Professional Documents
Culture Documents
—
INDUSTRIAL AUTOMATION
Consultant
Application Engineer
Analysis
– Hacker had access for several months already
• Plenty of time for information gathering and analyzing your
process
Analysis
– Employees did not know how to handle removable media
– Malware protection was disabled
– No patches were installed
– Back-ups were taken infrequently, incorrect and never tested
– Network connections were bypassing the firewall
– Service account was used for day-to-day work
Source:
https://www.hydro.com/en/media/news/2019/hydro-subject-to-cyber-attack/
Source:
https://www.hydro.com/en/media/news/2019/update-on-cyber-attack-april-12/
—
Asco
Source:
https://www.tijd.be/ondernemen/luchtvaart/asco-ligt-al-derde-week-stil-na-cyberaanval/10138910.html
—
—
ABB has services to help protect your assets
—
ABB AbilityTM Cyber Security Services
Portfolio aligns with NIST Cyber Security Framework
Understand risks Remediate key risks Monitor for attacks Build resiliency Continued support
– Perform assessments – Provide validated – Monitor systems to – Execute incident – ABB can provide
and collect inventory to updates and detect breaches and response exercises to training, assessment
identify what needs to implement custom vulnerabilities. Collect prepare for an incident services, strategy /
be protected configured solutions and analyze security if compromised. policy creation, and
for endpoint logs Reduce impact of compliance services
protection incident by recovering and vulnerability
quickly testing
ABB Solutions
– Cyber Asset Inventory – Malware Protection – Whitelisting – Incident Response – Cyber Solution Updates
– Cyber Security Fingerprint – Security Patch – Anomaly Detection – Cyber Drills – Network Design Support
– Threat Intelligence Management
– Security Log Collection – Malware Analysis
– System Hardening
– Security Event Monitoring – System Restoration
– Backup and Recovery (SIEM)
– User and Access – Network Monitoring
Management
– Network Management
Key functions
– Passive probing of the network
• Using SPAN/MIRROR
• New devices which communicate will be automatically
detected
Key functions
– Data collector & analysis towards KPIs
– Fingerprint following the MCS Fingerprint philosophy 800xA
Key functions
– Traditional Anti Virus
• Still a “must have”
• Current support for McAfee VirusScan Enterprise and
Symantec EndPoint Protection
– Whitelisting
• SE46 is EOS and EOL end of 2019
• Validating McAfee Application Control as replacement*
– 3rd Party EPP Validation-as-a-Service**
• New technologies for EPP change the market
• Growing variety of suppliers and solutions
• A validation service for 3rd party software allows to support
customer requests, which are not covered out of the box
* Validation ongoing
25 September 2019 Slide 17
** Scheduled to be released 2020
—
ABB AbilityTM Cyber Security Updates
Would have prevented using known weaknesses in the system
Key functions
– Online deployment Cloud My Control System
• Via local WSUS Status
– Offline deployment**
• Via import to a local WSUS
• Via import to the Service Station* RAP
on premise
L3 DCS
L 1-2
– Local WSUS
– Service Station*
Key functions
– Collector and forwarder for events to various SIEM’s in market
• Supporting Syslog RFC 5424, LEEF and CEF formatting
• Adding the SID as unique identifier to the message
– Support active ABB control systems
– Use of on-Premise MCS for
• Preprocessing of events with correlation rules
• Log Aggregation
• Monitoring and reporting
Key functions
– Standardization across Business Units/Countries
– Support New Windows Operating Systems
– Support Hybrid Control Systems
– Native Product Support DCS Hardening Package
contains system settings
– Hardening non-Windows devices (e.g. BIOS, USB ports, switches)
NE840 NE871
Client/Server networks
NE870
NE820
Field network
backbone
Field network
ring
Power and
Process Equipment
Key functions
– Patching
• Online / Offline
ABB Ability™ ABB Ability™
– Anti malware Service Station Cloud Services
(optional)
3rd party solutions 3rd party Modules Flexible options
• Anti Virus Links to interface •
•
Patching
Endpoint
backup example
• Acronis
Protection • Quest
• Whitelisting •
•
Backup
Remote Access
• Veaam
– Local dashboard
Dashboards ABB Modules and
– Backup & Recovery solution Navigation/Search tools
• Assets • MCS On-Premise
– Remote Access • Tags
Status
•
•
Log Aggregation
SPDC ABB Ability™
• Endpoint • Event forwarder myABB/MCS/SUS
– Log aggregation •
protection
Updates
• Hardening
– SPDC • DCS health ABB Ability™
ABB Ability™ EDGE
Actions •
Initiate update Asset Inventory
– Asset Inventory
• •
• Initiate backup • Fleet management ABB Ability™
Reporting Platform