Slides

Comprehensive Security Concept For Process Control Systems V2006

Description
1. (too) „simple“ Securityconzept Internet PCN 1 PCN 2 *PCN = Process Control Network 2. Solution based Security concept made on ã Technologische Planung der : ã…
Categories
Published
of 19
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
  • 1. (too) „simple“ Securityconzept Internet PCN 1 PCN 2 *PCN = Process Control Network
  • 2. Solution based Security concept made on • Technologische Planung der : • Produktionsebenen Produktionsablauf • Steuerungskomponenten und des • Informations- und Auftragsflusses • Umsetzung von : Securityzonen und - • Gebäudeschutz, Zugangskontrolle • Technologischer Planung der Securityzonen, Securityzellen Zellen und Zugriffswege in der Netzwerkinfrastruktur • Abhärtung der Netzwerkteilnehmer • Umsetzung der : • Benutzerverwaltung in Bedienberechtigungen mittels Autorisierung • Gruppen und Rollenzuweisungen in den einzelnen Bedienkomponenten (Hard- und Software)
  • 3. Enhanced Security Conzept ECN = Enterprise Control Systems Network Internet MON = Manufacturing Operation Network Perimeter Automatisierungs- PCN und Securityzellen CN = Control Network CN = Control Network
  • 4. Standards und Normen BSI IT-Grundschutzhandbuch •Kapitel 4 „IT-Grundschutz im Bereich Infrastruktur“ ISA •ISA S95 „Enterprise – Control System Integration“ •Teil 1: „Modelle und Terminologie“ •Teil 2: „Datenstrukturen und -attribute“ •Teil 3: „Modelle von Produktions-Prozessen“ •ISA SP99 “Manufacturing and Control System Security” •Teil1: „Security Technologies for Manufacturing and Control Systems” •Teil2: “Establishing a Manufacturing and Control System Security Program” ISO/IEC •17799 "Code of practice for information security management" •27001 “Information security management systems – Requirements” •62443 “Security for Industrial Process Measurement and Control - Network and System” •61784-4 "Profiles for secure communications in industrial networks“ NAMUR •NA 67 „Informationsschutz bei Prozessleitsystemen (PLS)“ •NA 103 „Einsatz von Internettechnologien in der Prozessautomatisierung“ •NA 115 „IT-Sicherheit für Systeme der Automatisierungstechnik“ FDA 21 CFR 11 •„Elektronische Aufzeichnungen und Unterschriften“
  • 5. Production levels ERP – Enterprise Resource Planning MES – Manufacturing Execution Systems MCS – Manufacturing Control Systems Produktionsebenen nach ISA S95
  • 6. Control components und relationships nach ISA-95.00.01-2000
  • 7. Informations- und order direction of Operator roles nach ISA S95
  • 8. Security Zones (Levels) Level 5 • Enterprise Financial Enterprise Systems Enterprise Security Zone • Site Production Site Business Planning Level 4 Scheduling • Site Accounting and Logistics • Production Control Level 3 • Optimizing Control • Process History Site Manufactoring Manufactoring Operations and Control • Identity Management Security Zone • Supervisory Controllers Level 2 • Primary Operator Area Area Area Interface Control Control Security • Batch Controllers Level 1 • Continous Controllers Basic Basic Zone • Process Monitoring Control Control • Sensors, Transmitters Level 0 • Control Valves Process Process • Field Network Safety Safety- Safety- Safety Critical Critical Security Zone Securityzonen nach ISA SP 99 Part1
  • 9. Security Cell of a production plant
  • 10. Network names (working titels) ERP – Enterprise Resource Planning MES – Manufacturing Execution Systems MCS – Manufacturing Control Systems Produktionsebenen nach ISA S95
  • 11. SecurityCells und Authentification PCN CN Kerberosserver PCN
  • 12. Identity and responsibility by application filtering of protocolls and order level
  • 13. Boundary of each Security Cell
  • 14. Trustworthy connections to trustworthy applications and devices MON MES Server PCN IPSecurity VPN-Tunnel PCN
  • 15. perimeter network and access ways VPN- und Web-bridging Quarantaineserver Terminalserver PCN Webserver perimeter network for Data Exchange Radiusserver PCN
  • 16. Identity Management
  • 17. Identity Management und production plan ERP MES MCS
  • 18. Enhanced Security Conzept
  • 19. Core: The organizational structure of the complete enterprise must be recreate (or followed) by the security concept. Industrial Automation Standardize and Part1: the structure of Security Component Vendor Laws Cells, Security-Zones and Domains and there interconnectivity based on: -production plans -standardize and laws Interoperability of each Component Security Zones (ISA99) Component map (ISA95) Information and Productions levels control directions network- and component structure (Security Cells) Part2: Each Right in Security Cells, Security Zones and trough the network based on: -Interoperability of the Components -Information and control Enterprise Responsible areas and tasks directions Personal and there tasks
  • Search
    Related Search
    We Need Your Support
    Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

    Thanks to everyone for your continued support.

    No, Thanks