Keeping Assets Safe From Cyber Attacks
By Roberta Prandi20 September 2017
Siemens has announced an agreement with U.S.-based PAS Global, a global provider of industrial control system (ICS) cybersecurity solutions, to provide fleetwide, real time monitoring for control systems.
The agreement will provide customers with the deep analytics required to identify and inventory proprietary assets and the visibility to detect and respond effectively to attacks across the operating environment, Siemens said.
Eddie Habibi, founder and CEO of PAS Global, said that the oil and gas and power industries are facing challenges in cybersecurity which are essentially a heritage of the last 40 years. “Companies have installed control systems that are highly proprietary, very complex, from multiple vendors and from different generations,” said Habibi. “The real challenge now is how do you to secure so very diverse operating systems and legacy pieces of equipment?”
According to Habibi, visibility is the key criteria in operational cybersecurity, with the need to assess and monitor all the installed field instrumentation used to gather information and enabling actions and network devices. “The biggest challenge we hear from customer is having visibility of all the devices in the plant,” he said. “It is impossible to secure assets without a clear picture. It would be not much different than securing your house without knowing how many windows and doors you have or where exactly they are located.”
The Siemens-PAS global strategic partnership is intended to bridge the visibility gap for distributed, legacy control assets to provide a comprehensive view into fleet security. Focused on gathering detailed configuration data down to the sensor, the Siemens-PAS partnership will enable customers to secure proprietary systems guarding against cyberattacks as well as unauthorized engineering changes, Siemens said.
Leo Simonovich, Siemens vice president for Global Cyber Security, said that Siemens has an inherent and holistic understanding of how to manage cyber risk in complex operating environments and will integrate PAS Global in its monitoring capabilities. “Pas Global is able to monitor control systems at fleet level, while Siemens has the know-how and industrial experience to provide unparalleled monitoring capabilities to its customers,” Simonovich said. “Siemens applies advanced analytics and integrates different data streams. We then take those into actionable intelligence which customers can use to make smart decisions of their operational risk.”
PAS Global said it has solved operational and security challenges for chemical, refining and power companies across the globe for more than two decades. Its Cyber Integritysolution provides foundational inventory management that covers all the major cyber assets found in plants today. The solution detects new or missing devices, aggregates configuration data at the asset level, baselines security-related data to monitor for change, and captures system interdependencies.
Siemens cited recent research conducted by Ponemon Institute on the state of cybersecurity in the U.S. oil and gas industry, which said the deployment of cybersecurity measures in the industry isn’t keeping pace with the growth of digitalization in oil and gas operations. Just 35% of survey respondents rated their organization’s operational technology cyber readiness as high. Sixty-eight percent of respondents said their organization experienced at least one cyber compromise, while 61% said their organization’s industrial control systems protection and security is not adequate.