Cybersecurity Guidance for

Industrial Automation

January 28, 2015

Announcements

This is an audio broadcast-only WebEx, so we can’t

hear you speaking.

– If you want to give us a comment or question, please type it into

the Q&A or Chat Field in the WebEx presentation interface. We

will answer your questions at the end in the Q&A section of the

broadcast.

Announcements

This is an audio broadcast-only WebEx, so we can’t

hear you speaking.

– If you want to give us a comment or question, please type it into

the Q&A or Chat Field in the WebEx presentation interface. We

will answer your questions at the end in the Q&A section of the

broadcast.

Fill out the InduSoft webinar survey that we will send

you at the email address that you used to sign in,

and get a free famous InduSoft webinar series Tee-

Shirt!

Announcements

How to get Product Update Announcements

Announcements

How to get Product Update Announcements

Webinar Agenda

Webinar Agenda

New Cybersecurity Guidance eBook and Engineering

Services available from InduSoft

Webinar Agenda

New Cybersecurity Guidance eBook and Engineering

Services available from InduSoft

Deeper dive into the Security eBook – a look inside.

Webinar Agenda

New Cybersecurity Guidance eBook and Engineering

Services available from InduSoft

Deeper dive into the Security eBook – a look inside.

Discussion of the new SCADA Cybersecurity

Framework eBook and the associated certificate

courses at Eastern New Mexico University-Ruidoso

Webinar Agenda

New Cybersecurity Guidance eBook and Engineering

Services available from InduSoft

Deeper dive into the Security eBook – a look inside.

Discussion of the new SCADA Cybersecurity

Framework eBook and the associated certificate

courses at Eastern New Mexico University-Ruidoso

Q&A Session

Speakers Today (in order of presentation)

Richard Clark

– Technical Marketing and Cybersecurity Engineer

Richard H Clark

Cybersecurity Background

Mr. Clark has been in Automation, Process System, and Control

System design and implementation for more than 25 years and was

employed by Wonderware where he developed a non-proprietary

means of using IP-Sec for securing current and legacy Automation,

SCADA, and Process Control Systems, and developed non-proprietary

IT security techniques. Industry expert by peer review and

spokesperson on IT security; consultant, analyst and voting member of

ISA- SP99. Contributor to PCSF Vendor Forum. Consultant to NIST

and other government labs and NSA during the development of NIST

Special Publication 800-82. Published engineering white papers,

manuals, and instruction documents, developed and given classes and

lectures on the topic of ICS/SCADA Security.

– Participated in forming the NIST Cybersecurity Framework during

the workshops last year along with our second speaker today…

Speakers Today (in order of presentation)

Richard Clark

– Technical Marketing and Cybersecurity Engineer

Stephen Miller

– Associate Professor and Department Chair of Business and

Information Systems/Cybersecurity Center of Excellence at

Eastern New Mexico University-Ruidoso

Stephen Miller

Cybersecurity BackgroundMr. Miller (Associate Professor/Director of Eastern New Mexico University-Ruidoso Cybersecurity Center of Excellence) has been in the Information Systems profession since 1966 working in many business, government, and educational sectors; including being IT/Technology Manager and Advisor at ExxonMobil Global Information Systems. Mr. Miller worked for Univac Corp at NASA Mission Control for the Apollo Mission, including Apollo 13 and Skylab missions, he also worked for Ford Tech-rep Division and TRW Controls, among others.

Stephen developed the online computer and network Cybersecurity Certification program at ENMU-Ruidoso, and revised the Information Systems Associates Applied Science Degree Programs under INFOSEC 4011, 4016E, and Center of Academics (CAE-2Y) certifications

RICHARD H CLARKCybersecurity eBooks/Guidance

New SCADA Cybersecurity eBooks

InduSoft Security Guide NIST Cybersecurity Framework

ISBN 978-1311-49042-1 ISBN 978-1310-30996-0

Available at Smashwords.com and other major booksellers

Available to you as “Name Your Price”

InduSoft Security Guide NIST Cybersecurity Framework

ISBN 978-1311-49042-1 ISBN 978-1310-30996-0

Download at Smashwords.com to “Name Your Price”

All eBook Proceeds Benefit the Eastern New Mexico University-Ruidoso Foundation

InduSoft Security Guide– Why?

InduSoft Security Guide– Why?

The eBook is a compilation of InduSoft cybersecurity

guidance making it available in one place

InduSoft Security Guide– Why?

The eBook is a compilation of InduSoft cybersecurity

guidance making it available in one place

– There is a chapter on guidelines for designing and building your

projects

InduSoft Security Guide– Why?

The eBook is a compilation of InduSoft cybersecurity

guidance making it available in one place

– There is a chapter on guidelines for designing and building your

projects

– Includes reprints of many InduSoft white papers and published

articles on cybersecurity guidance describing everything from

runtime servers and IT guidance for control system networks, to

handheld smart devices and wireless networks

InduSoft Security Guide– Why?

The eBook is a compilation of InduSoft cybersecurity

guidance making it available in one place

– There is a chapter on guidelines for designing and building your

projects

– Includes reprints of many InduSoft white papers and published

articles on cybersecurity guidance describing everything from

runtime servers and IT guidance for control system networks, to

handheld smart devices and wireless networks

– The eBook contains transcripts of many InduSoft webinars on

securing InduSoft Web Studio as well as broader IT and SCADA

security guidance

InduSoft Security Guide– Why?

The eBook is a compilation of InduSoft cybersecurity

guidance making it available in one place

– There is a chapter on guidelines for designing and building your

projects

– Includes reprints of many InduSoft white papers and published

articles on cybersecurity guidance describing everything from

runtime servers and IT guidance for control system networks, to

handheld smart devices and wireless networks

– The eBook contains transcripts of many InduSoft webinars on

securing InduSoft Web Studio as well as broader IT and SCADA

security guidance

– Also contains an Appendix with NIST Framework information

InduSoft Security Guide– Why?

The eBook is a compilation of InduSoft cybersecurity

guidance making it available in one place

– There is a chapter on guidelines for designing and building your

projects

– Includes reprints of many InduSoft white papers and published

articles on cybersecurity guidance describing everything from

runtime servers and IT guidance for control system networks, to

handheld smart devices and wireless networks

– The eBook contains transcripts of many InduSoft webinars on

securing InduSoft Web Studio as well as broader IT and SCADA

security guidance

– Also contains an Appendix with NIST Framework information

– Available in .mobi (Kindle), .epub, .pdf, .html, and .doc formats

Contents of “Security Guidance” eBook

The Chapters and Sections contain many useful topics

Chapter 1: New Projects and Security as a Design Consideration

Section 1: Building your Project

– Extract from the InduSoft Technical Note: Application Guidelines

Chapter 2: Existing Projects

Chapter 3: Cloud Based Applications

Section 1: Working with Cloud Based Applications

– The following is an extract from the InduSoft White Paper: Cloud Computing for SCADA

Chapter 4: InduSoft Application Security

Section 1: SCADA System Security Best Practices

– The following is a transcript extract from the InduSoft Webinar: SCADA System Security Webinar

Chapter 5: InduSoft Security Discussion for Web Based Applications

Section 1: Using Security with Distributed Web Applications

– Extract 1 - From InduSoft White Paper: Security Issues with Distributed Web Applications

Section 2 – Using Security with Web-Based Applications

– Extract 2 - From the InduSoft Tech Note: IWS Security System for Web Based Applications

Section 3 – Using Security with Web-Based Applications

– Reprint - Control Engineering Magazine - August 2014: Cybersecurity for Smart Mobile Devices

Chapter 6: InduSoft Recommendations for IT Security

Section 1: Firewalls and other SCADA Security Considerations

– Transcript extract from the InduSoft Webinar: SCADA and HMI Security in InduSoft Web Studio

Section 2: Control Systems Security Overview

– Transcript extract from the InduSoft Webinar: SCADA Security Considerations: Overview

Section 3: SCADA Security - Operational Considerations

– Transcript extract from the InduSoft Webinar: SCADA Security Considerations: Operational

Section 4: SCADA Security - Management Considerations

– Transcript extract from the InduSoft Webinar: SCADA Security Considerations: Management

Appendix A: NIST Cybersecurity Framework Core

Appendix B: Cyber Security Evaluation Tool (CSET) Information

Examples of topics and subjects covered

New SCADA Projects Should be

Designed with Security as a Primary Goal

Good project design includes the following:

New SCADA Projects Should be

Designed with Security as a Primary Goal

Good project design includes the following:

Security as a primary design

consideration

New SCADA Projects Should be

Designed with Security as a Primary Goal

Good project design includes the following:

Security as a primary design

consideration

Safety needs to be

considered throughout

project design and

implementation

New SCADA Projects Should be

Designed with Security as a Primary Goal

Good project design includes the following:

Security as a primary design

consideration

Safety needs to be

considered throughout

project design and

implementation

Functionality should be

moderated based on the first

two design goals

Diverse SCADA Projects Require

Different Types of Security Profiles

Diverse SCADA Projects Require

Different Types of Security Profiles

We recognize that customers use InduSoft Web Studio in many different ways.

Diverse SCADA Projects Require

Different Types of Security Profiles

We recognize that customers use InduSoft Web Studio in many different ways.– This fact presents many differing security scenarios for our

customers

Diverse SCADA Projects Require

Different Types of Security Profiles

We recognize that customers use InduSoft Web Studio in many different ways.– This fact presents many differing security scenarios for our

customers

– A specific type of security implementation to a particular SCADA system may be entirely inappropriate for a differing system.

Diverse SCADA Projects Require

Different Types of Security Profiles

We recognize that customers use InduSoft Web Studio in many different ways.– This fact presents many differing security scenarios for our

customers

– A specific type of security implementation to a particular SCADA system may be entirely inappropriate for a differing system.

We have recommended many different ways that security can be implemented into SCADA and HMIs

Diverse SCADA Projects Require

Different Types of Security Profiles

We recognize that customers use InduSoft Web Studio in many different ways.– This fact presents many differing security scenarios for our

customers

– A specific type of security implementation to a particular SCADA system may be entirely inappropriate for a differing system.

We have recommended many different ways that security can be implemented into SCADA and HMIs– Talks, classes, white papers, webinars, forums, Technical

Support, and individualized guidance on projects has been available for quite some time

Diverse SCADA Projects Require

Different Types of Security Profiles

We recognize that customers use InduSoft Web Studio in many different ways.– This fact presents many differing security scenarios for our

customers

– A specific type of security implementation to a particular SCADA system may be entirely inappropriate for a differing system.

We have recommended many different ways that security can be implemented into SCADA and HMIs– Talks, classes, white papers, webinars, forums, Technical

Support, and individualized guidance on projects has been available for quite some time

– InduSoft now has short-term engineering assistance available on our website!

Services On Demand is Now Live!

Engineering assistance is available when designing

projects and implementing project security

Next: STEPHEN MILLERSCADA Cybersecurity Framework

Later: Q&A SESSION

Q&A SESSIONType your questions into the “Q&A” or “Chat” field of the WebEx interface

THANKS FOR ATTENDING!Here’s how to contact Indusoft…

Email(US) info@indusoft.com(Brazil) info@indusoft.com.br(Germany) info@indusoft.com.de

Support support@indusoft.comWeb site

(English) www.indusoft.com(Portuguese) www.indusoft.com.br(German) www.indusoft.com.de

Phone (512) 349-0334 (US)+55-11-3293-9139 (Brazil)+49 (0) 6227-732510 (Germany)

Toll-Free 877-INDUSOFT (877-463-8763)Fax (512) 349-0375

Germany

USA

Brazil

Contact InduSoft Today

Email(US) info@indusoft.com(Brazil) info@indusoft.com.br(Germany) info@indusoft.com.de

Support support@indusoft.comWeb site

(English) www.indusoft.com(Portuguese) www.indusoft.com.br(German) www.indusoft.com.de

Phone (512) 349-0334 (US)+55-11-3293-9139 (Brazil)+49 (0) 6227-732510 (Germany)

Toll-Free 877-INDUSOFT (877-463-8763)Fax (512) 349-0375

Germany

USA

Brazil

Contact InduSoft Today

Don’t forget to fill out the InduSoft

webinar survey that we’ll will send you

soon. It will come to the email address

that you used to sign in, and we will

send you an InduSoft webinar series

Tee-Shirt!