The presentation will be geared towards assetowners, primarily from the manufacturing sector. However, other industries may also benefit. I intend to present how we, as an assetowner, are approaching the challenge of securing our Manufacturing Execution Systems (MES). I will briefly discuss what an MES system is and why do most manufacturing industries need it.
An MES system bridges IT and OT networks it interfaces with ERP on the IT side and Automation layer (PLCs, etc.) on the OT side. And also interfaces with Laboratory and other systems at the same level. I will briefly go into the reasons why the MES needs to talk to both IT and OT. And how it is the airgap mythbuster!
As an MES is exposed to the IT side, and hence indirectly to the Internet, it is critical we secure it. I will discuss how careful network segmentation will help in this cause.
OPC is a common protocol used by most MES systems for interfacing with various Automation systems. I will discuss our attempts at securing our legacy OPCDA communication interfaces, and how we migrated to and are securing our current OPCUA interfaces. Will go into security features afforded by the OPCUA specification and how just moving to OPCUA does not guarantee security.
In addition, I will present other security controls that may be deployed to increase security posture of a MES system.
Finally, I will end the presentation with the argument for absolute need for developing strong and verifiable disaster recovery plans (DR) and business continuity plans (BCP) for when MES goes down. And what would such a BCP typically comprise of.