Bringing Cybersecurity Defense to Energy Companies Large and Small
Siemens Energy brings cybersecurity defense to energy companies large and small.
Energy companies have a tricky problem to solve. They need to defend interconnected infrastructure from cyberattacks that can cause real-world damage. Over the next two years, 2.5 billion industrial devices are expected to be added to the energy system. That means they need to monitor and understand the relationships between digital commands and the real-world physical conditions of their operating equipment. That's a technical feat currently beyond the capabilities of most energy companies for a relatively simple reason: a lack of visibility into operating environments.
For industrial cybersecurity professionals, this lack of visibility into their operating environment creates blind spots are increasingly being exploited by malicious actors to launch cyberattacks on critical infrastructure.
A 2019 Ponemon Institute study surveying the energy sector's readiness to address this growing spectrum of cyberattacks found that 64% of respondents say sophisticated attacks, like ones designed by nation-states, are a top challenge. Moreover, 54% expect an attack on critical infrastructure in the next 12 months.
Most operating technologies (OT) and information technologies (IT) were never designed with cybersecurity in mind. In a very literal sense, they speak different languages. To find the telltale signs of a cyberattack in its early stages, cybersecurity analysts need to combine data streams from physical OT energy assets and IT networks, and then methodically sift through thousands of data points generated every minute of every day – a task nearly impossible without artificial intelligence (AI) and the right expertise.
That's why Siemens Energy launched a new service designed to provide the visibility and context needed for energy companies to monitor, detect, and ultimately prevent cyberattacks before they execute. The new offering, Managed Detection and Response (MDR), powered by Eos.ii™, draws on decades of experience in cybersecurity and more than a century and a half as a manufacturer of industrial operating equipment to provide a built-for-purpose solution for medium and small-sized energy companies.
For these energy companies, Siemens MDR solution is the first to offer AI-based technology and OT expertise that, until recently, was only available to companies with large research budgets. Applying machine learning enables unprecedented visibility into the operating environment and makes world-class cybersecurity finally scalable and affordable.
When more small and mid-sized companies can detect intruders in their networks, identify their intent and take swift recovery measures, the entire ecosystem is safer. And when critical infrastructure is well-defended and reliable, companies and customers alike get to profit from greater efficiencies, lower emissions, and innovative new prosumer-oriented smart devices, while making attacks on the energy sector less viable as a tool for criminal profit or geopolitical gain.
When more small and mid-sized companies can detect intruders in their networks, identify their intent and take swift recovery measures, the entire ecosystem is safer.
So, how does it work?
Collect, Unify, and Analyze Automatically
Siemens MDR automates the collection, translation and integration of real-time OT and IT data. This unified information stream flows into the Eos.ii platform, ready for systematic analysis by machine learning algorithms. Eos.ii™ is a Security Incident Event Management System (SIEMS) designed to provide AI-backed speed and scale for automated context of any anomalies that could represent a cyberattack. By design, it is interoperable and manufacturer-agnostic – so even though most energy industry worksites use equipment from several manufacturers, the Siemens MDR service can provide clear, automated visibility and context down to individual machines, or up to the whole-of-systems level.
Going beyond conventional monitoring, MDR can achieve a deeper understanding of how digital systems relate to the real world with Siemens' proprietary method, called Process Security Analytics (PSA). Using a unified IT-OT data stream, PSA's algorithms gather and synthesize information on real-time configuration changes, operational feedback, and human intervention to measure anomalous behavior and compare it against normally functioning energy assets. Where conventional network monitoring would only reveal a spike in traffic between two devices, Siemens MDR's PSA methodology reveals the significance of the spike. For example, if a device is frequently changing a turbine's speed beyond its design parameters, analysts would recognize this as an attempt to cause damage.
By constantly comparing the real-world data against a digital twin, AI-based tools prioritize the most consequential anomalies – deciding what requires attention and what can be safely ignored. This means Siemens MDR cybersecurity experts spend more of their time investigating anomalies and refining detection rules, and less time chasing down false positives or inconsequential events.
Examine Evidence, Leverage Intelligence and Activate Response
Armed with these tools, Siemens MDR analysts can quickly investigate and discover attacks, then provide recommendations for interventions that minimize the risk of disruption to operations. With a few clicks, analysts can see which systems are vulnerable, review known threats against similar equipment, and examine how the whole system will be affected. The result is scalable, precise analysis and reduced risk of outages.
Siemens MDR experts turn visibility and context into action. The teams that investigate anomalies have years of experience in plant operations, and – through hackathons – keep abreast of the latest threats and methods attackers use to compromise and map company networks. They are uniquely qualified to recognize attacks, assess the intent behind an attacker's actions, and understand how to intervene.
While most IT systems can physically withstand a no-notice shutdown, things are not so simple for industries, like energy, that have physical assets. In these environments, pulling the plug is an expensive proposition and often viewed as a last resort. Any defensive action to protect equipment has to account for its physical state, safety consequences, and the physical connections to other systems. Poorly thought out actions may cause irreparable damage.
That's why the MDR solution uses a response method called Precision Defense™ to deploy appropriate, targeted, and proportionate measures to correct and recover from a cybersecurity incident when they do occur. Siemens Energy's defenders – working hand in hand with onsite cyber experts – can contain an attack with the minimum impact on plant operations.