Cyber security: Facing a real threat head-on

The Middle East R&D center at The Dow Chemical Company employs Simatic PCS 7. To keep the system safe from cyberattacks, DowChemical relies on elements of Siemens’ Defense in Depth concept.

In 2017, cybersecurity experts had their work cut out for them. The first major event was in May as the WannaCry ransomware spread the globe. It put hospitals in the UK out of commission, shut down gas stations in China, and brought automobile assembly lines all over the world to a halt. Not even a month later, the next cyberbeast reared its head: NotPetya. It wreaked havoc on operations in sensible industries, notably at pharma companies and logistics specialists. If anything, 2017 showed that in a time of increasing digitalization big companies and organizations had moved into the crosshairs of cyberattackers.

Dependable system protection

If anyone has something worthy of protection, it’s DowChemical’s Middle East R&D center. Based out of King Abdullah University of Science and Technology (KAUST) in Saudi Arabia, the center is currently working on some of the biggest global challenges using the latest technologies, such as reverse osmosis, ultra filtration, energy efficient systems and infrastructure, and roofing systems. 

 

“The last few years have shown a substantial increase in cyberattacks globally, and the research work being done at our center requires optimal protection,” says Kamran Hashmi, Middle East R&D center at DowChemical. In particular, the process control system Simatic PCS 7 from Siemens has to be kept safe from hackers. That’s because the system provides critical data for analysis and R&D in the center’s advanced laboratories. 

A coordinated approach

As a satisfied user of Simatic PCS 7, it only made sense that the R&D center turn to Siemens for appropriate system protection. “Defense in Depth is a high-performance solution from Siemens based on a phased defense strategy. The concept enables industrial technologies from Siemens and from other manufacturers to be adapted to respond to different threats and risks,” says Dr. Henning Rudolf, Head of Industrial Security Services at Siemens. 

 

The actual strategy is drawn up after a comprehensive risk analysis and related tests, and consists of three consecutive protective functions that are coordinated with one another. It starts with a facility security system such as a physical access control function that uses biometric recognition. The next line of defense is a network security system that, for example, protects production networks and industrial communications by means of firewalls and virtual private networks (VPNs). The third protective wall is systems integration, which protects terminals and automation systems. This could be via anti-virus software or whitelist methods, which only grant access to programs included in the whitelist. DowChemical’s R&D center chose Siemens for support with systems integration.

Strategic partnership

McAfee is Siemens’ strategic security partner for anti-virus and whitelist software. The McAfee software is completely compatible with the Simatic PCS 7 solution for a minimized risk of operational issues. The result is optimized security against cyber threats and virus attacks. “The fact that the solution can cater to a distributed system while also providing centralized administration console for ease of management, made the solution an automatic choice,” states Hashmi.

 

The security system blocks the start of unauthorized or unknown applications on servers and workstations. In addition, all executable applications and files are protected against modification. Contrary to simple whitelisting concepts, McAfee uses a dynamic trustworthiness model. This makes time-consuming manual updating of lists of approved applications obsolete.

 

Siemens automation experts installed the cybersecurity system at DowChemical’s R&D center quickly and with minimum downtime, thanks to standardized policies and procedures. The solution now provides broad protection from malicious software and programs to keep data safe. And that allows researchers to go about their work with peace of mind, knowing that their system is well protected.

The last few years have shown a substantial increase in cyberattacks globally.
Kamran Hashmi, Middle East R&D center at DowChemical

2018-04-10

Headquartered in the United States, The Dow Chemical Company (DowChemical) is one of the largest manufacturers of plastics, chemicals and agricultural products in the world. The company has a 54,000-strong workforce spread across 160 countries. 

 

DowChemical currently spends USD30 billion globally on R&D. For more than 50 years, DowChemical has been present in the Middle East, delivering a broad range of technologies to its local customers across many industries, including water, energy, packaging, building and construction.

At the Hannover Messe 2018, Siemens will present Industrial Anomaly Detection. The solution for detecting anomalies in industrial networks enables security-related incidents, such as unauthorized intrusions and malware, to be identified and countermeasures to be taken. Industrial Anomaly Detection is a new and important addition to Siemens’ Defense in Depth concept.

 

Siemens continues to count on strategic partnerships to supplement the Siemens Industrial Security portfolio. The most recent partnerships are with Sentryo and Claroty for the integration of new cybersecurity solutions into the Siemens Ruggedcom portfolio of rugged network components. 

With the Charter of Trust, Siemens is taking the issue of cyber security to a new level. Together with Daimler and IBM, the company is starting a powerful global initiative: From now on, the future products of all the partner companies will be designed and implemented according to ambitious cyber security principles. Just how this will happen is explained in an interview with Eva Schulz-Kamm, head of Siemens Government Affairs, and Natalia Oropeza, head of the company's new Cybersecurity Department. Read the full interview here.

Subscribe to our Newsletter

Stay up to date at all times: everything you need to know about electrification, automation, and digitalization.

Related Topics