2. Solution based Security concept made on
• Technologische Planung der :
• Produktionsebenen
Produktionsablauf • Steuerungskomponenten und des
• Informations- und Auftragsflusses
• Umsetzung von :
Securityzonen und - • Gebäudeschutz, Zugangskontrolle
• Technologischer Planung der Securityzonen, Securityzellen
Zellen und Zugriffswege in der Netzwerkinfrastruktur
• Abhärtung der Netzwerkteilnehmer
• Umsetzung der :
• Benutzerverwaltung in Bedienberechtigungen mittels
Autorisierung • Gruppen und Rollenzuweisungen in den einzelnen
Bedienkomponenten (Hard- und Software)
3. Enhanced Security Conzept
ECN = Enterprise
Control Systems Network
Internet
MON = Manufacturing
Operation Network
Perimeter
Automatisierungs- PCN
und Securityzellen
CN = Control Network CN = Control Network
4. Standards und Normen
BSI IT-Grundschutzhandbuch
•Kapitel 4 „IT-Grundschutz im Bereich Infrastruktur“
ISA
•ISA S95 „Enterprise – Control System Integration“
•Teil 1: „Modelle und Terminologie“
•Teil 2: „Datenstrukturen und -attribute“
•Teil 3: „Modelle von Produktions-Prozessen“
•ISA SP99 “Manufacturing and Control System Security”
•Teil1: „Security Technologies for Manufacturing and Control Systems”
•Teil2: “Establishing a Manufacturing and Control System Security Program”
ISO/IEC
•17799 "Code of practice for information security management"
•27001 “Information security management systems – Requirements”
•62443 “Security for Industrial Process Measurement and Control - Network and
System”
•61784-4 "Profiles for secure communications in industrial networks“
NAMUR
•NA 67 „Informationsschutz bei Prozessleitsystemen (PLS)“
•NA 103 „Einsatz von Internettechnologien in der Prozessautomatisierung“
•NA 115 „IT-Sicherheit für Systeme der Automatisierungstechnik“
FDA 21 CFR 11
•„Elektronische Aufzeichnungen und Unterschriften“
5. Production levels
ERP – Enterprise Resource Planning
MES – Manufacturing Execution Systems
MCS – Manufacturing Control Systems
Produktionsebenen nach ISA S95
8. Security Zones (Levels)
Level 5 • Enterprise Financial
Enterprise
Systems Enterprise
Security Zone
• Site Production Site Business Planning
Level 4 Scheduling
• Site Accounting
and Logistics
• Production Control
Level 3
• Optimizing Control
• Process History
Site Manufactoring Manufactoring
Operations and Control
• Identity Management
Security Zone
• Supervisory Controllers
Level 2 • Primary Operator Area Area Area
Interface Control Control
Security
• Batch Controllers
Level 1 • Continous Controllers
Basic Basic Zone
• Process Monitoring Control Control
• Sensors, Transmitters
Level 0 • Control Valves Process Process
• Field Network
Safety
Safety- Safety- Safety
Critical Critical
Security Zone
Securityzonen nach ISA SP 99 Part1
10. Network names (working titels)
ERP – Enterprise Resource Planning
MES – Manufacturing Execution Systems
MCS – Manufacturing Control Systems
Produktionsebenen nach ISA S95
14. Trustworthy connections to
trustworthy applications and devices
MON
MES Server
PCN
IPSecurity
VPN-Tunnel
PCN
15. perimeter network and access ways
VPN- und Web-bridging
Quarantaineserver
Terminalserver
PCN Webserver
perimeter network for
Data Exchange
Radiusserver
PCN
19. Core: The organizational structure of the complete enterprise must be recreate
(or followed) by the security concept.
Industrial Automation
Standardize and
Part1: the structure of Security Component Vendor
Laws
Cells, Security-Zones and
Domains and there
interconnectivity based on:
-production plans
-standardize and laws Interoperability
of each Component
Security Zones (ISA99)
Component
map (ISA95)
Information and
Productions levels control directions
network- and component
structure (Security Cells)
Part2: Each Right in Security
Cells, Security Zones and
trough the network based on:
-Interoperability
of the Components
-Information and control
Enterprise Responsible areas and tasks directions
Personal and there tasks