Our MissionIn strengthening their cyber defenses, we navigate our customers through the complex relationship between their information technology (IT) and operational technology (OT) environments. We deliver clarity and focus to help our customers make better decisions. We keep our customers safe with our in-depth market knowledge and comprehensive set of solutions along the full value chain.
With a more than a 170 year legacy of building and securing critical infrastructure, Siemens stands ready to assist utilities in enhancing their security, detecting anomalies, and responding to threats before damage occurs. This white paper offers an example of an attack against a fictional electric utility, as it manages an unfolding crisis and illustrates how IR planning can make a difference in reaching the least disruptive outcome.
Siemens’s disclosure may be groundbreaking because the only pathway toward protecting the grid is through major actions by the manufacturers (Siemens, ABB, Omron, Emerson Electric, Rockwell Automation, Honeywell, Yokogawa, and Schneider Electric). End users (utilities and local governments) are no more able to protect their systems than individual drivers are able to make their cars safe. Volvo gained significant market leadership in safe cars by building security in. Siemens will similarly gain substantial market share growth if it follows its disclosure with product-line-wide (not just protecting new devices) security wrappers that Siemens supports and markets as affordable options or even standard parts of maintenance. Many ICS manufacturers have treated security as an opportunity to get a lot of money from worried customers without substantially reducing the risk. We’re counting on Siemens to lead the way toward a safer grid.Mr. Alan Paller, Director of Research at the SANS Institute
The survey results show that risk is worsening, with potential for severe financial, environmental and infrastructure damage. Industry-wide, readiness is uneven and has common blind spots. In particular, this report highlights the unique cybersecurity requirements for Operational Technologies (OT), and the importance of distinguishing between security for OT and security for Information Technology (IT). This remains a major challenge for many organizations across the industry.
Industry leaders can, and should, check their organization’s readiness and implement solutions that keep up with the proliferation of connected technologies and protect existing brownfield environments.
Understand your cyber strengths and weaknesses
What you will get:
Findings report that includes both a critical gap summary and a roadmap for recommended remediation
industrial espionage and
attacks from malicious software
Protect your perimeter, review your security and deploy regular malware updates
Firewall assessment and patch management
What you will get:
Findings and recommendations for heightened security; malware pattern updates and management
Reduce business risk
by minimizing exposure
to cyber intrusions
Increase your preparedness to respond to a security event or cyber attack
Incident response planning and testing
What you will get:
Detailed plan on how to respond to and remediate cyber attacks, including emergency procedures, roles, and resources
Gain the capability for real-time detection and prevention of security threats
Security event monitoring system
What you will get:
Real-time monitoring by collecting and parsing security logs
Cybersecurity has become top of mind for energy companies – here is why:
Together we are signing for cybersecurityIn order to keep pace with continuous technological advances in the market, as well as threats from the criminal world, businesses and governments must coordinate their actions in a targeted manner. That is why we are joining together to protect our democratic and economic values against cyber and hybrid threats. In this charter, the signing partners outline the key principles we consider essential for establishing a new charter of trust between society, politics, business partners, and customers.
As a global leader in industrial control room systems, we help our customers protect their complete operating environment, from the field to control to the enterprise network.
What are the challenges you face in building a cyber defense program?
Do you fear that connectivity makes you more not less vulnerable to cyber attacks?
Many energy companies keep their networks unconnected because they believe this makes them cyber secure.
This misguided strategy will fall victim to more successful attacks, from inside and outside.
Connectivity gives you visibility which provides insight.
Do you lack understanding of what assets to protect?
Many companies do not know what assets and devices exist on their OT networks.
This limits their understanding of where their infrastructure is most vulnerable.
Do you have a shortage of in-house OT cyber expertise?
Most energy companies have focused on building up their IT cyber capabilities. But these cannot be simply deployed into the OT environment because of differences in the systems, data, devices, and critical dependencies.
Because of this inattention to OT, cybersecurity experts who can secure complex, aging, and interdependent infra-structure are hard to find.
Do you have older legacy systems with exposures and vulnerabilities that are difficult to protect?
OT systems are older than IT systems.
OT equipment, which can last decades, is often developed with proprietary systems that have exposures and vulnerabilities difficult to protect.
Are your security monitoring and response capabilities adequate?
Even if a company detects a potential intrusion into its OT cybersecurity environment, it may lack the plans or capabilities to respond effectively.
Do you need a multi-vendor cyber solution?
Cyber solutions must apply across multiple vendors to provide a single, seamless cyber program.
If you say “yes” to one or more of the questions above, you are not alone. For energy companies, the probability of a cyber attack is nearly 100%.
Overcoming the fear of connectivity is essential because the benefits of digitalization are too great. Organizations must focus on agility and resiliency so they can respond when – not if – they are attacked.