0 1 1 1 0 0 1 1 1 0 1 0 1 1 0 1 1 0 1 0 1 0 1 0 1 0 0 1 1 1 0 1 0 1
1 1 0 1 0 1 0 0 0 0 1 1 1 0 0 1 0 1 0 1 1 1 0 1 0 1 0 1 0 0 1 0 1 1 1 0 1 0 1 1
0 1 0 0
0 1 0 0
0 0 1 1
0 0 1 1
0 1 0 1
0 1 0 1
1 1 1 1
0 1 0 1
0 1 0 1
1 0 0 0
1 1 0 1
1 1 0 1
0 1 1 1
1 0 0 0
1 1 0 0
0 0 1 1
0 0 0 1
1 1 0 1
1 1 1 0
1 1 0 1
1 0 0 1
0 0 1 1
0 1 0 0
1 0 0 0
1 1 1 1
0 0 1 1
0 1 1 1
1 0 0 0
1 1 1 0
1 1 0 0
1 1 0 1
0 1 1 1
1 1 0 1
0 1 0 0
0 1 0 0
0 0 1 1
0 1 0 1
0 0 1 1
1 1 1 1
0 1 0 1
0 1 0 1
0 1 0 1
1 0 0 0
1 1 0 1
1 1 0 1
0 1 1 1
1 0 0 0
1 1 0 0
0 0 1 1
1 1 0 1
0 0 0 1
1 1 1 0
1 1 0 1
1 0 0 1
0 0 1 1
1 1 1 1
0 1 0 0
1 0 0 0
0 0 1 1
0 1 1 1
1 0 0 0
1 1 1 0
1 1 0 0
1 1 0 1
0 1 1 1
1 1 0 1
0 1 0 0
0 1 0 0
0 0 1 1
0 0 1 1
0 1 0 1
1 1 1 1
0 1 0 1
0 1 0 1
0 1 0 1
1 0 0 0
1 1 0 1
1 1 0 1
0 1 1 1
1 0 0 0
1 1 0 0
0 0 1 1
1 1 0 1
0 0 0 1
1 1 1 0
1 1 0 1
0 0 1 1
1 0 0 1
0 1 0 0
1 0 0 0
1 1 1 1
0 0 1 1 1 1 0 1 0 1 1 0 1 1 1 0 1 1 0 1 0 1 0 1 0 1 0 0 1 0 1 1 1 0 1 0 1
INDUSTRIAL
0 1
1 1 1 0 1 0
1 0 1 0 1
0 1 1 1 0 1
1
1 0 1 0 1
1 0 1
1 0 1 0 1
1 0 1 0 1
0
0 1 0 1 1 1
1 1 0 1 0 1
1 1 0 1 0 1
0 1 0 1
1 1 0 1 0 1
0 1 1 1 0 1
0 1 1 1 0 1
1 1 1 0 1 0
1 0 1
1 1 0 1 0 1
0 1 0 1
1
0 1 0 1
0 1 0 1 1 1
1 1 0 1 0 1
0 1 1 1 0 1
0 1 1 1 0 1
0 1 0 1
1
1 1 0 1 0 1
0 1
1 1 1 0 1 0
0 1 1
1 0 1 0 1
1
1 0 1
1 0 1
1 0 1
1 0 1
0
0 1 0
1 1 0
1 1 0
1 1 0
0 1 0
0 1 1
0 1 1
1 1 1
1 0 1
0 1 0 1
1 1 0 1 0 1
DOES IT AFFECT ME?
1
0 1 0 1
0 1 0 1 1 1
1 1 0 1 0 1
0 1 1 1 0 1
0 1 1 1 0 1
0 1 0 1
1
0 1
1 1 0 1 0 1
1 1 1 0 1 0
1 0 1 0 1
0 1 1 1 0 1
1
1 0 1
1 0 1 0 1
1 0 1 0 1
1 0 1 0 1
0
0 1 0 1 1 1
1 1 0 1 0 1
1 1 0 1 0 1
1 1 0 1 0 1
0 1 0 1
0 1 1 1 0 1
1 1 1 0 1 0
0 1 1 1 0 1
1 0 1
1 1 0 1 0 1
0 1 0 1
1
UPDATES Production IT and office IT are two different systems.
My colleagues in production work with PCs. Are there guidelines, relating to password creation, for example?
The gates of the production facilities are open. Can unauthorized people easily gain access?
0 0 0 0
0 0 0 0 0
0 0
1 1 1 0 1 1 0 1 0 0 1 0 1 1 1 0 1 0 1
1 0 1 0 1 0 1 0 0 1 1 1 0 1 0 1
0 1 1 1 0 1 0 1 0 1 0 0 1 0 1 1 1 0 1 0 1 1
0 1 0 1 0 1 0 0 0 0 1 1 1 0 1 0 1
1 0 1 1 1 0 1 1 1 0 1 0 0 1 0 1 1 1 0 1 0 1 1
1 1 1 0 1 0 1 0 1 0 0 1 0 1 1 1 0 1 0 1
1 0 1 1 1 1 0 1 0 1 0 1 0 0 1 0 1 1 1 0 1 0 1 1
1 0 1 0 1 0 0 1 0 1 1 1 0 1 0 1
0 1 0 1 0 1 0 0 1 0 1 1 1 1 0 1 0 1
1 1 0 0 1 0 1 0 0 0 0 1 0 1 1 1 0 1 0 1
1 0 1 0 0 1 0 1 1 1 0 1 0 1
1 0 1 0 0 1 0 1 1 1 0 1 0 1
1 1 1 0 1 0 1 0 1 0 0
1 1 1 0 1 0 1
1 1 1 0 1 0 1 0 1 0
0 1 0 1 0 1 1 1 0
1 0 0 1 1 1 1 0 0 1
0 1 1 1 0 1 0 1 0 1
0 1 1 1 0 1 0 1 0 1
1 1 1 0 1 0 1 0 1 0
0 1 0 1 0 1 0 1 0 1
1 1 0 1 1 1 0 1 0 0
1 1 0 1 1 1 0 1 0 1
1 1 1 0 1 0 1 1 0 1
1 1 1 0 1 0 0 1 0 1
1 0 1 0 1 0 1 0 0 1
0 1 1 1 0 1 0 0 1 1
1 0 0 1 0 1 0 1 0 0
1 0 1 0 1 0 0 1 0 1
I use mobile devices. Are they used to access production data?
Are these connections secured appropriately?
AM I AN INTERESTING TARGET FOR ATTACK? 0 1 0 1 0 1 0 1 0 0
0 1 1 1 0 1 1 1 0 1
0 1 1 1 0 1 0 1 0 1
1 0 1 1 1 0 1 0 1 0
0 0 0 0 1 1 1 1 1 0
1 1 1 0 1 1 0 1 0 0
1 0 1 0 1 0 1 0 0 1
0 1 1 1 0 1 0 1 0 1
0 1 0 1 0 1 0 0 0 0
1 0 1 1 1 0 1 1 1 0
1 1 1 0 1 0 1 0 1 0
1 0 1 1 1 1 0 1 0 1
1 0 1 0 1 0 0 1 0 1
0 1 0 1 0 1 0 0 1
1 1 0 0 1 0 1 0 0
0
1 1 1 1 0 1 1 1 EQUIPMENT 1 1 1 1 0 0 0 0 1 1 1 1 0 0 0 1 1 1 1
1 1 0 0 CAN 1 1 1 1 1 1 0 0 1 1 0 0 1 1
0 1 BE 1 1 0 1 0 1
0 1 1 0 1 0 1 1 1 0 1 0 0 1 MANIPULATED. 0 1 1 1 1 1 1 0 0 0 0 0 1 1 1 1 1 1 0 0 1 1 1 0 1 0 1
0 0 1 1 1 0 1 0 1
0 0 1 1 1 0 1 0 1
1 0 1 0 1
0 1
1 1 1 0 1 0 1 1
1 0 1
1 0 1 0
1 1
1 1
0 1
1 0
0 1
0 1
1 1 1 0 1 0 1
0 1 0 1 0 1 0 1
1 1 0 1 1 1 0 1 0
1 1 0 1 1 1 0 1 0 1
1 1 1 0 1 0 1 1 0 1
1 1 1 0 1 0 0 1 0 1
1 0 1 0 1 0 1 0 0 1
0 1 1 1 0 1 0 0 1 1
THE PRIMARY CAPITAL0 OF MY COMPANY IS …
Sensitive processes that could lead to considerable damage if they malfunction. 0 0 1 0 1 1 1 0 1 0 1
1 0 1 0 0 1 0
0 1 1 1 0 1 0 1 1
1 1 0 1 0 1
1 0 1 1 1 0 1 0 1 1
WHAT POTENTIAL WEAK POINTS DOES MY COMPANY HAVE?
0 1
0 1 0 1
1 1 1 0 1 0 1
0 1
0 1
0 1 0 1 1 1 0 1 0 1
1 0 0 1 0 1 1 1 0 1 0 1
1 1 1 0 0 1 1 1 0 1 0
0 0 1 0 1 0 1 0 0 1 0 1 1 1 0 1 0 1
0 0 1 0 1 1 1 0 1 0 1 1
0 1 0 1 1 1 0 1 0 1
0 1 1 1 1 0 1 0 1
1 0 0 1 0 1 0 1 0 0
1 0 1 0 1 0 0 1 0 1
0 1 0 1 0 1 0 1 0 0
0 1 1 1 0 1 1 1 0 1
0 1 1 1 0 1 0 1 0 1
1 0 1 1 1 0 1 0 1 0
0 0 0 0 1 1 1 1 1 0
1 1 1 0 1 1 0 1 0 0
1 0 1 0 1 0 1 0 0 1
0 1 1 1 0 1 0 1 0 1
In my company, widely-distributed software licenses are used.
How can I protect them from malware?
I am networked to my external customers and suppliers.
QUALITY, PERFORMANCE, AVAILABILITY 1 1 0 1 0 1
PCs are connected to the Internet.
How is the data exchanged between them?
0 1 0 1 0 1 0 0 0 0
1 0 1 1 1 0 1 1 1 0
1 1 1 0 1 0 1 0 1 0
1 0 1 1 1 1 0 1 0 1
1 0 1 0 1 0 0 1 0 1
0 1 0 1 0 1 0 0 1 0
1 1 0 0 1 0 1 0 0 0
1 0 1 0 0 1 0 1 1 1
1 0 1 0 0 1 0 1 1 1
1 1 1 0 1 0 1 0 1 0
1 1 1 0 1 0 1 0 1 0
0 1 0 1 0 1 1 1
Is there an effective software update policy to minimize security vulnerabilities?
1 0 0 1 1 1 1 0 0 1
KNOW-HOW
Knowledge that could be interesting to third parties. 1 0 1 0 1
1 0 1 1 1 0 1 0 1
1 0 1 1 1 0 1 0 1
0 1 1 1 0 1 0 1
0 1 0 1
1 1 1 0 1 0 1
1 0 1 0 1
0 1
1 0 1 0 1
0 0 1 0 1 1 1 0 1 0 1
1 1 1 0 1 0 1
0 0 1 1 1 0 1 0 1
0 0 1 1 1 0 1 0 1
1 0 1 0 1
0 1
1 1 1 0 1 0 1 1
1 0 1
0 1 1 0 0 1 1 1 1 1 0 1 1 1 1 1 DATA 1 0 1CAN 0BE0 STOLEN. 0 0 1 1 1 1 1 1 1 0 0 1 0 0 0 1 1 0 1 1 1 0 1 1 0 1 1 1
0 1 0 1 1 1 0 1 0 1
0 1 1 1 0 1 0 1 0 1 0
0 1 1 1 0 1 0 1 1
0 1 1 1 0 1 0 1 0 1 0 0 1 0 1 1 1 0 1 0 1
1 1 1 0 1 0 1 0 1 0 0 1 0 1 1 1 1 0 1 0 1
0 1 0 1 0 1 0 1 0 1 1
1 1 0 1 1 1 0 1 0 0 1 0 1 1 1 0 1 0 1
1 1 0 1 1 1 0 1 0 1 0 1 0 0 1 0 1 1 1 0 1 0 1
1 1 1 0 1 0 1 1 0 1 0 1 0 0 1 0 1 1 1 0 1 0 1
1 1 1 0 1 0 0 1 0 1 0 1 0 1 0 1 1 1 0 1 0 1
1 0 1 0 1 0 1 0 0 1 0 1 1 1 0 1 0 1
0 1 1 1 0 1 0 0 1 1 0 0 1 0 1 1 1 0 1 0 1
1 0 0 1 0 1 0 1 0 0 1 0 1 1 1 0 1 0 1
1 0 1 0 1 0 0 1 0 1 1 1 0 1 0 1
0 1 0 1 0 1 0 1 0 0 1 0 1 1 1 0 1 0 1
0 1 1 1 0 1 1 1 0 1 0 1 0 1 0 0 1 0 1 1 1 0 1 0 1
WHICH TOOLS AND TECHNIQUES DO POTENTIAL HACKERS USE? The attackers’ toolbox
SOCIAL ENGINEERING OR HUMAN ERROR
Unauthorized access to information or to the technical infrastructure, for example due to personal contact or internal sabotage
HUMAN Unauthorized access to sensitive areas of equipment, switching cabinets, network components
EXPLOITATION OF EXTERNAL ACCESS 010 010 01010 001 10110 01010 010 01001 10101 10111 101 11010 01010 01011 01010 011 00101 10101 11101 01010 01001 100 01010 01011 01101 01001 10100 00 101 101 101 010 001 01 010 011 010 101 000 111 010 010 000 1 010 101 010 100 100 010 001 100 001 01 100 001 010 0 101
For example, by means of remote maintenance systems, or networking with suppliers or consumers
Unauthorized access to production data Careless use of the IT system
INFECTION WITH MALWARE
TECHNOLOGY
Office networks, intranet and/or external hardware captured via the Internet COMPROMISATION
Unencrypted protocols
ORGANIZATION Unsecured configurations of network components (routers, firewalls, switches, etc.) Insufficient patch management Insufficient awareness of and too little expertise in IT security in the company
From smartphones in the production environment, extranet and/or cloud components
Access to data and processes via smartphone Outdated software systems and a lack of security updates Control components directly connected to the Internet Non-secure exchange of data inside the business networks Connections for remote maintenance systems
What
standards & guidelines
are there?
...
WHAT TYPES OF HACKER ARE THERE? HACKER TYPES
BLACK HAT Criminal intent, elite training, experts in their field.
GRAY HAT Want to make people aware of security loopholes, operate in a legal gray area.
WHITE HAT No criminal motivation, searching for security loopholes, considered security researchers.
0 1 1 1 1 0 0 0 0 1 1 1 0 1 1 0 1 1 0 1 1 1 0 1 1 1 0 1 0 1 0 1 0 0 1 0 1 1 1 0 1 0 1
0
1