Ever since news of the Stuxnet virus broke a few years ago, Siemens has found itself front and center in the industrial cybersecurity news. In response, the company has worked to position itself as a leader in the field. At The Automation Conference 2013, well-known industrial control system (ICS) expert Eric Byres, who does not work for Siemens, made reference to Siemens being among the first to advise end users not to rely on air gaps as a security strategy.
Siemens now plans to take extend its commitment to control system security on an industry wide basis by creating a managed service offering based on three layers of defense-in-depth support: Industrial security services, security management, and products and systems. Though no formal date has yet been set for the launch of this service, Roger Hill, cybersecurity R&D for Siemens Industrial Security Services, says that the company is putting together a modularized approach to security that will cover assessment, implementation, operation and management across technology, processes and people.
The security service planned by Siemens will be a phased approach starting with an assessment to determine what needs to goes into the protection solution, according to Hill. To create this service, Siemens is “focusing on heterogeneous networks so that the service will work with any other vendor’s equipment” says Hill. He does admit that when it comes to hardening of control systems as part of the service, “we’ll be able to do more with Siemens products, of course.”
Hill also notes that Siemens is the only automation vendor to achieve Achilles Level 2 certification.
At Siemens’ Automation Summit 2013, another security presentation from Cimation’s Marco Ayala offered several ICS security tips and information such as:
• Get the Cyber Security Evaluation Tool (CSET)— a Department of Homeland Security product that provides users with a systematic and repeatable approach for assessing the security posture of their cyber systems and networks.
• Keep up with the ICS-CERT alerts and advisories service.
• Develop a disaster recovery plan for ICS and enterprise systems in case of attack. Make sure a budget is developed for this.
• Acrobat—used by nearly every manufacturer for plant floor documentation—is the most often attacked application. “Part of the problem is that many manufacturers are still using very old versions of it,” says Ayala.
• MS-ISAC cyber ops dashboard shows top 10 ports under attack. “Port 502, which is Modbus TCP, regularly appears on this list,” he says.
• “The key to good cybersecurity is knowing who is doing what with your system and knowing who is watching them,” says Ayala. “If the Internet is part of your system backbone in any way, you have to use encryption and constantly monitor access to system.”