Siemens and TÜV SÜD Create Blueprint for Energy Cybersecurity

May 10, 2019
Furthering the partnership they already have through the Charter of Trust, the two organizations are collaborating to provide digital safety and security assessments for critical infrastructure.

In many ways, cybersecurity is a mirror of safety; plenty of experts advocate a similar route to standard protocols and procedures to protect the castle from cyber incidents as they would from safety incidents. Looking at the potential effects of a cyber attack on critical infrastructure in the energy sector really brings this all to light. Becoming a primary target for hackers has exposed the sector to a record number of near-miss safety events at plants around the world, creating significant potential for harm to the health and safety of people, processes, plants and products.

With its roots around the work they’re doing together on the Charter of Trust, Siemens and TÜV SÜD are collaborating to address these concerns with a new approach they’re calling Digital Safety. Introduced this week at the Offshore Technology Conference (OTC) in Houston, the partnership will provide digital safety and security assessments, as well as industrial vulnerability assessments to help global energy customers identify asset risk and cybersecurity solutions.

TÜV SÜD will offer digital assessments that incorporate cybersecurity vulnerability assessments from Siemens. The offering is not limited to customers using Siemens technologies and products; it will include vendor-agnostic assessments of industrial control systems (ICSs) in both the oil and gas and power generation sectors (nuclear applications excluded).

Cyber attacks are coming more frequently, and they’re also getting increasingly sophisticated. Outlining the threat that they pose to the energy industry’s safety systems, Leo Simonovich, vice president and global head for industrial cyber and digital security at Siemens, used a high-profile attack in late 2018 as an example. In this case, attackers went after a Schneider Electric safety system at a petrochemical plant in Saudi Arabia. The speed with which the attackers traversed from IT to operations (OT) to safety was alarming, he said.

“Attacks are interchanging their techniques—leapfrogging from digital to physical and back again,” Simonovich said. They also typically involve some level of human error, he said, noting that insider threats make up an overwhelming majority of these attacks.

“What’s common between IT and OT attacks is human error,” Simonovich added. “We want to borrow the principles from safety and the principles of hygiene and awareness and bring those two together.”

The new approach that the two companies are teaming up on is aimed at minimizing the impact of human error, said John Tesoro, president and CEO of TÜV SÜD North America. They advocate understanding your risk and building your defense, but also point to lessons that cybersecurity can learn from standard safety measures. You need to gain visibility and situational awareness, and at the center of both is root cause analysis, Tesoro said. Similar to safety situations, employees need to report when they see something wrong, like another employee bringing in unauthorized portable media or forgetting to log off a terminal. Continual learning and training are important as well.

There’s a need for cybersecurity that incorporates resiliency, hygiene and security by design. “We’re combining core strengths that both companies have in order to bring a holistic approach for the energy industry,” said John Tesoro, president and CEO of TÜV SÜD North America. “We are leveraging our deep know-how across disciplines.”

With a redefined approach—combining safety and security to address the human element—Siemens and TÜV SÜD aim to reduce risks in the digital and physical worlds. Companies need to be looking at both safety and cybersecurity from a threat point of view as well as an impact point of view. “We hope through our partnership to change the conversation,” Simonovich said.

About the Author

Aaron Hand | Editor-in-Chief, ProFood World

Aaron Hand has three decades of experience in B-to-B publishing with a particular focus on technology. He has been with PMMI Media Group since 2013, much of that time as Executive Editor for Automation World, where he focused on continuous process industries. Prior to joining ProFood World full time in late 2020, Aaron worked as Editor at Large for PMMI Media Group, reporting for all publications on a wide variety of industry developments, including advancements in packaging for consumer products and pharmaceuticals, food and beverage processing, and industrial automation. He took over as Editor-in-Chief of ProFood World in 2021. Aaron holds a B.A. in Journalism from Indiana University and an M.S. in Journalism from the University of Illinois.

Companies in this Article

Sponsored Recommendations

Why Go Beyond Traditional HMI/SCADA

Traditional HMI/SCADAs are being reinvented with today's growing dependence on mobile technology. Discover how AVEVA is implementing this software into your everyday devices to...

4 Reasons to move to a subscription model for your HMI/SCADA

Software-as-a-service (SaaS) gives you the technical and financial ability to respond to the changing market and provides efficient control across your entire enterprise—not just...

Is your HMI stuck in the stone age?

What happens when you adopt modern HMI solutions? Learn more about the future of operations control with these six modern HMI must-haves to help you turbocharge operator efficiency...