Tax Terms: W2, 1099
Corp-Corp or 3rd Parties: Yes
Mandatory Skills : Tofino Industrial Security
PanelView
Rockwell Automation
Archestra wonderware
• Data Isolation
• Investigate Tofino security appliance for data isolation between automation systems
• Develop base configuration for Tofino security appliance. Base configuration should include provisions for remote management of the security appliance as well as transmission of SNMP or Syslog data to IT management systems
• Evaluate Tofino in combination with Ethernet/IP and Modbus Enforcer LSM for common data transmission between automation systems (Modbus: read & write registers, Ethernet/IP: read & write tags via messaging, remote rack IO configuration)
• Evaluate above for local and routed communication
• Report out on findings
• Develop Operations and Maintenance basis instructions, Roles & Responsibilties matrix
• Investigate Owl Data Diode for data isolation between automation systems
• Evaluate Owl Data Diode in combination with Ethernet/IP and Modbus for common data transmission between automation systems (Modbus: read & write registers, Ethernet/IP: read & write tags via messaging, remote rack IO configuration)
• Evaluate above for local and routed communication
• Report out on findings
• Develop Operations and Maintenance basis instructions, Roles & Responsibilties matrix
• 2-Factor Authentication
• Develop implementation and pilot for Smartbadge authentication to authorize higher-risk activities in ArchestrA and InTouch HMI applications
• Develop security object model and authentication mechanism for both ArchestrA and InTouch applications that will allow for an operator action (write, script execution, animation, etc) to require confirmation by a member of a designated customer group via Smartbadge and PIN entry
• Hold workshop with Operations to identify higher-risk activities to secure for pilot
• Prove plan in DSL
• Implement in production pilot
• Provide documentation on implementation and Operations and Maintenance tasks
• Develop implementation and pilot for Smartbadge authentication to authorize login to PanelView Plus Client's
• Develop authentication mechanism for PanelView Plus 6 & 7 to allow for an operator login to require authentication as a member of a designated customer group via Smartbadge and PIN entry
• Hold workshop with Operations to identify higher-risk Client's to secure for pilot
• Prove plan in DSL
• Implement in production pilot
• Provide documentation on implementation and Operations and Maintenance tasks
• Application Whitelisting
• Develop application whitelist for ArchestrA and InTouch IO server and HMI client
• Utilize Microsoft AppLocker for whitelisting enforcement
• Create test image of each machine to 'audit' applications that run continuously and periodically
• Catagorize applications recorded during audit as: Base (should be allowed on all machines, such as anti-virus or Splunk forwarder), HMI (such as View), IO Server (such as DASABCIP), or Deny (applications that should not be run on these machines)
• Create Group Policy Object for each class of machine based on above information
• Develop pilot strategy for each: implement mirror systems that can be deployed to operations but that have a fallback machine available should the AppLocker configuration block a needed program