Download - 12 ABB DCS in connected industries
Setting Standards For The Connected Industry
Bernhard Hennicke - ABB Automation Business Unit Control Technology
© ABB| Slide 2
Security in a connected world
Month DD, YYYY
The risk of being social
© ABB| Slide 3
A global leader in power and automation technologies
Month DD, YYYY
Leading market positions in main businesses
© ABB| Slide 4
ABB organization
Month DD, YYYY
Five global divisions
© ABB| Slide 5November 19, 2015
Division Process AutomationBusiness Unit Control Technology
• Global organization with world wide locations• Developing SW and HW• Manufacturing• Logistics• Product management• Training• Consulting• Repair• Support and trouble shooting
BU CT
© ABB| Slide 6November 19, 2015
ABB Distributed Control SystemsDCS for all industry applications
© ABB| Slide 7November 19, 2015
ABB Distributed Control SystemsThe story so far….
§ More operator support§ Better handling of suboptimal situations§ Faster alarm handling§ More efficient engineering§ Process optimization§ Additional resources to control§ Maintenance management
Ø Increased productivity
Continuous improvements
© ABB| Slide 8
ERP
Scheduling
Material tracking
November 19, 2015
DCS are more connected Connectivity is not an option
Remote Service
Remote diagnostic
Remote support
Databases
Quality system
Production records
Maintenance mgmt.
Industry 4.0
Cloud Services
Internet of Things
Today connectivity is the key to further increase productivity
© ABB| Slide 9November 19, 2015
Cyber SecurityRisks come with connectivity
§ Lock server room,§ Use thin clients§ Lock USB interfaces§ Maintain user rights§ Access control with chip cards
These measures are all valuable. But quarantine is not enough.
How to handle increasing risks?
© ABB| Slide 10November 19, 2015
Cyber SecurityA process during the full lifecycle
Maintenance“Secure in Deployment”Service activities
R&D“Secure by Design”Development centers
Setup“Secure by Default”Project teams
© ABB| Slide 11November 19, 2015
Developing secure productsTraining R&D
Coding guidelinesCode reviewUse certified librariesFollow guidelines for operating systemGate model for each product development until release
Coding
Automated testsTest against threadsTest by independent ABB security specialist Test by external specialists
Testing
© ABB| Slide 12November 19, 2015
Developing secure productsImplement up-to-date security technologies
§ Implement encrypted communication over the network
§ Keep track of allowed ABB devices in a network and block other network communication that try to attack
§ Implement defense strategies against known attacks
§ Deactivate Windows resources that are not needed to avoid unnecessary risks
Products
© ABB| Slide 13November 19, 2015
Developing secure productsProviding updates and maintain lifecycles
§ Implement newest known defense into the products§ Provide updates to serve the installed base§ Maintain lifecycles of all products§ Support customers with updates and migrations
DCS Component Existing2009
Phase I2010
Phase II2011
Phase III2012
Phase IV2013
Phase V2014
Phase VI
Communications OCS Comm OCS Comm OPC OPC OPC OPC OPCBatch
Engineering Tools Tool R1 Tool R2 Tool R2 Tool R2 Tool R2 Tool R2 Tool R2Funct Desig Funct Desig Funct Desig
Information Mgmt/HistoryHuman System Interface Console R1 Console R2 800xA PP 800xA PP 800xA PP 800xA PP 800xA PP
Controller Gen 1 Gen 1 Gen 1 Gen 1 AC800M AC800M AC800MGen 2 Gen 2 Gen 2 Gen 2 Gen 2 Gen 2 Gen 2
Evolution PlanWhat are the new features ?
Some are not visible to you..
© ABB| Slide 14November 19, 2015
Cyber SecurityA process during the full lifecycle
Maintenance“Secure in Deployment”Service activities
R&D“Secure by Design”Development centers
Setup“Secure by Default”Project teams
© ABB| Slide 15
ABB project teams
Month DD, YYYY
Secure by Default
Follow ABB guidelines to plan and install a repeatable und secure Control System
© ABB| Slide 16
Node prep
System Configuration Console
Node 1Node 2Node 3
Node 1Node 2Node 3
ABB project teamsSecure by Default
© ABB| Slide 17November 19, 2015
ABB project teamsSetup a secure new control system
§ Plan how to set up maintenance during the systems lifecycle to keep the system as secure as it is
§ Plan training for customer operators and maintenance personnel
§ Provide backup and recovery strategies
Follow the guidelines
© ABB| Slide 18November 19, 2015
Backup and recoveryHow to recover from an attack
§ What need to be included in the backup?§ How many data can be lost between last backup and an accident?§ How long can be production be interrupted?
A good preparation of backup, redundancy and spare parts can significantly reduce cost of interrupted production
© ABB| Slide 19November 19, 2015
Cyber SecurityA process during the full lifecycle
Maintenance“Secure in Deployment”Service activities
R&D“Secure by Design”Development centers
Setup“Secure by Default”Project teams
© ABB| Slide 20
ABB service teamsSecure by deployment
Antivirus softwareSecurity updatesAccount managementComputer guidelinesFirewalls and architectureProcedures and guidelinesPhysical security
Monitor the Levels of Security :
Process Controlsystems
System Netzwerk Anlage
Protection
© ABB Group November 19, 2015 | Slide 20
© ABB| Slide 21November 19, 2015
Secure by DeploymentWhy do we need to monitor ?
Reviews with the users :
§ Understanding the threats§ Analyze the risks
§ Define security measures§ Maintain existing or implement
new security measures
§ Operating the system for years§ Implement new expansions
§ And now ? Still secure ?
© ABB| Slide 22November 19, 2015
Monitoring Cyber SecurityCyber Security Report
§ A tool that scans all system resources and generates a detailed report§ Can be expanded with manual checks§ Can be operated as part of agreed maintenance activities.
© ABB| Slide 23November 19, 2015
The next levelService Port
§ Continuous monitoring of Cyber Security § Remote diagnostics and support§ Providing patches and updates
§ Operates under user security guidelines§ Offline § Temporary online by user interaction§ Online
§ Uses DMZ, VPN etc. for secure communication
Continuous monitoring
© ABB| Slide 24November 19, 2015
Next levelTesting patches and updates from 3rd Party
§ ABB is driving a test-center with most common system setups
§ All virus definition updates from Symantec and McAfee are tested
§ All relevant Microsoft patches are tested against ABB Software
ABB is publishing these relevant 3rd Party Patches and Updates cyclically in a bulletin.ABB is providing the relevant SW packets on a dedicated “ABB Security Update Server” (ASUS)
© ABB| Slide 25November 19, 2015
The next levelDeployment of patches and updates
The ABB Security Update Server enables the download of thenewest patches and updates Define with the end-user when update shall be installed, some updates require a reboot…
McAfeeMicrosoft Symantec
© ABB| Slide 26November 19, 2015
Patches and updates for ABB softwareContinuous improvements
PatchesABB is improving the software as continuous processPatches are provided as downloadable packetsABB keeps track of installed software versions The available patches for a specific installation can be downloaded on demand
Serving the installed base
© ABB| Slide 27November 19, 2015
Patches and updates for ABB softwareContinuous improvements
UpdatesSW improvements can not always be implemented in previous versionsABB is providing a lifecycle plan for the Control ProductsABB offers tool based updates That again brings security by default
Serving the installed baseDCS Component Existing
2009 Phase I
2010 Phase II
2011 Phase III
2012 Phase IV
2013 Phase V
2014 Phase VI
Communications OCS Comm OCS Comm OPC OPC OPC OPC OPCBatch
Engineering Tools Tool R1 Tool R2 Tool R2 Tool R2 Tool R2 Tool R2 Tool R2Funct Desig Funct Desig Funct Desig
Information Mgmt/HistoryHuman System Interface Console R1 Console R2 800xA PP 800xA PP 800xA PP 800xA PP 800xA PP
Controller Gen 1 Gen 1 Gen 1 Gen 1 AC800M AC800M AC800MGen 2 Gen 2 Gen 2 Gen 2 Gen 2 Gen 2 Gen 2
Evolution Plan
© ABB| Slide 28November 19, 2015
Connected industriesThere is no way back
Improvements in productivity need connected industriesWith connectivity come the risksCyber security can also be increased by fast networked measures