Managing and Maintaining Implemented Security Measures Is

for

Managing and Maintaining Implemented Security Measures is Critical when Building a Cyber Defense Program Harry Brian and Florian Forster Manufacturing in America │ March 20-21, 2019

Unrestricted © Siemens 2019

Unrestricted Challenges for our Customers Productivity, Cost Pressure and Regulations

• Externally caused incidents Protect through increasing connectivity Protect Productivity against • Internal misbehavior • The evolving Threat Landscape

• For qualified personnel Reduce cost Costs • For essential Security Technologies

Comply • Reporting Requirements Comply to regulations • Minimum Standards to • Security Know-how

Professional Hackers Vulnerabilities

§ § Cybersecurity laws and Internet of § § Things Regulations

Digital Information Processing Digital Connectivity Digital Automation and Intelligence 1950s – 1960s 1970s 1980s 1990s 1991 1999 2000s 2010s 2015 2020s

Military, governments and other Computers make their way Internet of Things, Smart The World Wide Web becomes organizations implement into schools, homes, business Mobile flexibility and autonomous systems, publicly accessible computer systems and industry Artificial Intelligence, Big Data

Digital enhancement of The globe is connected Cloud computing enters the Home computer is introduced Industry 4.0 electrification and automation by the internet mainstream

Industroyer/Chrashoverride Cyberwar WannaCry Stuxnet Phishing Targeting Critical Morris Worm Infrastructure

AT&T Hack Blue Boxing NotPetya The threat landscape keeps growing and AOHell Cryptovirology Cloudbleed changing and attackers are targeting industrial Level Seven Crew hack sl1nk SCADA hacks Infineon/TPM and critical infrastructures Denial of service attacks Meltdown/Spectre

IT Security Industrial Security

3-5 years Asset lifecycle 20-40 years Forced migration (e.g. PCs, smart phone) Software lifecycle Usage as long as spare parts available High (> 10 “agents” on office PCs) Options to add security SW Low (old systems w/o “free” resources) Low (~2 generations, Windows 7 and 10) Mix of Operating Systems High (from Windows 95 up to 10) Standards based (agents & forced patching) Main protection concept Case and risk based

Operating systems Conventional malware/virus outbreaks End of Support1 Ransomware attacks Data leaks & spying Windows NT 4.0 30. June 2004 Windows XP 08. April 2014 Hardware failure Windows 7 14. January 2020 Sabotage from internal or external actors Windows 10 14. October 2025 Employee errors/unintentional actions Connected devices security incidents Industrial software errors Threats from third parties, such as supply chain or partners

1 Source © Microsoft

Assess Implement Manage

Evaluation of the current security Risk mitigation through Comprehensive security through status of an ICS environment implementation of monitoring and vulnerability security measures management

Assess Implement Manage

Gain transparency of current threats/vulnerabilities Check against the best security standards Prioritize suitable security measures Inventory the assets and software versions used in automation environment

Assess Implement Manage

Security Awareness Training • Create security awareness to shop-floor personnel Automation Perimeter Firewalls • First line of defense against highly developed threats Application Whitelisting • Protection of outdated Windows systems – no need for pattern or signature updates Antivirus • Protection against viruses, worms, rootkits, trojans and other malware threats Anomaly Detection • Continuous & proactive identification of changes (anomalies) in the system Unrestricted © Siemens 2019 All rights reserved. Community. Collaboration. Innovation. Page 9 V4.0 Solutions Mitigating Industrial Control System Threats

Assess Implement Manage

Vulnerability Tracking • Efficiently manage vulnerabilities to maximize production availability Patch Management • Regular and prompt installation of approved security patches are a vital element of a comprehensive security concept

Assess Security

Evaluation of the current security status of an ICS environment Manage Security

Comprehensive security through monitoring and vulnerability Implement Security management Risk mitigation through implementation of security measures

• Industrial Security Check • IEC 62443 Assessment • ISO 27001 Assessment • Risk & Vulnerability Assessment • Scanning Services

• Industrial Security Monitoring • Security Awareness Training • Industrial Vulnerability Manager • Industrial Security Consulting • Patch Management • Automation Firewall • Remote Incident Handling • Application Whitelisting • Antivirus • Industrial Anomaly Detection • Industrial Security Monitoring Solution

… is the partner to drive secure Digitalization

We understand We have industry We understand We offer a Our processes Digitalization Know-how Industrial complete portfolio and products Communication of Industrial are proven Security and certified products and services

Digitalization without security is not possible!

Harry Brian Business Development, Industrial Security Services Johnson City, TN Phone: 423-213-0577 E-mail: [email protected]

Florian Forster Business Development & Regional Management, Industrial Security Services Erlangen, DE Phone: +49 172 5809072 E-mail: [email protected]

Siemens provides products and solutions with industrial security functions that support the secure operation of plants, systems, machines and networks. In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial security concept. Siemens’ products and solutions only form one element of such a concept. Customer is responsible to prevent unauthorized access to its plants, systems, machines and networks. Systems, machines and components should only be connected to the enterprise network or the internet if and to the extent necessary and with appropriate security measures (e.g. use of firewalls and network segmentation) in place.

Additionally, Siemens’ guidance on appropriate security measures should be taken into account. For more information about industrial security, please visit http://www.siemens.com/industrialsecurity.

Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly recommends to apply product updates as soon as available and to always use the latest product versions. Use of product versions that are no longer supported, and failure to apply latest updates may increase customer’s exposure to cyber threats.

To stay informed about product updates, subscribe to the Siemens Industrial Security RSS Feed under http://www.siemens.com/industrialsecurity.