SlideShare ist ein Scribd-Unternehmen logo

第7回VEC制御システムサイバーセキュリティカンファレンス

chomchana trevai
chomchana trevai

Wurldtech OTサイバーセキュリティ 製品・サービスの紹介 20160527

Technologie
1 von 36
Downloaden Sie, um offline zu lesen
UKRAINEGERMANYNEW YORK サイバー攻撃は実世界で被害をもたらす 201520142013 New York Dam German Steel Mill Power Grid
66%の企業や組織がサイ バーセキュリティに 対して対策を行って いない 2015 Global Megatrends in Cybersecurity, Raytheon and Ponemon …そうであっても 準備していない企業は
I IT BIG WHAT’S THE DIFFERENCE? O OT
WURLDTECHについて 2006年に設 立 WURLDTECH is a GE company Headquarters: Vancouver, Canada GE Digitalは50億ドルを売上ている組織 500億以上の機器がインターネットにつな がる世界に新しい価値を創出します。 3万人の世界中の社員が100カ国以上のお客 様をサポートしています。 Wurldtechの数百名のOTサイバーセキュリ ティ専門家を世界中に活躍しています。 WURLDTECH はGE Digitalの 中核事業のひとつ GE は 300,000 人の従業 員と 170ヶ国 に展開し ている企業 2014年にGE の子会社化
WURLDTECH OFFERINGS OTセキュリティやプロセス セキュリティのサービス、 アセスメント、認定・認証 SERVICES DEVICE SECURITY Device security assessment 制御機器のセキュリティ検証、 評価、対策のサービスを提供 Device security Health Check 安価で短期間に制御機器のセ キュリティの評価レポートを提供 SOFTWARE SECURITY Penetration Test 制御システムのソフトウェアに フォーカスした侵入テスト Rapid Software Assessment 制御システムソフトウェアのソース コード評価、ストレステスト FIELD SECURITY Site security assessment 専門家による施設のサイバーセ キュリティ評価、対策サービス ACHILLES CERTIFICATION Communication Certification 制御機器のネットワーク通信機能 にフォーカスしたセキュリティ認証 プログラム(Level 1 & Level 2) Practices Certification IEC62443-2-4に基づいた セキュリティポリシー、実行、 監査基準の認証 (Bronze, Silver, Gold) Site security Health Check 施設の短期間セキュリティ評価 IEC 62443 GAP Analysis 国際規格に準拠するための ギャップ分析、準備・対策の提供
Cyber Risk Benchmark Device Security Health Check Device Security Assessment SDLC Health Check SDLC Assessment Design Review Assessment IEC 62443-2-4 Gap Assessment Achilles Communications Certification Achilles Practices Certification (IEC 62443-2-4) Site Security Assessment NERC CIP Vulnerability Assessment Security Training Services WURLDTECH SECURITY: FROM BUILD TO OPERATE Product Supplier (Device Manufacturer) Software developers Service Provider (Integrator) Asset Owner (Operator) Operate processes securely Validate/certify for security Build security in Understand cyber risks Software Penetration Testing Threat Modeling Services Threat Assessment Application Vulnerability Assessment Site Security Health Check
SITE SECURITY HEALTH CHECK GAIN RAPID SECURITY SNAPSHOT System operators receive an overview of the security posture of their processes, architecture, and technology. IMPROVE OVERALL SECURITY Evaluate people, architecture, and technology to identify weaknesses and mitigation strategies JUSTIFY FURTHER SECURITY EFFORTS Support the need for further analysis with our informative report highlighting areas requiring additional assessment
© 2015 Wurldtech Security Technologies Inc. All rights reserved. Malware introduced from the enterprise network because someone uses a control point to check email A server closet that isn’t locked or protected by key pad Equipment that is regularly updated by third parties, without staff supervision Plugging devices into open USB ports to charge or download productivity tools from the internet Process gaps that could expose physical danger Make sure devices are installed correctly for the intended use Make sure devices that shouldn’t be or don’t need to be on the network are accounted for SITE SECURITY ASSESSMENT SEARCHING FOR PHYSICAL VULNERABILITIES:
COMPARISON © 2015 Wurldtech Security Technologies Inc. All rights reserved. Service Components Site Security Assessment Site Security Health Check Methodology Comprehensive, in-depth assessment Rapid, economical check Security Gap Analysis In-Depth Targeted Architectural Review Yes (Scaled) Deliverables Findings Report Yes (Scaled) Close-Out Presentation Yes No Detailed Asset Review Workbook Yes No Processes Information Gathering Yes No Documentation Review Yes (Scaled) Interviews and Onsite Inspection Senior analyst, 2-days on-site Analyst, 1 day on-site Technical Testing Yes No Offline Data Analysis Yes No Risk Assessment Yes (Scaled) Risk Mitigation Recommendations Prescriptive, detailed strategies High-level general direction
DEVICE SECURITY HEALTH CHECK GAIN SECURITY VISIBILITY QUICKLY Take advantage of Wurldtech’s efficient 60 hour security evaluation Deal with security issues proactively (not on a vulnerability disclosure timeline) PROTECT BRAND REPUTATION Reduce public vulnerability disclosures Stay out of the hacking news DETERMINE NEED FOR FURTHER SECURITY ANALYSIS Get direction for areas of greatest concern Justify budget for further analysis
DEVICE SECURITY ASSESSMENT Reengineering control devices to find design flaws that create vulnerabilities in the device itself Break down the pieces and parts and test each for vulnerabilities SERVICE DESCRIPTION Improve Product Security Reduce Operational Costs Ensure Customer Confidence © 2015 Wurldtech Security Technologies Inc. All rights reserved. OUTCOMES
Device Security Assessment Device Security Health Check Methodology Comprehensive, in-depth assessment Rapid, economical penetration testing Size and Scope Tailored for system under test 60 hours max Report Length ~30-200 pages depending on system under test 10 pages Areas of Focus Customer and analyst scoping Analyst scoping only Regular Update Calls Yes No Mitigation Advice Yes No Multi-device Systems Yes 1 device and 1 firmware/software version only Report Distribution Client and client’s customers Client only (no report distribution rights)* COMPARISON *For system operators, they can distribute to the respective device manufacturer.
PRODUCT DEVELOPMENT SECURITY ASSESSMENT
PRODUCT DEVELOPMENT SECURITY ASSESSMENT Evaluate manufacturer adherence to best practices for ICS development/deployment Helps resolve security weaknesses during product development SERVICE DESCRIPTION Improve Product Security Reduce product Costs Enable Compliance Efforts © 2015 Wurldtech Security Technologies Inc. All rights reserved. OUTCOMES
IEC 62443-2-4 GAP ASSESSMENT
IEC 62443 GAP ASSESSMENT Understand manufacturers’ gaps in security posture and align their practices to IEC Validate to their customers that they follow industry best practices for security SERVICE DESCRIPTION Enable Compliance Efforts Improve Product Security © 2015 Wurldtech Security Technologies Inc. All rights reserved. OUTCOMES
SOFTWARE SECURITY SERVICES
Identifying cyber operational risks Building security into processes and equipment Understanding best practices and employing them on-site Effectively communicating with IT security teams Securing executive buy-in for necessary changes Understanding the source and impact of attacks CORE CONCERNS MANAGE OPERATIONAL RISK SECURITY PLANNING AND TESTING MUST BE INCORPORATED INTO THE DEVELOPMENT LIFECYCLE
SOFTWARE SECURITY SERVICES ethical hacking to test defenses SOFTWARE PENETRATION TESTING finds lurking vulnerabilities APPLICATION VULNERABILITY ASSESSMENTS identify security gaps early in the development lifecycle THREAT MODELING allows a view into potential threats THREAT ASSESSMENTS
THREAT MODELING SERVICES Identify security gaps in the development lifecycle to reduce zero-day exploits, ensure successful implementation and avoid costly reprogramming. Applicable to OT and IT software Establishes test and abuse cases THREAT MODELING 1 4 2 35 6 DeploySupport Evaluate Develop and Test DesignAssess
THREAT ASSESSMENT SERVICES An extension to Threat Modeling Services, the assessment provides greater visibility of threats, attack vectors and targets from the attackers’ point of view. Documentation and diagrams of threats and penetration vectors for better decision making Visibility into the threat horizon for better prevention THREAT MODELING 1 4 2 35 6 DeploySupport Evaluate Develop and Test DesignAssess
APPLICATION VULNERABILITY ASSESSMENT SERVICES Tailors assessment tools to potential targets Robust analysis to find vulnerabilities Recommended security strategy and process improvements Validation of software code security
Analogous to a real attack, our penetration testers apply both manual and automated hacking techniques to find vulnerabilities before attackers can exploit them SOFTWARE PENETRATION TESTING SERVICES
SECURITY CERTIFICATION SERVICES
INDUSTRY-LEADING BENCHMARK FOR ROBUST DEVICE, APPLICATION AND SYSTEM DEVELOPMENT VERIFY devices meet robustness benchmarks CERTIFY against comprehensive requirements ASSESS network robustness of industrial devices ACHILLES COMMUNICATIONS CERTIFICATION
Embedded Devices Network Components Host Devices Control Applications TYPES OF PRODUCTS THAT CAN BE CERTIFIED A general-purpose device running a general-purpose operating system capable of hosting one or more applications, data stores or functions. Software programs executing on the infrastructure (embedded, host and network devices) that are used to interface with the process. • routers, switches, • gateways, firewalls and • wireless access devices • programmable logic controllers (PLCs) • safety instrumented system (SIS) controllers • distributed control system (DCS) • human-machine interfaces (HMIs) • engineering workstations • domain controllers A device that moves data from one device to another or restricts the flow of data, but does not directly interact with a control process. • HMI software • historian servers • PLC ladder logic A special-purpose device running embedded software designed to directly monitor, control or actuate an industrial process.
BENEFITS FOR MANUFACTURERS AND OPERATORS • Certify device reliability and integrity • Differentiate your product from competitors • Demonstrate adherence to industry best practices • Reduce the risk of experiencing a costly issue in the field • Increase customer retention by avoiding quality problems ASSET OWNERS DEVICE MANUFACTURERS • Simplify the procurement processes • Better communicate robustness and security expectations to all suppliers • Ensure your systems and networks meet cyber security standards • Reduce costs associated with verifying multi-vendor robustness claims • Improves security decision making
ACHILLES PRACTICES CERTIFICATION IEC 62443.2.4 industry standard Reviews and verifies existence of security measures Identify the required documentation, and any gaps Develop the process requirement from scratch if need be Create the necessary documentation when missing
APC SECURITY PROGRAM CONSULTING IEC 62443-2-4 Risk Assessment Extended gap assessment, including: Security risks associated with each capability Mitigations that address risks Capability development guidance Define/develop customized security program elements (E.G. Policies or standard operating procedures/training)
CERTIFICATION TYPES INTEGRATOR CERTIFICATE Certificate for integrator security programs. Certifies that the applicant has a verified set of security capabilities that can be performed for the implementation/deployment of an Automation Solution MAINTENANCE PROVIDER CERTIFICATE Certificate for maintenance provider security programs. Certifies that the applicant has a verified set of security capabilities that can be performed for the maintenance of an Automation Solution SOLUTION CERTIFICATE Certificate for the application of security capabilities during integration and/or maintenance of a specific Automation Solution. Certificate for security capabilities of Automation Solution products in support of APC integrators and maintenance providers certificates. IEC 62443-2-4 identifies security capabilities required of the Automation Solution. PRODUCT SUPPLIER
CERTIFICATION LEVELS IECEE Selectable certification BRONZE certification SILVER certification GOLD certification Awarded for successful completion of all applicable requirements and verified through direct measurement or analysis
IEC 62443 STANDARDS AND TECHNICAL REPORTS GENERAL POLICES & PROCEDURES SYSTEM COMPONENT 62443-1-1 Terminology, concepts and models TR-62443-1-2 Master glossary of terms and abbreviations 62443-1-3 System security compliance metrics TR-62443-1-4 IACS security lifecycle and use-case 62443-2-1 Requirements for an IACS security management system TR-62443-2-2 Implementation guidance for na IACS security management system TR-62443-2-3 Patch management in the IACS enviroment 62443-2-4 Security program requirements for IACS service providers TR-62443-3-1 Security Technologies for IACS 62443-3-2 Security levels for zones and conduits 62443-3-3 System security requirements and security levels 62443-4-1 Product development requirements 62443-4-2 Technical security requirements for IACS components International Standards IECEE Conformance Assessment expected (June 2016)
Cyber Risk Benchmark Device Security Health Check Device Security Assessment SDLC Health Check SDLC Assessment Design Review Assessment IEC 62443-2-4 Gap Assessment Achilles Communications Certification Achilles Practices Certification (IEC 62443-2-4) Site Security Assessment NERC CIP Vulnerability Assessment Security Training Services WURLDTECH SECURITY: FROM BUILD TO OPERATE Product Supplier (Device Manufacturer) Software developers Service Provider (Integrator) Asset Owner (Operator) Operate processes securely Validate/certify for security Build security in Understand cyber risks Software Penetration Testing Threat Modeling Services Threat Assessment Application Vulnerability Assessment Site Security Health Check
WURLDTECH OFFERINGS Protocol Inspection Engine Vulnerability and Threat Signatures Virtual Network Segmentation Command-Level Whitelisting OpShield はこれまでになかったOTサイバーセ キュリティ対策の手段を提供する
第7回VEC制御システムサイバーセキュリティカンファレンス

Empfohlen

PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? PECB
 
Guide to industrial control systems (ics) security
Guide to industrial control systems (ics) securityGuide to industrial control systems (ics) security
Guide to industrial control systems (ics) securityericv83
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 Derek Harp
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...TI Safe
 

Empfohlen

PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? PECB
 
Guide to industrial control systems (ics) security
Guide to industrial control systems (ics) securityGuide to industrial control systems (ics) security
Guide to industrial control systems (ics) securityericv83
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 Derek Harp
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...TI Safe
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?Digital Bond
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNorth Texas Chapter of the ISSA
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudControlCase
 
Assessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsAssessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsDigital Bond
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToJim Gilsinn
 
Cybersecurity Implementation and Certification in Practice for IoT Equipment
Cybersecurity Implementation and Certification in Practice for IoT EquipmentCybersecurity Implementation and Certification in Practice for IoT Equipment
Cybersecurity Implementation and Certification in Practice for IoT EquipmentOnward Security
 
CLASS 2016 - Palestra José Antunes
CLASS 2016 - Palestra José AntunesCLASS 2016 - Palestra José Antunes
CLASS 2016 - Palestra José AntunesTI Safe
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security ProductsDigital Bond
 
Securing Industrial Control Systems
Securing Industrial Control SystemsSecuring Industrial Control Systems
Securing Industrial Control SystemsEric Andresen
 
Friday Forum ISO 27001: 2013
Friday Forum ISO 27001: 2013Friday Forum ISO 27001: 2013
Friday Forum ISO 27001: 2013APEXMarCom
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Joan Figueras Tugas
 
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...TI Safe
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 James Nesbitt
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Networks
 
John kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultantJohn kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultantJohn Kingsley
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...Eran Goldstein
 
GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE디지털 월드테크 브로셔(GE Digital Wurldtech)GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE디지털 월드테크 브로셔(GE Digital Wurldtech)GE코리아
 
GE디지털 월드테크(GE Digital Wurldtech)
GE디지털 월드테크(GE Digital Wurldtech)GE디지털 월드테크(GE Digital Wurldtech)
GE디지털 월드테크(GE Digital Wurldtech)GE코리아
 

Weitere ähnliche Inhalte

Was ist angesagt?

Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?Digital Bond
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNorth Texas Chapter of the ISSA
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudControlCase
 
Assessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsAssessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsDigital Bond
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToJim Gilsinn
 
Cybersecurity Implementation and Certification in Practice for IoT Equipment
Cybersecurity Implementation and Certification in Practice for IoT EquipmentCybersecurity Implementation and Certification in Practice for IoT Equipment
Cybersecurity Implementation and Certification in Practice for IoT EquipmentOnward Security
 
CLASS 2016 - Palestra José Antunes
CLASS 2016 - Palestra José AntunesCLASS 2016 - Palestra José Antunes
CLASS 2016 - Palestra José AntunesTI Safe
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security ProductsDigital Bond
 
Securing Industrial Control Systems
Securing Industrial Control SystemsSecuring Industrial Control Systems
Securing Industrial Control SystemsEric Andresen
 
Friday Forum ISO 27001: 2013
Friday Forum ISO 27001: 2013Friday Forum ISO 27001: 2013
Friday Forum ISO 27001: 2013APEXMarCom
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Joan Figueras Tugas
 
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...TI Safe
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 James Nesbitt
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Networks
 
John kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultantJohn kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultantJohn Kingsley
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...Eran Goldstein
 

Was ist angesagt? (20)

Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
 
Assessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsAssessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS Solutions
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How To
 
Cybersecurity Implementation and Certification in Practice for IoT Equipment
Cybersecurity Implementation and Certification in Practice for IoT EquipmentCybersecurity Implementation and Certification in Practice for IoT Equipment
Cybersecurity Implementation and Certification in Practice for IoT Equipment
 
CLASS 2016 - Palestra José Antunes
CLASS 2016 - Palestra José AntunesCLASS 2016 - Palestra José Antunes
CLASS 2016 - Palestra José Antunes
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security Products
 
Securing Industrial Control Systems
Securing Industrial Control SystemsSecuring Industrial Control Systems
Securing Industrial Control Systems
 
Friday Forum ISO 27001: 2013
Friday Forum ISO 27001: 2013Friday Forum ISO 27001: 2013
Friday Forum ISO 27001: 2013
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and Certification
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
 
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-Sheet
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18
 
John kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultantJohn kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultant
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
 

Ähnlich wie 第7回VEC制御システムサイバーセキュリティカンファレンス

GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE디지털 월드테크 브로셔(GE Digital Wurldtech)GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE디지털 월드테크 브로셔(GE Digital Wurldtech)GE코리아
 
GE디지털 월드테크(GE Digital Wurldtech)
GE디지털 월드테크(GE Digital Wurldtech)GE디지털 월드테크(GE Digital Wurldtech)
GE디지털 월드테크(GE Digital Wurldtech)GE코리아
 
Huwei Cyber Security Presentation
Huwei Cyber Security PresentationHuwei Cyber Security Presentation
Huwei Cyber Security PresentationPeter921148
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT SuccessElectric Imp
 
Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environmentsamiable_indian
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51martinvoelk
 
RA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I startRA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I startRockwell Automation
 
Advanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your BusinessAdvanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your BusinessInfopulse
 
OpShield 운영기술 환경 보안 솔루션
OpShield 운영기술 환경 보안 솔루션 OpShield 운영기술 환경 보안 솔루션
OpShield 운영기술 환경 보안 솔루션 GE코리아
 
Building a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldBuilding a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldArun Prabhakar
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar finalAlgoSec
 
Government Webinar: Improving Security Compliance with IT Monitoring Tools
Government Webinar: Improving Security Compliance with IT Monitoring Tools Government Webinar: Improving Security Compliance with IT Monitoring Tools
Government Webinar: Improving Security Compliance with IT Monitoring Tools SolarWinds
 
2017-07-12 GovLoop: New Era of Digital Security
2017-07-12 GovLoop: New Era of Digital Security2017-07-12 GovLoop: New Era of Digital Security
2017-07-12 GovLoop: New Era of Digital SecurityShawn Wells
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Mykhailo Antonishyn
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxYoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxVictoriaChavesta
 
DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513Tiffeny Price
 
Security is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperSecurity is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperMohd Anwar Jamal Faiz
 

Ähnlich wie 第7回VEC制御システムサイバーセキュリティカンファレンス (20)

GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE디지털 월드테크 브로셔(GE Digital Wurldtech)GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE디지털 월드테크 브로셔(GE Digital Wurldtech)
 
GE디지털 월드테크(GE Digital Wurldtech)
GE디지털 월드테크(GE Digital Wurldtech)GE디지털 월드테크(GE Digital Wurldtech)
GE디지털 월드테크(GE Digital Wurldtech)
 
Huwei Cyber Security Presentation
Huwei Cyber Security PresentationHuwei Cyber Security Presentation
Huwei Cyber Security Presentation
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success
 
Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environments
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
 
Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51
 
RA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I startRA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I start
 
Advanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your BusinessAdvanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your Business
 
OpShield 운영기술 환경 보안 솔루션
OpShield 운영기술 환경 보안 솔루션 OpShield 운영기술 환경 보안 솔루션
OpShield 운영기술 환경 보안 솔루션
 
Building a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldBuilding a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps World
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
 
Government Webinar: Improving Security Compliance with IT Monitoring Tools
Government Webinar: Improving Security Compliance with IT Monitoring Tools Government Webinar: Improving Security Compliance with IT Monitoring Tools
Government Webinar: Improving Security Compliance with IT Monitoring Tools
 
2017-07-12 GovLoop: New Era of Digital Security
2017-07-12 GovLoop: New Era of Digital Security2017-07-12 GovLoop: New Era of Digital Security
2017-07-12 GovLoop: New Era of Digital Security
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513
 
Security is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperSecurity is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White Paper
 

Kürzlich hochgeladen

Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 

Kürzlich hochgeladen (20)

Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 

第7回VEC制御システムサイバーセキュリティカンファレンス

  • 1.
  • 3. 66%の企業や組織がサイ バーセキュリティに 対して対策を行って いない 2015 Global Megatrends in Cybersecurity, Raytheon and Ponemon …そうであっても 準備していない企業は
  • 5. WURLDTECHについて 2006年に設 立 WURLDTECH is a GE company Headquarters: Vancouver, Canada GE Digitalは50億ドルを売上ている組織 500億以上の機器がインターネットにつな がる世界に新しい価値を創出します。 3万人の世界中の社員が100カ国以上のお客 様をサポートしています。 Wurldtechの数百名のOTサイバーセキュリ ティ専門家を世界中に活躍しています。 WURLDTECH はGE Digitalの 中核事業のひとつ GE は 300,000 人の従業 員と 170ヶ国 に展開し ている企業 2014年にGE の子会社化
  • 6. WURLDTECH OFFERINGS OTセキュリティやプロセス セキュリティのサービス、 アセスメント、認定・認証 SERVICES DEVICE SECURITY Device security assessment 制御機器のセキュリティ検証、 評価、対策のサービスを提供 Device security Health Check 安価で短期間に制御機器のセ キュリティの評価レポートを提供 SOFTWARE SECURITY Penetration Test 制御システムのソフトウェアに フォーカスした侵入テスト Rapid Software Assessment 制御システムソフトウェアのソース コード評価、ストレステスト FIELD SECURITY Site security assessment 専門家による施設のサイバーセ キュリティ評価、対策サービス ACHILLES CERTIFICATION Communication Certification 制御機器のネットワーク通信機能 にフォーカスしたセキュリティ認証 プログラム(Level 1 & Level 2) Practices Certification IEC62443-2-4に基づいた セキュリティポリシー、実行、 監査基準の認証 (Bronze, Silver, Gold) Site security Health Check 施設の短期間セキュリティ評価 IEC 62443 GAP Analysis 国際規格に準拠するための ギャップ分析、準備・対策の提供
  • 7. Cyber Risk Benchmark Device Security Health Check Device Security Assessment SDLC Health Check SDLC Assessment Design Review Assessment IEC 62443-2-4 Gap Assessment Achilles Communications Certification Achilles Practices Certification (IEC 62443-2-4) Site Security Assessment NERC CIP Vulnerability Assessment Security Training Services WURLDTECH SECURITY: FROM BUILD TO OPERATE Product Supplier (Device Manufacturer) Software developers Service Provider (Integrator) Asset Owner (Operator) Operate processes securely Validate/certify for security Build security in Understand cyber risks Software Penetration Testing Threat Modeling Services Threat Assessment Application Vulnerability Assessment Site Security Health Check
  • 8. SITE SECURITY HEALTH CHECK GAIN RAPID SECURITY SNAPSHOT System operators receive an overview of the security posture of their processes, architecture, and technology. IMPROVE OVERALL SECURITY Evaluate people, architecture, and technology to identify weaknesses and mitigation strategies JUSTIFY FURTHER SECURITY EFFORTS Support the need for further analysis with our informative report highlighting areas requiring additional assessment
  • 9. © 2015 Wurldtech Security Technologies Inc. All rights reserved. Malware introduced from the enterprise network because someone uses a control point to check email A server closet that isn’t locked or protected by key pad Equipment that is regularly updated by third parties, without staff supervision Plugging devices into open USB ports to charge or download productivity tools from the internet Process gaps that could expose physical danger Make sure devices are installed correctly for the intended use Make sure devices that shouldn’t be or don’t need to be on the network are accounted for SITE SECURITY ASSESSMENT SEARCHING FOR PHYSICAL VULNERABILITIES:
  • 10. COMPARISON © 2015 Wurldtech Security Technologies Inc. All rights reserved. Service Components Site Security Assessment Site Security Health Check Methodology Comprehensive, in-depth assessment Rapid, economical check Security Gap Analysis In-Depth Targeted Architectural Review Yes (Scaled) Deliverables Findings Report Yes (Scaled) Close-Out Presentation Yes No Detailed Asset Review Workbook Yes No Processes Information Gathering Yes No Documentation Review Yes (Scaled) Interviews and Onsite Inspection Senior analyst, 2-days on-site Analyst, 1 day on-site Technical Testing Yes No Offline Data Analysis Yes No Risk Assessment Yes (Scaled) Risk Mitigation Recommendations Prescriptive, detailed strategies High-level general direction
  • 11. DEVICE SECURITY HEALTH CHECK GAIN SECURITY VISIBILITY QUICKLY Take advantage of Wurldtech’s efficient 60 hour security evaluation Deal with security issues proactively (not on a vulnerability disclosure timeline) PROTECT BRAND REPUTATION Reduce public vulnerability disclosures Stay out of the hacking news DETERMINE NEED FOR FURTHER SECURITY ANALYSIS Get direction for areas of greatest concern Justify budget for further analysis
  • 12. DEVICE SECURITY ASSESSMENT Reengineering control devices to find design flaws that create vulnerabilities in the device itself Break down the pieces and parts and test each for vulnerabilities SERVICE DESCRIPTION Improve Product Security Reduce Operational Costs Ensure Customer Confidence © 2015 Wurldtech Security Technologies Inc. All rights reserved. OUTCOMES
  • 13. Device Security Assessment Device Security Health Check Methodology Comprehensive, in-depth assessment Rapid, economical penetration testing Size and Scope Tailored for system under test 60 hours max Report Length ~30-200 pages depending on system under test 10 pages Areas of Focus Customer and analyst scoping Analyst scoping only Regular Update Calls Yes No Mitigation Advice Yes No Multi-device Systems Yes 1 device and 1 firmware/software version only Report Distribution Client and client’s customers Client only (no report distribution rights)* COMPARISON *For system operators, they can distribute to the respective device manufacturer.
  • 15. PRODUCT DEVELOPMENT SECURITY ASSESSMENT Evaluate manufacturer adherence to best practices for ICS development/deployment Helps resolve security weaknesses during product development SERVICE DESCRIPTION Improve Product Security Reduce product Costs Enable Compliance Efforts © 2015 Wurldtech Security Technologies Inc. All rights reserved. OUTCOMES
  • 17. IEC 62443 GAP ASSESSMENT Understand manufacturers’ gaps in security posture and align their practices to IEC Validate to their customers that they follow industry best practices for security SERVICE DESCRIPTION Enable Compliance Efforts Improve Product Security © 2015 Wurldtech Security Technologies Inc. All rights reserved. OUTCOMES
  • 19. Identifying cyber operational risks Building security into processes and equipment Understanding best practices and employing them on-site Effectively communicating with IT security teams Securing executive buy-in for necessary changes Understanding the source and impact of attacks CORE CONCERNS MANAGE OPERATIONAL RISK SECURITY PLANNING AND TESTING MUST BE INCORPORATED INTO THE DEVELOPMENT LIFECYCLE
  • 20. SOFTWARE SECURITY SERVICES ethical hacking to test defenses SOFTWARE PENETRATION TESTING finds lurking vulnerabilities APPLICATION VULNERABILITY ASSESSMENTS identify security gaps early in the development lifecycle THREAT MODELING allows a view into potential threats THREAT ASSESSMENTS
  • 21. THREAT MODELING SERVICES Identify security gaps in the development lifecycle to reduce zero-day exploits, ensure successful implementation and avoid costly reprogramming. Applicable to OT and IT software Establishes test and abuse cases THREAT MODELING 1 4 2 35 6 DeploySupport Evaluate Develop and Test DesignAssess
  • 22. THREAT ASSESSMENT SERVICES An extension to Threat Modeling Services, the assessment provides greater visibility of threats, attack vectors and targets from the attackers’ point of view. Documentation and diagrams of threats and penetration vectors for better decision making Visibility into the threat horizon for better prevention THREAT MODELING 1 4 2 35 6 DeploySupport Evaluate Develop and Test DesignAssess
  • 23. APPLICATION VULNERABILITY ASSESSMENT SERVICES Tailors assessment tools to potential targets Robust analysis to find vulnerabilities Recommended security strategy and process improvements Validation of software code security
  • 24. Analogous to a real attack, our penetration testers apply both manual and automated hacking techniques to find vulnerabilities before attackers can exploit them SOFTWARE PENETRATION TESTING SERVICES
  • 26. INDUSTRY-LEADING BENCHMARK FOR ROBUST DEVICE, APPLICATION AND SYSTEM DEVELOPMENT VERIFY devices meet robustness benchmarks CERTIFY against comprehensive requirements ASSESS network robustness of industrial devices ACHILLES COMMUNICATIONS CERTIFICATION
  • 27. Embedded Devices Network Components Host Devices Control Applications TYPES OF PRODUCTS THAT CAN BE CERTIFIED A general-purpose device running a general-purpose operating system capable of hosting one or more applications, data stores or functions. Software programs executing on the infrastructure (embedded, host and network devices) that are used to interface with the process. • routers, switches, • gateways, firewalls and • wireless access devices • programmable logic controllers (PLCs) • safety instrumented system (SIS) controllers • distributed control system (DCS) • human-machine interfaces (HMIs) • engineering workstations • domain controllers A device that moves data from one device to another or restricts the flow of data, but does not directly interact with a control process. • HMI software • historian servers • PLC ladder logic A special-purpose device running embedded software designed to directly monitor, control or actuate an industrial process.
  • 28. BENEFITS FOR MANUFACTURERS AND OPERATORS • Certify device reliability and integrity • Differentiate your product from competitors • Demonstrate adherence to industry best practices • Reduce the risk of experiencing a costly issue in the field • Increase customer retention by avoiding quality problems ASSET OWNERS DEVICE MANUFACTURERS • Simplify the procurement processes • Better communicate robustness and security expectations to all suppliers • Ensure your systems and networks meet cyber security standards • Reduce costs associated with verifying multi-vendor robustness claims • Improves security decision making
  • 29. ACHILLES PRACTICES CERTIFICATION IEC 62443.2.4 industry standard Reviews and verifies existence of security measures Identify the required documentation, and any gaps Develop the process requirement from scratch if need be Create the necessary documentation when missing
  • 30. APC SECURITY PROGRAM CONSULTING IEC 62443-2-4 Risk Assessment Extended gap assessment, including: Security risks associated with each capability Mitigations that address risks Capability development guidance Define/develop customized security program elements (E.G. Policies or standard operating procedures/training)
  • 31. CERTIFICATION TYPES INTEGRATOR CERTIFICATE Certificate for integrator security programs. Certifies that the applicant has a verified set of security capabilities that can be performed for the implementation/deployment of an Automation Solution MAINTENANCE PROVIDER CERTIFICATE Certificate for maintenance provider security programs. Certifies that the applicant has a verified set of security capabilities that can be performed for the maintenance of an Automation Solution SOLUTION CERTIFICATE Certificate for the application of security capabilities during integration and/or maintenance of a specific Automation Solution. Certificate for security capabilities of Automation Solution products in support of APC integrators and maintenance providers certificates. IEC 62443-2-4 identifies security capabilities required of the Automation Solution. PRODUCT SUPPLIER
  • 32. CERTIFICATION LEVELS IECEE Selectable certification BRONZE certification SILVER certification GOLD certification Awarded for successful completion of all applicable requirements and verified through direct measurement or analysis
  • 33. IEC 62443 STANDARDS AND TECHNICAL REPORTS GENERAL POLICES & PROCEDURES SYSTEM COMPONENT 62443-1-1 Terminology, concepts and models TR-62443-1-2 Master glossary of terms and abbreviations 62443-1-3 System security compliance metrics TR-62443-1-4 IACS security lifecycle and use-case 62443-2-1 Requirements for an IACS security management system TR-62443-2-2 Implementation guidance for na IACS security management system TR-62443-2-3 Patch management in the IACS enviroment 62443-2-4 Security program requirements for IACS service providers TR-62443-3-1 Security Technologies for IACS 62443-3-2 Security levels for zones and conduits 62443-3-3 System security requirements and security levels 62443-4-1 Product development requirements 62443-4-2 Technical security requirements for IACS components International Standards IECEE Conformance Assessment expected (June 2016)
  • 34. Cyber Risk Benchmark Device Security Health Check Device Security Assessment SDLC Health Check SDLC Assessment Design Review Assessment IEC 62443-2-4 Gap Assessment Achilles Communications Certification Achilles Practices Certification (IEC 62443-2-4) Site Security Assessment NERC CIP Vulnerability Assessment Security Training Services WURLDTECH SECURITY: FROM BUILD TO OPERATE Product Supplier (Device Manufacturer) Software developers Service Provider (Integrator) Asset Owner (Operator) Operate processes securely Validate/certify for security Build security in Understand cyber risks Software Penetration Testing Threat Modeling Services Threat Assessment Application Vulnerability Assessment Site Security Health Check
  • 35. WURLDTECH OFFERINGS Protocol Inspection Engine Vulnerability and Threat Signatures Virtual Network Segmentation Command-Level Whitelisting OpShield はこれまでになかったOTサイバーセ キュリティ対策の手段を提供する