By Gregory Hale
Cybersecurity awareness is at an all-time high and more companies are coming to the realization an incident that could result in millions of dollars in damages is only a mouse click away. But industry is still at stage where it needs more of an understanding of what to do and when to do it.
“Cyber attacks in the industry are increasing,” said Eric Spiegel, president and chief executive at Siemens USA during Siemens Cybersecurity Growth Series Town Hall meeting at its Cybersecurity Operations Center (CSOC) just outside of Cincinnati, OH, Tuesday. “They are becoming more intense and two thirds of CEOs are saying it is top of mind. Boards are mandating more from companies to secure the business. Cyber is a small market for us (right now), but it is a much more important area for us.”
Spiegel talked about being a part of a contingent that met with President Barack Obama in the White House situation room a little while ago where they had a conversation on the importance of cybersecurity covering all industries, but especially the critical infrastructure.
“The President said this is one of the most serious economic challenges moving forward.”
If the President of the United States understands the importance, industry can’t be too far behind.
“Cybersecurity is an important topic, it is high on the list,” said Rajiv Sivaraman, vice president and head of plant security services. “We are in a stage where (users) are beginning and they are carving out an approach. This is for the top performing companies.”
He added one thing about security flies in the face of conventional thinking of the more you know, the better off you are. “When it comes to security, the more you know, the more you get scared.”
There are some industries like oil and gas where security is further along than others. That is because unplanned downtime caused by a cyber incident in the oil and gas industry can be costly so understanding the cost benefit analysis between risk and profit is always top of mind.
“It is all about risk,” said Judy Marks, executive vice president, global solutions, at oil and gas equipment provider Dresser-Rand, which Siemens acquired last year. “If production can be impacted, it can add up to billions of dollars real quick. The impact of an event can be very costly.”
Security is an evolution, but the movement is slow.
“Right now we are at the consulting and handholding to get a trusted relationship,” Sivaraman said. “Ultimately we want to scale to managed services. We are working with Booz Allen Hamilton at the C-level.”
The idea is to reach users from all levels. A company like Booz Allen Hamilton has more expertise at the executive level, while Siemens has huge experience at the manufacturing or Operations Technology (OT) area.
“In order to scale you have to advise the customer,” said Leo Simonovich, director, global cyber strategy at Siemens. “They don’t have a clear roadmap. Right now everything is around consulting. The future is about detection and response monitoring.”
With an increase in security awareness, there are solution providers coming at users from all angles, but how does that work in the OT environment?
“We can go in with the expertise,” said Ken Geisler, Siemens vice president of strategy & markets, energy management digital grid. “There are some outside vendors coming in, but you have the traditional players like GE and Schneider.”
Marks said in the oil and gas market, Siemens is looking to “leverage everything we can.” But the education level among everyone has to increase. One problem, she said, is service technicians, through no fault of their own, are not cyber savvy. “We understand the business; the IT providers come from the cyber side and we come from the OT side and sometimes there is a clash. We want to leverage what Siemens has to offer. Right now it is a patchwork quilt. We have all the pieces.”
Simonovich said Siemens does have a portfolio of security products on the market that focus on:
• Professional services
• Managed services
The goal now is to bring all the knowledge and expertise together.
“We do have quite a bit of capability, but we don’t have it together yet,” Spiegel said. The goal now, Simonovich said, is to figure out what Siemens has and then put it together and deliver it.
Along with users understanding and moving forward with a security plan to boost productivity gains, there is the looming potential of the Industrial Internet of Things (IIoT). That movement is just now starting to take off, but it will not be long before devices from all parts of the world are connecting. That just intensifies the security dilemma facing manufacturers.
“Like everywhere else in the manufacturing automation sector, the utility industry is moving to a more connected environment and that presents a problem in terms of cybersecurity,” Geisler said.
“There are many more points of access they have to deal with.” He mentioned things like smart meters connected to consumers’ house as being one example.
“The future is all about connectivity,” said Jeremy Bryant, Siemens U.S. general manager of the industrial communication business. “The goal is to establish connectivity without hurting productivity.”
Security issues have been around for decades in the IT environment, but attackers are just now getting to the point where they can figure out how to monetize an attack against a manufacturing environment. That means plants and facility are just now getting in attackers’ crosshairs.
“Industrial cybersecurity is the new frontier,” Simonovich said.