siemens corporate design powerpoint- ?· rsa breach diginotar apt targeted attacks ... security...

Download Siemens Corporate Design PowerPoint- ?· RSA Breach DigiNotar APT Targeted Attacks ... Security Standards…

Post on 27-Jun-2018

212 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • Cyber Security

    An industrial View on the Interplay of

    Standards, Regulations, and Guidelines

    on the Example of the Digital Grid

    Darmstadt, January 11th, 2017

    Siemens Corporate Technology Unrestricted Siemens AG 2017

  • Page 2

    Unrestricted Siemens AG 2017

    11.01.2017 Siemens Corporate Technology

    Outline

    Cyber security implications for the Digital Grid A birds eye view on standardization, guidelines and regulation

    Deep dive examples

    Security parameter management Securing the substation process bus (GOOSE) Integration of decentralized energy resources (DER)

    Application examples & Conclusions

    Introduction

    2

    3

    4

    5

    1

  • Page 3

    Unrestricted Siemens AG 2017

    11.01.2017 Siemens Corporate Technology

    Our milestones

    Across 170 years of history

    1866

    Dynamo

    1816-1892

    Company founder, visionary and inventor

    1847

    Pointer telegraph

    1925

    Electrification of Ireland with hydropower

    1975

    High-voltage direct-current (HVDC) transmission

    2010

    TIA Portal for automation

    2016

    MindSphere introduced as the digitalization platform for all industries

    2012

    Field testing of world's largest rotor at an offshore wind farm

    1983

    Magnetic resonance tomograph

    1959

    SIMATIC controller

    Werner von Siemens Siemens innovations over 168 years

    1 Introduction

  • Page 4

    Unrestricted Siemens AG 2017

    11.01.2017 Siemens Corporate Technology

    Our innovative power in figures

    Siemens as a whole and Corporate Technology

    1 In fiscal 2016 2 Centers of Knowledge Interchange

    4.7 billion 33,000

    7,500 3,500

    9 16

    3 Employee figures: Status Sept. 30, 2016

    Corporate Technology

    our competence center

    for innovation and

    business excellence3

    400 1,600

    University cooperations

    our knowledge edge

    Expenditures for research and development

    Inventions and patents

    securing our future

    Expenditures for R&D in fiscal 2016 R&D employees1

    inventions1 patent applications CKI universities2

    principal partner universities

    patent experts

    7,400 4,800 employees worldwide

    software developers

    researchers

    1

  • Page 5

    Unrestricted Siemens AG 2017

    11.01.2017 Siemens Corporate Technology

    Our organization

    Corporate Technology at a glance

    Corporate Technology (CT) CTO Dr. Roland Busch

    Business Excellence and

    Quality Management

    Project Business@Siemens

    Quality Management

    Operational Excellence

    Corporate

    Intellectual Property

    Protection, use and defense of

    intellectual property

    Patent and brand protection law

    Development

    and Digital Platforms

    Competence center for horizontal

    and vertical product-and-system

    integration as well as software,

    firmware, and hardware

    engineering

    Research in Digitalization

    and Automation

    Research activities covering all

    relevant areas in digitalization

    and automation for Siemens

    next47

    Promoting disruptive ideas and

    driving new technologies for

    Siemens

    Exploiting the next step of digital

    intelligence in innovation fields

    University Relations

    Global access to the academic

    world

    Top positioning in terms of

    university cooperations

    Technology and

    Innovation Management

    Siemens technology and

    innovation agenda

    Standardization, positioning

    regarding research policy

    Provision of publications relating

    to R&D

    Research in Energy

    and Electronics

    Research activities relating to

    energy and electrification,

    electronic, new materials and

    innovative manufacturing

    methods

    1

  • Page 6

    Unrestricted Siemens AG 2017

    11.01.2017 Siemens Corporate Technology

    Our industrial society confesses a growing demand for IT-Security

    IT Security trends are determined by drivers such as

    Changes in industrial infrastructures (Digitalization)

    Increasing use of networked embedded systems

    Increasing device-to-device communication

    Need to manage intellectual property

    and changing boundary conditions

    Increasing international organized crime

    Privacy

    Compliance enforcement

    Cyber war fare

    Cloud/Virtualization

    Data mining and smart data analytics

    Smart mobile devices

    .

    1

  • Page 7

    Unrestricted Siemens AG 2017

    11.01.2017 Siemens Corporate Technology

    Increasing intelligence and open communication

    drive security requirements in various industrial environments

    Building Automation Digital Energy Grid

    Factory Automation Urban Infrastructures

    Mobility Systems

    Process Automation

    2 Cyber security implications for the Digital Grid

  • Page 8

    Unrestricted Siemens AG 2017

    11.01.2017 Siemens Corporate Technology

    The threat level is rising

    Attackers are targeting critical infrastructures

    Evolution of attacker motives, vulnerabilities and exploits

    Hacking against physical assets Politics and Critical

    Infrastructure

    Cybercrime and Financial

    Interests The Age of Computerworms

    Code Red Slammer Blaster Zeus SpyEye Rustock Aurora Nitro Stuxnet

    "Hacking for fun" "Hacking for money" "Hacking for political and

    economic gains" States Criminals

    Hobbyists Organized Criminals Hacktivists

    State sponsored Actors Terrorists Activists

    Backdoors Worms

    Anti-Virus

    Hackers

    BlackHat Viruses

    Responsible Disclosure

    Credit Card Fraud

    Botnets Banker Trojans

    Phishing

    SPAM Adware

    WebSite Hacking

    Anonymous SCADA

    RSA Breach DigiNotar

    APT

    Targeted Attacks

    Sony Hack

    Cyber war

    Hacking against

    critical infrastructure

    Identity theft

    # of published exploits

    # of new malware samples

    # of published vulnerabilities 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015

    Da

    ta s

    ourc

    es:

    IBM

    X-F

    orc

    e T

    rend

    and

    Ris

    k R

    epo

    rt

    HP

    Cyb

    er

    Ris

    k R

    epo

    rt

    Sym

    ante

    c In

    telli

    gen

    ce

    Re

    po

    rt

    Major loss of privacy

    "Glserner Brger im Netz"

    Ransomware

    2

  • Page 9

    Unrestricted Siemens AG 2017

    11.01.2017 Siemens Corporate Technology

    What makes security in the Digital Grid so important?

    So

    urc

    e: IC

    S R

    epo

    rt: Y

    ear

    in r

    evie

    w 2

    01

    5

    Nu

    mb

    ers

    re

    pre

    se

    nt re

    sp

    on

    se

    s o

    ut

    of 29

    5 p

    art

    icip

    an

    ts.

    Security incidents can affect target solution

    and connected (critical) assets

    Cyber Security ensures reliable operation of

    critical infrastructures like the Digital Grid

    Performance degradation

    Loss of system availability & control

    Loss of privacy

    Capturing, modification or loss of data

    Reputation (company image)

    Environmental impact

    Financial loss

    Loss of health/life

    The Energy Sector

    is a Prime Target !

    2

    https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/Year_in_Review_FY2015_Final_S508C.pdf

  • Page 10

    Unrestricted Siemens AG 2017

    11.01.2017 Siemens Corporate Technology

    Digital Grid systems vs. Office IT Protection targets for security

    Lifetime 3-5 years Lifetime up to 20 years and more

    Digital Grid Systems:

    Protection of generation, transmission, and distribution

    Office IT:

    Protection of IT-Infrastructure

    2

  • Page 11

    Unrestricted Siemens AG 2017

    11.01.2017 Siemens Corporate Technology

    Digital Grid systems and Office IT have

    different management & operational characteristics

    Regular / scheduled

    Medium, delays accepted

    Scheduled and mandated

    High (for IT Service Centers)

    Common / widely used

    3-5 years

    Slow

    Very high

    Increasing

    Very much varying

    Uncommon, hard to deploy, white listing

    Up to 20 years

    Delays accepted Can be critical

    IT- Infrastructure Generation, transmission, distribution

    Application of patches

    Availability requirement

    Security testing / audit

    Physical Security

    Anti-virus

    Component Lifetime

    Real time requirement

    Protection target for security

    Office IT Digital Grid

    2

  • Page 12

    Unrestricted Siemens AG 2017

    11.01.2017 Siemens Corporate Technology

    Digital Grid systems and Office IT have

    different functional security requirements

    Office security concepts and solutions are not directly applicable for Digital Grid systems

    High

    Medium

    Medium, delays accepted

    Medium

    Low medium

    High

    24 x 365 x

    Medium to High

    High

Recommended

View more >