Industrial Security

Frei verwendbar TITULO 1

TEXTO BASE Challenges for the Industry Productivity, Cost Pressure and Regulations

• Externally caused incidents Protect through increasing connectivity Protect Productivity against • Internal misbehavior • The evolving Threat Landscape

• For qualified personnel Reduce cost Costs • For essential Security Technologies

Comply • Reporting Requirements Comply to regulations • Minimum Standards to • Security Know-how

V4.3 Page 3 The ever-changing threat landscape

Professional Vulnerabilities

§ § Cybersecurity laws and Internet of § § Things Regulations

V4.3 Page 4 Evolution of the cyber threat landscape

Digital Information Processing Digital Connectivity Digital Automation and Intelligence 1950s – 1960s 1970s 1980s 1990s 1991 1999 2000s 2010s 2015 2020s

Military, governments and other Computers make their way Internet of Things, Smart The World Wide Web becomes organizations implement into schools, homes, business Mobile flexibility and autonomous systems, publicly accessible computer systems and industry Artificial Intelligence, Big Data

Digital enhancement of The globe is connected Cloud computing enters the Home computer is introduced Industry 4.0 electrification and automation by the internet mainstream

Industroyer/Chrashoverride Cyberwar WannaCry Phishing Targeting Critical Morris Worm Infrastructure

AT&T Hack Blue Boxing NotPetya The threat landscape keeps growing and changing and AOHell Cryptovirology Cloudbleed attackers are targeting industrial and critical Level Seven Crew hack sl1nk SCADA hacks Infineon/TPM infrastructures Denial of service attacks MJMeltdown/ Spectre

V4.3 Page 5 Challenges and drivers Most critical threats to Industrial Control systems Outdated operating systems² Windows NT 4.0 30. June 2004 Industrial Control System Security Windows XP 08. April 2014 Top 10 Threats and Countermeasures1 Windows 7 14. January 2020 Windows 10 14. October 2025 1 Social Engineering and Phishing Infiltration of via Removable Media and 2 External Hardware 3 Malware Infection via Internet and Intranet 4 Intrusion via Remote Access 5 Human Error Sabotage

6 Control Components Connected to the Internet

7 Technical Malfunctions and Force Majeure Compromising of Extranet and Cloud 8 Components 9 (D)Dos Attacks Compromising of Smartphones in the Production 10 Environment

1 Source © BSI Publication on Cyber Security | Industrial Control System Security 2016 2 Source © Microsoft V4.3

Page 6 Challenges are similar but reality is very different in IT and Industrial (OT) Security

IT Security Industrial Security Confidentiality Availability

3-5 years Asset lifecycle 20-40 years Forced migration (e.g. PCs, smart phone) Software lifecycle Usage as long as spare parts available High (> 10 “agents” on office PCs) Options to add security SW Low (old systems w/o “free” performance) Low (~2 generations, Windows 7 and 10) Heterogeneity High (from Windows 95 up to 10) Standards based (agents & forced patching) Main protection concept Case and risk based

V4.3 Page 7 Industrial Security Services Solution portfolio

Assess Security

Evaluation of the current security status of an ICS environment Manage Security

Comprehensive security through monitoring and vulnerability Implement Security management Risk mitigation through implementation of security measures

V4.3 Page 8 Thank you for your attention!

Herbert Vitzthum Senior Consultant Digitalization RC-AT DI PA [email protected] +43 (664) 88 55 21 02

Subject to changes and errors. The information given in this document only contains general descriptions and/or performance features which may not always specifically reflect those described, or which may undergo modification in the course of further development of the products. The requested performance features are binding only when they are expressly agreed upon in the concluded contract. All product designations, product names, etc. may contain trademarks or other rights of Siemens, its affiliated companies or third parties. Their unauthorized use may infringe the rights of the respective owner.

siemens.com/industrial-security-services

V4.3 Page 9