Mr. Yuki Shimizu Application Engineer for Mitsubishi Electric North American Development Center introduces himself and Mr. Ben Burke Chief Operating Officer for Dispel provide a demonstration for Dispel Multi-Factor Authentication Access to a network.

Video Transcript

[0:00] Mr. Yuki Shimizu Application Engineer for Mitsubishi Electric North American Development Center

Hello everyone, I'm Yuki Shimizu Application Engineer for Mitsubishi Electric North American Development Center. I'm responsible for commercializing the internal IDT solution of Mitsubishi Electric hardware and ICONICS spot from with our partner. So, today, I like to focus on remote secure connection operation system for industrial automation system. So, our goal of this demonstration is to control this OT system remotely through Dispel moving target defense secure system in client system. And then, so actually, the end of this demonstration, you will see remote operator Ben will control this crane system through Dispel MTD network. Alright, I'd like to talk about more so system diagram with that. And actually, there are two sections of this system diagram: first on premises OT network. Shown here we have a first Mitsubishi Electric industry PC we call MELIPC MI 2000 already equipped with ICONICS edge software IoTWorX and also this very remote access software as well. Also, we have a Mitsubishi Electric program logic controller, we call Mitsubishi Electric IQL PLC, and which is responsible for control to describe system. Of course, this current system is going to be controlled by PLC program. And the second part is you can see the left side of this diagram, we have remote access sections. So first, Ben will tell us Dispel to connect to virtual desktop and through which is connected to moving target defense. And also, here we are accessed to IoTWorX in this middle IPC. Alright, okay, let's move on to demo step. Ben, please show us on admin console system with your admin account. Let's login with your password and multi factor authentication.

[2:31] Mr. Ben Burke Chief Operating Officer for Dispel

Perfect, I'm going to log in with my username, my admin user account, and password and MFA.

[2:41] Yuki Shimizu 

Great. Okay, now we can see ICONICS conference Connect 2021 Moving Target defense network. And now we can see also our infrastructure in the map although in the New England area. And we have also our so virtual network resources, and also username code ICONICS Connect 2021, with VDI users like that. This video user is already allowed to be allowed to IoT access IoTWorX system.

[3:17] Ben Burke

And this is to reemphasize that point of per user per protocol, access to different endpoints. So, in this case, we're getting that IoTWorX visualizer. On side, the EMI insights, right, the EMI 2000. And this user is able to get there through a series of ports and protocols, and only those ports and protocols.

[3:34] Yuki Shimizu

Right. Thank you, Ben. Why didn't you put on your operator hat? Now he's an operator. So. Okay, well, let's show our connection process for virtual desktop as an operator standpoint. With your password and multi-factor authentication as well. 

[3:56] Ben Burke

And I will mention again, MFA is enforceable on all of our systems. So that way you can be sure anybody connected to your network has to use MFA to get in, multi-factor authentication to get in.

[4:09] Yuki Shimizu

Yep, like a shove. Okay, after logging process, we need to take a couple of steps as our remote access form. At first confirm your identity. And give a reason for access. And also give a timeframe for your access.

[4:39] Ben Burke

Let's say end the day Friday, yes, who knows there might be something that comes up.

[4:43] Yuki Shimizu

And submit and request form as a final step. Nice. So important things after that step: Authorized admin must confirm this. Please show us Ben on the admin console again. And please upload it.

[5:08] Ben Burke

And I want to reiterate that this is all about creating a window of opportunity through which you can connect to a network. So, at the end of that October 1 at 5pm, I will be kicked out of the network, and I'll be suspended until I request access. So, we're controlling the time window through which you can request access. And again, as the administrator view, I'm able to approve that because I'm in an already authenticated session. If I was not logged in, I'd have to log in at this point.

[5:37] Yuki Shimizu

All right, that means now we are ready to access virtual desktop from operating system. This will go into the VDI, virtual desktop.

[5:49] Ben Burke

And I will mention that in the backend, these are all being sent by email as well. But we don't always trust email in the operational environment because it might be slow. So that's why you have that fallback URL that I shared with my administrator account. And it's important to remember that throughout this virtual desktop that I'm connecting to the moving target defense network that I'm going to be pre-networked through. That's all cloud based. That's all things that Dispel has taken care of. And we're trying to get to that MIT 2000 because it's through that MIT 2000 IoTWorX that we're going to control the crane. So let me jump in.

[6:26] Yuki Shimizu

Okay, jump into your virtual desktop. And then we can quickly to access IoTWorX system. And let's open a browser to open IoT visualizer to control the crane. Perfect. Okay, just input the address of this IPC. Now, I want to work “console is coming”. And just click visualizer. And we have already a good template; we call Connect 2021 dashboard. Now you can see the simple dashboard to control system. Let's click the “Turn Right”, also “Turn Left”. You can see also the status in the top side. Now we can push our “Demo Go”. So now we can control anything that's through Dispel moving target defense network.

[7:39] Ben Burke

And again, just to reiterate: the entire process is fully audited and recorded. So, when you got access, who granted you access, straight through all the way to what you did on the virtual desktop, you can get full screen recording full traffic logs, so that way you eliminate any blind spot of any session where someone is remotely accessing your network. And I do want to mention that we might have jumped out to a virtual instruction, the cloud, but you are able to get direct level access to control things securely in a way that you control now every step of the process. 

[8:14] Yuki Shimizu

Right, thank you Ben.

[8:16] Mr. Oliver Gruner Corporate Account Director for Mitsubishi Electric 

Thank you very much Yuki and Ben, great job. Really appreciate it. Excellent demo. So, at this point, we just want to play a short promotional Dispel video