More Partnering to Shore Up Cyber Defenses

Nov. 7, 2017
Necessarily teaming up against cyber attackers, Siemens announced its latest partnership in cybersecurity, this time with Tenable to improve visibility of vulnerable assets in energy, utilities, and oil and gas.

There’s no question that attacks on critical infrastructure are becoming increasingly common and emboldened, and it’s also very clear that effectively defending against such attacks is not something that can be done alone. Following an announcement in September about its partnership with PAS, Siemens made public today another partnership focused specifically on protecting the critical infrastructure industries of energy, utilities, and oil and gas.

Announced at the Gartner Symposium/ITxpo in Barcelona, Spain, the partnership between Siemens and Tenable—whose Tenable.io cybersecurity platform focuses on asset discovery and visibility—helps organizations understand which of their operational technology (OT) assets could be the most vulnerable.

It’s not that energy companies don’t understand that they’re at risk. At least two-thirds of oil and gas companies appreciate the fact that increased digitalization comes with increased cyber risk, according to a study released earlier this year by the Ponemon Institute.

“The industrial cyber risk has become a major problem in this space. The number of attacks targeting OT increased to over 30 percent [of all cyber attacks], and yet most companies are not prepared,” said Leo Simonovich, vice president and global head of industrial cyber and digital security for Siemens Energy. “They’re struggling to address the fundamentals.” Those fundamentals, he added, include basic hygiene and understanding what assets they have; and deploying advanced monitoring measures to help address the threats to those assets.

Read more about "Cybersecurity Lessons From Critical Infrastructure" in Automation World's November cover story.

The work between the two companies combines Tenable’s OT-dedicated passive vulnerability detection system with Siemens’ domain expertise and operational know-how. Tenable technology provides safe, reliable asset discovery and vulnerability detection purpose-built for industrial control systems and supervisory control and data acquisition (SCADA) systems. Using passive network monitoring based on Tenable’s Nessus Network Monitor, the OT-native system helps identify and prioritize OT risks.

“Passive” is an important element of Tenable’s technology. Around for about 10 years, the technology is designed for critical systems that require a non-intrusive approach to vulnerability detection. Traditional cyber defense has involved actively routing packets across a network to try to extract information from endpoints, explained Ray Komar, vice president of technical alliances at Tenable Network Security. But this could negatively impact elements of the network, which is a huge problem in the OT space. “So historically they’ve done nothing, which is also not the right answer.” Tenable’s technology is passively listening to network activity, doing analytics, Komar added.

“The passive piece is really key because a single patch can bring down our plant,” Simonovich said. “The whole idea behind our partnership is to empower our partners to make decisions. Today, on the OT side, a piece of malware can sit on there for years. The reason is because our customers are hesitant to deploy measures because they’re weighing the risk and reward. The unknown causes them concern.”

Through its partnership with Tenable, Siemens can help its customers discover assets and identify vulnerabilities. “We can give them information and insights, or work in tandem with them to deploy the fix,” Simonovich said. “Siemens helps prioritize this; understand the risk but also the business impact that’s associated with the fix.”

Siemens provides the end-to-end managed service—from hardening to monitoring to response, Simonovich said. “With Tenable, we go to market together and deploy the Tenable solution as a service—as an assessment to help understand the security posture,” he explained.

Simonovich referenced the “string of announcements” about various Siemens partnerships within the cybersecurity space. “There’s really no silver bullet for security, so we identify the best in breed and help customers secure the whole lifecycle—from the discovery piece all the way through mediation,” he said. “We see this as working towards a solution set. And it really is a solution set that helps solve a puzzle for our customers.”

Though its underlying technology is mature and robust, Tenable recognizes that they can’t do it all themselves, Komar said. “Security is such a complex and fragmented area,” he said. “Partnering is the way to achieve actionable success.”

About the Author

Aaron Hand | Editor-in-Chief, ProFood World

Aaron Hand has three decades of experience in B-to-B publishing with a particular focus on technology. He has been with PMMI Media Group since 2013, much of that time as Executive Editor for Automation World, where he focused on continuous process industries. Prior to joining ProFood World full time in late 2020, Aaron worked as Editor at Large for PMMI Media Group, reporting for all publications on a wide variety of industry developments, including advancements in packaging for consumer products and pharmaceuticals, food and beverage processing, and industrial automation. He took over as Editor-in-Chief of ProFood World in 2021. Aaron holds a B.A. in Journalism from Indiana University and an M.S. in Journalism from the University of Illinois.

Sponsored Recommendations

Why should American-Made Products be a top priority?

Within this white paper, Shalabh “Shalli” Kumar, founder of AVG Advanced Technologies, stresses the importance of prioritizing American-made products to safeguard the country'...

How to Improve Production Accountability in Manufacturing

David Greenfield, Automation World's Editor-in-Chief, and Shalli Kumar, founder of EZAutomation, discuss the idea of production monitors: a preprogrammed PLC/LED display that ...

HALT/HASS: The Ultimate Test for Reliability

Discover how companies like EZAutomation push the limits of reliability with HALT/HASS testing, originally designed to mimic the extreme conditions of space shuttle launches. ...

Your Next Production Monitor Is Only a Few Clicks Away

Shop for your very own EZ Production Monitor. It's designed for non-technical staff, so there's no programming required! It combines pre-coded firmware, real-time data, and WiFi...