Distributed NMS Innovative Cyber Security Solution Unrestricted Siemens

Distributed NMS - Innovative Cyber Security Solution Unrestricted © Siemens 2021 siemens. com

Cyber Security - Distributed Network Management Cyber Security Key Elements Application Security User Compliance Disaster Recovery Network Security Information Security NMS Protection Measures Standardized user management and sophisticated role-based access control with session management Intuitive Firewall/NAT configuration and policy-based network administration with automatic device trust management System integrity validation, Brute force prevention, strong password policies and built-in PKI administration NMS Security Life Cycle Identify and assess threat and risks in the categories of technology, system and network architecture Implement a holistic approach to address threat and vulnerabilities related findings and recommendations Examine, Detect, Prevent and Respond to security threats consistently to avoid damage and downtime of the network Unrestricted © Siemens 2021 Page 2

Centralized PKI management for NMS & OT network Need In the digitalization era, NMS is a central gateway for hackers to steal network and/or user credentials, sniffing network traffic. . etc intrusion attacks rising rapidly. The challenge is multi-fold if the NMS is deployed as distributed system. Solution Centralized PKI management hosted in the Control node is responsible for generating the standard X 509 certificates, activate, revoke and renew the certificates for the complete NMS system and tens and thousands of devices in the OT network. Control node plays the role of Certificate Authority and Operation node plays role of Regional Authority. Benefit Novelty: Customers need not understand the complicated cryptographic algorithms to realize the PKI. NMS offers easy to use interface to seamlessly manage thousands of certificates in a secure and reliable way. Certificates are highly customizable according to the company policies with respect to RBAC, renewal frequency and X 509 parameters. Unrestricted © Siemens 2021 Page 3

Trust management of devices in OT network Need Devices in OT network must fulfill various security requirements such as authentication (each device to be uniquely identified; so that any impersonating node can be detected), confidentiality (network traffic to be revealed only to authorized entities). NMS system managing these devices must be sensitive for the trust of the devices. Solution NMS system does the trust management of tens of thousands of devices by reading the certificate fingerprints of HTTPS and SSH protocols. User must confirm the fingerprint values before any sensitive configuration activities for the devices being carried out. Benefits Novelty: Customers need not worry much about network intrusions. Any malicious devices scanned in the network can be reported through alarms and blacklisted by the system automatically. Only trusted devices will be able to participate and receive network configurations. Unrestricted © Siemens 2021 Page 4

Enterpise (IT / OT) Network Security via Communication relations Need Convergence between IT and OT demands consistent deployment and update of security policies across the network by making sure that all firewall-rules and NAT-rules are configured correctly to prevent security incidents. It would be more challenging in case of geographically distributed network with thousands policies accumulated over a period. Solution Communication relations that helps customers to define Firewall-rules and NAT-translations intuitively. With this innovative approach, the system then automagically generates the device-specific rules and enforces to the network devices. It also helps administrator to identify the mismatch between rules that are generated within NMS and that deployed on Firewall/NAT devices. Benefits Communication barrier between IT and OT can be eliminated due to cyber-security threats Simplified and automated security policy management that saves time and reduces risk Unrestricted © Siemens 2021 Page 5

Enforcing secure protocols and ciphers in OT network Need In the modern world, security protocols and ciphers are being outdated frequently. A protocol considered secure a year back is no more secure now. NMS system monitoring and managing heterogenous devices need to be vigilant on the strong / weak network protocols and ciphers. This will ensure that Confidentiality, Integrity of the network is not compromised. Solution NMS system will first assess security grade of the protocols and ciphers during initial handshake with the devices. If found secure, then only proceed with further monitoring and configuration with those devices that satisfy organization's desired security grade. Benefits Novelty: Customers can be informed about the potential vulnerabilities due to not meeting the security grade of the protocols. This will help them to talk to the respective device vendors to improve the security of the communication protocols and upgrade their device firmware. Customers can decide to manage the devices depending on the deployment environment. Unrestricted © Siemens 2021 Page 6

System Integrity Check and Validation Need System integrity is essential for protecting the own application and protecting the entire assets in IT and OT network. Any compromise in the integrity introduced by trojanized binaries can lead to catastrophic failures for the entire system and the network. Solution Every binary shipped and deployed in the customer environment must be signed by authorized authorities. All the critical files and folders are access control such that only administrators will be able to access file(s) by hardening the system. Additionally, customers will have facility to manually do the integrity check within the application for any suspects. Benefits Novelty: Customers can always trust the application if it is signed by “Siemens AG” as the publisher. Customers can be free from hardening application independent of any such policies existence in their organization at OS level Unrestricted © Siemens 2021 Page 7

Thank you! Aswani Sripada Product Manager aswani. sripada@siemens. com Karthik Raman Product Architect karthik. raman@siemens. com ADV D AA DPI-NM Siemens Technology & Services Private Limited Bangalore - 100 Unrestricted © Siemens 2021 Page 8