Performance-enhancing analytics and cost-reducing trends in shop-floor operations such as remote vendor support comes at a price. As the world becomes more interconnected, it becomes easier for cyber threat actors to penetrate shop-floor boundaries. The result? Reduced reliability and availability offsetting the return on investment to get ahead in the first place.
In March, the U.S. Department of Homeland Security’s Industrial Control System Computer Emergency Response Team (ICS-CERT) cited 245 documented cyber attacks on industrial control systems in the one-year period from Oct. 1, 2013 to Sept. 30, 2014. One can only assume there were far more cyber incidents that were not even detected and others where the victims did not make the incident public.
A McAfee Labs 2015 Threats Predictions report expects increased cyber warfare and espionage, driven in part by advanced automation and the growing number of connected devices in the Internet of Things (IoT). Despite the warnings and escalating incident frequency, many companies remain unmoved by the dangers. Physical, not cyber, security remains their primary concern, believing themselves safe because their critical industrial systems are not connected to the Internet.
But as companies are learning, many systems once thought to be “airgapped”—and therefore safer—are, in fact, at risk. Meanwhile, the number of systems that are connected continues to grow as companies see the benefits offered by greater centralization. Add to that the integration of industrial control systems with office IT networks, where exposure to the rising number and complexity of cyber attacks places production environments at greater risk than ever before.
In each case, the response to these challenges can be hampered by the gulf that still separates information technology (IT) and operations technology (OT). While systems have grown more integrated over time, personnel in these two important areas still struggle to collaborate.
Last year, Siemens and Intel teamed up to provide security solutions and services for industrial customers. The collaboration seeks to protect industrial customers against rapidly evolving global cyber threats, taking advantage of the depth of both companies’ process automation, factory automation, security services and security product portfolios.
Intel Security has been able to complement Siemens’ Industrial Security services and product offerings by providing security-centric technologies and competencies such as next-generation firewalls, security information and event management (SIEM), and endpoint security. The tools were focused on providing greater visibility and control at the factory level, while reducing the risk of IP theft.
Siemens has already deployed SIEM in one of its premier production facilities to monitor the industrial network and receive actionable insights.
Led by Siemens, the joint security response has been designed around a comprehensive security management approach incorporating the defense in depth concept and the Need to Connect principle related to business relevance of connectivity for OT systems that include these steps:
• Assess: Risk analysis. In-depth analysis of people, processes and technology in the context of ICS considering unique requirements of shop-floor environment, leading to a security roadmap based on the IEC 62443 defense-in-depth concept.
• Implement: Organizational and technical measures. Engineering and implementing a cybersecurity program based on your specific situation; measures implemented include ICS security policies, awareness training for personnel, protection of automation components based on security cells, etc.
• Manage: Continuous validation and improvement, monitoring and management. Ongoing cybersecurity management is critical, with Siemens providing continuous security services to keep up protection against evolving global threats.
Siemens and Intel are executing on the announcement made last year. The two companies have worked to validate technologies to ensure they meet the unique requirements of their industrial environments, engaging customers from initial discussions through implementation of recommended security improvement measures; and continuous monitoring of the ICS environment from a Siemens Cyber Security Operations Center (CSOC).
CSOCs provide 24x7 monitoring of customer environments, and translate global industrial control system threat intelligence into real-time action. Troubleshooting and incident response support is also offered by these global centers to meet the needs of a global customer base.