Security Check Proces Automatisering:

Get Aware to Get Secure

Jacco van der Kolk,

Digital Trust Center

Johan de Wit,

Siemens Smart Infrastructure

Introducing Henk…….

Introducing Henk…….

The other side of Henk’s business…….

ICS, OT, SCADA, PCS, DCS, IACS………..

OTICS-

SCADA

IACSPLC

DCS

OT: Operational Technology

ICS: Industrial Control System

IACS: Industrial Automation and Control System

SCADA: Supervisory Control And Data Acquisition

DCS: Distributed Control System

PCS: Process Control System

PLC: Programmable Logic Controllers

BMS: Building Management System

BMS

Welcome!

Jacco van der Kolk,

Digital Trust Center (DTC)

Part of

Ministry of Economic Affairsand Climate

Unique Public – Private Partnership!

Welcome!

DTC missie:

OndernemendNederland in staatstellen om haar digitaleveiligheid te vergroten

Welcome!

CyberSecurity Alliance

Samen werken aan eenweerbaar en digitaal veiligNederland

door middel van publiek –private samenwerkingen

Overdracht

Overdracht

Overdracht

https://www.digitaltrustcenter.nl/aan-de-slag-met-ics-security

Waarom een nieuwe tool?.......... Er is al zoveel toch?

IT vs OT

Referentie:

TNO for GCCS 2015, Cyber Security of Industrial Control Systems, 2015

“Industrial Control Systems (ICS) and (office ) IT have historically been managed by separate organizational units.”

“ICS people do not consider their ICS to be IT.”

“ICS People lack cyber security education. The IT department, on the other hand, is unfamiliar with the peculiarities and limitations of ICS technology.”

IT <> OT, main differences

IT Systems vs OT systems

Component lifetime 3-5 Years

Availability requirements Medium, delays accepted

Real time requirements Delays accepted

Physical security High (for critical IT)

Patching Regular/scheduled

Anti-malware Standard/widely used

Security testing/audits Scheduled and mandated

Security Awareness High

Security Standards Existing and implemented

Up to 20 Years

Very High

Critical

Very much varying

Slow/not at all

Uncommon/hard to deploy

Occasional

Growing (we work hard on this)

Available/not widely used

CIA Triangle: Safety toevoegen voor OT!

De tool: Wat heb JIJ eraan?

“When it comes to policy on

critical infrastructure, focus more

attention on

the chains and networks that

support key processes.”

De tool: Wat heb JIJ eraan?

“There are large differences in cyber resilience

between organizations.”

“SME’s do not have the expertise and resources to

raise their cyber resilience.”

“Experts fear that these differences will widen in

the upcoming years.”

“To raise cyber resilience and close the gap we

need public-private initiatives.”

De tool: Wat heb JIJ eraan?

Thank you all!