Siemens and PAS Team to Provide ICS Security in Energy

Sept. 19, 2017
With a focus on protecting the critical infrastructure industries of utilities and oil and gas, the partnership combines control system knowledge and analytics with deep domain expertise and response.

It takes a village to raise a child. It also takes a village to protect your assets. In the energy industry—where use of digital technologies is growing to help boost revenues and efficiencies, and where cyber attacks have become a foregone conclusion—utilities and oil and gas companies need all the help they can get.

Siemens and PAS announced today that they are working together to provide fleet-wide, real-time monitoring for control systems in the energy industry. As partners, they will be able to provide the deep analytics required to identify and inventory proprietary assets, and also the visibility to detect and respond effectively to attacks across the operating environment.

Organizations in these industries already know they have a problem. In a Ponemon Institute study released earlier this year about the state of the U.S. oil and gas industry, 66 percent of respondents said that digitalization has significantly increased their cyber risks, and 68 percent said their organizations have had at least one security compromise in the past year resulting in the loss of confidential information or operations disruption. “Energy is the most attacked vertical by a factor of 2,” says Leo Simonovich, vice president for global cybersecurity at Siemens.

And yet cybersecurity in the U.S. oil and gas industry is not keeping pace with the growth of digitalization. Nearly as many as say they know they have a problem say their organization’s industrial control system (ICS) protection is not adequate (61 percent).

The discrepancy points to the core talent of most energy companies, according to Simonovich. “They don’t know how to get started. They don’t know what’s proven,” he says. “They get pitched by vendors who sell what sounds like to them are similar things.”

Customers see cybersecurity as a top three issue, Simonovich says. “They know they have a problem,” he adds. “What they’re looking to us for is a solution set.”

The situation can be made worse by traditional IT cybersecurity companies leaping into operations technology (OT) without the domain knowledge. “In OT, the challenge is that the IT solutions don’t often work,” Simonovich says. “Patch deployment, if not tested, can bring down a power plant or refinery, and can be very costly—or worse.”

Siemens and PAS both bring a long history of OT system understanding and domain expertise. With more than 165 years in industrial technology, Siemens has deep domain knowledge in operations cybersecurity, security lifecycle management, plant monitoring and incident response. PAS has more than two decades of experience focused on safety in process industries, and has in more recent years brought that expertise into the security realm with its Cyber Integrity offering for foundational inventory management.

But the Siemens-PAS partnership entails more technology than just the two companies, given that Siemens’ managed services already pull multiple providers together for its customers. “Siemens has done a very good job of pulling together certain best-of-breed providers,” says Eddie Habibi, founder and CEO of PAS, noting how helpful it is for customers to have a single point of contact to work with.

The OT space is very large, and the cybersecurity scene mimics the automation scene itself. “We haven’t come across one company that has all the pieces of the technology,” Habibi says. “It’s very similar to the automation space itself. In a typical plant, there are at least 30 different systems and 130 applications. In cyber, there are five to 10 different sets of applications and appliances. Again, not a single company can pull all of it together.”

“We see ourselves as the glue that can bring those different solutions together, be the trusted partner with our customers, as well as the navigator,” Simonovich says. “It’s in part a technology challenge, but it’s also a management challenge. There’s no silver bullet, but our vision and goal is to bring the best-of-breed technologies to customers in an integrated way.”

Energy customers first need to address the issue of transparency—understanding what they have, prioritizing those assets, hardening the environment, and being able to monitor it, Simonovich says. “PAS brings the years of control systems knowledge and analytics around its Cyber Integrity tool suite,” he says. “Siemens brings insights and domain know-how to help understand what a breach could mean.”

Critical infrastructure is an important cybersecurity concern for the U.S. government, Habibi notes. “Power generation, distribution and transmission, as well as oil and gas, are key components. Water utilities and roads too,” he adds.

With Simonovich heading up cybersecurity specifically for Siemens’ energy business, the partnership with PAS is focused at this point on the energy sector. “I’m responsible for the energy vertical, but this is really a horizontal problem,” Simonovich says. “This is a critical infrastructure challenge.”

About the Author

Aaron Hand | Editor-in-Chief, ProFood World

Aaron Hand has three decades of experience in B-to-B publishing with a particular focus on technology. He has been with PMMI Media Group since 2013, much of that time as Executive Editor for Automation World, where he focused on continuous process industries. Prior to joining ProFood World full time in late 2020, Aaron worked as Editor at Large for PMMI Media Group, reporting for all publications on a wide variety of industry developments, including advancements in packaging for consumer products and pharmaceuticals, food and beverage processing, and industrial automation. He took over as Editor-in-Chief of ProFood World in 2021. Aaron holds a B.A. in Journalism from Indiana University and an M.S. in Journalism from the University of Illinois.

Companies in this Article

Sponsored Recommendations

Why Go Beyond Traditional HMI/SCADA

Traditional HMI/SCADAs are being reinvented with today's growing dependence on mobile technology. Discover how AVEVA is implementing this software into your everyday devices to...

4 Reasons to move to a subscription model for your HMI/SCADA

Software-as-a-service (SaaS) gives you the technical and financial ability to respond to the changing market and provides efficient control across your entire enterprise—not just...

Is your HMI stuck in the stone age?

What happens when you adopt modern HMI solutions? Learn more about the future of operations control with these six modern HMI must-haves to help you turbocharge operator efficiency...