Connected Services

Portfolio Overview

Thomas House
Business Development Lead – Rockwell Automation
May 2018

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved.

A Secure Information Infrastructure enables Digital Transformation

ASSET PERFORMANCE

4 Manage Your System Performance REDUCE

DOWNTIME 30%

3 Manage Your Asset Performance

REDUCE
MTTR 76%
REDUCE
2 Protect and Maintain Your Infrastructure MAINTENANCE
COST 20%
1 Build Your Secure Infrastructure
SHORTEN
PROJECT
TIMELINE 50%
INFRASTRUCTURE DEVELOPMENT
& MANAGEMENT

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 3

Accelerating Digital Transformation
CONSULTING
SERVICES

ASSESS DESIGN IMPLEMENT SUPPORT &

MANAGE
PRE-ENGINEERED
SOLUTIONS

Industrial Network Industrial Data

Distribution Solution Center

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 4

 Infrastructure as a
Service

S CALABLE I NFRASTRUCTURE S UPPORT

Infrastructure
TECHC ONNECT – MANAGED SERVICES Administration

Threat Detection

Asset Health
Monitoring

Secure Remote
Access

Manufacturing IT
Support

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 5

WHAT IS MANUFACTURING IT SUPPORT?

Extend the Lifecycle of Your IT Assets

Technical Parts
Support Replacement
Flexible Contract Terms

Emergency One Number for Multi-Vendor Technical Support

Onsite Support

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 6

Achieving Secure Device Connectivity

RA Cloud
MVD Cloud Application
Platform

 Secure Outbound Only Connection

 Secure Socket Layer (SSL) and Transport Layer
Security (TLS)
 Federal Information Processing Standards
(FIPS) – NIST standard
 Secure tunnel to individual devices
 No VPN for IT to configure or maintain

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 7

 ASSET HEALTH MONITORING

INFRASTRUCTURE – AUTOMATION – CONTROL

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 8

 Asset inventory through passive
network analysis

Auto baseline development and

behavioral anomaly detection

THREAT
DETECTION
SERVICES Security and operational event
monitoring and response
Powered by

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 9

REMOTE MONITORING AND ADMIN SUPPORT

Service Level Agreement

response time averages
Response
Time
3 minutes

Trained IT/OT
Remote
Expertise Monitoring and Maintenance
Administration

Proactive system
Prevention maintenance

24/7 Monitoring

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 10

OT Infrastructure Managed Services

46 Sites

1588 Server Images

436 Switches

10 Minute Service Level Agreement

1 Monthly Fee / Number to Call

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 11

WHAT IS IAAS?

IaaS is your industrial infrastructure delivered as a service over 5 years

24x7
24x7
Remote
Remote Monitoring
Monitoring
and and
Administration
Administration

Industrial Industrial Network

Data Center Distribution Solution

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 12

 Offsite Advanced
Technologies
Support

24x7 Proactive Support

OT Infrastructure as a Service (IaaS) 90% Reduction in
Troubleshooting Time

ELIMINATED
100%
OF CAPEX
PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 13
PREDICTIVE MAINTENANCE

Predictive Maintenance Report for Compressor Station in Oil Pipeline

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 14
 IoT platform with:
PREDICTIVE • Remote Monitoring
MAINTENANCE • Data Collection and Trending
Analytics
AS A SERVICE • Predictive Maintenance

DATA Measure global performance

Improve machine design
DRIVEN Improve uptime
Schedule preventative maintenance
ACTION

PREDICT UNPLANNED DOWNTIME

Save thousands of dollars per minute 15

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved.
Cyber Security

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 16

 CHALLENGES FACING INUDSTRIAL
INFRASTRUCTURE

Skills Gap Vulnerability Inflexibility IT/OT Convergence

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 17

 INDUSTRIAL CYBER RISK EQUATION

Vulnerabilities Threats Consequences

Countermeasures
Basic Industrial Cyber
Advanced Countermeasures
Hygiene

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 18

 OT vs. IT
Priority is
Priority is availability
confidentiality

Architectures are Architectures are

proprietary ubiquitous

End-points are End-points are of

heterogeneous, task homogenous, multi-
specific with long purpose with short
lifespans lifespans

Outcomes are physical

Outcomes are digital

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 19

 ICS THREAT ACTORS

Nation States Insiders Terrorists Hacktivists Cyber Criminals

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 20

 ICS-Focused Campaigns, Attacks, Frequency
2010 2011 2012 2013 2014 2015 2016 2017

STUXNET NIGHT SHAMOON RED HAVEX BLACKENERGY BLACKENERGY NOTPETYA

Worm Targeting DRAGON OCTOBER Industrial Control
Virus Targeting Cyber-Espionage Malware Injected into Malware Injected into Ransomware Malware
SCADA and Modifying Energy Sector Malware Targeting System Remote
Advanced Persistent Ukrainian Power Power Company Based
PLCs Largest Gov’t & Research Access Trojan &
Threat Targeting Company Network, Network, Attackers Cut On Stolen NSA
Global Energy Wipe Attack Organizations Information Stealer Cut Power to the Power to the Affected Exploits that Impacted
Affected Region. Region. ICS Systems

OPERATION FLAME
DUQU HEARTBLEED
AURORA Virus use for Security Bug and
APT Cyber Attack on Worm Targeting ICS Targeted Cyber Vulnerability OP GHOUL
20+ High Tech, Information INDUSTROYER
Espionage in the Exploited
Security & Defense Gathering
Middle East Spear-phishing
Companies and Stealing by Attackers Campaign Malware Targeting
Targeting Middle Electric Utility – Used
GAUSS in 2016 Ukraine Grid
East Industrial Attack
Information Stealer Organizations
Malware

WANNACRY
General ransomware
which impacted ICS
ICS CERT INCIDENT COUNT Systems
**Only Reported Incidents in U.S. 295 290
257 245
197
140

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 21

 ICS THREAT VECTORS
IT Network
Direct Attack
via
IT Network

DMZ
Insider
Threat
OT Network

Direct Attack
on Plant
Network

VPN Device

ICS Supply Chain USB

Indirect Attack
External
Remote Maintenance On-Site Maintenance Adversaries
(Compromised VPN) (Compromised Device)

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 22

ICS SECURITY METHODOLOGY:
STRATEGIC VS. TACTICAL

Define Risk Assess Develop / Implement Manage,

Tolerance and Posture Iterate
Business Vulnerabilities Security
Prioritized Monitor, and
Impact Threats Profile Action Plan Respond

Strategic Tactical

Securing your operations networks with risk based approach

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 23

 Attack Continuum

BEFORE DURING AFTER

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved.

cybersecurity framework 24
Basic Cybersecurity - Hygiene
 Asset management: know your assets and their potential risk
 Authentication Authorization Accounting: know your users
 Implement patch management policies and procedures
 Computer and mobile endpoint protection
 Disaster recovery (Backup and Restore)
 Raise awareness to personnel
 Basic network security tasks

BEFORE DURING AFTER

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 25

Reduce Your Risk – Secure Network Infrastructure

IT SOC IT Core Switch

Enterprise Zone: Levels 4-5 and Firewall

Industrial Demilitarized Zone (IDMZ)

IDMZ
Firewalls
Industrial Zone: Levels 0-3

Level 3 – Site Operations

OT Core Switch

Level 2 – Area Supervisory Control

Level 1 - Controller
Control System Machine
Level 0 - Process

Cell

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 26

 A PROACTIVE APPROACH TO INDUSTRIAL CYBER SECURITY
ATTACK CONTINUUM

BEFORE DURING AFTER

Identify & Protect Detect Respond & Recover
Asset Inventory Real-Time Threat Backup and Recovery
Services Detection Services Solutions

Qualified Patch Remote Monitoring and

Management Administration Services

Vulnerability and Incident Handling

Risk Assessments and Response

ICS Security Zone and Incident Response and Disaster

Countermeasure Recovery Planning Services
Deployment

BUILD A SECURE, ROBUST, FUTURE-READY NETWORK FOR YOUR CONNECTED ENTERPRISE

ASSESS DESIGN IMPLEMENT MONITOR

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 27

 Asset inventory through passive
network analysis

Auto baseline development and

behavioral anomaly detection

THREAT
DETECTION
SERVICES Security and operational event
monitoring and response
Powered by

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 28

 Trained IT/OT Incident
Responders monitoring and
analyzing alerts

Response Plan
Alerts and Events are correlated
to gain insight into the Contain
anomalous behavior

Eradicate
Response Plan provided with
actions to take to contain,
eradicate and recover. Recover

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 29

Event Types Recognized

Critical Events
Configuration Download Anomalous Behavior
Configuration Upload
Events
Data Acquisition (read)
Data Acquisition (write)
Firmware Upgrade
Operational Programming
Change Mode Remote Connection
(Start\Stop) File Transfer
Online Edit Alarm & Events
Failed login Redundancy
New Asset Diagnosis
Man-in-the-Middle Authentication Failure
Cyber Port Scan
IP Address Conflict
PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 30
Deep Packet Inspection Coverage
Vendors OT Protocols IT Protocols
• Modbus modicon • Profinet-DCP • TCP/IP • CDP
Modsoft/Execload • Bacnet • SNMP • LLDP
unity
• Emerson ROC • SSH • DCE/RPC
• Siemens S7/S7-Plus
• OMRON Fins • HTTP / HTTPS • DHCP V4/V6
• Siemens P2
• ABB TotalFlow • Telnet • ARP
• EtherNet/IP + CIP (including Rockwell
Automation extension)
New • FTP • VNC

• PCCC/CPSv4 • Triconex (TSAA, Tristation) • SMB / CIFS • TFTP

• GE SRTP • Honeywell FTE • DNS • NTP

• Yokogawa VNet/IP • CCC (Proconos) • ICMP • RDP

• Emerson Ovation DCS protocols • EGD • IGMP • SSL

• Emerson DeltaV DCS protocols • Profibus • Browser • NTLMSSP

• Melsec/Melsoft • Modbus RTU • FTP • ATSVC

• ABB 800xA DCS protocols MMS • Lantronix • SMB2 • SMB-PIPE

(including ABB extension) • CTI

• Sattbus • Bently Nevada
• OPC DA/AE/UA • Opto
• IEC104
• DNP3

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 31

 Patch Management Self Service: You have the patches you need
specifically for your environment and may update
them as you see fit.

Customer

Connected
Services
or
Fully Patched and
Stages Patches in an Connected secure ICS
Releases Patch PatchQual Lab Tests Services
Rollups: Patch Rollups: Microsoft Azure based infrastructure
• Security Fix • Qualification WSUS:
• Quality Fix Levels (Fully, • Fully Qualified
Partially, etc) Patches to match Managed: Using vSphere HA and WSUS we will
customer’s work with your team to remotely test, verify and
OS/Applications apply patches based on standard/best practice
Revision procedure that meet your production workflows

Microsoft Rockwell Automation Your Infrastructure

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 32
What about Virtual Patching? BEFORE DURING

Updated threat detection rule-sets

The Stratix® 5950 Security Appliance with

Cisco Talos

Device Agnostic network-level threat

monitoring

Stratix 5950 with DPI, the Talos OpenAppID

rules

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 33

FactoryTalk® AssetCentre
Incident Audit and Response

BEFORE DURING AFTER

ARCHIVE & DISASTER EXTENSIBILITY CONFIGURATION

RECOVERY AUDIT SECURITY & CALIBRATION

• Centrally manage • Track user actions • Restrict viewing of • Ability to extend • Support for
versions of – Who did What, artifacts and add support Process Device
programs, files & When, Where? • Help prevent for 3rd party Configuration
folders • Produce adhoc unauthorized devices using FDT-DTM
• Automate backup reports associating access to make • Web client technology
of automation users, assets, and changes available to track • Paperless
assets programs to paint • Help prevent assets from a management of
• Generate detailed a full picture unauthorized users mobile device instrument
difference • Automate the from creating new calibration data
detection reports reporting process versions
of assets via email 34
PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved.