Unique partnership facilitates energy transition
By Keefe Borden05 January 2023
A relatively new partnership between Siemens Energy and Amazon Web Service (AWS) enables oil and gas operators to use digital technology to manage, monitor and troubleshoot physical assets. The partnership combines Siemens Energy’s Managed Detection and Response (MDR) with Amazon Web Services to give customers global scale and analytical horsepower over operating assets.
These assets can be used upstream, midstream or downstream at any operation worldwide, said Leo Simonovich Global Head, Industrial Cyber and Digital Security at Siemens Energy.
Siemens Energy’s MDR is an AI-driven cybersecurity monitoring and detection service purpose-built for industrial operating technologies (OT). The service creates and automatically monitors a unified data stream. It then uses machine learning to continuously monitor the relationships between variables in clients’ operational technology (OT) workflows, flagging anomalies for human analysts.
A rules-based engine drawing from Siemens Energy’s knowledge of OT systems enables MDR to prioritize the most consequential alerts, focusing human attention where it is most needed. Siemens Energy specialists assist clients in setting up MDR and tailoring monitoring to site-specific needs and provide monitoring services from a remote cybersecurity operations center (cSOC).
Need for security
The transition of the energy sector puts digitalization at its core. This, in turn, requires enormous computing power that comes from the cloud. “Yet, most customers are not ready to adopt the cloud for OT,” Simonovich said.
The primary reason is security. Operators have genuine concerns about data flows and the connectivity to real time assets. Siemens Energy’s partnership with AWS is designed to address those concerns.
“What we are aiming to do is to bring the capabilities of Siemens Energy, which has built an industrial cyberpractice focused on providing visibility, intelligence and insight to customers and help them protect their fleets with the analytic horsepower of AWS,” he said.
Another reason for the reluctance of many operators to adopt cloud-based cyber technology is that some systems are too much of a black box. Operators don’t feel they know where the data is coming from or how it is compiled or manipulated before they see it. In other cases, the switching costs of reconfiguring networks is too high.
“We aim to make it simple to get started with us,” Simonovich said. “Siemens Energy allows operators to get inside right away. We tell customers, ‘Send us your net flow data and we’ll look at it. We will get at least a baseline view of what is happening’.”
Now customers can access this service through the Amazon marketplace.
Comprehensive monitoring and detection
Siemens Energy is focused on an integrated approach that occurs as many of its customers fleets are changing as they enter new businesses and operate new assets.
EOS.ii, which drives the MDR, includes a detection engine and a contextualization engine. It understands an anomaly and how that would impact production.
Eos.ii is the purpose-built AI-based monitoring and detection platform for industrial cybersecurity. MDR is Managed Detection and Response, which is a service that uses Eos.ii to help clients secure their assets.
The software enables operators to straddle two worlds, the physical world and the digital world, at the same time. The operational technology draws from knowledge of the physical production process and asset characteristics while the IT side draws from the digital flow of data. The software takes in all of these different data streams that don’t speak the same language into a unified thread stream that gets contextualized for easy interpretation by human managers.
The software allows operators to overcome alarm fatigue and to get to the heart of what matters. The software understands how an asset behaves and where it sits in the production process, he said.
The combination of digital and physical technologies – and a clear understanding of how the two interact – enables Siemens Energy to identify operation issues that have potential cyber consequences. In one case, Siemens Energy helped a customer identify an anomaly in the digital data it was receiving. After investigating further, technicians determined its customers had server racks that were overheating because they were not configured correctly. “Over time that would degrade and have cascading effects that could lead to a shutdown,” he said.
The oil and gas industry was reminded of the need for secure networks and OT systems when the Colonial Pipeline Company shut down its system for six days in May 2021 in response to a ransomware attack.
At the time, the managers had an unusually blunt instrument to stop the malware: shut down the entire system. A more precise system like the MDR would enable the operator to pinpoint the malware, determine how it spreads through its network and then take a more surgical approach to isolating and removing it.
In response to the incident, U.S. regulators have put new rules in place for pipelines in the U.S. Operators have 24 hours to report an incident – and many operators are struggling to meet that requirement. “How do you know whether something is a real threat? You suspect there may be an incident, and we feel our customers’ pain when figuring this out.”
The new software uses AI to help determine if a real threat exists.
Since the partnership was announced six months ago, the response has been “overwhelming.” The industry has responded to two well known brands that, used together, can de-risk many operating decisions.