By Gregory Hale
Safety and cyber and physical security go hand in hand and, knowing that, Siemens and TÜV SÜD are partnering to handle the increased level of risk facing critical infrastructure environments.
The partnership will provide digital safety and security assessments, as well as industrial vulnerability assessments to help global energy users identify asset risk and cybersecurity solutions.
TÜV SÜD will offer digital assessments that incorporate Siemens as a provider of cybersecurity vulnerability assessments across the entire cyber asset management lifecycle. The digital assessments of industrial control systems in both the oil and gas and power generation sectors will be vendor-agnostic, meaning they will not be limited to those using products and technologies manufactured and supplied by Siemens.
“Attacks against the industrial environments are growing at an exponential pace,” said Leo Simonovich, vice president and global head for industrial cyber and digital security at Siemens. “Cyber Attacks against operational technology could lead to a potential shutdown or worse, a potential safety event. As these attacks increase, we find attackers are hyper targeting energy companies that manage and operate critical infrastructure, including power plants, pipelines and refineries which are the backbone of our economy. The attackers are getting more sophisticated and brazen.”
Simonovich went on to say there are all types of intelligent phishing type of attacks which can end up attributed to people not having proper training.
“Most of the breaches have some type of human error involved in the attacks. Insider threats make up a majority of these attacks,” Simonovich said. “That is why Siemens and TUV SUD came together in a partnership to offer a different approach to industrial security. The digital and physical world will converge and attackers are interchanging their techniques and leapfrogging from physical to digital and then back again. We must develop new approaches to ensure malicious threats cannot cause havoc.”
The goal with the partnership is to leverage TÜV SÜD’s expertise in safety and Siemens’s abilities in digital security.
“We are calling this digital safety,” said John Tesoro, president and chief executive of TÜV SÜD North America. “We are looking at minimizing the impact of human error combining this with best practices from data security.”
Tesoro went on the say they are basing digital safety on five foundational cross disciplinary ideas:
1. Understand risk
2. Building your defense with deep resiliency
3. Gain visibility and situational awareness
4. Do something, say something, especially in internal situations
5. Continual learning and training so you can adapt
“Take visibility and situational awareness, in safety today, operators do event detection, alarming, and rapid response recovery, these practices should be blended in and visualized within a single painting within anomaly detection and incident response,” Tesoro said. “In the center is a root cause analysis allowing the operator to understand what is really happening and then take action.”
Tesoro said a recent TUV-Ponemon Institute survey found safety and security being the top customer priority to achieve business objectives.
“Because of the siloed thinking and siloed organizations’ complexity in building bridges between the disciplines and departments and functions within industrial companies, many struggle to get a handle on the industrial cyber threat. We hope the partnership can change the game. We will start with understanding the risk, the overall operational posture and then we will deploy a holistic methodology to help customers understand their combined risk.”