Security PACS LACS Interoperability Presentation
-
Upload
michael-queralt -
Category
Documents
-
view
164 -
download
2
Transcript of Security PACS LACS Interoperability Presentation
![Page 1: Security PACS LACS Interoperability Presentation](https://reader031.fdocuments.net/reader031/viewer/2022020203/58ec98f61a28ab503d8b45cf/html5/thumbnails/1.jpg)
ConvergingPhysicalandLogicalEnvironmentsforEnhanced
DecisionMaking
QueraltInc
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 1
![Page 2: Security PACS LACS Interoperability Presentation](https://reader031.fdocuments.net/reader031/viewer/2022020203/58ec98f61a28ab503d8b45cf/html5/thumbnails/2.jpg)
CompanyBackground&Management
Queralt,Inc.wasstartedinJanuary2011withprivatefundingfromtheDepartmentofHomelandSecurityScienceandTechnologyDirectorate,amulB-naBonalindustrialgascompanyanditsshareholderstodevelopacloudbasedsystemthatisabletomakeintelligentreal-BmeacBonsanddecisionsbasedonsimultaneousinputsfrommulBpletypesofsensoryinput,includingacBveandpassiveRFID,sensors,GPS,cellphones,datafeeds,etc.DavidCook,co-founderandCEO–focusonstrategyandfinanceSerialentrepreneur,mostrecentlyfounderofInSiteOne,amedicalimagingSaaScompanyacquiredbyDell;holdsaBAfromDartmouthCollegeandanMBAfromtheUniversityofChicago.MichaelQueralt,co-founderandPresident–focusonbusinessdevelopment,salesandmarkeDngPriorseniorsalesandmarkePngposiPonsatMicrosToMainframes,XeroxandCervalis.JohnVanSteenburgh,co-founderandCOO–engineeringandoperaDonsFormerlyheldmanagementposiPonswithCompuComandDellservingglobalcompanies.PaulStrassmann,Chairman-RePredCIOoftheDept.ofDefenseandNASA,authorandmemberoftheCIOHallofFame(www.strassmann.com).
proprietaryandconfidenPal
![Page 3: Security PACS LACS Interoperability Presentation](https://reader031.fdocuments.net/reader031/viewer/2022020203/58ec98f61a28ab503d8b45cf/html5/thumbnails/3.jpg)
ProjectObjecPve
TheoverallobjecPveistocreateanenvironment,whereintelligentsystemsprovidetheconvergenceofthephysicalandlogicalworlds,becomingapla\ormforgatheringsensorialdatapoints,enablinglogicalsystemtomakesmarteraccessandcontroldecisions.
QueraltInc-2011-ConfidenPal
![Page 4: Security PACS LACS Interoperability Presentation](https://reader031.fdocuments.net/reader031/viewer/2022020203/58ec98f61a28ab503d8b45cf/html5/thumbnails/4.jpg)
ComplianceandBusinessDriversPIAM(PhysicalIdenPtyandAccessManagement)deploymentsaredrivenbycompliancemandates,andisrequiredwiththefollowingsecuritystandards:• WhiteHouseOMBMemorandumM-11-11:RequiresPIVcardauthenPcaPonwithX.509
cerPficatetoPACSsin2012.• NorthAmericanElectricReliabilityCorporaPonCriPcalInfrastructureProtecPon(NERCCIP):A
strictstandardfortheIdMofusersintheelectricalpowerindustry.ThisstandardwasadoptedbytheFederalEnergyRegulatoryCommission(FERC).
• NuclearRegulatoryCommission(NRC)Title10CodeofFederalRegulaPonsPart73.54(10CFR73.54)andtheNuclearEnergyInsPtute(NEI)-08/09standards:AsubsetofthesestandardsfocusesonPACSauthorizaPon,authenPcaPonandPmelylifecyclemanagementofidenPPes.
• DHSChemicalFacilityAnP-TerrorismStandards(CFATS):Requirethathigh-riskchemicalfaciliPes(e.g.,petroleumrefineries,chemicalprocessingplants,explosivesmanufacturersandaerospacefaciliPes)submitaphysicalsecurityplantoDHSforapproval.Theplanmustdocumentinternalcontrolsassociatedwithphysicalaccess,includingIdM.
Source:GartnerReport-PhysicalIden8tyandAccessManagement–Published:1February2012
July21,2016 ProductdevelopedunderthesponsorshipofDHSS&TDirectorate 4
![Page 5: Security PACS LACS Interoperability Presentation](https://reader031.fdocuments.net/reader031/viewer/2022020203/58ec98f61a28ab503d8b45cf/html5/thumbnails/5.jpg)
PROJECTOVERVIEWFROMDHSS&T
July21,2016 ProductdevelopedunderthesponsorshipofDHSS&TDirectorate 5
![Page 6: Security PACS LACS Interoperability Presentation](https://reader031.fdocuments.net/reader031/viewer/2022020203/58ec98f61a28ab503d8b45cf/html5/thumbnails/6.jpg)
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 6
![Page 7: Security PACS LACS Interoperability Presentation](https://reader031.fdocuments.net/reader031/viewer/2022020203/58ec98f61a28ab503d8b45cf/html5/thumbnails/7.jpg)
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 7
![Page 8: Security PACS LACS Interoperability Presentation](https://reader031.fdocuments.net/reader031/viewer/2022020203/58ec98f61a28ab503d8b45cf/html5/thumbnails/8.jpg)
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 8
![Page 9: Security PACS LACS Interoperability Presentation](https://reader031.fdocuments.net/reader031/viewer/2022020203/58ec98f61a28ab503d8b45cf/html5/thumbnails/9.jpg)
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 9
![Page 10: Security PACS LACS Interoperability Presentation](https://reader031.fdocuments.net/reader031/viewer/2022020203/58ec98f61a28ab503d8b45cf/html5/thumbnails/10.jpg)
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 10
![Page 11: Security PACS LACS Interoperability Presentation](https://reader031.fdocuments.net/reader031/viewer/2022020203/58ec98f61a28ab503d8b45cf/html5/thumbnails/11.jpg)
QUERALT’SSOLUTION
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 11
![Page 12: Security PACS LACS Interoperability Presentation](https://reader031.fdocuments.net/reader031/viewer/2022020203/58ec98f61a28ab503d8b45cf/html5/thumbnails/12.jpg)
AhributeBasedSecurityForFineGrainAuthorizaPon
• ABAC– AhributeBasedAccessControl
• RAdAC– RiskAdaptableAccessControl
• LBS– LocaPonBasedAssuranceSoluPon
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 12
![Page 13: Security PACS LACS Interoperability Presentation](https://reader031.fdocuments.net/reader031/viewer/2022020203/58ec98f61a28ab503d8b45cf/html5/thumbnails/13.jpg)
SystemaPc–AccessdeterminaPonbysystems
RunPme–GrantpermissionsatPmeofdecision
Procedure–Accessdeterminedbypeople
AhributedBasedAccessControl
RiskAdaptableAccessControl
RoleBasedAccessControl
GroupsAccess
AdministraPon–Grantpermissionspriortoaccessdecisions
Why–AhributeBased
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 13
![Page 14: Security PACS LACS Interoperability Presentation](https://reader031.fdocuments.net/reader031/viewer/2022020203/58ec98f61a28ab503d8b45cf/html5/thumbnails/14.jpg)
SystemaPc–AccessdeterminaPonbysystems
RunPme–GrantpermissionsatPmeofdecision
Procedure–Accessdeterminedbypeople
AhributedBasedAccessControl
RiskAdaptableAccessControl
RoleBasedAccessControl
GroupsAccess
AdministraPon–Grantpermissionspriortoaccessdecisions
Low
High
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 14
![Page 15: Security PACS LACS Interoperability Presentation](https://reader031.fdocuments.net/reader031/viewer/2022020203/58ec98f61a28ab503d8b45cf/html5/thumbnails/15.jpg)
SystemaPc–AccessdeterminaPonbysystems
RunPme–GrantpermissionsatPmeofdecision
Procedure–Accessdeterminedbypeople
AhributedBasedAccessControl
RiskAdaptableAccessControl
RoleBasedAccessControl
GroupsAccess
AdministraPon–Grantpermissionspriortoaccessdecisions
OurposiPoninthetechnologygrid
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 15
![Page 16: Security PACS LACS Interoperability Presentation](https://reader031.fdocuments.net/reader031/viewer/2022020203/58ec98f61a28ab503d8b45cf/html5/thumbnails/16.jpg)
Howdowedoit?
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 16
![Page 17: Security PACS LACS Interoperability Presentation](https://reader031.fdocuments.net/reader031/viewer/2022020203/58ec98f61a28ab503d8b45cf/html5/thumbnails/17.jpg)
HighLevelarchitecture
QueraltInc-2011-ConfidenPal
![Page 18: Security PACS LACS Interoperability Presentation](https://reader031.fdocuments.net/reader031/viewer/2022020203/58ec98f61a28ab503d8b45cf/html5/thumbnails/18.jpg)
WhatisiQ3andwhatdoesthatmean?
iQ3performsasanapplicaPonframeworkthatcantakeinputfromanydatasourceandmakesrealPmedecisionsbasedonthatinformaPon.UPlizingstandardprotocols,iQ3canalsoactuateexternaldevicesbasedoninternaland/orexternaldecisions.
iQ3isasensory-agnosPcintelligentdecisionPla\orm
QueraltInc-2011-ConfidenPal
![Page 19: Security PACS LACS Interoperability Presentation](https://reader031.fdocuments.net/reader031/viewer/2022020203/58ec98f61a28ab503d8b45cf/html5/thumbnails/19.jpg)
iQ3–KeyPoints• Thepla\ormconsistsoffourkeypieces.
– DataVector-Adatavectorisanytypeofdeviceorsensorthatcanprovidedata.
– Enabler-Anenablerisapieceofsomwarethateithersitsinsideof,orconnectsto,thedevicetoallowitsinformaPontobesenttotheiQ3DecisionEngineforanalysis.
– iQ3DecisionEngine-iQ3’sDecisionEnginetakesincomingdatafromenablersandperformscomplexanalysesonthatdatainconjuncPonwithuserdefinedrule-setstodeterminearesult.Basedontheresult,theiQ3DecisionEnginehastheabilitytosendaneventcarryingacustompayloadtoareceiverthatimplementstheAutomatedReacPveManipulator(ARM)Protocol.
– AutomatedReacPveManipulator(ARM)Protocol–ThisinternalprotocolisthereceiverthatinterfaceswithexternaldevicesandcantriggeritsownactuaPoneventssuchaslocking/unlockingadoor,takingapicture,workingwithexternalcontrollers,etc.
QueraltInc-2011-ConfidenPal
![Page 20: Security PACS LACS Interoperability Presentation](https://reader031.fdocuments.net/reader031/viewer/2022020203/58ec98f61a28ab503d8b45cf/html5/thumbnails/20.jpg)
KeySoluPonPoints• Xcaml2.0and3.0Standard• PIV&PIV-Icompliant• Cloudbasedarchitectureanddesign.• Ahributebased–leveragesourworkwithIoT,Sensorsandother
externalapplicaPons.• AccessControl–Usingourstandardprotocolwecanactuate
remotephysicalenvironments.• AccessControl–Usingourprotocol,wecanintegratewithlogical
systemsforenhancedsecurityinformaPon.• WiegandConnector–ExtendsahributebasedtocurrentPACS
(enhancescurrentdeployments)• LBS–Leveragescurrentenginesandbuildstobehaviorandother
externalenvironmentalahributesforDynamicdecisions• RAdBACArchitectureReady
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 20
![Page 21: Security PACS LACS Interoperability Presentation](https://reader031.fdocuments.net/reader031/viewer/2022020203/58ec98f61a28ab503d8b45cf/html5/thumbnails/21.jpg)
AhributedBased-Opportunity
• LocaPonBasedahributeprovider• EnvironmentalahributedproviderforFederatedandIndividualSystems
• PointofEnforcementforFederatedSystems• PointofDecisionforIndividualSystems
ProductdevelopedunderthesponsorshipofDHSS&TDirectorateJuly21,2016 21