• ISA provides technical resources and standards to help industrial automation professionals advance their careers and the field. We enable automation professionals worldwide to solve problems and enhance their skills by bringing people together to create new technologies and share best practices with future automation professionals.
    • Industry Insights

  • We attract over 140,000 unique automation professionals monthly, making us the premier online content provider and the only dedicated electronic magazine in the automation industry.

    Monthly Magazine

    • More things to read

    Back
    Back
  • M logo for Automation.com Monthly. Link to current issue.

Siemens Cyber Security Managed Services Strategy

Source: SIEMENS
10 March, 2014
3 min read
By Bill Lydon, Editor Late last year, Siemens rolled-out of its new Cyber Security Managed Services in the United States. This new offering is aimed at providing continuous, comprehensive cyber protection for production environments. Siemens plans to subsequently introduce this service in Europe and Asia.

By Bill Lydon, Editor

Late last year, Siemens rolled-out of its new Cyber Security Managed Services in the United States. This new offering is aimed at providing continuous, comprehensive cyber protection for production environments. Siemens plans to subsequently introduce this service in Europe and Asia.

Cyber security discussions are shifting from speculation of “if” attacks will interrupt business to “when” they might occur. Because cybersecurity is becoming a corporate management topic, Raj Batra, President of Industry Automation at Siemens Industry, says that this is a very important offering for the industry.

Siemens’ managed cyber security services will assess, design, implement, and continuously monitor a cyber security protection strategy tailored to fit customer business requirements even if equipment was not manufactured by Siemens. Batra emphasized that Siemens is committed to creating the most comprehensive managed cyber security services in the industry. The scope of Siemens Managed Security Service is the entire plant, all vendors, all industrial networks and all enterprise business interfaces. In addition, the program includes technology, procedures, and personnel.

Batra referenced President Obama’s Executive Order 13636 to confront cybersecurity. Batra believes cyber security threats are becoming more sophisticated and threats are expanding from different groups, including political, criminal, industrial espionage, and a culture of hackers. Siemens’ focus is to provide an offering that is a proactive way for businesses to protect themselves at an efficient cost.

Organization

Galina Antova, Global Head of Industrial Security Services at Siemens Industry, said they are relying on the entire United States services organization that has about 1,200 people and they are hiring cyber security specialists. They have approximately 10 openings for cyber security specialists at this time. Antova also noted that they are leveraging Siemens technology groups to create products and software to support these efforts and make them more efficient. Raj Batra added that Siemens grows organically and through acquisitions, which is not out of the question for this initiative.

Advertisement

Need

Antova discussed the need for this cyber protection service to bridge the gap between IT and industrial control systems. Part of the offering is a Siemens Cyber Defense Center where analysts proactively monitor vulnerability and cyber threat activity globally, to deliver real-time communication alerts and advisories. If an incident is detected on customer industrial control system(s), the Cyber Defense Center will coordinate the incident response consisting of investigation, forensic analysis, and remediation. Depending on the nature of the incident, remediation will be either automated or performed by a security engineer at the customer’s facility.

Risk Management

When I asked if Siemens is providing any insurance for cyber damages due to errors and omissions, Antova said they are currently exploring this possibility with insurers. This is a new area that insurance companies are trying to understand and determine if they will offer cyber security insurance.

Scope

Roger Hill, Head of Technology Management at Siemens Industry, highlighted the need for this program to protect a wide range of industrial automation hardware, software, and protocols. The new service offering will protect all industrial automation networks, including PROFINET, EtherNet/IP, Modbus TCP DNP-3, and others. Siemens site assessment will do an analysis, including data scrapping of historians, batch servers, SCADA, DCS, and MES systems for all vendor equipment and software installed.

Process

Step 1: Assess

The current security posture of the site’s industrial control system environment is determined. Potential sources of vulnerabilities are identified through technical evaluation and analysis, forming the basis for recommended security actions. Based on risk analysis conducted by Siemens, customers have the information to make informed decisions on investments to improve their security architecture. Activities include current architecture assessment, threat modeling, analysis of vulnerabilities, and potential cyber impact. This step requires about four weeks of information assessment and four days of on-site work that results in risk level reports and a roadmap with prioritized tasks.

Step 2: Implement

Siemens works with customers to systematically put in place all identified measures to mitigate risk, including comprehensive employee training/certification, deployment of new technology, enhancement of security processes, and establishment of new security guidelines.

Advertisement

Step 3: Operate & Manage

Siemens provides ongoing services to manage and maintain cyber security protection against new and potential cyber threats. The Siemens Cyber Defense Center continuously monitors global threat activity and translates intelligence into the real-time actions necessary to maintain customer cyber security and keep production running.

Thoughts & Observations

The risk of cyber-attacks on production environments has increased exponentially. Whether the threats are from unintentional breaches, industrial espionage, or state-sponsored attacks, the damage to business could be extreme. Successful attacks and infections, which include new rapidly evolving cyber threats from around the globe, can result in unscheduled downtime, interruptions in equipment availability, disruptions of continuous processes, and even the destruction of equipment.

Since plant automation is typically made up of controls and software from multiple vendors, Siemens is going to include products manufactured by other suppliers. This is a big undertaking but is the only way to accomplish comprehensive plant cyber protection.

More information about Siemens Managed Security Service .

Related Articles

Advertisement

Trending Articles

Advertisement

Related Articles

View all Articles and News
Advertisement
Advertisement