cybersecurity guidance for industrial automation
TRANSCRIPT
Announcements
This is an audio broadcast-only WebEx, so we can’t
hear you speaking.
– If you want to give us a comment or question, please type it into
the Q&A or Chat Field in the WebEx presentation interface. We
will answer your questions at the end in the Q&A section of the
broadcast.
Announcements
This is an audio broadcast-only WebEx, so we can’t
hear you speaking.
– If you want to give us a comment or question, please type it into
the Q&A or Chat Field in the WebEx presentation interface. We
will answer your questions at the end in the Q&A section of the
broadcast.
Fill out the InduSoft webinar survey that we will send
you at the email address that you used to sign in,
and get a free famous InduSoft webinar series Tee-
Shirt!
Webinar Agenda
New Cybersecurity Guidance eBook and Engineering
Services available from InduSoft
Deeper dive into the Security eBook – a look inside.
Webinar Agenda
New Cybersecurity Guidance eBook and Engineering
Services available from InduSoft
Deeper dive into the Security eBook – a look inside.
Discussion of the new SCADA Cybersecurity
Framework eBook and the associated certificate
courses at Eastern New Mexico University-Ruidoso
Webinar Agenda
New Cybersecurity Guidance eBook and Engineering
Services available from InduSoft
Deeper dive into the Security eBook – a look inside.
Discussion of the new SCADA Cybersecurity
Framework eBook and the associated certificate
courses at Eastern New Mexico University-Ruidoso
Q&A Session
Speakers Today (in order of presentation)
Richard Clark
– Technical Marketing and Cybersecurity Engineer
Richard H Clark
Cybersecurity Background
Mr. Clark has been in Automation, Process System, and Control
System design and implementation for more than 25 years and was
employed by Wonderware where he developed a non-proprietary
means of using IP-Sec for securing current and legacy Automation,
SCADA, and Process Control Systems, and developed non-proprietary
IT security techniques. Industry expert by peer review and
spokesperson on IT security; consultant, analyst and voting member of
ISA- SP99. Contributor to PCSF Vendor Forum. Consultant to NIST
and other government labs and NSA during the development of NIST
Special Publication 800-82. Published engineering white papers,
manuals, and instruction documents, developed and given classes and
lectures on the topic of ICS/SCADA Security.
– Participated in forming the NIST Cybersecurity Framework during
the workshops last year along with our second speaker today…
Speakers Today (in order of presentation)
Richard Clark
– Technical Marketing and Cybersecurity Engineer
Stephen Miller
– Associate Professor and Department Chair of Business and
Information Systems/Cybersecurity Center of Excellence at
Eastern New Mexico University-Ruidoso
Stephen Miller
Cybersecurity BackgroundMr. Miller (Associate Professor/Director of Eastern New Mexico University-Ruidoso Cybersecurity Center of Excellence) has been in the Information Systems profession since 1966 working in many business, government, and educational sectors; including being IT/Technology Manager and Advisor at ExxonMobil Global Information Systems. Mr. Miller worked for Univac Corp at NASA Mission Control for the Apollo Mission, including Apollo 13 and Skylab missions, he also worked for Ford Tech-rep Division and TRW Controls, among others.
Stephen developed the online computer and network Cybersecurity Certification program at ENMU-Ruidoso, and revised the Information Systems Associates Applied Science Degree Programs under INFOSEC 4011, 4016E, and Center of Academics (CAE-2Y) certifications
New SCADA Cybersecurity eBooks
InduSoft Security Guide NIST Cybersecurity Framework
ISBN 978-1311-49042-1 ISBN 978-1310-30996-0
Available at Smashwords.com and other major booksellers
Available to you as “Name Your Price”
InduSoft Security Guide NIST Cybersecurity Framework
ISBN 978-1311-49042-1 ISBN 978-1310-30996-0
Download at Smashwords.com to “Name Your Price”
InduSoft Security Guide– Why?
The eBook is a compilation of InduSoft cybersecurity
guidance making it available in one place
InduSoft Security Guide– Why?
The eBook is a compilation of InduSoft cybersecurity
guidance making it available in one place
– There is a chapter on guidelines for designing and building your
projects
InduSoft Security Guide– Why?
The eBook is a compilation of InduSoft cybersecurity
guidance making it available in one place
– There is a chapter on guidelines for designing and building your
projects
– Includes reprints of many InduSoft white papers and published
articles on cybersecurity guidance describing everything from
runtime servers and IT guidance for control system networks, to
handheld smart devices and wireless networks
InduSoft Security Guide– Why?
The eBook is a compilation of InduSoft cybersecurity
guidance making it available in one place
– There is a chapter on guidelines for designing and building your
projects
– Includes reprints of many InduSoft white papers and published
articles on cybersecurity guidance describing everything from
runtime servers and IT guidance for control system networks, to
handheld smart devices and wireless networks
– The eBook contains transcripts of many InduSoft webinars on
securing InduSoft Web Studio as well as broader IT and SCADA
security guidance
InduSoft Security Guide– Why?
The eBook is a compilation of InduSoft cybersecurity
guidance making it available in one place
– There is a chapter on guidelines for designing and building your
projects
– Includes reprints of many InduSoft white papers and published
articles on cybersecurity guidance describing everything from
runtime servers and IT guidance for control system networks, to
handheld smart devices and wireless networks
– The eBook contains transcripts of many InduSoft webinars on
securing InduSoft Web Studio as well as broader IT and SCADA
security guidance
– Also contains an Appendix with NIST Framework information
InduSoft Security Guide– Why?
The eBook is a compilation of InduSoft cybersecurity
guidance making it available in one place
– There is a chapter on guidelines for designing and building your
projects
– Includes reprints of many InduSoft white papers and published
articles on cybersecurity guidance describing everything from
runtime servers and IT guidance for control system networks, to
handheld smart devices and wireless networks
– The eBook contains transcripts of many InduSoft webinars on
securing InduSoft Web Studio as well as broader IT and SCADA
security guidance
– Also contains an Appendix with NIST Framework information
– Available in .mobi (Kindle), .epub, .pdf, .html, and .doc formats
Contents of “Security Guidance” eBook
The Chapters and Sections contain many useful topics
Chapter 1: New Projects and Security as a Design Consideration
Section 1: Building your Project
– Extract from the InduSoft Technical Note: Application Guidelines
Chapter 2: Existing Projects
Chapter 3: Cloud Based Applications
Section 1: Working with Cloud Based Applications
– The following is an extract from the InduSoft White Paper: Cloud Computing for SCADA
Chapter 4: InduSoft Application Security
Section 1: SCADA System Security Best Practices
– The following is a transcript extract from the InduSoft Webinar: SCADA System Security Webinar
Chapter 5: InduSoft Security Discussion for Web Based Applications
Section 1: Using Security with Distributed Web Applications
– Extract 1 - From InduSoft White Paper: Security Issues with Distributed Web Applications
Section 2 – Using Security with Web-Based Applications
– Extract 2 - From the InduSoft Tech Note: IWS Security System for Web Based Applications
Section 3 – Using Security with Web-Based Applications
– Reprint - Control Engineering Magazine - August 2014: Cybersecurity for Smart Mobile Devices
Chapter 6: InduSoft Recommendations for IT Security
Section 1: Firewalls and other SCADA Security Considerations
– Transcript extract from the InduSoft Webinar: SCADA and HMI Security in InduSoft Web Studio
Section 2: Control Systems Security Overview
– Transcript extract from the InduSoft Webinar: SCADA Security Considerations: Overview
Section 3: SCADA Security - Operational Considerations
– Transcript extract from the InduSoft Webinar: SCADA Security Considerations: Operational
Section 4: SCADA Security - Management Considerations
– Transcript extract from the InduSoft Webinar: SCADA Security Considerations: Management
Appendix A: NIST Cybersecurity Framework Core
Appendix B: Cyber Security Evaluation Tool (CSET) Information
New SCADA Projects Should be
Designed with Security as a Primary Goal
Good project design includes the following:
New SCADA Projects Should be
Designed with Security as a Primary Goal
Good project design includes the following:
Security as a primary design
consideration
New SCADA Projects Should be
Designed with Security as a Primary Goal
Good project design includes the following:
Security as a primary design
consideration
Safety needs to be
considered throughout
project design and
implementation
New SCADA Projects Should be
Designed with Security as a Primary Goal
Good project design includes the following:
Security as a primary design
consideration
Safety needs to be
considered throughout
project design and
implementation
Functionality should be
moderated based on the first
two design goals
Diverse SCADA Projects Require
Different Types of Security Profiles
We recognize that customers use InduSoft Web Studio in many different ways.
Diverse SCADA Projects Require
Different Types of Security Profiles
We recognize that customers use InduSoft Web Studio in many different ways.– This fact presents many differing security scenarios for our
customers
Diverse SCADA Projects Require
Different Types of Security Profiles
We recognize that customers use InduSoft Web Studio in many different ways.– This fact presents many differing security scenarios for our
customers
– A specific type of security implementation to a particular SCADA system may be entirely inappropriate for a differing system.
Diverse SCADA Projects Require
Different Types of Security Profiles
We recognize that customers use InduSoft Web Studio in many different ways.– This fact presents many differing security scenarios for our
customers
– A specific type of security implementation to a particular SCADA system may be entirely inappropriate for a differing system.
We have recommended many different ways that security can be implemented into SCADA and HMIs
Diverse SCADA Projects Require
Different Types of Security Profiles
We recognize that customers use InduSoft Web Studio in many different ways.– This fact presents many differing security scenarios for our
customers
– A specific type of security implementation to a particular SCADA system may be entirely inappropriate for a differing system.
We have recommended many different ways that security can be implemented into SCADA and HMIs– Talks, classes, white papers, webinars, forums, Technical
Support, and individualized guidance on projects has been available for quite some time
Diverse SCADA Projects Require
Different Types of Security Profiles
We recognize that customers use InduSoft Web Studio in many different ways.– This fact presents many differing security scenarios for our
customers
– A specific type of security implementation to a particular SCADA system may be entirely inappropriate for a differing system.
We have recommended many different ways that security can be implemented into SCADA and HMIs– Talks, classes, white papers, webinars, forums, Technical
Support, and individualized guidance on projects has been available for quite some time
– InduSoft now has short-term engineering assistance available on our website!
Services On Demand is Now Live!
Engineering assistance is available when designing
projects and implementing project security
Email(US) [email protected](Brazil) [email protected](Germany) [email protected]
Support [email protected] site
(English) www.indusoft.com(Portuguese) www.indusoft.com.br(German) www.indusoft.com.de
Phone (512) 349-0334 (US)+55-11-3293-9139 (Brazil)+49 (0) 6227-732510 (Germany)
Toll-Free 877-INDUSOFT (877-463-8763)Fax (512) 349-0375
Germany
USA
Brazil
Contact InduSoft Today
Email(US) [email protected](Brazil) [email protected](Germany) [email protected]
Support [email protected] site
(English) www.indusoft.com(Portuguese) www.indusoft.com.br(German) www.indusoft.com.de
Phone (512) 349-0334 (US)+55-11-3293-9139 (Brazil)+49 (0) 6227-732510 (Germany)
Toll-Free 877-INDUSOFT (877-463-8763)Fax (512) 349-0375
Germany
USA
Brazil
Contact InduSoft Today
Don’t forget to fill out the InduSoft
webinar survey that we’ll will send you
soon. It will come to the email address
that you used to sign in, and we will
send you an InduSoft webinar series
Tee-Shirt!