Where Smart Data meets Data Security
Siemens Cloud for Industry powered by SAP HANA
April 2015
Think of a Number!
13642916
Page 2
Nov 2015
Prologue: Nineteenth-century Data Overkill
Page 3
Nov 2015
Prologue: Your Brain Story
Page 4
Nov 2015
Big Data in Industry
What does it mean?
We are at the start of the next “Industrial Revolution“
From Industry 1.0 to Industry 4.0
First
Industrial
Revolution
Second
Industrial
Revolution
Third
Industrial
Revolution
Fourth
Industrial
Revolution
based on the introduction
of mechanical production
equipment driven by
water and steam power
based on mass production
achieved by division of
labor concept and the use
of electrical energy
based on the use of
electronics and IT to
further automate
production
based on the use of
cyber-physical systems
Repair shops
Standardization / Process
knowledge
Software
Updates
First mechanical loom, 1784
1800
Page 6
Degree of
complexity
Nov 2015
First conveyor
belt, Cincinnati
slaughterhouse, 1870
1900
Data Driven Services
First programmable
logic controller (PLC)
Modicon 084, 1969
2000
Time
Our vision is a market place for industrial service applications based on
connectivity to devices
A Collection of customers data.......
Source: Plant Cloud Services Team
Page7 7
Page
Nov 2015
Confidential © Siemens AG 2015. All rights reserved
Provide Visualisation in Dashboards
Out of the box analytics
Source: Plant Cloud Services Team
Page8 8
Page
Nov 2015
Confidential © Siemens AG 2015. All rights reserved
Drive Train Analytics
Page 9
Nov 2015
Industry Evolution: The future of big data and cloud applications will be in the
industrial space
2020
it will be
10
45
21
Big data / cloud applications
From machine to machine – the focus today and in the future
Zettabyte
Machine2Machine
Sensors, meters, devices, industrial machines
Internet of Things/"Industry 4.0"
Enabling additional productivity levers and new business models
2015
it will be
7.4
Zettabyte
From person to person – that was the beginning
People2People
Network of virtual communities
2012
3.1
Zettabyte
The total volume of
data generated on
earth summed up to
People2Machine
Medical technology, digital TV,
cameras, computers, mobile phones
1 Zettabyte = 1 sextillion bytes = 1000 Exabytes = 1 Billion Terabytes
Page 10
Nov 2015
Source: Oracle, 2012, Roland Berger 2015
Siemens and SAP collaborate to create a ‘Cloud for Industry’
Siemens and SAP are uniquely positioned to connect the world of
distributed assets to the world of data analytics and business
A joint ‘cloud for industry’ (platform as a service) would be the basis for
value added service applications by SAP, Siemens and others
Siemens and SAP decided to collaborate for ‘Cloud for Industry’:
 Positive feedback from surveying 50 customers
 Implemented two technological pilots
 G2M started with first pilot customers
Page 11
Nov 2015
Siemens builds an open cloud-platform for industry customers
Cloud for Industry Apps
OEM Apps
End Customer
Apps
App. Develop. Apps
Optimization of plants and assets as well as
energy and resources
• Open standard (OPC) for connectivity to
Siemens and third-party products
• Plug-and-play connectivity of Siemens
products (engineering via TIA portal)
• Cloud for Industry with open application
interface for individual customer applications
• Selectable cloud infrastructure – Public cloud,
Private cloud or on premise Hybrid cloud
• Transparent pay-per-use pricing models
• Enablement of new business models
(e.g. selling machining hours instead of assets)
Simatic
Page 12
Sinumerik
Nov 2015
Sinamics
Scalance
PC S7
Third-partyproducts
Example Plant Cloud Services – Pump Management and Optimization
Page 13
Nov 2015
Cloud for Industry would enable data value services based on a global
platform and easy device connectivity
Applications & Services Eco System
Fleet Service
Management
Predictive
Maintenance
Energy Analytics
& Optimization
Plant Analytics
& Optimization
Customer Specific Apps
device management
vibration monitoring
& analytics
consumption modeling
data &
event correlation
…
helpdesk & ticketing
model-based
failure prediction
energy reporting
tuning advisory
…
SAP / Siemens Cloud for Industry
device
management
data
management
analytics / rules
visualization
system
management
onboarding
data acquisition
rule engine
cockpit/dashboard
device modeling
status monitoring
pre/post processing
analytics engine
reporting
agent configuration
remote access
big data store
events / notifications
mobile UI’s
access authorization
embedded agent
lightweight agent
open agent protocol
extensibility / SDK
Device Connectivity / Agent Technology
smart agent
Page 14
Nov 2015
A cloud structure......
Types of Cloud
Open Cloud
Enterprise or
Private Cloud
Hybrid Cloud
Models:
IaaS Infrastructure as a Service – The bases of Cloud models provides networking, storage etc
PaaS Platform as a Service - Combines Iaas with a set of services for software and Application development
DaaS Data as Service – Lets you connect and use the Cloud for data storage
SaaS Software as a Service – Multitennancy for business applications accessed by multiple users
Page 15
Nov 2015
Our customers start to innovate on data services - case studies
The Challenges
• Protect intellectual property
• Accelerate development pipelines and contribute
1)
Some
References
to the
environment
• Navigate volatile markets and intensified
competitive pace
Our Answers
Cement
Minerals
Antea Cement
(ALB)
Asset Analytics
No unplanned
system downtimes
EU Manufacturer
of asphalt
Energy Analytics
147% RoI
*) For details please refer to the back-up slides
Page 16
Nov 2015
Glass
Chemical
Saint Gobain (IN)
Ind. Network
Analytics
100% detection of
hidden network
problems
Pilkington (UK)
Energy Analytics
Over £1 million
energy cost
savings
Int. Oil & Gas
company
Security Services
0 % incidents
within
18 months
Pharma
Int. Pharma
company
Energy Analytics
12% energy cost
savings
Extract new value from your existing data – Siemens Plant Data Services
From Data…
Visualization &
recommendations
Master asset
uptime
Data analytics
and simulation
…to Value
Optimize energy
performance
Cloud-based analytics
ecosystem
Enhance industrial
cyber-security
Secure storage and
data transfer
Data
collection
Page 17
Nov 2015
Maximize Process
Efficiency
Do I Need Security?
Develop A Strategy
Threat Vectors
SneakerNet
Page 19
Nov 2015
WiFi
BYOD
Insider
Social
Engineering
Physical
Industrial Security
Impact on relevant vulnerabilities affecting automation products
2010
Page 20
2011
Nov 2015
2012
2013
Selected IT Security Standards, Guidelines and Committees
IEC TC 57
WG15
DHS
ChemSec
Roadmap
Roadmap to Secure
Control Systems in
the Energy Sector
SAC
TC 124
BSI Grundschutz
NERC-CIP
NIST
ISO/IEC 2700x
ISO/IEC
15408
IEC 62351
WIB M-2784
IEC / ISA-62443
Siemens Focus
Standards
Guidelines
Committees
Associations
Governmental bodies
Page 21
Nov 2015
US-CERT Control
Systems Security
Center
VDI/VDE
DKE
IACS, automation solution, control system
Industrial Automation and Control System
(IACS)
operates
Asset Owner
Operational and Maintenance
policies and procedures
+
System
Integrator
designs and deploys
Automation solution
IACS environment / project specific
is the base for
Product Supplier
develops
Independent of IACS environment
Page 22
Nov 2015
Control System
as a combination of
Embedded
devices
Network
components
Host
devices
Applications
IEC / ISA-62443
covers all aspects of industrial security
IEC / ISA-62443
General
 Terminology
 Concepts
 Models
 Compliance metrics
 Security levels (SL)
Policies and procedures
 Organization
 Training / awareness
 Policies, procedures
 Information, documentation
management
System
 System architecture, network
segmentation
 Zones and conduits
 SL for systems
 Identification and authentication
control
 Risk management and implementation
 Use control
 Incident planning and response
 System integrity
 Continuity plan
 Data confidentiality
 Restricted data flow
 Solution design and maintenance
 Timely response to events
 Resource availability
 Personnel security
 Physical security
 Network segmentation
 Account administration
 Authentication
 Authorization
‘Defense in Depth’ involves all stakeholders:
Asset owner, system integrator, component supplier
Page 23
Nov 2015
Component
 Product development process
• PLCs
 HMI devices
 PC stations
 Firewalls
 Gateways
 Switches
 Functions
 Applications
 Data
Security Levels for
automation solution and control system
Plant environment
SL 1
Protection against casual or coincidental violation
Risk assessment
System architecture
zones, conduits
SL 2
Protection against intentional violation using simple
means with low resources, generic skills and low
motivation
IEC 62443
Target SLs
3-2 Security risk
assessment and system
design
Achieved SLs
SL 3
Protection against intentional violation using
sophisticated means with moderate resources, IACS
specific skills and moderate motivation
Automation solution
Capabilty SLs
SL 4
1.
2.
3.
Page 24
Protection against intentional violation using
sophisticated means with extended resources, IACS
specific skills and high motivation
Control System capabilities
Independent
of plant environment
Part 3-2: asset owner / system integrator define zones and conduits with target SLs
Part 3-3: product supplier provides system features according to capability SLs
Capability SLs are deployed to match target SLs
Nov 2015
3-3 System security
requirements and Security
levels
Industrial Security
The Siemens Solution
Industrial Security Services
Managed service and
consulting
Security Management
Processes and policies
Products & Systems
Secure PCs, controllers
and networks
The Siemens solution reduces your risk with a well thought-out security concept.
Page 25
Nov 2015
Thank You
Paul Hingley Siemens Data Services
© Siemens AG 2014. Alle Rechte vorbehalten.
Answers for industry.