Siemens Energy is hitting the ground running during its first week as a standalone company, announcing plans for a modern cybersecurity service designed for the small- and medium-size energy companies that increasingly rely on digitized equipment.
The Managed Detection and Response service will be unveiled Thursday morning during a virtual event hosted by the Atlantic Council. It promises to scan and monitor the breadth of digital equipment used by utilities, power distributors and energy generation companies for security threats and advise those customers on appropriate responses, said Leo Simonovich, vice president and global head of industrial cyber and digital security for Siemens Energy, in an exclusive interview with Protocol.
"What we wanted to do was to help address the essential problem of visibility, the basic premise that you cannot protect what you cannot see," Simonovich said.
As utilities around the world have introduced a greater mix of renewable energy sources into their systems and started their own version of the digital transformation efforts well underway in other parts of the economy, they often layer newer technology upon older systems and equipment that wasn't designed for the digital age. Those utilities might know how to secure their physical equipment against outside threats, but they don't necessarily have the same skills on their payroll when it comes to cybersecurity, Simonovich said.
That means the "attack surface" — the opportunities for cybersecurity threats created by adding more software to the mix — of a modern utility has increased quite a bit.
"With each new node, each new device being connected to the energy system, we're experiencing an opportunity, but we're introducing a potential pathway for an attacker to disrupt," Simonovich said.
Siemens' MDR system gathers data from software that runs large industrial machines as well as data running across traditional information networks to paint a baseline picture of "normal" activity at an energy company. It then uses machine-learning techniques to detect and respond to abnormal levels of activity, advising customers on the best course of action.
Machine learning is the buzzword du jour in cybersecurity, with some justification. The sheer volume of threats to modern digital systems grows every day, and it's nearly impossible for any human being to stay on top of that much activity. Security companies large and small are increasingly selling services that use powerful computers to recognize patterns and detect anomalies, reserving human interaction for only the most serious threats.
Larger companies with bigger budgets often have similar systems already in place, but Siemens Energy is targeting this service at companies that haven't been able to afford the software or talent required to operate such a system, Simonovich said.
"We are only as strong as our weakest link," he said. "Because of increased interdependence between large and small utilities, many of the attacks that we've seen have started with a small utility and cascaded out to the whole system."
Siemens' service will require a three-year subscription, and it will take a few months for the system to sketch a portrait of an energy company's footprint and determine a baseline level of activity, Simonovich said. Costs will be based on the number of power plants, substations or other key pieces of equipment that make up an energy company's infrastructure.
Shares of Siemens Energy made their debut on the Frankfurt stock market on Monday. The company, which makes industrial power-generation equipment used by around 20% of the world's energy companies, has around 91,000 employees.