Security Check Proces Automatisering: Get Aware to Get Secure Jacco van der Kolk, Digital Trust Center Johan de Wit, Siemens Smart Infrastructure
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Security Check Proces Automatisering:
Get Aware to Get Secure
Jacco van der Kolk,
Digital Trust Center
Johan de Wit,
Siemens Smart Infrastructure
Introducing Henk…….
Introducing Henk…….
The other side of Henk’s business…….
ICS, OT, SCADA, PCS, DCS, IACS………..
OTICS-
SCADA
IACSPLC
DCS
OT: Operational Technology
ICS: Industrial Control System
IACS: Industrial Automation and Control System
SCADA: Supervisory Control And Data Acquisition
DCS: Distributed Control System
PCS: Process Control System
PLC: Programmable Logic Controllers
BMS: Building Management System
BMS
Welcome!
Jacco van der Kolk,
Digital Trust Center (DTC)
Part of
Ministry of Economic Affairsand Climate
Unique Public – Private Partnership!
Welcome!
DTC missie:
OndernemendNederland in staatstellen om haar digitaleveiligheid te vergroten
Welcome!
CyberSecurity Alliance
Samen werken aan eenweerbaar en digitaal veiligNederland
door middel van publiek –private samenwerkingen
Overdracht
Overdracht
Overdracht
https://www.digitaltrustcenter.nl/aan-de-slag-met-ics-security
Waarom een nieuwe tool?.......... Er is al zoveel toch?
IT vs OT
Referentie:
TNO for GCCS 2015, Cyber Security of Industrial Control Systems, 2015
“Industrial Control Systems (ICS) and (office ) IT have historically been managed by separate organizational units.”
“ICS people do not consider their ICS to be IT.”
“ICS People lack cyber security education. The IT department, on the other hand, is unfamiliar with the peculiarities and limitations of ICS technology.”
IT <> OT, main differences
IT Systems vs OT systems
Component lifetime 3-5 Years
Availability requirements Medium, delays accepted
Real time requirements Delays accepted
Physical security High (for critical IT)
Patching Regular/scheduled
Anti-malware Standard/widely used
Security testing/audits Scheduled and mandated
Security Awareness High
Security Standards Existing and implemented
Up to 20 Years
Very High
Critical
Very much varying
Slow/not at all
Uncommon/hard to deploy
Occasional
Growing (we work hard on this)
Available/not widely used
CIA Triangle: Safety toevoegen voor OT!
De tool: Wat heb JIJ eraan?
“When it comes to policy on
critical infrastructure, focus more
attention on
the chains and networks that
support key processes.”
De tool: Wat heb JIJ eraan?
“There are large differences in cyber resilience
between organizations.”
“SME’s do not have the expertise and resources to
raise their cyber resilience.”
“Experts fear that these differences will widen in
the upcoming years.”
“To raise cyber resilience and close the gap we
need public-private initiatives.”
De tool: Wat heb JIJ eraan?
Thank you all!
Related Documents
