Chapter 13 - 03 - Understand OT Concepts, Devices, and Protocols - 02_ocred.pdf

Full Transcript

Certified Cybersecurity Technician 1oT and OT Security Exam 212-82 IT/OT Convergence (IIOT) Improved security, quality and productivity. Storage and Data Processing sQy, Java, Python, etc. IT/OT convergence is the integration of IT computing systems and OT operation monitoring systems to bridge the gap between IT/OT technologies for improving overall security, efficiency, and productivity The IT/OT convergence can enable smart manufacturing known as industry 4.0, where loT applications are used in industrial operations Using this Internet of Things (loT) for industrial operations such as monitoring supply chains, manufacturing and management systems is referred to as Industrial Internet of Things (lloT) Copyright © by EC-Council AN Rights Reserved. Reproductionis Strictly Prohibited. IT/OT Convergence (IIOT) IT/OT convergence is the integration of IT (information technology) computing systems and OT operation monitoring systems. Bridging the gap between IT and OT can improve the overall business, producing faster and efficient results. IT/OT convergence is not just about combining technologies but also about teams and are found in their respective such as programming, updating whereas OT teams ensure overall and industrial equipment. and operations. IT and OT teams are traditionally separated domains. For instance, IT teams monitor internal processes systems, and safeguarding networks from cyber-attacks, maintenance and management, including that of employees IT/OT teams are required to understand each other’s operations and working structure. This does not mean switching IT engineers into field/plant engineers or vice versa; it is about building a bridge between them to co-operate with each other to improve security, efficiency, quality, and productivity. Benefits of merging OT with IT IT/OT convergence can enable smart manufacturing applications are used in industrial operations. monitoring supply-chain, manufacturing, and known as industry 4.0, in which loT Using the loT for industrial operations such as management systems is referred to as the Industrial Internet of Things (lloT). The following are some of the benefits of converging IT/OT: = Enhancing Decision Making: Decision making can be enhanced by integrating OT data into business intelligence solutions. * Enhancing Automation: Business flow and industrial control operations optimized by OT/IT merging; together they can improve the automation. Module 13 Page 1597 can be Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician loT and OT Security = Exam 212-82 Expedite Business Output: IT/OT convergence can organize or streamline development projects to accelerate business output. = Minimizing Expenses: Reduces the technological and organizational overheads. = Mitigating Risks: Merging these two fields can improve overall productivity, security, and reliability, as well as ensuring scalability. Mechanical Devices P STTTTTTITIPIrrpS SCADA Goorrnrene £ asrasnssnssnsasnsanse OT = ey PLCs Crrrrrnnns \ RTUs % O TTTTT PP Improved security, quality and IT Cloud.............. » Internet CETTTRPPIITY. Networks productivity Storage and Data Processing sQL, Java, Python, etc. Figure 13.14: IT/OT convergence Module 13 Page 1598 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician loT and OT Security Exam 212-82 The Purdue Model t=l i IT Systems (Enterprise Zone) _ Level 5 Enterprise Network Level 4 Business Logistics Systems - TR T i g oT ke "fl," i - Industrial Demilitarized Zone (IDMZ) Systems b.” mr |J \‘ || “I | : Hm-i -. (Manufact urin Zone) Copyright © by The Purdue All Rights Reserved. Reproduction Model The Purdue model is derived from the Purdue Enterprise Reference Architecture (PERA) model, which is a widely used conceptual model that describes the internal connections and dependencies of important components in ICS networks. The Purdue model is also known as the Industrial Automation and Control System reference model. The Purdue model consists of three zones: the manufacturing zone (OT) and enterprise zone (IT), separated by a demilitarized zone (DMZ), which is used to restrict direct communication between the OT and IT systems. The intention behind adding this extra layer is to confine the network or system compromises within this layer and provide uninterrupted production. The three zones are further divided into several operational levels. Each zone, with associated levels, is described below: IT Systems (Enterprise Zone) I Level 5 P —. " P Enterprise Network Level 4 Business Logistics Systems Industrial Demilitarized Zone (IDMZ2) oT A (Manufact uring Zone) Hfifihi Dpe y i i Dperation Basic Controls/Intelligent Devices Level 0 Physlcal Process Figure 13.15: The Purdue model Module 13 Page 1599 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 1oT and OT Security Enterprise Zone (IT Systems) The enterprise security zone is a part of IT, in which supply-chain management and scheduling are performed using business systems such as SAP and ERP. It also locates the data centers, users, and cloud access. The enterprise zone consists of two levels. o Level 5 (Enterprise Network) This is a corporate level network where business operations such as B2B (businessto-business) and B2C (business-to-customer) services are performed. Internet connectivity and management can be handled at this level. The enterprise network systems also accumulate data from all the subsystems located at the individual plants to report the inventory and overall production status. Level 4 (Business Logistics Systems) All the IT systems supporting the production process in the plant lie at this level. Managing schedules, planning, and other logistics of the manufacturing operations are performed here. Level 4 systems include application servers, file servers, database servers, supervising systems, email clients, etc. Manufacturing Zone (OT Systems) All the devices, networks, control, and monitoring manufacturing zone consists of four levels. o systems reside in this zone. The Level 3 (Operational Systems/Site Operations) In this level, the production management, individual plant monitoring, and control functions are defined. Production workflows and output of the desired product are ensured at this level. Production management includes plant performance management systems, production scheduling, batch management, quality assurance, data historians, manufacturing execution/operation management systems (MES/MOMS), laboratories, and process optimization. Production details from lower levels are collected here and can then be transferred to higher levels or can be instructed by higher-level systems. Level 2 (Control Systems/Area Supervisory Controls) Supervising, monitoring, and controlling the physical process is carried out at this level. The control systems can be DCSs, SCADA software, Human—Machine Interfaces (HMIs), real-time software, and other supervisory control systems such as engineering works and PLC line control. Level 1 (Basic Controls/Intelligent Devices) Analyzation and alteration of the physical process can be done at this level. The operations in basic control include “start motors,” “open valves,” “move actuators,” etc. Level 1 systems include analyzers, process sensors, and other instrumentation systems such as Intelligent Electronic Devices (IEDs), PLCs, RTUs, Proportional Integral Derivative (PID) controllers, Equipment Under Control (EUC), and Variable n Module 13 Page 1600 u Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician 10T and OT Security Frequency Exam 212-82 Drives (VFDs). PLC was used in level 2 with a supervisory functionality, but it is used as a control function in level 1. o Level 0 (Physical Process) In this level, the actual physical process is defined, and the product is manufactured. Higher levels control and monitor operations at this level; therefore, this layer is also referred to as Equipment Under Control (EUC). Level O systems include devices, sensors (e.g., speed, temperature, pressure), actuators, or other industrial equipment used to carry out the manufacturing or industrial operations. A minor error in any of the devices at this level can affect overall operations. * Industrial Demilitarized Zone (IDMZ2) The demilitarized zone is a barrier between the manufacturing zone (OT systems) and enterprise zone (IT systems) that enables a secure network connection between the two systems. The zone is created to inspect overall architecture. If any errors or intrusions compromise the working systems, the IDMZ holds the error and allows production to be continued without interruption. IDMZ systems include Microsoft domain controllers, database replication servers, and proxy servers. Module 13 Page 1601 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.