Practical Approaches to Securely Integrating Business and Production

•Download as PPTX, PDF•

6 likes•600 views

Presented @ 2016 ISA Process Control & Safety Symposium, November 10, 2016 The exchange of key information between business operations, suppliers, customers, production, and ultimately the production equipment itself can provide significant financial and productivity advantages. This presentation will discuss some practical approaches to utilizing the cyber security principles from ISA/IEC 62443 in order to integrate the business and production environments. It will also present some of the different solutions for meeting a variety of scenarios, such as data historians, patching/updating, and remote maintenance.

Technology

Standards
Certification
Education & Training
Publishing
Conferences & Exhibits
Practical Approaches to
Securely Integrating
Business and Production
Jim Gilsinn

Presenter
• Jim Gilsinn
– Senior Investigator, Kenexis
– ISA99, Co-Chair
– ISA99-WG2, Co-Chair
– CEH, CISSP
– ISA/IEC 62443 Expert
– 25 Years Eng. Experience
– MSEE

Overview
• Why Integrate Business & Production?
• Things to Consider
• Potential Solutions
• Questions

Why Integrate Business & Production?
• Production to Business
– Production Data
– Historical Data
– Regulatory Requirements
– Network/Security Monitoring
• Business to Production
– Remote Maintenance
– Patch Management
– File Exchange
– Configuration Data
Complete isolation is rarely an option

Things to Consider
• Isolated Zones
• Network Segmentation
• Wireless Integration
• Remote Connections
• Public Infrastructure Integration
• File/Data Transfer
• Monitoring

Isolated Zones
• Are there zones that require network isolation?
• Safety-related systems are a good example
• Set it & forget it!
• May require re-calibration over time
• Can be connected via signal wiring

Network Segmentation
• Firewall vs. Data Diode
– Is bidirectional communication required?
– Human interaction vs. automated bi-directional communication
– “Air-gap” requirement
– Mixed firewall & data diode
• Multi-legged vs. Dual Firewall
– Establish DMZ
– Product diversity
– IT/OT

Wireless Integration
• Will wireless be used?
• What communication protocols?
• What frequency bands?
• Point-to-point vs. omnidirectional?
• Star vs. mesh topology?
• Bandwidth requirements?
• Tolerance for drop-outs?
• Where to integrate into architecture?

Remote Connections
• Personnel, vendors, contractors, MSSP?
• On-site vs. off-site access?
• Continuous vs. scheduled vs. sporadic connectivity?
• Method of connectivity?
• Single-factor vs. multi-factor authentication?
• Connection points within architecture?
• Types of communication allowed?

Public Infrastructure Integration
• More of an issue with SCADA
• Wired vs. terrestrial wireless vs. satellite
• Dedicated vs. leased-line connections
• Service level agreements for ISP
• Contingencies for backup/secondary communications

File/Data Transfer
• Restricting data flows through zone boundaries
• Direct communications vs. servers in DMZ
• File transfer server vs. removable media
• File transfer through remote management connections

Monitoring
• Malware checking
• Ingress/egress filtering
• Continuous monitoring vs. human interaction
• Push vs. pull of monitoring data
• Legacy equipment
• HIDS/NIDS
• Non-networked equipment

People Will Get Things Done
• One way or another, people will get their job done
• Security can’t be seen as an impediment to that
• Provide methods that work easily, but are more secure

Summary
• There are benefits to connecting business and production networks
• There are a variety of things that need to be considered when
connecting business and production networks
• There are practical solutions for security

Standards
Certification
Education & Training
Publishing
Conferences & Exhibits
Thank You for Attending!
Enjoy the rest of the conference.

What's hot

Nist 800 82 ICS Security Auditing Framework

MarcoAfzali

This presentation explains the ANSI/ISA-99 and IEC 62443 standards for industrial control systems (ICS). It describes the Zone and Conduit security model and how it is used in an plant or factory. As well, the issues of security configuration errors are discussed. A case history of zone security deployment for a Safety Integrated System in a refinery is provided. For additional information see www.tofinosecurity.com.

ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)

Byres Security Inc.

Industrial Automation & Control Systems are an integral part of various manufacturing & process industries as well as national critical infrastructure. Concerns regarding cyber-security of control systems are related to both the legacy nature of some of the systems as well as the growing trend to connect industrial control systems to corporate networks. These concerns have led to a number of identified vulnerabilities and have introduced new categories of threats that have not been seen before in the industrial control systems domain. Many of the legacy systems may not have appropriate security capabilities that can defend against modern day threats, and the requirements for availability and performance can preclude using contemporary cyber-security solutions. To address cyber-security issues for industrial control systems, a clear understanding of the security challenges and specific defensive countermeasures is required. The session will highlight some of the latest cyber security risks faced by industrial automation and control systems along with essential security controls & countermeasures.

Critical Infrastructure Security by Subodh Belgi

ClubHack

As we step into the Industrial IoT (Internet of Things) era, network reliability remains the first objective for factory control and automation systems. However, many people are not familiar with the unique requirements of Industrial Networks or their integration with traditional enterprise networks. In this webinar you will learn about the trends for SMART factories, best practices for network integration and some leading technologies available to help you design and build an industrial network that meets your needs today and in the future. Key Takeaways: 1. Understand the unique needs of industrial networks 2. Understand how they interface with traditional IT/Enterprise networks 3. Learn about some available technologies that address these needs

Smart Networks for the Industrial Internet of Things

Creekside Marketing Group, LLC

The rapid growth of connected devices in the industrial sector is driving a significant increase in scope and complexity for industrial networks as they converge with more traditional IT networks. In addition, growing concerns about security, availability and performance are associated with costs that can often exceed the initial investment in networking hardware. In this webinar, we introduce a model for understanding an industrial network’s total cost of ownership (TCO), review the top 5 hidden costs that operators face, and share some tips and tools to lower the TCO for industrial control networks.5 Tips to Reduce Your Industrial Network TCO Here's What We'll Cover: 1. Common networking challenges for industrial users 2. The Total Cost of Ownership model 3. Top 5 hidden industrial networking costs 4. Tips & tools to lower your industrial network’s TCO

Lowering Industrial Network Total Cost of Ownership

Creekside Marketing Group, LLC

Should I Patch My ICS?

Digital Bond

Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...

Digital Bond

Effective Network Security Against Cyber Threats - Network Segmentation Techn...

Jiunn-Jer Sun

Active Directory in ICS: Lessons Learned From The Field

Digital Bond

As security threats evolve and adapt, so too must organizations’ responses to them. The development and application of cybersecurity standards in support of current and new generation industrial automation and control systems (IACS) are of fundamental importance. This presentation will provide practical and useful information on how cybersecurity standards are progressing and how they are applied. The initial focus will be on current activities in the development of the IEC 62443 IACS cybersecurity standards, and implications to the various stakeholders. An illustration will describe how to use the standards to frame the development of secure-by-design products and services, both current and future. Thereafter, the focus will shift to how IEC 62443 standards are used by other industry standards and securing IIoT and associated cloud systems. This is of particular importance in the context of the Open Process Automation Standard (O-PAS).

Contributing to the Development and Application of Cybersecurity Standards

Yokogawa1

Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N

null The Open Security Community

Introduction to Industrial Cybersecurity for Water and Waste Water Operators

Sean R. Bouchard, P.Eng

Cybersecurity for modern industrial systems

Itex Solutions

With the recent publication of ANSI/ISA-62443-3-3-2013, it is possible for end-users, system integrators, and vendors to qualify the capabilities of their systems from an ICS cyber security perspective. This process is not as simple as it may seem, though. In many cases, the capabilities of individual components of a system can be determined from specifications and manuals. The capabilities of the system also needs to be evaluated as a whole to determine how those individual components work together. Component-level and System-level certifications are common practice in the safety environment, and will eventually become common in the ICS cyber security environment as well. Certification bodies, like the ISA Security Compliance Institute (ISCI), have begun the process to develop certification efforts around ISA-62443-3-3. Until many more groups of components and systems have been officially certified, third-party assessments and evaluations will be common. This presentation will discuss an example of how Kenexis Consulting has evaluated a particular vendor’s components and systems to determine compliance with ISA-62443-3-3. The presentation will go through the evaluation methodology used and describe how Kenexis used the evaluation to develop a series of real-world use-cases of the components and system in the ICS environment.

Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3

Jim Gilsinn

Attacking and Defending Autos Via OBD-II from escar Asia

Digital Bond

Critical Infrastructure and Security

Can Demirel

This presentation will review lessons learned from a deployment of behavior-based intrusion detection system (IDS) on a SCADA network that was part of a large-scale energy management system. The IDS architecture, sensor features, and sensor placement within the target SCADA environment proved to be key for successful detection of malicious activity. Challenges included simultaneous monitoring of multiple SCADA protocols (DNP3 and ICCP) across multiple network segments; monitoring of both encrypted and unencrypted network traffic; adapting to slow environment changes to minimize false positive output; and integration of the behavior-based IDS output into an existing monitoring system/SIEM

Lessons Learned for a Behavior-Based IDS in the Energy Sector

EnergySec

S4xJapan Closing Keynote

Digital Bond

Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)

Digital Bond

Hacker Halted 2016 - How to get into ICS security

Chris Sistrunk

What's hot (20)

Nist 800 82 ICS Security Auditing Framework

ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)

Critical Infrastructure Security by Subodh Belgi

Smart Networks for the Industrial Internet of Things

Lowering Industrial Network Total Cost of Ownership

Should I Patch My ICS?

Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...

Effective Network Security Against Cyber Threats - Network Segmentation Techn...

Active Directory in ICS: Lessons Learned From The Field

Contributing to the Development and Application of Cybersecurity Standards

Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N

Introduction to Industrial Cybersecurity for Water and Waste Water Operators

Cybersecurity for modern industrial systems

Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3

Attacking and Defending Autos Via OBD-II from escar Asia

Critical Infrastructure and Security

Lessons Learned for a Behavior-Based IDS in the Energy Sector

S4xJapan Closing Keynote

Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)

Hacker Halted 2016 - How to get into ICS security

Viewers also liked

Havex Deep Dive (English)

Digital Bond

Dynamic Zoning Based On Situational Activity in ICS (Japanese)

Digital Bond

Using Assessment Tools on ICS (English)

Digital Bond

Cibles potentielles de sabotages humains ou de vers informatiques sophistiqués comme Stuxnet, les systèmes de supervision et de contrôle (SCADA) propres aux infrastructures critiques ou vitales sont concernés par toute doctrine de cyberguerre. Cette présentation a pour but d’analyser le coût d’opportunité pour un assaillant entre les différents types d’attaques : modes opératoires, dégâts potentiels, traces laissées, ressources nécessaires. Elle propose aussi des méthodes générales de mitigation (facteur humain, prévention, politiques de sécurité, contrôle d’intégrité des codes, double-source, …) Application Security Forum 2011 27.10.2011 - Yverdon-les-Bains (Suisse) Conférencier: Franck Franchin

ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & Risques

Cyber Security Alliance

ICS Security Training ... What Works and What Is Needed (Japanese)

Digital Bond

Your SCADA system has a vulnerability, now what? I shortly summarize the DNP3 vulnerabilities (and other ICS protocols too). Then I focus on the different mitigations that an ICS owner can do to mitigate these types of protocol implementation vulnerabilities even if there is no patch or patches can't be installed. I also show the importance of doing Network Security Monitoring to help detect and respond to anomalies in ICS/SCADA networks.

BSidesAugusta ICS SCADA Defense

Chris Sistrunk

Monitoring ICS Communications

Digital Bond

ICS Network Security Monitoring (NSM)

Digital Bond

Lessons Learned from the NIST CSF

Digital Bond

Cisco ASA

Thomas Moegli

Viewers also liked (10)

Havex Deep Dive (English)

Dynamic Zoning Based On Situational Activity in ICS (Japanese)

Using Assessment Tools on ICS (English)

ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & Risques

ICS Security Training ... What Works and What Is Needed (Japanese)

BSidesAugusta ICS SCADA Defense

Monitoring ICS Communications

ICS Network Security Monitoring (NSM)

Lessons Learned from the NIST CSF

Cisco ASA

Similar to Practical Approaches to Securely Integrating Business and Production

Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...

Lviv Startup Club

Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?

Edunomica

Many posit that cloud architectures/business models will bring about a more patient, gradual availability model, where failures are either rendered unimportant because of mass replication or load shifting, or they are tolerated in exchange for cheaper services. Whatever the long term promise, the fact is that outages and performance degradation continue to dog the industry. According to the 2017 Uptime Institute Survey, 92% of management are more concerned about outages than one year ago. As your website, mobile app, and the APIs that power them become more distributed, failures resonate outward and have an ever-greater impact on your business. You no longer can just worry about your own on-premise and cloud infrastructure, but must also be aware of your company’s third party SaaS vendors and THEIR infrastructure too. Join Andy Lawrence, Vice President at 451 Research, Engin Akyol, CTO of Distil Networks, and Scott Hilton, VP & GM Product Development of Oracle Dyn for a thought-provoking conversation about next-generation website resiliency. Key takeaways include: - Why you need to treat the risks of binary failures and degradations differently - Resiliency architectures for cloud-optimized and cloud native applications - The importance of software-defined components such as global traffic management, application synchronization, and guaranteed data consistency - How Content Delivery Networks, DDoS protection, and Bot Mitigation complement each other to deliver increased website performance - How non-traditional disruptions like the recent hurricanes can affect your network resiliency - Case Study: Distil Networks field guide for building out a global platform

The Website Resiliency Imperative

Distil Networks

gkkCloudtechnologyassociate(cta)day 2

Anne Starr

Transforming cloud security into an advantage

Moshe Ferber

How to Architect Microgrids for the Industrial Internet of Things

Real-Time Innovations (RTI)

2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...

Eduardo Gonzalez Loumiet, MBA, PMP, CPHIMS

security and compliance in the cloud

Ajay Rathi

Distributed data processing

Ayisha Kowsar

Hadoop Migration to databricks cloud project plan.pptx

yashodhannn

dtechnClouologyassociatepart2

Anne Starr

Security Issues of Cloud Computing

Falgun Rathod

Science DMZ security

Jisc

Get ready to dive into the exciting world of IoT data processing! 🌐📊 Join us for a thought-provoking webinar on "Processing: Turning IoT Data into Intelligence" hosted by industry visionary Deepak Shankar, founder of Mirabilis Design. Discover how to harness the potential of IoT devices by strategically choosing processors that optimize power, performance, and space. In this engaging session, you'll explore key insights: ✅ Impact of processor architecture on Power-Performance-Area optimization ✅ Enabling AI and ML algorithms through precise compute and storage requirements ✅ Future trends in IoT hardware innovation ✅ Strategies for extending battery life and cost prediction through system design Don't miss the chance to learn how to leverage a single IoT Edge processor for multiple applications and much more. This is your opportunity to gain a competitive edge in the evolving IoT landscape.

Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...

Deepak Shankar

Implementing a Disconnected Mobile Application with DSI for Field Operations

Smartbridge

Well_Monitoring_System_DataComm_Technology.pdf

Hari Prasetyo Utomo

AARNet Enterprise Services presentation at QUESTNET 2018

James Sankar

Edge UPDATED.pptx

andre241421

What is Cloud Security, and Can I Have Some?

John Kinsella

Product development organizations are dealing with changing dynamics due to corporate downsizing, outsourcing, and partnerships. Despite these changes, organizations still must empower teams to innovate and produce their design deliverables on time and on budget. This paper will describe how a secure Internet- based Windchill® environment is helping many world-class organizations meet their challenges and effectively get their products to market to meet their goals.

NetIDEAS Inc. - Enabling Global Design Teams with hosted Windchill

Jeff Kiesel

Similar to Practical Approaches to Securely Integrating Business and Production (20)

Dave Davis: Infrastructure Projects – What Makes then Different and Difficult...

Dave Davis: Infrastructure Projects – What Makes then Different and Difficult?

The Website Resiliency Imperative

gkkCloudtechnologyassociate(cta)day 2

Transforming cloud security into an advantage

How to Architect Microgrids for the Industrial Internet of Things

2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...

security and compliance in the cloud

Distributed data processing

Hadoop Migration to databricks cloud project plan.pptx

dtechnClouologyassociatepart2

Security Issues of Cloud Computing

Science DMZ security

Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...

Implementing a Disconnected Mobile Application with DSI for Field Operations

Well_Monitoring_System_DataComm_Technology.pdf

AARNet Enterprise Services presentation at QUESTNET 2018

Edge UPDATED.pptx

What is Cloud Security, and Can I Have Some?

NetIDEAS Inc. - Enabling Global Design Teams with hosted Windchill

More from Jim Gilsinn

Presented: September 21, 2017 At: CS2AI, Washington, DC A decade ago, ISA99 published the first standard in what is now the ISA/IEC 62443 series. Since then, the series has coalesced into the current form consisting of 13 individual documents in various stages of completion, publication, and/or revision. Printing out all of the existing standards and drafts can easily use up more than a ream of paper. It can be a daunting task to try to apply it to an organization. So, what are you supposed to do? How are you supposed to proceed? In this talk, I’ll go over some of the lessons I’ve learned from helping customers develop and evaluate security programs within their organization.

ISA/IEC 62443: Intro and How To

Jim Gilsinn

Presented @ Frederick Linux Users Group (KeyLUG) May 7, 2016 A presentation on protecting Small Office/Home Office (SOHO) networks that I made at the Frederick Linux Users Group (KeyLUG). I work virtually from my home, and this presentation goes through some of my experiences setting up my home network to be better and more secure. I ditched my consumer-grade NAT router and have installed a firewall, commercial-grade wireless access points, and an intrusion detection system (IDS). I'm not finished yet, but this presentation will give you an idea of some of the things that I've done, where I'm thinking about going, and as some things to consider as you setup your own network.

Network Security: Protecting SOHO Networks

Jim Gilsinn

Presented @ BSidesDE, November 14, 2014 Cook like a hacker, and I don’t mean Ramen noodles, take-out pizza, and a bowl of cereal. A lot of hacking involves using a basic set of equipment, learning a powerful set of tools, following a basic set of procedures, a lot of improvising and experimenting, and learning from your mistakes. Cooking is the same. You can cook amazing meals, but it means that you have to be willing to apply a hacker-type mindset to an area that doesn’t involve computers.

Cook Like a Hacker!

Jim Gilsinn

ICS Performance Lab

Jim Gilsinn

Presented at the OPC Foundation's "The Information Revolution 2014" in Redmond, WA August 5-6, 2014 This presentation discusses the modes and methodologies an attacker may use against an industrial control system in order to create a complex process attack. The presentation then discusses some specific examples, both real and hypothetical. The presentation finishes with a description of some common ways in which an organization could defend itself against these types of attacks.

Cyber & Process Attack Scenarios for ICS

Jim Gilsinn

Network performance testing for devices and systems can be a daunting task for vendors and end-users given the cost of test equipment and the investment that the companies have to spend in developing relevant tests and understanding the results. During the last couple years, a group of low cost computing systems have been introduced that are very capable from a functional point of view, but how well do they actually perform? Can they be used in a low-cost performance testing lab system to validate ICS devices before they go into production? Can end-users use them to capture live traffic in their network and get reliable performance results? This talk will discuss how and when different types of equipment can be used to develop a low-cost network performance testing lab. It will also show results from a series of performance tests conducted on some of the equipment and with different testing architectures.

Low-Cost ICS Network Performance Testing

Jim Gilsinn

With the ever increasing number of networking protocols, it can be difficult for vendors, integrators, and end-users to determine how well different products and systems perform in real-world networking situations. Each protocol has their own method of defining traffic streams and message structures. Packet analyzers, like Wireshark, have been developed to interpret individual network packets and can perform rudimentary analysis of traffic streams for well-known packet types. Analyzing industrial protocols usually requires much more massaging of the data and in many cases requires a user to do much of the work by hand. This session will present a method to break-down industrial traffic streams into the core components necessary to analyze their performance. By identifying a few key fields in each protocol, a user can define their own method to identify individual traffic streams and analyze their performance.

You name it, we analyze it

Jim Gilsinn

Wireshark Network Protocol Analyzer

Jim Gilsinn

Presented @ ISA Safety & Security Symposium 2012 Aneheim, CA, April 2012 Wireshark is the de facto network packet analysis tool used in the industry today. It is an easily extensible open–source tool that provides a large number of capabilities for users. It’s not just for IT–based protocols either. Many industrial protocols have created packet decoders for Wireshark. This tutorial will provide the user with: * An introduction to protocol layering * A basic overview of packet capture and analysis * A demonstration of how Wireshark can be used for packet capture and analysis * Examples of some industrial protocol in Wireshark * An explanation of some more advanced features available in Wireshark

Network Packet Analysis with Wireshark

Jim Gilsinn

Presented @ 55th International Instrumentation Symposium League City, Texas, 1–5 June 2009 Ethernet is being used by a wider variety of industrial devices and applications. Industrial applications and systems require deterministic operations that traditional Ethernet and Transport Control Protocol / Internet Protocol (TCP/IP) suites were not originally designed to support. A standardized way to describe and test industrial devices is needed in order to aid users to characterize the performance of their software and hardware applications. The Manufacturing Engineering Laboratory (MEL) of the National Institute of Standards & Technology (NIST) has been working to develop a set of standardized network performance metrics, tests, and tools since 2002. NIST has cooperated with standards organizations and other groups during that time. NIST is presently working on developing an open-source test tool, called Industrial Ethernet Network Performance (IENetP), to aid vendors in characterizing the performance of their devices. The IENetP test tool will be capable of conducting a full series of performance tests and reporting the results to the user. The current version of the software is capable of analyzing network traffic and producing statistics and graphs showing the network performance of a device.

Test Tool for Industrial Ethernet Network Performance (June 2009)

Jim Gilsinn

More from Jim Gilsinn (10)

ISA/IEC 62443: Intro and How To

Network Security: Protecting SOHO Networks

Cook Like a Hacker!

ICS Performance Lab

Cyber & Process Attack Scenarios for ICS

Low-Cost ICS Network Performance Testing

You name it, we analyze it

Wireshark Network Protocol Analyzer

Network Packet Analysis with Wireshark

Test Tool for Industrial Ethernet Network Performance (June 2009)

Recently uploaded

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

CNIC Information System with Pakdata Cf In Pakistan

danishmna97

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

Discover the innovative features and strategic vision that keep WSO2 an industry leader. Explore the exciting 2024 roadmap of WSO2 API management, showcasing innovations, unified APIM/APK control plane, natural language API interaction, and cloud native agility. Discover how open source solutions, microservices architecture, and cloud native technologies unlock seamless API management in today's dynamic landscapes. Leave with a clear blueprint to revolutionize your API journey and achieve industry success!

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Bhuvaneswari Subramani

Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system. About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Victor Rentea

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Retrieval augmented generation (RAG) is the most popular style of large language model application to emerge from 2023. The most basic style of RAG works by vectorizing your data and injecting it into a vector database like Milvus for retrieval to augment the text output generated by an LLM. This is just the beginning. One of the ways that we can extend RAG, and extend AI, is through multilingual use cases. Typical RAG is done in English using embedding models that are trained in English. In this talk, we’ll explore how RAG could work in languages other than English. We’ll explore French, Chinese, and Polish.

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Zilliz

Recently uploaded (20)

Corporate and higher education May webinar.pptx

CNIC Information System with Pakdata Cf In Pakistan

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

MINDCTI Revenue Release Quarter One 2024

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Boost Fertility New Invention Ups Success Rates.pdf

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

WSO2's API Vision: Unifying Control, Empowering Developers

AWS Community Day CPH - Three problems of Terraform

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

How to Troubleshoot Apps for the Modern Connected Worker

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Artificial Intelligence Chap.5 : Uncertainty

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

FWD Group - Insurer Innovation Award 2024

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Practical Approaches to Securely Integrating Business and Production

1. Standards Certification Education & Training Publishing Conferences & Exhibits Practical Approaches to Securely Integrating Business and Production Jim Gilsinn

2. Presenter • Jim Gilsinn – Senior Investigator, Kenexis – ISA99, Co-Chair – ISA99-WG2, Co-Chair – CEH, CISSP – ISA/IEC 62443 Expert – 25 Years Eng. Experience – MSEE

3. Overview • Why Integrate Business & Production? • Things to Consider • Potential Solutions • Questions

4. Why Integrate Business & Production? • Production to Business – Production Data – Historical Data – Regulatory Requirements – Network/Security Monitoring • Business to Production – Remote Maintenance – Patch Management – File Exchange – Configuration Data Complete isolation is rarely an option

5. THINGS TO CONSIDER

6. Things to Consider • Isolated Zones • Network Segmentation • Wireless Integration • Remote Connections • Public Infrastructure Integration • File/Data Transfer • Monitoring

7. Isolated Zones • Are there zones that require network isolation? • Safety-related systems are a good example • Set it & forget it! • May require re-calibration over time • Can be connected via signal wiring

8. Network Segmentation • Firewall vs. Data Diode – Is bidirectional communication required? – Human interaction vs. automated bi-directional communication – “Air-gap” requirement – Mixed firewall & data diode • Multi-legged vs. Dual Firewall – Establish DMZ – Product diversity – IT/OT

9. Wireless Integration • Will wireless be used? • What communication protocols? • What frequency bands? • Point-to-point vs. omnidirectional? • Star vs. mesh topology? • Bandwidth requirements? • Tolerance for drop-outs? • Where to integrate into architecture?

10. Remote Connections • Personnel, vendors, contractors, MSSP? • On-site vs. off-site access? • Continuous vs. scheduled vs. sporadic connectivity? • Method of connectivity? • Single-factor vs. multi-factor authentication? • Connection points within architecture? • Types of communication allowed?

11. Public Infrastructure Integration • More of an issue with SCADA • Wired vs. terrestrial wireless vs. satellite • Dedicated vs. leased-line connections • Service level agreements for ISP • Contingencies for backup/secondary communications

12. File/Data Transfer • Restricting data flows through zone boundaries • Direct communications vs. servers in DMZ • File transfer server vs. removable media • File transfer through remote management connections

13. Monitoring • Malware checking • Ingress/egress filtering • Continuous monitoring vs. human interaction • Push vs. pull of monitoring data • Legacy equipment • HIDS/NIDS • Non-networked equipment

14. People Will Get Things Done • One way or another, people will get their job done • Security can’t be seen as an impediment to that • Provide methods that work easily, but are more secure

15. POTENTIAL SOLUTIONS

16. Engineering User

17. File Transfer

18. Administrator User – Patch Management

19. Remote Maintenance

20. Historian Replication

21. Domain Controllers

22. Web Access – License Activation Server

23. SUMMARY

24. Summary • There are benefits to connecting business and production networks • There are a variety of things that need to be considered when connecting business and production networks • There are practical solutions for security

25. Questions

26. Standards Certification Education & Training Publishing Conferences & Exhibits Thank You for Attending! Enjoy the rest of the conference.

Practical Approaches to Securely Integrating Business and Production

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (10)

Similar to Practical Approaches to Securely Integrating Business and Production

Similar to Practical Approaches to Securely Integrating Business and Production (20)

More from Jim Gilsinn

More from Jim Gilsinn (10)

Recently uploaded

Recently uploaded (20)

Practical Approaches to Securely Integrating Business and Production