• No results found

IT Security in Process Automation - Top Ten

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "IT Security in Process Automation - Top Ten"

Copied!
19
0
0

Loading.... (view fulltext now)

Download now ( 19 Page )

Full text

(1)

Dr. Gerd Wartmann Slide 1

06/04/2005

Field Devices, Services and Maintenance

(2)

Dr. Gerd Wartmann Slide 2

06/04/2005

Content

Why is this important ?

Security Measures in /for devices: Field Devices

Panel Devices

Inventory Control / Remote Services

Web enabled asset management

What is needed The Risk Model

(3)

Dr. Gerd Wartmann Slide 3

06/04/2005

Why is Information Security important ?

New technologies – new risks (wireless, IT, WEB …) Openness of the communication, e.g. Ethernet

Access to company networks from outside (outsourcing / remote clients )

Know how protection

Internal attacks : disgruntled employees (FBI Study) External attacks – Vandalism, Terror,

DNS / viruses / worms, backdoors / masquerade / corruption … Legal Requests e.g. pharmaceutical and food industry: 21 CFR part 11

(4)

Dr. Gerd Wartmann Slide 4

06/04/2005

There was always the necessity to protect company assets against all kind of threats: misuse, theft, tampering, unauthorized changes, vandalism ..

With the use of more IT and more open communication technologies

Information Security is coming more important to guarantee dependable plant operation.

(5)

Dr. Gerd Wartmann Slide 5

06/04/2005

Process automation architecture

P View FieldCare

W@M

ControlCare Application Designer

Ethernet

(6)

Dr. Gerd Wartmann Slide 6

06/04/2005

Process automation architecture

P View FieldCare

W@M

ControlCare Application Designer

Ethernet

Field Controller

(7)

Dr. Gerd Wartmann Slide 7

06/04/2005

Access Control Devices

Access based on “Roll Concept” Operator

Maintenance

Expert

….

Password

Read: all (but service ) Write, if allowed

Key locking

Experience:

Default passwords Or device is left open

(8)

Dr. Gerd Wartmann Slide 8

06/04/2005

Process automation architecture

P View FieldCare

W@M

ControlCare Application Designer

Ethernet

Field Controller

(9)

Dr. Gerd Wartmann Slide 9

06/04/2005

Panel Devices - FDA

Part 11

21 CFR part 11: (among many other requests)

(10)

Dr. Gerd Wartmann Slide 10

06/04/2005

Panel devices - FDA

Electronic signature conform with FDA 21 CFR part 11

ID- / password combination assignable to a unique individual.

Preset password length for user and administrator.

Default password must be changed Password must be changed after 30, 60 or 90 days.

Audit Trail for successful or unsuccessful login attempts

Rear panel is protected against manipulation via light barrier

(11)

Dr. Gerd Wartmann Slide 11

06/04/2005

Process automation architecture

P View FieldCare

W@M

ControlCare Application Designer

Ethernet

Field Controller

Remote Access

via Fieldgate

(12)

Dr. Gerd Wartmann Slide 12

06/04/2005

Inventory Control and Remote Service

ethernet Fieldgate with

enclosure

Internet

consumer site producer site

remote setup with ToF-Tool via Fieldgate HARTclient Endress+Hauser Firewall Workstation LAN Firewall Workstation LAN LAN Firewall e-business server

1 of 4 tanks for chemicals monitored with Micropilot M

(13)

Dr. Gerd Wartmann Slide 13 06/04/2005 TCP/IP LAN (Intranet) WAN (Internet) Telephone GSM Ethernet

+

Fieldgate

Field

Office world

Nivotester FTC625

Remote Access with Fieldgate Technology

Security Aspects

Access control by password; transfer encrypted

User defined access rights

No parameterizations from the WEB if HW locked

Hardware switch (no read/write); unlocking at the device only Point-to-point via GSM or phone line

(14)

Dr. Gerd Wartmann Slide 14 06/04/2005 Workstation LAN Ethernet Fieldgate Ethernet Fieldgate Fieldgate Portal Workstation Server Internet Workstation Workstation Server Workstation LAN

VPI Agent Software

• runs in the background on a workstation or a server • uses standard http-port of

proxy-servers

• establishes VPN connection to the portal

• knows only the configured Fieldgates in the LAN • relays requests to the portal

to the appropriate Fieldgate

Login to portal (https) VPN Firewall Firewall Firewall

Fieldgate Portal

(15)

Dr. Gerd Wartmann Slide 15

06/04/2005

Process automation architecture

P View FieldCare

W@M

ControlCare Application Designer

Ethernet

Field Controller

(16)

JA Salusbury Slide 16 06/04/2005

W@M System concept

Field

Remote I/O, Drives, Field devices

Supervisory Control

Visualization, Monitoring and Control

Management

Plant Asset Management

Pl ant A cc es s Po int s

FieldCare Plant Asset Management Installed Base Assistant (IBA-C) W@M connectivity via Internet Access W@M Portal

via Internet Access

FieldCare Local Maintenance and Configuration

Local Area Network (LAN) Wide Area Network (WAN) / Internet

(17)

Dr. Gerd Wartmann Slide 17

06/04/2005

W@M Security Aspects

Data protection against loss

redundant memory system

Backup / kept safe at a secure place

daily within the scope of a disaster recovery backup

mirrored on an identical memory system in the emergency computer

Data protection against unauthorized access

Authentication by user name and password client separation

Data encryption (SSL / HTTPS) Multi-level firewall concept Regular security audits

Availability

twenty-four-seven

(18)

Dr. Gerd Wartmann Slide 18

06/04/2005

The Risk Model

Risk =

Threat

x Vulnerability

Countermeasures

x Value

Is what we are doing sufficient?

International harmonized and accepted standards are needed: Activities are numerous: ISA, IEC, NAMUR, DKE …

Common methods to evaluate security measures, IT office == IT industrial (needs own set of rules), Bundling the know how,

(19)

Dr. Gerd Wartmann Slide 19

06/04/2005

References

Download now ( PDF - 19 Page - 8.39 MB )

Related documents

APPENDIX I Basic Windows NT Server 4.0 Installation and Configuration

To do this, logon server from workstation by workstation local administrator and then map F: to C:\APPS from workstation, run Visual Foxpro setup with administrative installation

Contents. Configuring Chef 1

Download the key file for the workstation from the Chef server to the directory specified in the workstation configuration file.. Create a Chef

Pro-poor Growth: Concepts and Measurement with Country Case Studies

Axiom 1: The measure should be consistent with the direction of change in poverty, in that a positive (negative) rate of pro-poor growth implies a reduction (increase) in

Impact of Dividend Yield and Price Earnings Ratio on Stock Returns: A Study Non-Financial listed Firms of Pakistan

The result suggested that positive P/E ratio affect the stock market through high growth and slow growth in dividends and also indicated that variation in

The Stabilizing System of the Spine Part 1..Panjabi

To achieve the required stability at every in- stance of time, the neural subsystem has the enor- mously complex task of continuously and simulta- neously monitoring

Development of a Ground System Architecture Test Bed Array

Environmental Sensors C Intrusion Detection Data Storage Server(s) Planning Server(s) Command Server(s) Management Workstation(s) Instrument Workstation(s) Planning

DeltaV Network Time Synchronization

Operator Workstation Application Workstation Master 10.4.128.1 Backup 10.8.128.2 Primary ACN Secondary ACN ProPlus Workstation Primary Remote Network Remote Workstation

Introduction Cycle Tempo

In order to be able to make good use of the program, it is necessary that you have general knowledge of MS-W INDOWS , as well as knowledge of the thermodynamics for energy