Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

9/19/2017
10:50 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

Siemens' New ICS/SCADA Security Service a Sign of the Times

Major ICS/SCADA vendors are entering the managed security services business with cloud-based offerings for energy and other industrial sectors.

It's been seven years since the game-changer Stuxnet worm was unearthed and thrust the industrial control sector to a new reality where cyberattacks could sabotage even air-gapped physical plant operations.

Siemens, whose whose process control systems were targeted in the attack that ultimately sabotaged centrifuges in the Natanz nuclear facility in Iran, was among the first of the traditional ICS/SCADA vendors in the wake of Stuxnet to step up and build secure software development programs as well as roll out new products with built-in security features.

Now meet the next big thing for Siemens and other major ICS/SCADA equipment vendors: managed security services. Siemens today kicked up a notch its existing network monitoring and security services with the addition of anomaly detection technology from PAS that monitors all brands of industrial and computing equipment – not just its own - on a plant network.

Leo Simonovich, vice president for global cyber security for Siemens, says the newly enhanced managed security service – which includes monitoring, incident response, and management – is just the beginning, with more features on the horizon. The network monitoring capability in Siemens' service that launched earlier this year comes via its partnership with Darktrace.

"We have a vision to bring the best of breed technologies together" for visibility of OT [operational technology] networks, Simonovich says. "That means we have to monitor the network, monitor the control layer, and the assets themselves, like turbines," for example, he says.

"Control-level coverage solves a core problem for customers: they can't protect what they can't see."

It's been a long road for Siemens since Stuxnet. The firm in the wake of Stuxnet Siemens doubled down on patching its older and security flaw-ridden ICS/SCADA systems software and launched an internal CERT, as well as focusing on secure software development. In 2012, Siemens launched a new generation of ICS systems with built-in firewall and virtual private network features, the Simatic CP and Scalance communications processors, as well as a new secure router.

"Unfortunately, we were hit by Stuxnet, and since then our journey has been to more secure products" as well as security service offerings "irrespective of the vendor. That's what our customers are asking of us," Simonovich says.

Some of its counterparts also are expanding into cloud-based security services for ICS/SCADA operations. Rockwell Automation late last week launched new threat detection services that include similar features to what Siemens is now offering: real-time monitoring as well as asset management. The ICS/SCADA vendor built the service with with threat-detection software from startup Claroty.

Schneider Electric offers a cybersecurity protection service that automatically updates Schneider's products as well as third-party operating systems and endpoint security products with patches.

Security experts expect more of these traditional large ICS/SCADA vendors to roll out managed security service offerings, as the industrial sector faces new and more advanced threats that many of these organizations don't have the expertise nor experience to thwart.

Dale Peterson, founder and CEO of ICS firm Digital Bond, has been watching major ICS/SCADA vendors start to build more secure products since Stuxnet's discovery. Cloud services from these vendors could be the next trend, he notes, as these vendors look for new sources of revenue.

OT: Security Newbies

Many industrial, aka operational technology (OT), teams are still new to cybersecurity. "For many of them, OT is the core focus on on operations of that plant. Cybersecurity is not their day-to-day job," Siemens' Simonovich says. That's where Siemens hopes to step in with its managed security services, he says.

Not unlike IT's challenge, staying on top of all of the devices and software configurations and updates in an OT network has made these plant networks more vulnerable to attack.

Human error accounts for 70% of incidents in the OT environment, says Eddie Habibi, founder and CEO of PAS. "These systems are wide open to external attacks as well as internal human error," he says, which ups the ante for better visibility and management of them.

PAS's technology includes asset discovery and inventory, patch management, vulnerability assessment and recovery, and configuration and change management control, he notes, as well as analytics and visualization of all types of vendors' systems.

Proprietary ICS/SCADA systems not only are engineered differently, but often configured specifically for a certain plant environment based on operational performance requirements and other parameters, notes Siemens' Simonovich. "That's been a hard nut to crack," he says. "The network-level [monitoring] doesn't tell you if a PLC is behaving in a particular way to turn on or off a valve, for example," he says. That's something PAS's technology and Siemens' analytics features do via the new security service, he notes.

Meanwhile, anomaly detection vendors and products for the ICS/SCADA realm have exploded over the past year or so, with some 20-plus vendors crowding this space, notes Digital Bond's Peterson, who has tracked them. It's unclear whether industrial operators will go with these third-party vendors or their traditional ICS/SCADA vendors, he says.

"How successful [traditional ICS/SCADA vendors] will be is too early to know," Peterson says.

"Do you pick an ICS vendor or a traditional monitoring vendor, or some new specialized ICS monitoring vendor?" he says. "That's a harder choice" for operators than choosing ICS/SCADA equipment vendors, he says. "A lot of times smaller vendors have more expertise because it's all they do but they don't have access to … who engineered those [ICS/SCADA] products," for example, he says.

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
martin.george
50%
50%
martin.george,
User Rank: Apprentice
9/25/2017 | 11:13:23 AM
Serious?
That is really serious news, what can i say 
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15138
PUBLISHED: 2019-09-20
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
CVE-2019-6145
PUBLISHED: 2019-09-20
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs ...
CVE-2019-6649
PUBLISHED: 2019-09-20
F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.
CVE-2019-6650
PUBLISHED: 2019-09-20
F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings.
CVE-2014-10396
PUBLISHED: 2019-09-20
The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php.