Home

Siemens to Roll Out Industrial Control Security Service

July 1, 2013

Given that industrial cybersecurity is a global, multi-vendor concern, Siemens announces plans at its Automation Summit 2013 to deliver managed services for defense-in-depth control security. Numerous pieces of security advice were also offered at the conference.

David Greenfield, editor in chief

Siemens to Roll Out Industrial Control Security Service — Cimation's Marco Ayala presenting at Siemens Automation Summit 2013.

Ever since news of the Stuxnet virus broke a few years ago, Siemens has found itself front and center in the industrial cybersecurity news. In response, the company has worked to position itself as a leader in the field. At The Automation Conference 2013, well-known industrial control system (ICS) expert Eric Byres, who does not work for Siemens, made reference to Siemens being among the first to advise end users not to rely on air gaps as a security strategy.

Siemens now plans to take extend its commitment to control system security on an industry wide basis by creating a managed service offering based on three layers of defense-in-depth support: Industrial security services, security management, and products and systems. Though no formal date has yet been set for the launch of this service, Roger Hill, cybersecurity R&D for Siemens Industrial Security Services, says that the company is putting together a modularized approach to security that will cover assessment, implementation, operation and management across technology, processes and people.

The security service planned by Siemens will be a phased approach starting with an assessment to determine what needs to goes into the protection solution, according to Hill. To create this service, Siemens is “focusing on heterogeneous networks so that the service will work with any other vendor’s equipment” says Hill. He does admit that when it comes to hardening of control systems as part of the service, “we’ll be able to do more with Siemens products, of course.”

Hill also notes that Siemens is the only automation vendor to achieve Achilles Level 2 certification.

At Siemens’ Automation Summit 2013, another security presentation from Cimation’s Marco Ayala offered several ICS security tips and information such as:

• Get the Cyber Security Evaluation Tool (CSET)— a Department of Homeland Security product that provides users with a systematic and repeatable approach for assessing the security posture of their cyber systems and networks.

• Keep up with the ICS-CERT alerts and advisories service.

• Develop a disaster recovery plan for ICS and enterprise systems in case of attack. Make sure a budget is developed for this.

• Acrobat—used by nearly every manufacturer for plant floor documentation—is the most often attacked application. “Part of the problem is that many manufacturers are still using very old versions of it,” says Ayala.

• MS-ISAC cyber ops dashboard shows top 10 ports under attack. “Port 502, which is Modbus TCP, regularly appears on this list,” he says.

• “The key to good cybersecurity is knowing who is doing what with your system and knowing who is watching them,” says Ayala. “If the Internet is part of your system backbone in any way, you have to use encryption and constantly monitor access to system.”

About the Author

David Greenfield, editor in chief | Editor in Chief

David Greenfield joined Automation World in June 2011. Bringing a wealth of industry knowledge and media experience to his position, David’s contributions can be found in AW’s print and online editions and custom projects. Earlier in his career, David was Editorial Director of Design News at UBM Electronics, and prior to joining UBM, he was Editorial Director of Control Engineering at Reed Business Information, where he also worked on Manufacturing Business Technology as Publisher.