• No results found

Securely Connect, Network, Access, and Visualize Your Data

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Securely Connect, Network, Access, and Visualize Your Data"

Copied!
15
0
0

Loading.... (view fulltext now)

Download now ( 15 Page )

Full text

(1)

Securely Connect, Network, Access, and

Visualize Your Data

(2)

Skkynet is the Parent company of;

-

Cogent Real-Time Systems

Established in 1994

Focus on Industrial Automation software

Cogent DataHub, WebView

-

Nic Corporation (Osaka, Japan)

Established to focus on the embedded market

Develop for M2M, M2C software for embedded devices

2/16/2015

2

(3)

Secure end-to-end platform to connect virtually

any industrial or embedded data source, visualize

the data, and monitor or control your process or

system from almost anywhere.

-

No programming necessary

-

Secured by Design

No open inbound firewall ports = No internet attack surface

No VPNs required

Allows for full bi-directional communications and supervisory

control

2/16/2015

(4)

2/16/2015

4

Evolution of Industrial Networks - VPN

Plant 1

Plant 2

Plant 3

Plant 4

VPN

 VPN’s assume a trusted device

 VPN provides a virtualized and private (isolated) network space.

 The secure tunnels are a mechanism to achieve an appropriately protected path into that space, but the space per-se is not secured.  It is a feature that the established VPN space is fully transparent to all protocol and traffic above the link layer.

(5)

2/16/2015

Evolution of Industrial Networks - VPN

Plant 1

Plant 2

Plant 3

Plant 4

VPN

 Once a user has access to a VPN, they have access to all connected devices on that VPN.  Attack surfaces are multiplied by the number of connected devices

 Security rests with physical possession of a device

 Some trusted – in the hands of employees or under security

(6)

Internet of Industrial Things

-

No central management – things and networks are owned and

operated by people or companies who are not acquainted

-

There is a Strong security requirement

• Jan 2014 Hackers gain 'full control' of critical SCADA systems Over 60,000 exposed control systems found online

• Jan 2014 - Your Fridge is Full of SPAM: Proof of An IoT-driven Attack Over 750,000 messages came from IOT

• May 2014 - DHS Confirms U.S. Public Utility’s Control System Was HackedTwo separate incidents

• July 2014 - Dragonfly hackers target 1000 Western energy firms, industrial control systems

• Dec 2014 - Computer intrusion inflicts massive damage on German steel factory

• …

-

Unreliable, relatively slow network (Internet)

-

No agreement on hardware communication protocols

-

Traditional server/client (master/slave) communication not

appropriate (e.g., OPC)

-

Data aggregation and protocol conversion is key

(7)

Isolates all the connecting devices and plants

-

Never expose an attack surface on either the connecting

device or the plant

Standards based

Preserve existing capital expenditures

Moves real-time data at high volumes and high

speeds across any network

-

Simple to configure and use

-

Deployable on commodity hardware and consumer

devices

Non-disruptive to existing plants or systems

2/16/2015

Extending Industrial Networks

(8)

2/16/2015

8

With Skkynet’s Secure Cloud Server

Plant 1

Plant 2

Plant 3

Plant 4

SCS assumes all devises are untrusted

 Devices are never granted permission to join the enterprise network, only

data passes

 Firewalls remain closed = NO attack surface

 If ONE device is compromised, other network devices remain secure

(9)

Initial connection to the cloud server is outbound from the device or the

Cogent DataHub®

Once established, a request is made from the device/system for a

webSocket connection

2/16/2015

Reversing the Master Slave Relationship

Web Clients Remote Systems Office Systems MES Embedded Systems Industrial Systems

(10)

Inbound connection

- If the device or system is configured to allow an inbound connection, A webSocket connection is

established through the same connection path.

- Data flows freely through closed firewall ports!

- No VPN is required

- Both data and connection path are encrypted and secure

• End to end – from the device to the SCADA system

- Device/system is never granted access to the SCADA network, only data passes; isolating each

connection or remote system from cyber attack

2/16/2015

10

Reversing the Master Slave Relationship

Web Clients Remote Systems Office Systems MES Embedded Systems Industrial Systems

(11)

2/16/2015

Working with a Mobile Gateway

Industrial System HMI OPC ODBC TCP DDE MES Modbus TCP I/O 4/20mA

(12)

Solution Architecture – W ind Tower Application

Siemens

SCADA

• No Open Inbound Firewall ports

• All traffic runs through closed firewalls - securely • All data is encrypted

• SCADA Nodes are securely isolated as connections are not granted network access; only data flows.

• Allows Analytics to be separated from the remote systems, yet allows for Bi-directional communications and automatic set-point controls • Non-disruptive to existing system;

• No hardware to install

• No changes to the existing firewall or security settings • No VPN to configure

• Full Featured HMI with user security provisioning • Scalable from 1 to 1,000’s of nodes

Modbus TCP

SCADA Node

WebSockets over TCP using SSL/TLS

Secure Cloud ServiceTM

WebSockets over TCP using SSL/TLS Cogent DataHub® Tunneller /Modbus Cogent DataHub® Tunneller Analytics Optimization WebSockets over TCP using SSL/TLS

(13)

Data Rates and Latency

-

Real-time data is pushed to the cloud, then pushed to the users.

-

Publish/Subscribe data delivery

-

In memory real-time database.

Reversing Client/Server Relationship to Keep Firewalls Closed

-

This allows the in-plant system and remote devices to stream data to the cloud

service without exposing itself to the Internet.

Data-Centric Infrastructure

-

Data stays in its simplest form.

-

The raw data flows from the source, through the cloud, to the user, and gets

converted to other formats (such as HTML, XML, SQL, etc.) at the last instant.

Redundancy

-

Independent, hot-standby, redundant cloud systems.

LAN-to-LAN via the Cloud

-

The system maintains a complete copy of the data set on the source LAN, and

sends it across to the user LAN, continuously updating it in real time for live

replication of the data on both LANs.

(14)

Highly secure anywhere SCADA access and networking

- Any number of facilities can be consolidated

Fast time to market

- Minimal customer IT involvement

- No Programming required – SCS is a “plug-and-play” end-to-end solution

- Protects customers existing infrastructure Investment

• No need to invest in any new PLC’s, OPC servers or SCADA systems

• Plugs into the network to extend real-time access and networking to the cloud

• No investment in security, VPNs or proxy servers 

Sticky

- No competing services in the market = low cost of entry, high cost of exit

• Once registered on the service, only option is an in-house solution or custom solution • Typical in-house system would be $5,000-$8,000 per location, SCS saves a min of $3,000 per location.

- Pricing model matches well with air-time pricing

• Pricing model is based on data traffic over the service, similar to data plans, but much lower. 

Customize your services

- Easily bundled into a package for customer marketing

• Mobile gateway + SCS+ carrier data plan

- Create add-on services

• Big data storage, data analytics, consulting services…

2/16/2015

CONFIDENTIAL 14

(15)

Skkynet delivers real-time data services in any form to

any machine, virtually anywhere

-

Secure

-

Real-time performance

-

Patented real-time data transport and display technology

-

Any data source including legacy systems

We are in a “new connected world”

We’re used to having our computers networked, we’re not used

to having everything networked…

Security can no longer be an add-on, it needs to be secured by

design

2/16/2015

References

Download now ( PDF - 15 Page - 5.02 MB )

Related documents

nvision Reference Recorder

View data from each module separately, or combine the data from both modules into one graph.. Visualize

GROWATT NEW ENERGY CO.,LTD. GR - UM

Fault State Auto Test State Program State Standby Waiting Connect in xxS Reconnect in xxS Connect OK Power: xxxx.xW Error: xxx Auto Testing Programming PV voltage low Initial

Visualize data with ggplot2 1 / 50

color (discrete) color (continuous) size fill shape alpha Aesthetics... Your

Sharing Data with Your Accountant or Your Client

If you are using a version of QuickBooks 2009 or newer or Enterprise Solutions version 9.0 or newer and you choose to share your data using the Accountant’s Copy feature,

HANDS-ON WORKSHOP TOOLS FOR SPATIAL DATA VISUALIZATION: Using selected Open Source tools and Open Data to visualize your own spatial data

OpenLayers implements a JavaScript API (Appli- cation Programming Interface) for building rich web-based geo- graphic applications, similar to the Google Maps, with one im-

HANDS-ON WORKSHOP: SPATIAL DATA VISUALIZATION Using selected Open Source tools and Open Data to visualize your own spatial data

• Using OpenStreetMap, the crowd source initiative to create and provide free geographic data, such as street maps, to anyone;!. • A: using CartoDB to create an

Legal Ethics

Rule 7.03 – A lawyer shall not engage in conduct that adversely reflects on his fitness to practice law, nor should he, whether in public

2013 MDRT Annual Meeting e Handout Material

Lifetime uses and needs for life insurance can enhance the value - while reducing the risk - of an investment portfolio holding a policy appropriate to the portfolioE. A process