研讨会 - 复杂工业控制系统环境中的身份安全.pdf

《研讨会 - 复杂工业控制系统环境中的身份安全.pdf》由会员分享，可在线阅读，更多相关《研讨会 - 复杂工业控制系统环境中的身份安全.pdf（56页珍藏版）》请在三个皮匠报告上搜索。

1、Securing Identities in Complex ICS EnvironmentsStephen MathezerOverview5 Critical Controls1.Overview of Identity in OT3.Centralized Identity5.Remote Access7.App.Identity Example9.Zero Trust2.Compliance4.Public Key Infrastructure6.Application Identity8.Device Identity10.5 Critical Controls for ICSCom

2、mon ICS Security ExposuresBusiness ICS ConnectivityRemote Access and Vendor ConnectionsInternet(authorized and unauthorized)Insufficient ICS SegmentationInsufficient Monitoring“Zero Trust”What is Zero Trust Mean Anyways Zero Trust Network Access(ZTNA)Firewall vendors People and identities are the si

3、ngle control pointIdentity vendors Never trust,always verify importance of identity verification identity and integrity of users and devicesChat GPTImplementing“Zero Trust”Many different approaches Often driven by capabilities rather than requirements or outcomes No shortage of guidance,everyone has

4、 an opinion But where can we start and what will work?NIST 800-207 Zero Trust Architectureleast privilege,per-request access decisions in the face of a network viewed as compromisedZero Trust Challenges for ICSLimited appetite and opportunity for changeWeve been operating for X years and nothing bad

5、 has happenedEvery site is uniqueOverall cybersecurity maturity is lowIncomplete asset inventoryLimited authentication/identity managementTechnical ChallengesOrganizationalChallengesNIST 800-207 Tenets of Zero TrustAll communication is secured regardless of locationAccess is granted on a per-session

6、 basisAccess is determined by dynamic policyIntegrity and security is monitored and measured for all assetsCollect info about assets,infrastructure,and communication to improve postureAll data sources and computing services are resourcesAuthentication and authorization are dynamic and strictly enfor