![Page 1: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/1.jpg)
Standards
Certification
Education & Training
Publishing
Conferences & Exhibits
Practical Approaches to Securely Integrating Business and Production
Jim Gilsinn
![Page 2: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/2.jpg)
Presenter
• Jim Gilsinn– Senior Investigator, Kenexis– ISA99, Co-Chair– ISA99-WG2, Co-Chair– CEH, CISSP– ISA/IEC 62443 Expert– 25 Years Eng. Experience– MSEE
![Page 3: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/3.jpg)
Overview
• Why Integrate Business & Production?• Things to Consider• Potential Solutions• Questions
![Page 4: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/4.jpg)
Why Integrate Business & Production?
• Production to Business– Production Data– Historical Data– Regulatory Requirements– Network/Security Monitoring
• Business to Production– Remote Maintenance– Patch Management– File Exchange– Configuration Data
Complete isolation is rarely an option
![Page 5: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/5.jpg)
THINGS TO CONSIDER
![Page 6: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/6.jpg)
Things to Consider
• Isolated Zones• Network Segmentation• Wireless Integration• Remote Connections• Public Infrastructure Integration• File/Data Transfer• Monitoring
![Page 7: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/7.jpg)
Isolated Zones
• Are there zones that require network isolation?• Safety-related systems are a good example• Set it & forget it!• May require re-calibration over time• Can be connected via signal wiring
![Page 8: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/8.jpg)
Network Segmentation
• Firewall vs. Data Diode– Is bidirectional communication required?– Human interaction vs. automated bi-directional communication– “Air-gap” requirement– Mixed firewall & data diode
• Multi-legged vs. Dual Firewall– Establish DMZ– Product diversity– IT/OT
![Page 9: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/9.jpg)
Wireless Integration
• Will wireless be used?• What communication protocols?• What frequency bands?• Point-to-point vs. omnidirectional?• Star vs. mesh topology?• Bandwidth requirements?• Tolerance for drop-outs?• Where to integrate into architecture?
![Page 10: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/10.jpg)
Remote Connections
• Personnel, vendors, contractors, MSSP?• On-site vs. off-site access?• Continuous vs. scheduled vs. sporadic connectivity?• Method of connectivity?• Single-factor vs. multi-factor authentication?• Connection points within architecture?• Types of communication allowed?
![Page 11: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/11.jpg)
Public Infrastructure Integration
• More of an issue with SCADA• Wired vs. terrestrial wireless vs. satellite• Dedicated vs. leased-line connections• Service level agreements for ISP• Contingencies for backup/secondary communications
![Page 12: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/12.jpg)
File/Data Transfer
• Restricting data flows through zone boundaries• Direct communications vs. servers in DMZ• File transfer server vs. removable media• File transfer through remote management connections
![Page 13: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/13.jpg)
Monitoring
• Malware checking• Ingress/egress filtering• Continuous monitoring vs. human interaction• Push vs. pull of monitoring data• Legacy equipment• HIDS/NIDS• Non-networked equipment
![Page 14: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/14.jpg)
People Will Get Things Done
• One way or another, people will get their job done• Security can’t be seen as an impediment to that• Provide methods that work easily, but are more secure
![Page 15: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/15.jpg)
POTENTIAL SOLUTIONS
![Page 16: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/16.jpg)
Engineering User
![Page 17: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/17.jpg)
File Transfer
![Page 18: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/18.jpg)
Administrator User – Patch Management
![Page 19: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/19.jpg)
Remote Maintenance
![Page 20: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/20.jpg)
Historian Replication
![Page 21: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/21.jpg)
Domain Controllers
![Page 22: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/22.jpg)
Web Access – License Activation Server
![Page 23: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/23.jpg)
SUMMARY
![Page 24: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/24.jpg)
Summary
• There are benefits to connecting business and production networks• There are a variety of things that need to be considered when
connecting business and production networks• There are practical solutions for security
![Page 25: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/25.jpg)
Questions
![Page 26: Practical Approaches to Securely Integrating Business and Production](https://reader035.vdocuments.mx/reader035/viewer/2022062823/5878e2d51a28abfa038b4d7b/html5/thumbnails/26.jpg)
Standards
Certification
Education & Training
Publishing
Conferences & Exhibits
Thank You for Attending!
Enjoy the rest of the conference.