IIOT..Ind 4.0..A Thirst for Data. - Connected Manufacturing 2018 Siemens AG 2018 - Easyfairs
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
IIOT..Ind 4.0..A Thirst for Data.. Connected Manufacturing 2018 © Siemens AG 2018 siem
Who am i?
Name: Paul Hingley
Job Title: Data Services Business Manager / PSSO GB&I
Company: Siemens
Background: 20 years at Siemens involved in industrial Networks, Safety and Security. Prior to
this an Electrical / Automation Engineer in the Process and Discrete
engineering mainly focused in the Automotive, Steel and logistics Industries.
Job Responsibilities: CAS (Cloud Application Solutions) MindSphere
Safety Systems and Consultancy
PSSO (Product Solution Security Officer)
CBM (Condition Based Monitoring Solutions)
nrestricted © Siemens AG 2018
age 2 ESH 2018 Confere
ndustry 4.0 ….moving into a fourth Industrial Revolution nrestricted © Siemens AG 2018 age 3 ESH 2018 Confere
Connected Devices
ncrease Performance …
50.1B (20
…powered by digital transformation
42.1B (2019
Build Digital Business … 34.8B (2018)
28.4B (2017)
…through development of applications & MindSphere –
igital services The cloud-based, 22.9B (2016)
open IoT operating
18.2B (2015)
system
14.2B (2014)
11.2B (2013)
Differentiate in the Market …
8.7B (2012)
…through new service and business models (2003) 0.5B IoT Inception (2009)
(1992) 1M
1988 1992 1996 2000 2004 2008 2012 2016 2020
The Internet of Things
nrestricted © Siemens AG 2018
(projected number of connected assets)
age 4 ESH 2018 Confere
ndustry Evolution: The future of big data and cloud applications will
be in the industrial space
Big data / cloud applications
2020
t will be
45 From machine to machine – the focus today and in the future
Zettabyte
Machine2Machine
Sensors, meters, devices, industrial machines
Internet of Things/"Industry 4.0"
Enabling additional productivity levers and new business models
2015 7.4
t will be Zettabyte From person to person – that was the beginning
People2People
Network of virtual communities
2012 3.1
People2Machine
Zettabyte
Medical technology, digital TV,
The total volume of cameras, computers, mobile phones
data generated on
earth summed up to
nrestricted © Siemens AG 2018 1 Zettabyte = 1 sextillion bytes = 1000 Exabytes = 1 Billion Terabytes Source: Oracle, 2012, Roland Berger
age 5 ESH 2018 Confere
Major industries facing these challenges are adopting the IoT
Biggest year-over-year gainers: IoT initiatives
+ 8.2%
+ 4.5% + 4.3% + 3.7%
Facilities Mobile device Fleet Smart
automation management management city
Source: 451 Research VoTE: Internet of Things, Organizational Dynamics 2017
nrestricted © Siemens AG 2018
age 6 ESH 2018 Confere
IOT makes data actionable
How it works
Key capabilities
Connect and collect Transform and visualize Insight and actions
• Connect – Integrate new and • Transform – Data profiling, trend • Insight – Highlight trends and
existing assets and sensors to analysis, predictive modeling anomalies
systems
• Visualize – Visual dataflow • Actions – Predictive maintenance,
• Collect – Aggregate data in real creator, visual data analyzer, health monitoring and status, KPIs,
time and over time dashboards all operations dashboard, energy
tuning
nrestricted © Siemens AG 2018
age 7 ESH 2018 Confere
Technological forces transforming industry
Changing Changing Changing
the way the way the way
products products products
come to life are realized evolve
GENERATIVE INTELLIGENT MACHINE ADDITIVE CLOUD KNOWLEDGE
DESIGN MODELS LEARNING MANUFACTURING TECHNOLOGY AUTOMATION
SYSTEMS OF ADVANCED BIG DATA
SYSTEMS ROBOTICS ANALYTICS
nrestricted © Siemens AG 2018
age 8 ESH 2018 Confere
Manufacturers forces
Technological must embrace
transforming
the technologies
industry
and transform their business into a Digital Enterprise
Changing Changing Changing
the way the way the way
products products products
come to life are realized evolve
Ideation Realization Utilization
GENERATIVE INTELLIGENT MACHINE ADDITIVE CLOUD KNOWLEDGE
DESIGN MODELS LEARNING MANUFACTURING TECHNOLOGY AUTOMATION
SYSTEMS OF ADVANCED BIG DATA
SYSTEMS ROBOTICS ANALYTICS
nrestricted © Siemens AG 2018
age 9 ESH 2018 Confere
Continuously improve product and production he complete digital twin nrestricted © Siemens AG 2018 age 10 ESH 2018 Confere
T/OT convergence supporting New Business and Collaboration Models
Connected Enterprise Enterprise Level
Connected products
User
Customer Connected
Management Level
consumers
Connected Suppliers
Supplier
Operator Level
PARTNER
Control Level
Customer
Consumer
Connected R&D
Field Level
R&D Connected
PARTNER
customers
Connected machines
nrestricted © Siemens AG 2018
age 11 ESH 2018 ConfereEasy to digitize industries have already started to change …
…more complex industries will follow
Degree of maturity of
1 Technical Drivers
digital business models
Digitization, Sensors,
Connectivity, Bandwidth, To help protect your
priv acy , PowerPoint has
block ed automatic
Data Capturing and
download of this picture.
Storage, Clouds, To help protect your priv acy ,
PowerPoint has block ed automatic
download of this picture. Tipping-Point!
Analytics … To help protect your priv acy ,
PowerPoint has block ed automatic
download of this picture.
Media
To help protect your priv acy ,
PowerPoint has block ed
Trade
automatic download of this
picture.
To help protect your priv acy ,
PowerPoint has block ed
automatic download of this
2 Business Drivers
picture.
Mobility
New Business Models, To help protect your priv acy ,
PowerPoint has block ed
Health
automatic download of this
picture.
Ecosystem concept and
Paradigm shift: From Discrete &
product-focused to Process
user-centric mindset … Industries Energy
Less complex industry More complex indust
Based on "Smart Service Welt" report/Accenture visualization
We're seeing an increasing digitization of industries
nrestricted © Siemens AG 2018
age 12 ESH 2018 ConfereWhy do I need Security ?
13CS Attack surface is growing
Challenges: Increasing vulnerability, high connectivity.
Social engineering and phishing Introduction of malware via remova
media and external hardware
Intrusion via remote access Malware infection via the
Internet and Intranet
Human error and sabotage Control components
connected to the Internet
Compromising of extranet
Technical malfunctions
and cloud components
(Distributed) denial-of- Compromising of smartphones
service ((D)DOS) attacks in the production environment
nrestricted © Siemens AG 2018 Source © BSI analysis on cyber security 2016, German Federal Office for Information S
age 14 ESH 2018 ConfereDifferences between office and manufacturing networks nrestricted © Siemens AG 2018 age 15 ESH 2018 Confere
ndustrial Security Services
Definition IT-Security vs. OT- (Industrial) Security
What is it about?
Increasing attacks on devices
IT-Security Industrial Security
Confidentiality Availability
Integrity Integrity
Availability Confidentiality
Range in minutes is acceptable Availability Downtime < 300 m
Network Specialists Installation Plant-ICS-Sta
Ring structure Topology Plant specif
Air conditioned environment Location Industrial environme
High, Switches with many ports Device Low, Switches with fewer por
All 2-3 Years Investment Cycles Min 5-15 Yea
nrestricted © Siemens AG 2018
age 16 ESH 2018 Confere
mber
16 18Challenges
Productivity, Cost Pressure and Regulations
§
§
§
Protect Productivity Reduce cost Comply to regulations
Protect against Costs Comply to
• externally caused incidents • for qualified personnel • Reporting Requirements
through increasing connectivity • Minimum Standards
• for essential Security
• internal misbehavior Technologies • Security Knowhow
• the evolving Threat Landscape
nrestricted © Siemens AG 2018
age 17 ESH 2018 Confere
17Selected IT Security Standards, Guidelines and Committees
ChemSec
Roadmap to Secure
DHS Roadmap
IEC TC 57 Control Systems in
SAC
WG15 GDPR the Energy Sector NIS
General Data Protection TC 124
Network and Information
Regulation BSI Grundschutz
Systems
NERC-CIP
NIST ISO/IEC 2700x
ISO/IEC
15408 IEC 62351
WIB M-2784 US-CERT Control
Systems Security
Center
IEC / ISA-62443
Siemens Focus
Standards VDI/VDE DKE
Guidelines
Committees
Associations
Governmental bodies
nrestricted © Siemens AG 2018
age 18 ESH 2018 ConfereNIS1
What is it? An EU Directive on Security of Networks & Information Systems
that will come into UK legislation 9th May 2018
Who is leading implementation? The Department for Digital, Culture, Media and Sport (DCMS)
What is the aim? Raise the level of overall security and resilience of network
and information systems.
What is expected of member states?
• Have a national framework for security to include: a National Cyber security strategy, a CSIRT2, a SPOC3
and a NIS competent authority (CA)
• Set up a Cooperation Group among Member States to support and facilitate strategic cooperation and the exchange
information among Member States. Member States will also need to participate in a CSIRT Network to promote swift
and effective operational cooperation on specific network and information system security incidents and as well as
sharing information about risks.
• Ensure that businesses within vital sectors which rely heavily on information networks, for example utilities,
healthcare, transport, and digital infrastructure sectors, are identified by each Member State as “operators of
essential services” (OES). Those OES will have to take appropriate and proportionate security measures to
manage risks to their network and information systems, and they will be required to notify serious incidents to the
relevant national authority. Engagement with industry is therefore crucial in the implementation of the directive.
nrestricted © Siemens AG 2018 1)Wording from NCSC/DCMS 2)Computer Security Incident Response Team
age 19 3)Single Point of Contact ESH 2018 ConfereNIS1 - continued
What is the NCSC’s role in preparing for the implementation of the NIS Directive?
he NCSC is providing technical support and guidance to other government departments and CAs through:
a set of cyber security principles for securing essential services
a collection of supporting guidance
a Cyber Assessment Framework (CAF), incorporating indicators of Good Practice
implementation guidance and support to CAs to enable them to: Aiming to be CA
• adapt the NCSC NIS principles for use in their sectors Also see OG86
• plan and undertake assessments using the CAF, and interpret the results.
Once the NIS Directive is live in May 2018, we expect our role to be:
Single Point of Contact (SPOC) - we'll act as the contact point for engagement with EU partners, coordinating requests for action or
information and submitting annual incident statistics.
CSIRT (Computer Security Incident Response Team) - we will receive all incident reports and will provide advice and support on the
cyber aspects to operators and Digital Service providers in the event of an incident. We will be responsible for the dissemination of
appropriate risk and incident information to Competent Authorities and other relevant stakeholders.
Technical Authority on Cyber Security - the NCSC will support CAs with security advice and guidance and act as a source of technical
expertise. We'll tailor some generic guidance to individual sectors to support CAs.
nrestricted © Siemens AG 2018 1)Wording from NCSC/DCMS
age 20 ESH 2018 ConfereStandards
ISO 27001
NIST 800-82, 800-30,
ISO 27002 800-53
ISO 27032
WIB M2784
NERC-CIP 4
ISA 99
NIS Directive
2018 May 9th
ISA/IEC 62443
UK Law, priority is CNI companies.
nrestricted © Siemens AG 2018
age 21 ESH 2018 ConfereFramework
CDV* 4Q17
nrestricted © Siemens AG 2018
age 22 ESH 2018 ConfereEach stakeholder can create vulnerabilities
Example User Identification and Authentication
Industrial Automation and Control System
(IACS)
Invalid accounts not
deleted
operates Operational and Maintenance Non confidential passwor
Asset Owner
can create policies and procedures Passwords not renewed
weaknesses
+
Automation solution Temporary accounts no
System designs and deploys deleted
Basic Process Complementary
Integrator Control System Safety Instrumented
System (SIS) Hardware and Default passwords not
can create (BPCS) Software changed
weaknesses
IACS environment / project specific
is the base for
Control System Elevation of privileges
as a combination of
Product Supplier develops Embedded Network Host Hard coded passwords
can create devices components devices Applications
weaknesses
Independent of IACS environment Example: User Identification and Authentication
nrestricted © Siemens AG 2018
age 23 ESH 2018 ConfereVarious parts of IEC / ISA-62443 are addressing Defense in Depth
IACS environment / project specific
Asset Owner
2-1
Operational and Maintenances
2-4 policies and procedures
System Integrator
2-4
Policies and procedures
3-2
Security capabilities of the
3-3 Automation Solution
Product Supplier
3-3
Security capabilities of the products
4-2
4-1 Development process
Independent of IACS environment
nrestricted © Siemens AG 2018
age 24 ESH 2018 ConfereTRUST…….
25Charter of Trust on Cybersecurity Unrestricted © Siemens AG 2018 charter-of-trust.com | #Charter of Trust
Digitalization
changes
everything
Artificial intelligence and big data analytics are revolutionizing the way we
make decisions. And billions of devices are being connected by the Internet
of Things and are interacting on an entirely new level and scale.
nrestricted © Siemens AG 2018
age 27 April 2018 Charter of Trust for a secure digital wAs much as these advances are improving our liv
Cybersecurity – and economies, the risk of exposure to malicious
A critical factor for the success cyber attacks is also growing dramatically.
of the digital economy
– Crucial to the success of the
digital economy.
– Users need to trust that their digital
technologies are safe and secure.
– Digitalization and cybersecurity
must evolve hand in hand.
nrestricted © Siemens AG 2018
age 28 April 2018 Charter of Trust for a secure digital wCybersecurity – an increasingly critical factor
or the success of the digital economy
1950s – 1960s 1980s 1999 2010s 2020s
Military, governments and Computers make their The globe is Cloud computing Internet of Things, Smart
other organizations implement way into schools, homes, connected enters the and autonomous systems,
computer systems business and industry by the internet mainstream Artificial Intelligence, Big Data
Digital Information
Digital Connectivity Digital Automation and Intelligence
Processing
1970s 1990s 1991 2000s 2020s
Home computer Digital enhancement The World Wide Mobile flexibility Industry 4.0
is introduced of electrification and Web becomes
automation publicly accessible
Industroyer/Chrashoverride
Heartbleed WannaCry
Melissa Worm Stuxnet
Morris Worm
ILOVEYOU
AT&T Hack
Blue Boxing
AOHell NotPetya
Cryptovirology Cloudbleed
Level Seven Crew hack sl1nk SCADA hacks Infinion/TPM
Denial-of-service attacks Meltdown/Spectre
nrestricted © Siemens AG 2018
age 29 April 2018 Charter of Trust for a secure digital w“We can’t expect people to actively support the
digital transformation if the security of data and
networked systems is not guaranteed.”
That’s why Siemens will be working with partners from industry,
government and society to sign a “Charter of Trust” –
a charter aimed at three important objectives:
1. Protecting the data of individuals and companies
2. Preventing damage from people, companies and infrastructures
3. Establishing a reliable foundation on which confidence
in a networked, digital world can take root and grow
nrestricted © Siemens AG 2018
age 30 April 2018 Charter of Trust for a secure digital wWe sign for
cybersecurity!
We sign the
Charter of Trust.
nrestricted © Siemens AG 2018
age 31 April 2018 Charter of Trust for a secure digital wGuidance
National Cyber Security Centre
Operational Guidance OG86
NI – SICS Framework
nrestricted © Siemens AG 2018
age 32 ESH 2018 ConfereThank you
Security Information iemens provides products and solutions with industrial security functions that support the secure operation of plants, systems, machines nd networks. n order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain holistic, state-of-the-art industrial security concept. Siemens’ products and solutions only form one element of such a concept. ustomer is responsible to prevent unauthorized access to its plants, systems, machines and networks. Systems, machines and omponents should only be connected to the enterprise network or the internet if and to the extent necessary and with appropriate security measures (e.g. use of firewalls and network segmentation) in place. dditionally, Siemens’ guidance on appropriate security measures should be taken into account. For more information about industrial ecurity, please visit http://www.siemens.com/industrialsecurity. iemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly recommends to apply roduct updates as soon as available and to always use the latest product versions. Use of product versions that are no longer supported, nd failure to apply latest updates may increase customer’s exposure to cyber threats. o stay informed about product updates, subscribe to the Siemens Industrial Security RSS Feed under ttp://www.siemens.com/industrialsecurity. nrestricted © Siemens AG 2018 age 34 ESH 2018 Confere
Questions nrestricted © Siemens AG 2018 age 35 ESH 2018 Confere
Contact Information
Paul Hingley
Data Services Business Manager
DF DS GB
Sir William Siemens House
Princess Road
Manchester
M20 2UR
Phone:
Mobile: +44 (0) 7808 822265
E-mail: paul.hingley@siemens.com
siemens.com/simatic-pcs7
nrestricted © Siemens AG 2018
age 36 ESH 2018 ConfereYou can also read
