting the system against errors ' Non intentional Improve operation and maintenance processes
Improve process organisation Cybersecurity is a continuous process ' Organisation is changing
' New vulnerabilities are always discovered
' Products evolves
' Threats changes Cybersecurity what does it mean' Page 2 Confidential Property of Schneider Electric | Cybersecurity driving concepts Technology Process People Security logs Segregation and conduit Hardening User Authentication Access
Protection Risk
assessment Incident
Response Securing devices
& Test Patch Management Secure Operations End point
Protection Security
Awareness Security
Training Audit
Capability Secure
Configuration Service
Offer
Internal
Process
Products and systems Risk assessment Technical & organisational solutions Audit monitoring Incident Response Plan Remediation & correction Cybersecurity is a continuous improvement process Page 3 Confidential Property of Schneider Electric | Safety System against Cyber Attack Page 4 Confidential Property of Schneider Electric | Page 5 Confidential Property of Schneider Electric | Which Security Model apply' Single Layer VS or Defense in Depth Policy and Procedure Physical Network(s) Application(s) Host Peer to Peer Device SIS Logic Solver Interconnectivity between safety
devices Engineering, maintenance and
operator workstations Cabinets, key switches,
physical access Defence in Depth Software Application:
engineering, operator,
maintenance, data analytics. SIS to non safety systems
(DCS, HMI, Comms servers
etc.) Standards, Compliance,
Best practices Training and Awareness Defense in depth:
' People ' Process ' Technology Page 6 Confidential Property of Schneider Electric | IEC 62443.3.3 Security Level (SL) SL 0 SL 3 Page 10 Confidential Property of Schneider Electric | A comprehensive approach to security Consulting, design, integration, training, managed security services SIEM, compliance, change management, whitelisting, big data security, firewalls Buildings Data centers Industry Infrastructure Schneider Electric's core offering ' Right security features Secure Development Lifecycle (SDL) Solution
offering
Secure
product
Secure delivery of project and services during product or system deployment Secure
delivery
Implement Assess Cybersecurity solutions for the operational life cycle Train Security awareness Security engineer Security administrator Advanced expert Design Monitor Maintain Consulting, risk assessment, gap analysis Secure architecture solution design Security control (hardware and software) implementation System upgrades patches, awareness and incident response Proactive monitoring of network and host security devices Technology People Process Page 11 Confidential Property of Schneider Electric | Triconex Technology Outlook
Safety for Life ' superior protection for people, production and profits How to Address Cyber Security Needs Page 12 Confidential Property of Schneider Electric | What is a Safety Instrumented System (SIS)' Formal Definition:
SIS ' 'Instrumented System used to implement one or more safety
instrumented functions (SIF). A SIS is composed of any combination
of sensor(s), logic solver(s), and final element(s).'
[IEC61511 / ISA 84.01] Informal Definition:
Instrumented Control System that detects 'out of control' conditions
and automatically returns the process to a safe state 'Last Line Of Defence' (Not basic process control system (BPCS) Policy and Procedure Physical Network(s) Application(s) Host Peer to Peer Device SIS Logic Solver Interconnectivity between safety
devices Engineering, maintenance and
operator workstations Cabinets, key switches,
physical access Defence in Depth Software Application:
engineering, operator,
maintenance, data analytics. SIS to non safety systems
(DCS, HMI, Comms servers
etc.) Standards, Compliance,
Best practices Training and Awareness Defense in depth:
' People ' Process ' Technology Page 14 Confidential Property of Schneider Electric | SECURE THE SIS 1 Confidential Property of Schneider Electric ECOSTRUXURE TRICONEX ' TRICON CX The best possible choice for your safety needs 1 System, 1 TUV certificate, 1 Approved Component List Tricon Tricon CX Page 15 Confidential Property of Schneider Electric MINIMIZE VULNERABILITIES
MAXIMIZE ROBUSTNESS 1 Controller defense in depth Features
' Phisical Key Switch Position ' RUN/PROGRAM ' ENABLE/DISABLE Remote Write for Specific Range of REGISTER ' Application versioning control ' IP White List. Protocol and IP Access List ' Secure protocol using X.509 Certificate support between TriStation
and the controller ' Authentication and Encryption ' Protocol enhanced to fight replay attacks ' Additional validation on passed arguments ' Mitigation of privilege elevation ' Additional blocks to replay / man-in-the-middle attack scenarios Benefits
' Additional defense-in-depth ' Reduced likelihood of downtime ' Avoid incident costs ECOSTRUXURE TRICONEX ' TRICON Page 16 Confidential Property of Schneider Electric SECURE THE SIS SAFETY NETWORK ' P2P 2 Defense in depth ' Safety Network ECOSTRUXURE TRICONEX ' TRICON Network Switch Network Switch Disable Unused Ports in switch
Protects from unknown traffic,
unauthorized nodes Cabinet provides physical protection to the switch / cabling Closed Network, only P2P nodes/traffic, protects against unauthorized access/A/I/C Closed Network, redundant,
separate Commss, provides availability if one network/TCM is not available Security Built In
(Fit for Purpose) ' Security Add-on (General Purpose) + + ' ' + Page 17 Confidential Property of Schneider Electric SECURE THE STATION EWS ' MWS - SOE 3 ECOSTRUXURE TRICONEX ' TRICON Network Switch Engineering Workstation TS1131 EnDM ' + ' + ' + Secure Application(s)
Enhanced security mode to
protect against unauthorized
access/A/I/C, via Strong
passwords, access rights,
Windows Logs,
AD User Authentication
/Authorization/Privilege Secure Host Windows Patches, Anti Virus to protect against malicious code Security Built In
(Fit for Purpose) ' Security Add-on (General Purpose) + Page 18 Defense in depth ' Host/Application Confidential Property of Schneider Electric SECURE THE SIS-PCS DATA EXCHANGE
NETWORK 4 ECOSTRUXURE TRICONEX ' TRICON Engineering Workstation ' + Page 19 Disable Unused Ports. Protects from unknown traffic, unauthorized nodes, Packet inspection Cabinet provides physical protection to the switch / cabling Key switch, access list, protects against unauthorized programing changes Protocol I.E. modbus Protocol I.E. modbus Protocol I.E. modbus Protocol I.E. modbus Protect per PCS supplier documentation ' ' + ' Secure communication for
Triconex controllers
'out-of-the-box'
Tofino for Triconex.
Preconfigured Security Built In
(Fit for Purpose) ' Security Add-on (General Purpose) + Defense in depth ' Exchange Network Process Safety Zone Process Control Zone Process Operations Zone SIS LAN CONTROL LAN Control System Engineering Workstation Controller(s) Safety
Instrumented
Systems SIS Engineering Workstation Devices Devices ICSS System Industrial
Internet 5 - Zones and Conduits SIS Maintenance Workstation Conduit Page 20 Confidential Property of Schneider Electric | 1,2,3,4,5 ' Secure the SIS System SIS Maintenance Network
Non Safety Network SIS Safety Network
(Dedicated Safety
Peer to Peer) Page 21 Confidential Property of Schneider Electric | PCS C
O
M C
O
M SIS-PCS Data Exchange Network Security Built In
(Fit for Purpose) Security Add-on (General Purpose) Firewall Tofino Triconex Tofino Security Built In + ' ' ' ' ' ' ' ' + + + + + + + + Summary ' Develop Defence in Depth Page 22 Confidential Property of Schneider Electric | Secure the SIS device Secure SIS peer to peer communications Secure SIS networks Secure SIS workstations Secure SIS ' PCS Communications Page 23 Confidential Property of Schneider Electric | 1 2 3 Understand your current risk posture Implement Defence in Depth Don't forget the people - training and awareness are critical Sign up today for a cybersecurity consultation Page 24 Confidential Property of Schneider Electric | Thank You Find us at Desk 46


© Eiom - All rights Reserved     P.IVA 00850640186