security for critical operations · utilities worldwide 8 of the global fortune top 10 companies...
TRANSCRIPT
![Page 1: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/1.jpg)
#PIWorld ©2020 OSIsoft, LLC
Security for Critical OperationsBryan Owen PE
OSIsoft – Security Architect
1
![Page 2: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/2.jpg)
#PIWorld ©2020 OSIsoft, LLC
About.me
Recent activities• 2020 SANS Michael J. Assante ICS Security Lifetime Achievement Award• 2020 CISA Control Systems Interagency Working Group• 2019 NERC GridSecCon Supply Chain Threat Vector• 2019 PIWorld What you need to know about the PI System, DERS and Cybersecurity• 2019 NSA Operational Technology and Cybersecurity• 2019 S4 OnRamp ICS and the Cloud
![Page 3: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/3.jpg)
#PIWorld ©2020 OSIsoft, LLC
About.us
Major PI System security milestones• 2020 PI System Security Hardening• 2017 Read only PI Connectors and Interfaces • 2015 Transport Security using Windows Integrated Security• 2012 PI Vision with application server design pattern• 2009 PI Server with Windows Integrated Security• 2006 PI Interface Node Security Hardening
![Page 4: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/4.jpg)
#PIWorld ©2020 OSIsoft, LLC
Agenda• Critical Operations• Advice from cyber experts• Destructive malware trends• Customer experiences• Evolution of OSIsoft guidance• What to expect from OSIsoft in 2020• Suggested PI World talks• Call to Action
![Page 5: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/5.jpg)
#PIWorld ©2020 OSIsoft, LLC 5
Our Mission: Make Operations Data an Asset Everyone Can Use in Real Time
Process Engineer“Can we increase the overall yield?”
Production Manager“What is the forecast of productivity?”
Reporting Analyst“I need to combine 3 data sources into 1 report.”
Control Room Tech“The process is like a baby –you have to watch it.”
Data Scientist“Can we find new savings with machine learning?”
Maintenance Engineer“I need to know the moment it goes out of tune.”
![Page 6: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/6.jpg)
#PIWorld ©2020 OSIsoft, LLC 6
80%of the top
companies globally
1000+utilities
worldwide
8of the global
Fortune top 10
companies
Oil & Gas
Power &Utilities
Metals &Mining
Pharma &Life Science
Chemicals Pulp & Paper
24of the top 25
pharmaceutical companies
9of the top 10
chemical companies rely on the PI System
145M metric tons per year of production monitored
OSIsoft Leads the Market in Critical Operations
![Page 7: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/7.jpg)
#PIWorld ©2020 OSIsoft, LLC
Architectural Concept: Dedicated Data Infrastructure
Environmental Systems
Plant DCS
Transmission & Distribution SCADA
PLCs
Other critical operations systems Security Perimeter
Critical Systems
Reduce the risks on critical systems
Infrastructure
![Page 8: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/8.jpg)
#PIWorld ©2020 OSIsoft, LLC
Architectural Concept: Dedicated Data Infrastructure
Environmental Systems
Plant DCS
Transmission & Distribution SCADA
PLCs
Other critical operations systems Security Perimeter
Limit direct access to critical systems while expanding the use of information.
Critical Systems
Reduce the risks on critical systems
Infrastructure
![Page 9: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/9.jpg)
#PIWorld ©2020 OSIsoft, LLC
Architectural Concept: Dedicated Data Infrastructure
Environmental Systems
Plant DCS
Transmission & Distribution SCADA
PLCs
Other critical operations systems Security Perimeter
Limit direct access to critical systems while expanding the use of information.
Critical Systems
Reduce the risks on critical systems
Infrastructure
![Page 10: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/10.jpg)
#PIWorld ©2020 OSIsoft, LLC
Can we operate while
compromised?
Is it asystem ofrecord?
Is itsecure,stable &agile?
Is thesystem always
available?
Am I collectingall of the
data?
10
Critical Operations Mindset
![Page 11: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/11.jpg)
#PIWorld ©2020 OSIsoft, LLC
Can we operate while
compromised?
Is it asystem ofrecord?
Is itsecure,stable &agile?
Is thesystem always
available?
11
Critical Operations Mindset
![Page 12: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/12.jpg)
#PIWorld ©2020 OSIsoft, LLC
Can we operate while
compromised?
Is it asystem ofrecord?
Is itsecure,stable &agile?
12
Critical Operations Mindset
![Page 13: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/13.jpg)
#PIWorld ©2020 OSIsoft, LLC
Can we operate while
compromised?
Is it asystem ofrecord?
13
Critical Operations Mindset
![Page 14: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/14.jpg)
#PIWorld ©2020 OSIsoft, LLC
Can we operate while
compromised?
14
Critical Operations Mindset
![Page 15: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/15.jpg)
#PIWorld ©2020 OSIsoft, LLC
“If you really want to protect your network…you have to know your network.”
![Page 16: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/16.jpg)
#PIWorld ©2020 OSIsoft, LLC 16
‘we must reengineer selected last-mile and endpoint elements of the grid’
![Page 17: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/17.jpg)
#PIWorld ©2020 OSIsoft, LLC17
![Page 18: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/18.jpg)
#PIWorld ©2020 OSIsoft, LLC
Trends in DoS attacks affecting critical operations
18
1998 2003 … 2007 … 2012 … 2016 … 2019
DDoS on Estonia
DDoS on US Banking
Mirai DDoS on DNS
DDoS on Cisco ASASQL Slammer
Ping of Death
24/7 availability is a top concern for critical operations
Urgent/11
![Page 19: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/19.jpg)
#PIWorld ©2020 OSIsoft, LLC
The scope and scale of destructive malware affecting our industrial community is escalating
19
2010 2011 2012 2013 2014 2015 2016 2017 2018 2019
Shamoon
TriSIS
RATKillDisk
CrashOverride
NotPetyaCryptoworm
WannaCryCryptoworm
LockerGogaRansomware
Stuxnet
2020
RyukRansomware
![Page 20: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/20.jpg)
#PIWorld ©2020 OSIsoft, LLC
Stuxnet brought ‘cyber war’ into the open…
Shamoon was the industry ‘eye-opener’
20
![Page 21: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/21.jpg)
#PIWorld ©2020 OSIsoft, LLC 21
$870,000,000 Pharmaceutical company Merck
$400,000,000 Delivery company FedEx (through European subsidiary TNT Express)
$384,000,000 French construction company Saint-Gobain
$300,000,000 Danish shipping company Maersk
$188,000,000 Snack company Mondelēz (parent company of Nabisco and Cadbury)
$129,000,000 British manufacturer Reckitt Benckiser (owner of Lysol and Durex condoms)
![Page 22: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/22.jpg)
#PIWorld ©2020 OSIsoft, LLC 22
‘The makeshift solution was for a team at the company’s headquarters in California, to print out the paperwork and fly it over to the island.’
![Page 23: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/23.jpg)
#PIWorld ©2020 OSIsoft, LLC
Lessons Learned
No matter how much you plan,no matter how much you train andno matter how many contingency plans you have,
You will be surprised.
23
Inger Sethov - Head of Communication & Public Affairs
![Page 24: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/24.jpg)
#PIWorld ©2020 OSIsoft, LLC 24
1. Transparency daily webcasts and social media posts to keep business partners and the media informed – even control room visits
2. Don’t pay the ransom rebuild infrastructure to be safe and be sure that the attacker is not still part of it – don’t feed the hackers
3. Cloud services workers were still able to communicate via smartphones and tablets even without company computers
4. Empowered people virtually all production back up to 100% normal, despite operating in manual mode – ‘cyber heroes’
Microsoft Transformhttps://news.microsoft.com/transform/hackers-hit-norsk-hydro-ransomware-company-responded-transparency/
![Page 25: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/25.jpg)
#PIWorld ©2020 OSIsoft, LLC 25
Tips so you can be a‘cyber hero’
with the PI System.
![Page 26: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/26.jpg)
#PIWorld ©2020 OSIsoft, LLC 26
![Page 27: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/27.jpg)
#PIWorld ©2020 OSIsoft, LLC 27
Know your PI System disconnect points
![Page 28: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/28.jpg)
#PIWorld ©2020 OSIsoft, LLC
Make use of PI System security barriers
28
![Page 29: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/29.jpg)
#PIWorld ©2020 OSIsoft, LLC
Edge Data Store is more than data collection
29
Reengineered for ‘the last mile’ edgeData queues Local access with a restful API
e.g. display critical operations data while disconnected
![Page 30: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/30.jpg)
#PIWorld ©2020 OSIsoft, LLC30
Use the ‘3-2-1 rule’ for critical operations data
•Three backups of your data•Two different storage types•One offsite backup – cloud!
PI SystemHigh AvailabilityDeliver
Manage/Enhance
Collect
![Page 31: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/31.jpg)
#PIWorld ©2020 OSIsoft, LLC
Cloud enablement to enhance security
31
Modern authentication Across organizational boundaries
Reduces third party access to corporate networkAdds another option to access
critical data streams (e.g. BYOD during a crisis)
![Page 32: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/32.jpg)
#PIWorld ©2020 OSIsoft, LLC
Recommended PI World talks and labs
• PI World 2020• Migrating from PI ProcessBook to PI Vision• Flexible Connectivity Strategies for OCS and the PI System• Making PI Data Ingress cOMFortable with PI Web API
• PI World Encores• Security and Hardening Your PI System• OSIsoft Cloud Services Security• Using the System Connector to Build a Strong Security Posture
32
![Page 33: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/33.jpg)
#PIWorld ©2020 OSIsoft, LLC
CHALLENGES SOLUTION BENEFITS
We live in an industrial world.Going after industrial security, and doing it well, is worth doing.
Robert Lee CEO Dragos, Inc (OSIsoft security partner)
Enhance your security measures to combat cyber crime
Cyber risk reduction investment priorities
Increase security without slowing down digital transformation
Capability to operate while compromised
Create awareness of losses and impact to critical operations
Enable your people and security barriers built into the PI System
Know what systems can be trusted for response and recovery
Avoid significant losses and recovery costs (in the hundreds of millions!)
33
![Page 34: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/34.jpg)
#PIWorld ©2020 OSIsoft, LLC
Contact
34
• Bryan Owen PE• Security Architect• OSIsoft• [email protected]
![Page 35: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/35.jpg)
#PIWorld ©2020 OSIsoft, LLC 35
Questions?
Please wait for the microphone
State your name & company
Save the Date...
DOWNLOAD THE MOBILE APP
![Page 36: Security for Critical Operations · utilities worldwide 8 of the global Fortune top 10 companies Oil & Gas Power & Utilities Metals & Mining Pharma & Life Science Chemicals Pulp &](https://reader033.vdocuments.mx/reader033/viewer/2022052017/602f67e54a14116b192f729e/html5/thumbnails/36.jpg)
#PIWorld ©2020 OSIsoft, LLC