Upload
dinhtram
View
222
Download
4
Embed Size (px)
Citation preview
Copyright © The Open Group 2017
The Open Process Automation(tm) Forum: Developing a standards-based, open, secure, interoperable process control architecture
Jim Hietala VP, Security and Business DevelopmentCISSP, GSEC, Open FAIR™[email protected]
Copyright © The Open Group 2017
Agenda
2
» About The Open Group» Drivers for Change in Process Control
Systems » Lessons Learned from Standards Efforts in
Other Industries» Open Process Automation Forum Overview
Copyright © The Open Group 2017
The Open Group is ...
AustraliaBelgiumBrazilCanadaChinaColombiaCzech RepublicDenmarkFinlandFranceGermanyHong KongIndiaIrelandItalyJapanKoreaLuxembourgMalaysiaMexico
570+ Member Enterprises in 40 CountriesStaff and local partners in 12 Countries
NetherlandsNew Zealand
NigeriaNorway
PhilippinesPoland
PortugalQatar
Saudi ArabiaSingapore
South AfricaSpain
SwedenSwitzerland
TaiwanTurkey
UKUnited Arab Emirates
USAVietnam
3
Copyright © The Open Group 2017
Forums of The Open Group: New - Open Process Automation™ Forum
4
The Open GroupArchiMate® Forum
The Open GroupArchitecture Forum
The Open GroupSecurity Forum
Open Trusted Technology Forum
Build with Integrity, Buy with Confidence
RISK
The Open GroupIT4IT™ Forum
Managing the Business of IT
Dependability through
Assuredness™
Real-Time & Embedded
Systems Forum
Open Platform 3.0®
Cloud, Social, Big Data and IoT
PlatformForum
POSIX and Others
4
The Open GroupOpen Process
Automation™ Forum
Develop a Standards-based, Open, Secure, Interoperable Process Control Architecture
Copyright © The Open Group 2017
Industry Verticals & Consortia
5
The Open GroupHealthcare Forum
The Open GroupExploration Mining Metals and Minerals
Forum
DirecNet® Task ForceThe Open Group FACE Consortium
Verticals
Consortia
*Gated US-Only due to Export Controls on US DoD and their supplier
base
5
Copyright © The Open Group 2017Copyright © The Open Group 2016
Drivers for Change in Process Control Systems
6
Copyright © The Open Group 2017Copyright © The Open Group 201
Drivers for Change in Process Control (DCS) Systems
» Enable agility in introducing new capabilities into existing networks, realize value from technology improvements faster than once every ~20 years
» Reduce proprietary vendor lock-in and drive interoperability» Remove non-productive cost for suppliers and for asset
owners» Create a bigger market opportunity» Take advantage of new technologies, e.g. IIoT, cloud» Reduce capital expense for process control systems
(replacements or upgrades)» Cybersecurity…enable intrinsic security capabilities
7
Copyright © The Open Group 2017Copyright © The Open Group 201
Cybersecurity Challenges from IIoT
» Dramatic growth in IoT, while IIoT adoption is gated (largely) by security concerns
» IoT & IIoT risk & security are highly use case dependent» Proposed US legislation on security characteristics for
Fed procurements of IoT/IIoT– Patchable– No known vulnerabilities, disclosure of vuln. – No hard coded passwords
» Lack of definition of what it means to be “securable” in the context of IIoT
8
Copyright © The Open Group 2017Copyright © The Open Group 201
Control Systems & Cybersecurity
» Many users are critical infrastructure industries
» Threat landscape– Recent DHS/FBI
warning on targeted attacks aimed at nuclear, energy, aviation, water and critical manufacturing industries, threat vector = IT to OT interface
– Nation states, hacktivism, cyberwarfare
9
Copyright © The Open Group 2017Copyright © The Open Group 201
Control Systems, Users Perception of Risk
10
SANS ICS Security Survey data from 2016 ICS cybersecurity survey of 234 respondents, 60% US based
Copyright © The Open Group 2017
Control Systems Vulnerabilities
11
Copyright © The Open Group 2017Copyright © The Open Group 201 12SANS ICS Security Survey data from 2016 ICS cybersecurity survey
Copyright © The Open Group 2017Copyright © The Open Group 201 13
SANS ICS Security Survey data from 2016 ICS cybersecurity survey
Copyright © The Open Group 2017Copyright © The Open Group 201 14
SANS ICS Security Survey data from 2016 ICS cybersecurity survey
Copyright © The Open Group 2017Copyright © The Open Group 201 15
SANS ICS Security Survey data from 2016 ICS cybersecurity survey
Copyright © The Open Group 2017
Point Product Proliferation: Where IT Failed at Security
16
Copyright © The Open Group 2017Copyright © The Open Group 201
Implications
» Few technical standards in IT security…» Bolt-on brings lack of integration/interoperability, and a
degree of vendor lock-in» Custom work required of vendors/integrators/customers
to enable solution integration & interoperability» Vendor overload, requirement to deal with many small
vendors solving narrow security problems» Attack surface issues in gaps between products/security
functionality
17
Copyright © The Open Group 2017Copyright © The Open Group 2016
Standards Lessons Learned from Other Industries
18
Copyright © The Open Group 2017Copyright © The Open Group 201
UNIX Case Study
» Problem: Proliferation of incompatible IT hardware and software, lack of standards, no interoperability, no portability & reuse of software
» Solution: UNIX standard, conformance program and licensed trademark developed by The Open Group– Significant buy-side push from US & other government buyers helped
create the market to ensure suppliers commitment to open standards» Lessons learned:
– Need strong buy-side representation– Standards are hard, bringing a rigorously vendor-neutral, consensus-based
approach and a well defined standards process is key– Keeping the business issues in scope helps ensure that the standard leads
to market adoption & uptake, e.g. procurement and business guides– Standards can require a long view: UNIX remains a very large market,
$10’s of Billions/year 20+ years into the standard/conformance program
19
Copyright © The Open Group 2017Copyright © The Open Group 201
FACE Case Study
» Problem: US military avionics systems were proprietary, and costs were escalating at an unsustainable pace
– Multiple branches of the military were affected, and were looking for a way to bring down development costs for these systems
» Solution: FACE Consortium, FACE technical standard driving interoperability & reuse, and FACE conformance program developed by The Open Group
– Open Group stood up a focused consortium to develop the standard, FACE, and the work included business guide US DoD convened leaders in the IT industry via The Open Group to address this
– Significant procurements now requiring FACE conformance, 5 years in» Lessons learned:
– Strong buy-side and supply-side representation important– Focus on understanding the ecosystem, business issues (business guide, and procurement
guide) and adoption key– Some early participants were there for defensive reasons, but have now become big
supporters
(FACE = Future Airborne Capability Environment)
20
Copyright © The Open Group 2017Copyright © The Open Group 2016
Open Process Automation Forum™ Overview
21
Copyright © The Open Group 2017Copyright © The Open Group 201
Who We Are
• Open, consensus-based group of: – End users– Hardware, software and solutions suppliers– Systems integrators– Academia– Standards organizations
Copyright © The Open Group 2017Copyright © The Open Group 201
Total Membership to Date = 110
Sampling of Our Members…
Copyright © The Open Group 2017Copyright © The Open Group 201
Who We Are
• Exceptional mix of technology thought leaders and pioneers from several industrial segments
• Composed of several main working committees
– Business Working Group– Standards Working Group– Enterprise Architecture Working Group– Technology Working Group
• Under direction of two co-chairs elected every two years
– Don Bartusiak, Chief Engineer, ExxonMobil Research & Engineering– Trevor Cusworth, Global Account Manager, Schneider Electric
Copyright © The Open Group 2017Copyright © The Open Group 2016
Enterprise Architecture Working Group
Co-Chairs:Mark Bush (Shell)
Dave Emerson (Yokogawa)
Business Working GroupCo-Chairs:
Paul Berlowitz (ExxonMobil)Dennis Stevens (Lockheed Martin)
Open Process Automation™ Forum
Standards Body Interface Working Group
Co-Chairs: Dennis Brandl (Schneider-Electric)Firas Khalil (Siemens Industry Inc.)
Technology Working GroupCo-Chairs:
Steve Bitar (ExxonMobil)Jeff Harding (ABB)
Open Process Automation™ ForumCo-Chairs:
Don Bartusiak (ExxonMobil)Trevor Cusworth (Schneider-Electric)
Steering CommitteeAll Member Organizations
Business Guide Subcommittee
Marketing & Outreach Subcommittee
Conformance Subcommittee
Library Subcommittee
Technical Architecture Subcommittee
Connectivity Framework Subcommittee
Info Model & Standard Configuration SubcommitteeApplication & Library PortabilitySubcommitteeSecurity Architecture Subcommittee
Physical Platform Subcommittee
Systems & Network Management Subcommittee
Requirements Management Subcommittee
Project ManagementJuan Aparicio (Siemens Corporation)
Copyright © The Open Group 2017Copyright © The Open Group 201
What We Do
• Working together to:– Develop a technologically appropriate open
process automation architecture
– Develop specifications and business guidance for architecture adoption and use
Copyright © The Open Group 2017Copyright © The Open Group 201
Our Goal
• A standards-based, open, secure and interoperable process automation architecture that will
– Drive more value from operations– Be intrinsically secure– Easily integrate certified, best-in-class, fit-for-purpose system components– Protect suppliers’ intellectual property– Enable portability and preservation of end users’ application software – Reduce difficulty of future replacements and upgrades – Reduce lifecycle costs– Drive innovation
Copyright © The Open Group 2017Copyright © The Open Group 201
Scope
Copyright © The Open Group 2017Copyright © The Open Group 201
Architecture Vision
Copyright © The Open Group 2017Copyright © The Open Group 201
Why We Do It
• Industrial manufacturers are under extreme pressure– Lower capital and lifecycle costs of their systems – Improve profitability of their operations.
• Many installed control systems are predominantly closed and proprietary– Integration with best-in-class third-party components is costly– Maintenance and upgrades are expensive
• Today’s systems generally not intrinsically cybersecure– Do not adequately protect equipment assets and other capital
investments
Copyright © The Open Group 2017Copyright © The Open Group 201
Why We Do It
• Open, interoperable and secure-by-design process automation systems architecture will address all of these issues
– Ensuring future automation systems adopt and reinforce standards that achieve true heterogeneity while providing
• Intrinsic security• Multi-vendor interoperability • Future-proof innovation• Easy pathway for systems migration and upgrades
End users reap far more value and profitability from their operations
Copyright © The Open Group 2017Copyright © The Open Group 201
Why Join
• The Forum is determining the future state of process automation• The Forum is gaining momentum and moving quickly ahead
– Results are coming fast– Decisions that could impact how you will control your operations and
manage your business are being considered• We need more end users to be actively involved and participating to:
– Ensure their perspective on what the next-gen process system should and will look like is considered and included
– Protect their future operations and business needs, objectives and success
Copyright © The Open Group 2017Copyright © The Open Group 201
Why Join
• Reduces total cost of ownership• Empowers workforce• Solves system integration issues• Enables continuous innovation• Faster, more cost-effective upgrades
Copyright © The Open Group 2017Copyright © The Open Group 201
Why Suppliers Should Join
• It could help grow the top line– Reaching new markets and customers– Remaining relevant to our existing customers– Creating new goods and services for expanded markets
• It could help grow the bottom line– Reduce cost– Increase margins– Eliminate non differentiated products
Copyright © The Open Group 2017Copyright © The Open Group 201
How to Learn More
• Visit OPAF website– http://www.opengroup.org/open-process-automation
• Refer to handout and FAQ– http://www.opengroup.org/open-process-automation/forum/FAQ
• Contact the Open Group– http://www.opengroup.org/open-process-automation/membership– Jim Hietala– [email protected]
Copyright © The Open Group 2017Copyright © The Open Group 201
Thank You