enterprise| enterpriseauthorTom KrazitNoneAre you keeping up with the latest cloud developments? Get Tom Krazit and Joe Williams' newsletter every Monday and Thursday.d3d5b92349
×

Get access to Protocol

I’ve already subscribed

Will be used in accordance with our Privacy Policy

Power

Securing the grid: Siemens Energy will launch a cybersecurity service for the energy industry

The energy industry is embracing digital technology, but cybersecurity can be an afterthought at smaller companies. However, small security incidents can quickly turn into big problems.

Power lines

Utilities might know how to secure their physical equipment against outside threats, but they don't necessarily have the same skills on their payroll when it comes to cybersecurity.

Photo: Fré Sonneveld/Unsplash

Siemens Energy is hitting the ground running during its first week as a standalone company, announcing plans for a modern cybersecurity service designed for the small- and medium-size energy companies that increasingly rely on digitized equipment.

The Managed Detection and Response service will be unveiled Thursday morning during a virtual event hosted by the Atlantic Council. It promises to scan and monitor the breadth of digital equipment used by utilities, power distributors and energy generation companies for security threats and advise those customers on appropriate responses, said Leo Simonovich, vice president and global head of industrial cyber and digital security for Siemens Energy, in an exclusive interview with Protocol.

"What we wanted to do was to help address the essential problem of visibility, the basic premise that you cannot protect what you cannot see," Simonovich said.

As utilities around the world have introduced a greater mix of renewable energy sources into their systems and started their own version of the digital transformation efforts well underway in other parts of the economy, they often layer newer technology upon older systems and equipment that wasn't designed for the digital age. Those utilities might know how to secure their physical equipment against outside threats, but they don't necessarily have the same skills on their payroll when it comes to cybersecurity, Simonovich said.

That means the "attack surface" — the opportunities for cybersecurity threats created by adding more software to the mix — of a modern utility has increased quite a bit.

"With each new node, each new device being connected to the energy system, we're experiencing an opportunity, but we're introducing a potential pathway for an attacker to disrupt," Simonovich said.

Siemens' MDR system gathers data from software that runs large industrial machines as well as data running across traditional information networks to paint a baseline picture of "normal" activity at an energy company. It then uses machine-learning techniques to detect and respond to abnormal levels of activity, advising customers on the best course of action.

Machine learning is the buzzword du jour in cybersecurity, with some justification. The sheer volume of threats to modern digital systems grows every day, and it's nearly impossible for any human being to stay on top of that much activity. Security companies large and small are increasingly selling services that use powerful computers to recognize patterns and detect anomalies, reserving human interaction for only the most serious threats.

Larger companies with bigger budgets often have similar systems already in place, but Siemens Energy is targeting this service at companies that haven't been able to afford the software or talent required to operate such a system, Simonovich said.

"We are only as strong as our weakest link," he said. "Because of increased interdependence between large and small utilities, many of the attacks that we've seen have started with a small utility and cascaded out to the whole system."

Siemens' service will require a three-year subscription, and it will take a few months for the system to sketch a portrait of an energy company's footprint and determine a baseline level of activity, Simonovich said. Costs will be based on the number of power plants, substations or other key pieces of equipment that make up an energy company's infrastructure.

Shares of Siemens Energy made their debut on the Frankfurt stock market on Monday. The company, which makes industrial power-generation equipment used by around 20% of the world's energy companies, has around 91,000 employees.

Politics

'Woke tech' and 'the new slave power': Conservatives gather for Vegas summit

An agenda for the event, hosted by the Claremont Institute, listed speakers including U.S. CTO Michael Kratsios and Texas Attorney General Ken Paxton.

The so-called "Digital Statecraft Summit" was organized by the Claremont Institute. The speakers include U.S. CTO Michael Kratsios and Texas Attorney General Ken Paxton, as well as a who's-who of far-right provocateurs.

Photo: David Vives/Unsplash

Conservative investors, political operatives, right-wing writers and Trump administration officials are quietly meeting in Las Vegas this weekend to discuss topics including China, "woke tech" and "the new slave power," according to four people who were invited to attend or speak at the event as well as a copy of the agenda obtained by Protocol.

The so-called "Digital Statecraft Summit" was organized by the Claremont Institute, a conservative think tank that says its mission is to "restore the principles of the American Founding to their rightful, preeminent authority in our national life." A list of speakers for the event includes a combination of past and current government officials as well as a who's who of far-right provocateurs. One speaker, conservative legal scholar John Eastman, rallied the president's supporters at a White House event before the Capitol Hill riot earlier this month. Some others have been associated with racist ideologies.

Keep Reading Show less
Emily Birnbaum

Emily Birnbaum ( @birnbaum_e) is a tech policy reporter with Protocol. Her coverage focuses on the U.S. government's attempts to regulate one of the most powerful industries in the world, with a focus on antitrust, privacy and politics. Previously, she worked as a tech policy reporter with The Hill after spending several months as a breaking news reporter. She is a Bethesda, Maryland native and proud Kenyon College alumna.

Protocol | Enterprise

Don’t worry about the cybersecurity fallout of the Capitol breach

Members of Congress can't access classified information on their work computers, and the chances that Wednesday's mob contained a few moonlighting cyberspies are slim.

Any lasting cybersecurity damage from the breach is likely to be limited.

Photo: Louis Velazquez/Unsplash

Among the disasters that visited Capitol Hill on Wednesday, the fact that the people who infiltrated Congressional offices had unfettered access to IT assets for several hours ranks rather low.

One of the most iconic images of Wednesday's events was a picture of the home screen of Speaker Nancy Pelosi's office computer, abandoned in haste after a mob broke into the Capitol building, forcing Congress and staffers to retreat to safer locations. By design, nothing on Pelosi's computer was classified: Members of Congress have to enter a protected area room in the building to view secret documents, as you'll recall from last year's impeachment proceedings when several House Republicans stormed into such a room in protest because they were denied access to documents their leaders could access.

Keep Reading Show less
Tom Krazit

Tom Krazit ( @tomkrazit) is a senior reporter at Protocol, covering cloud computing and enterprise technology out of the Pacific Northwest. He has written and edited stories about the technology industry for almost two decades for publications such as IDG, CNET, paidContent, and GeekWire. He served as executive editor of Gigaom and Structure, and most recently produced a leading cloud computing newsletter called Mostly Cloudy.

Power

Van Buren v. United States: The SCOTUS case splitting the privacy world in two

The court will hear oral arguments Monday in a case that could expand what's considered a computer crime and strengthen the power of big tech companies.

Van Buren v. U.S. could have sweeping consequences for the future of internet safety and the power tech companies have over their users.

Photo: Mark Wilson/Getty Images

The country's foundational anti-hacking law — the Computer Fraud and Abuse Act — faces a major test Monday, as the Supreme Court prepares to hear arguments in a case that could radically broaden the scope of what's considered a computer crime and expand the power that companies have over their users.

The case, Van Buren v. United States, has divided frequent allies in the security and privacy space. On one side are groups like the Electronic Frontier Foundation and the American Civil Liberties Union, who argue that expanding the interpretation of the CFAA could make research conducted by cybersecurity experts and journalists alike illegal, paving the way for increased legal action by tech companies. On the other are groups like the Electronic Privacy Information Center and a raft of prominent privacy scholars who emphasize that the case before the court involves a law enforcement official using a government database to commit a serious privacy breach — behavior they say the law does and should prohibit.

Keep Reading Show less
Issie Lapowsky
Issie Lapowsky (@issielapowsky) is a senior reporter at Protocol, covering the intersection of technology, politics, and national affairs. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University’s Center for Publishing on how tech giants have affected publishing. Email Issie.
Protocol | Enterprise

The most interesting man at Microsoft

A skier and racing driver who's broken 26 bones, as well as protector of one of the world's most valuable companies. Bret Arsenault has plenty to talk about.

Bret Arsenault took a sabbatical from Microsoft in late 2001 to join the endurance car racing circuit.

Photo: Courtesy of Bret Arsenault

Bret Arsenault doesn't like cheese.

But for Microsoft's chief information security officer, a distaste for dairy produce isn't born out of a limited diet from two months of stay-at-home orders. No: He grew up in a housing project, dependent on food assistance that included 5-pound blocks of "government cheese." Which, believe it or not, he says isn't very good.

Keep Reading Show less
Tom Krazit

Tom Krazit ( @tomkrazit) is a senior reporter at Protocol, covering cloud computing and enterprise technology out of the Pacific Northwest. He has written and edited stories about the technology industry for almost two decades for publications such as IDG, CNET, paidContent, and GeekWire. He served as executive editor of Gigaom and Structure, and most recently produced a leading cloud computing newsletter called Mostly Cloudy.

People

‘Begin with the assumption of breach’: Rep. Will Hurd on COVID-19 cyber threats

The Texas Republican talks tensions with China, the risks of remote work, and the coming tech brain drain on Capitol Hill.

U.S. Rep. Will Hurd, pictured here during the impeachment inquiry in 2019, says the federal government and the business sector can improve information-sharing on cyber threats: "Unfortunately, right now, when it comes to information-sharing, we still think like my old world in the intelligence community."

Photo: Samuel Corum — Pool/Getty Images

With millions of Americans working remotely from unsecured devices, China facing accusations that it is seeking to steal research on COVID-19 vaccines, and a presidential election just months away, the United States is facing an onslaught of cyber threats. In Congress, few lawmakers have as deep an understanding of those threats as Rep. Will Hurd, the Texas Republican.

Before taking office in 2015, Hurd spent several years as a CIA officer and several more as a private cybersecurity consultant. As a lawmaker, he's continually pressed for legislation to improve America's cyber defenses and modernize government technology. Now, as Hurd prepares to leave Congress at the end of 2020, his technical expertise is arguably more needed than ever.

Keep Reading Show less
Issie Lapowsky
Issie Lapowsky (@issielapowsky) is a senior reporter at Protocol, covering the intersection of technology, politics, and national affairs. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University’s Center for Publishing on how tech giants have affected publishing. Email Issie.
Latest Stories