Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

Introducing the xx family

T24 - New Security Features Help to Reduce Risk
in Your Industrial Control System
PUBLIC
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
Security Threat Vectors
Application of
patches
Natural or Man-made
disasters
Worms and
viruses
Theft
Sabotage
Unauthorized
access
Denial of
Service
Unauthorized actions
by employees
PUBLIC
Unauthorized
remote access
Unintended
employee actions
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
ICS Security in the News
Source: http://www.theregister.co.uk
PUBLIC
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
ICS Security in the News
Source: https://www.bostonglobe.com
PUBLIC
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
4
Security Quality
Vendors must build security
into products with a focus on
security throughout the
products lifecycle…
PUBLIC
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
5
Security Quality
Incident Response Process
 Product Vulnerabilities:

We expect them

We plan for them

We work to avoid them

We support our customers
 See Rockwell Automation®
Knowledgebase article 54102 for up-todate information on product vulnerabilities
Receive
Evaluate and
Assess
Mitigate and
Remediate
Close
Communications
PUBLIC
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
Secure Automation and Information
Defending the Digital Architecture
Tamper
Detection
Secure Network
Infrastructure
Content
Protection
Access Control and
Policy Management
Detect and Record unwanted
Activity and Modifications to
the application
Control Access to the
network, and Detect unwanted
access and activity
Protect viewing, editing, and
use of specific pieces of
control system content
Control Who, What, Where
and When access is allowed,
to which application and
device
INDUSTRIAL SECURITY
MUST BE IMPLEMENTED AS A SYSTEM
PUBLIC
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
Secure Automation and Information
Capability Overview
Tamper
Detection
Secure Network
Infrastructure
Content
Protection
Access Control and
Policy Management
Detect and Record unwanted
Activity and Modifications to
the application
Control Access to the
network, and Detect unwanted
access and activity
Protect viewing, editing, and
use of specific pieces of
control system content
Control Who, What, Where
and When access is allowed,
to which application and
device
• Firmware Digital Signatures
• Validated Architectures
• Auditing with FactoryTalk®
AssetCentre
• Stratix™ Portfolio
• Change Detection and
Logging for Controllers
• High Integrity Add-On
Instructions
PUBLIC
• Network and Security
Services
• Logix Source Protection
• Data Access Control
• FactoryTalk Security
New Tempered Networks Partnership
New Symantec Partnership
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
Secure Network Infrastructure
New Validated Architectures
Achieve infrastructure security through a common, validated system architecture
leveraging the Stratix™ portfolio and Cisco security solutions.
Design and Implementation Guides:
•
•
•
•
•
Converged Plantwide Ethernet (CPwE) Design and Implementation Guide (2011)
Segmentation Methods within the Cell/Area Zone (2013)
Securely Traversing IACS Data Across the Industrial Demilitarized Zone (2015)
Deploying Identity Services within a Converged Plantwide Ethernet Architecture (2015)
Site-to-site VPN to a Converged Plantwide Ethernet Architecture (2015)
Download these and more at:
http://www.rockwellautomation.com/global/products-technologies/network-technology/architectures.page
PUBLIC
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
Content Protection:
License Based Source Protection– Coming Soon!
 Access to selected Routines and Add-On Instructions can be controlled
using Licenses
 Licenses are managed by the content owner using a web-based application, and
reside on secure USB devices
PUBLIC
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
Access Control:
Application Access Control with FactoryTalk Security
Use FactoryTalk® Security to…
Manage the insider threat by authenticating the user and authorizing the use of Rockwell Automation® software
applications to access automation devices
How does it work?
Provides a centralized authority to verify identity of each user and grants or deny user requests to perform a
particular set of actions on resources within the system
FactoryTalk Directory
•
•
•
Authenticate the User
Authorize Use of Applications
Authorize Access to Specific Devices
(All FactoryTalk Security
enabled software)
PUBLIC
Copyright © 2015 Rockwell Automation, Inc.
11 All Rights Reserved.
FactoryTalk Temporary Users
New in latest version of Studio 5000
 Use FactoryTalk® Temporary
Users to temporarily give
someone access to privileges
of another user group
PUBLIC
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
12
Permission Sets for Securing Projects
New in latest version of Studio 5000
 Secure a project file with a
Permission Set to use the same
policies for many controllers
PUBLIC
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
13
Permission Sets for Securing Objects
New in latest version of Studio 5000
 Apply Permission Sets to
Routines, Add-On Instructions
and Tags to have different
policies for different components
PUBLIC
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
14
Guest User Access
New in latest version of Studio 5000
 With Guest Users, grant limited
permissions to users who
aren’t members of your
FactoryTalk® Directory
PUBLIC
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
15
Secondary Security Authority
New in latest version of Studio 5000
 Guest Users can further limit access to a project file
with a Secondary Security Authority
PUBLIC
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
16
Support for Disconnected Environments
New in latest version of Studio 5000
Network 2
Active Directory
Project File that is
secured by Machine
Builder
VPN
Controller who is
secured by Machine
Builder
PUBLIC
FactoryTalk®
Directory
Field Engineer
Laptop
Network 1
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
Sources of Risk
Source: The State of Security in Control Systems Today, SANS Institute
PUBLIC
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
Sources of Risk
Source: Common Cybersecurity Vulnerabilities in Industrial Control Systems, Department of Homeland Security Control Systems Security Program
PUBLIC
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
New Encompass™ Partner - Symantec
 Symantec Embedded Security: Critical System Protection
Great for helping to protect PCs that can’t be frequently updated
 Completely policy driven – no signatures
 Features Application Whitelisting, Sandboxing, Host Firewall, File
Protection and Monitoring, and more

PUBLIC
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
Tempered Networks
 Network segmentation using private
overlay networks on top of untrusted
infrastructure
PUBLIC

Private networks can be mapped to users
and/or devices

Leverages HIPswitches and a centralized
HIPConductor without any changes to existing
infrastructure
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
Industrial Security Resources
 Security-enhanced Products and Technologies

Rockwell Automation® product and technologies with security capabilities
that help increase overall control system system-level security.

http://www.rockwellautomation.com/security
 EtherNet/IP Plantwide Reference Architectures

Control system validated designs and security best-practices that
complement recommended layered security/defense-in-depth measures.

http://www.ab.com/networks/architectures.html
 Network & Security Services (NSS)
PUBLIC

RA consulting specialists that conduct security risk assessments and
make recommendations for how to avert risk and mitigate vulnerabilities.

http://www.rockwellautomation.com/services/security
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
22
Industrial Security Landing Pad
Related Products
Video Series &
Tools
Design Guides
and Whitepapers
Reference
Architectures
Take an
Assessment
Security Advisory
Index
secure@ra.rockwell.com
Pretty Good Privacy (PGP) Public Key
PUBLIC
http://rockwellautomation.com/security
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
Questions?
PUBLIC
.
Connect with us.
www.rockwellautomation.com
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
Related documents
Understanding Process Safety Management
Understanding Process Safety Management
What is Quality? - Rockwell Automation
What is Quality? - Rockwell Automation
Software Registration Transfer Form
Software Registration Transfer Form
Industrial Computer and Monitor Specifications Technical Data
Industrial Computer and Monitor Specifications Technical Data
Download