Technical Sales Slides | Industrial Security Services
Total Page:16
File Type:pdf, Size:1020Kb
Industrial Security Services Sales Slides | V1.1 Unrestricted © Siemens 2020 siemens.com/industrial-security-services Digitalization changes everything Unrestricted © Siemens 2020 Page 2 Digital Enterprise Services Challenges regarding security Productivity, cost pressure and regulations • Externally caused incidents Protect through increasing connectivity Protect productivity against • Internal misbehavior • The evolving threat landscape • For qualified personnel Reduce cost Costs • For essential security technologies Comply • Reporting requirements Comply to regulations • Minimum standards to • Security know-how Unrestricted © Siemens 2020 Page 3 Digital Enterprise Services Determinants and challenges Professional Hackers Vulnerabilities § § Cybersecurity laws and Internet of § § Things Regulations Unrestricted © Siemens 2020 Page 4 Digital Enterprise Services Evolution of the cyber threat landscape Digital Information Processing Digital Connectivity Digital Automation and Intelligence 1950s – 1960s 1970s 1980s 1990s 1991 1999 2000s 2010s 2015 2020s Military, governments and other Computers make their way Internet of Things, Smart The World Wide Web becomes organizations implement into schools, homes, business Mobile flexibility and autonomous systems, publicly accessible computer systems and industry Artificial Intelligence, Big Data Digital enhancement of The globe is connected Cloud computing enters the Home computer is introduced Industry 4.0 electrification and automation by the internet mainstream Industroyer/Chrashoverride Cyberwar WannaCry Stuxnet Phishing Targeting Critical Morris Worm Infrastructure AT&T Hack Blue Boxing NotPetya The threat landscape keeps growing and AOHell Cryptovirology Cloudbleed changing and attackers are targeting industrial Level Seven Crew hack sl1nk SCADA hacks and critical infrastructures Denial of service attacks Meltdown/Spectre Unrestricted © Siemens 2020 Page 5 Digital Enterprise Services Challenges and drivers Most critical threats to industrial control systems Industrial Control System Security Outdated operating systems² Top 10 Threats and Countermeasures1 Infiltration of Malware via Removable Media and External Hardware Windows NT 4.0 30. June 2004 Windows XP 08. April 2014 Malware Infection via Internet and Intranet Windows 7 14. January 2020 Human Error Sabotage Windows 10 14. October 2025 Compromising of Extranet and Cloud Components Social Engineering and Phishing (D)Dos Attacks Control Components Connected to the Internet Intrusion via Remote Access Technical Malfunctions and Force Majeure Compromising of Smartphones in the Production Environment Unrestricted © Siemens 2020 1 Source © BSI Publications on Cyber Security | Industrial Control System Security 2019 2 Source © Microsoft Page 6 Digital Enterprise Services Challenges are similar but reality is very different in IT and Industrial (OT) Security IT Security Industrial Security Confidentiality Availability and Safety 3-5 years Asset lifecycle 20-40 years Forced migration (e.g. PCs, smart phone) Software lifecycle Usage as long as spare parts available High (> 10 “agents” on office PCs) Options to add security SW Low (old systems w/o “free” performance) Low (mainly Windows 10) Heterogeneity High (from Windows 95 up to 10) Standards based (agents & forced patching) Main protection concept Case and risk based Unrestricted © Siemens 2020 Page 7 Digital Enterprise Services Digitalization and security Digitalization enables new insights based on analyzed data… … but also leads to a higher risk of cyber attacks and unplanned downtime. Siemens is your reliable partner to drive secure digitalization. We understand We have industry We understand We offer a Our processes digitalization know-how industrial complete portfolio and products communication of Industrial are proven Security and certified products and services Digitalization without security is not possible! Unrestricted © Siemens 2020 Page 8 Digital Enterprise Services Industrial Security concept from Siemens Defense in depth – based on IEC 62443 based on IEC 62443 Unrestricted © Siemens 2020 Page 9 Digital Enterprise Services Industrial Security offering from Siemens The Siemens security concept – Siemens products and systems offer integrated security “Defense in depth” Know-how and Authentication Firewall and VPN System hardening, copy protection and user continuous management monitoring and anomaly detection Siemens Industrial Security Services Unrestricted © Siemens 2020 Page 10 Digital Enterprise Services Industrial Security Services End-to-end approach Security Consulting Security Implementation Security Optimization Evaluation of the current security status of Risk mitigation through implementation of Comprehensive security through managed an industrial environment security measures services • Security Assessments • Security Awareness Training • Industrial Anomaly Detection • Scanning Services • Automation Firewall • Industrial Security Monitoring • Industrial Security Consulting • Endpoint Protection • Remote Incident Handling • Industrial Vulnerability Manager • Patch Management • SIMATIC Security Service Packages Unrestricted © Siemens 2020 Page 11 Digital Enterprise Services Security Consulting Portfolio Identify threats and vulnerabilities Security Consulting Follow a Evaluation of the current security status of an industrial environment clear guideline • Security Assessments to increase your • Scanning Services • Industrial Security Consulting security level Unrestricted © Siemens 2020 Page 12 Digital Enterprise Services Plant-specific security roadmap with Security Assessments Security Assessments Main value drivers • Operators of production facilities these days cannot afford to do without effective security measures. But where to start? Evaluation of the • Security Assessments cover a holistic analysis of current security status threats and vulnerabilities, the identification of risks and recommendations to close the identified gaps. Plant-specific and risk-based security Industrial Security Compact one-day on-site roadmap Check assessment Assessment based on the best IEC 62443 Assessment known security standard for automation environment Basis for Assessment based on the ISO 27001 Assessment leading standard for information transparent cost security management systems estimates Risk & Vulnerability Deep, time intensive analysis Assessment including data collection Unrestricted © Siemens 2020 Page 13 Digital Enterprise Services Quick transparency over assets and vulnerabilities with Scanning Services Scanning Services Main value drivers • The growing amount of assets and increasing complexity in automation environments lead to incomplete asset inventory, lack of patching, outdated Transparency over hardware and software, resulting in increased risk of implemented assets cyber incidents. • Scanning Services provide an efficient evaluation method in industrial automation environments based on a broad combination of scan tools and Siemens expertise in industrial security. Detection of vulnerabilities • Option 1: Active Asset Inventory Scan • Option 2: Vulnerability Detection Scan Clear guideline to increase security level Unrestricted © Siemens 2020 Page 14 Digital Enterprise Services Immediate access to industrial security expertise with Industrial Security Consulting Industrial Security Consulting Main value drivers • Operators of production facilities these days cannot afford to do without effective security measures. But industrial security capacities are rarely available. Tailored security • Industrial Security Consulting provides on-site support policies and concepts through experienced consultants regarding security policies and the plant-specific network layout as well as tailor-made implementation support for the industrial security portfolio. Immediate access to expert know-how Policy Network Implementation consulting: consulting: support: Review of existing Support for cell Smooth integration and establishing/ segmentation of of security portfolio integration of new networks, design from planning over policies, processes of a perimeter installation and No investment for and procedures protection network, configuration up to developing own (e.g. password review and commissioning security capacities policy, patch and implementation and hands-on backup strategy) of firewall rules training Unrestricted © Siemens 2020 Page 15 Digital Enterprise Services Security Implementation Portfolio Implementation of … to close security state-of-the-art Security Implementation gaps and reduce security measures … Risk mitigation through implementation of security measures risks • Security Awareness Training • Automation Firewall • Endpoint Protection Unrestricted © Siemens 2020 Page 16 Digital Enterprise Services Secure the “weakest link” with Security Awareness Training Security Awareness Training Main value drivers • Most security incidents are caused by human error. Not surprisingly, as there is often no cyber security training Situational offered at all. And even if trainings are available – they awareness regarding usually focus on classic IT security topics for the office security environment, ignoring the automation perspective. • The web-based Security Awareness Training increases the situational awareness to avoid industrial security incidents caused by human error. Recommendations Content: how to handle cyber risk The training is based on typical daily situations and sample scenarios as well as statutory requirements and guidelines. • Chapter 1: Vulnerabilities