Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

9/19/2017
10:50 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

Siemens' New ICS/SCADA Security Service a Sign of the Times

Major ICS/SCADA vendors are entering the managed security services business with cloud-based offerings for energy and other industrial sectors.

It's been seven years since the game-changer Stuxnet worm was unearthed and thrust the industrial control sector to a new reality where cyberattacks could sabotage even air-gapped physical plant operations.

Siemens, whose whose process control systems were targeted in the attack that ultimately sabotaged centrifuges in the Natanz nuclear facility in Iran, was among the first of the traditional ICS/SCADA vendors in the wake of Stuxnet to step up and build secure software development programs as well as roll out new products with built-in security features.

Now meet the next big thing for Siemens and other major ICS/SCADA equipment vendors: managed security services. Siemens today kicked up a notch its existing network monitoring and security services with the addition of anomaly detection technology from PAS that monitors all brands of industrial and computing equipment – not just its own - on a plant network.

Leo Simonovich, vice president for global cyber security for Siemens, says the newly enhanced managed security service – which includes monitoring, incident response, and management – is just the beginning, with more features on the horizon. The network monitoring capability in Siemens' service that launched earlier this year comes via its partnership with Darktrace.

"We have a vision to bring the best of breed technologies together" for visibility of OT [operational technology] networks, Simonovich says. "That means we have to monitor the network, monitor the control layer, and the assets themselves, like turbines," for example, he says.

"Control-level coverage solves a core problem for customers: they can't protect what they can't see."

It's been a long road for Siemens since Stuxnet. The firm in the wake of Stuxnet Siemens doubled down on patching its older and security flaw-ridden ICS/SCADA systems software and launched an internal CERT, as well as focusing on secure software development. In 2012, Siemens launched a new generation of ICS systems with built-in firewall and virtual private network features, the Simatic CP and Scalance communications processors, as well as a new secure router.

"Unfortunately, we were hit by Stuxnet, and since then our journey has been to more secure products" as well as security service offerings "irrespective of the vendor. That's what our customers are asking of us," Simonovich says.

Some of its counterparts also are expanding into cloud-based security services for ICS/SCADA operations. Rockwell Automation late last week launched new threat detection services that include similar features to what Siemens is now offering: real-time monitoring as well as asset management. The ICS/SCADA vendor built the service with with threat-detection software from startup Claroty.

Schneider Electric offers a cybersecurity protection service that automatically updates Schneider's products as well as third-party operating systems and endpoint security products with patches.

Security experts expect more of these traditional large ICS/SCADA vendors to roll out managed security service offerings, as the industrial sector faces new and more advanced threats that many of these organizations don't have the expertise nor experience to thwart.

Dale Peterson, founder and CEO of ICS firm Digital Bond, has been watching major ICS/SCADA vendors start to build more secure products since Stuxnet's discovery. Cloud services from these vendors could be the next trend, he notes, as these vendors look for new sources of revenue.

OT: Security Newbies

Many industrial, aka operational technology (OT), teams are still new to cybersecurity. "For many of them, OT is the core focus on on operations of that plant. Cybersecurity is not their day-to-day job," Siemens' Simonovich says. That's where Siemens hopes to step in with its managed security services, he says.

Not unlike IT's challenge, staying on top of all of the devices and software configurations and updates in an OT network has made these plant networks more vulnerable to attack.

Human error accounts for 70% of incidents in the OT environment, says Eddie Habibi, founder and CEO of PAS. "These systems are wide open to external attacks as well as internal human error," he says, which ups the ante for better visibility and management of them.

PAS's technology includes asset discovery and inventory, patch management, vulnerability assessment and recovery, and configuration and change management control, he notes, as well as analytics and visualization of all types of vendors' systems.

Proprietary ICS/SCADA systems not only are engineered differently, but often configured specifically for a certain plant environment based on operational performance requirements and other parameters, notes Siemens' Simonovich. "That's been a hard nut to crack," he says. "The network-level [monitoring] doesn't tell you if a PLC is behaving in a particular way to turn on or off a valve, for example," he says. That's something PAS's technology and Siemens' analytics features do via the new security service, he notes.

Meanwhile, anomaly detection vendors and products for the ICS/SCADA realm have exploded over the past year or so, with some 20-plus vendors crowding this space, notes Digital Bond's Peterson, who has tracked them. It's unclear whether industrial operators will go with these third-party vendors or their traditional ICS/SCADA vendors, he says.

"How successful [traditional ICS/SCADA vendors] will be is too early to know," Peterson says.

"Do you pick an ICS vendor or a traditional monitoring vendor, or some new specialized ICS monitoring vendor?" he says. "That's a harder choice" for operators than choosing ICS/SCADA equipment vendors, he says. "A lot of times smaller vendors have more expertise because it's all they do but they don't have access to … who engineered those [ICS/SCADA] products," for example, he says.

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
martin.george
50%
50%
martin.george,
User Rank: Apprentice
9/25/2017 | 11:13:23 AM
Serious?
That is really serious news, what can i say 
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment:   It's a PEN test of our cloud security.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7964
PUBLISHED: 2020-01-24
An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data (e.g., name, address, and previous orders of any other customer).
CVE-2020-5224
PUBLISHED: 2020-01-24
In Django User Sessions (django-user-sessions) before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the sess...
CVE-2020-7052
PUBLISHED: 2020-01-24
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
CVE-2014-4172
PUBLISHED: 2020-01-24
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service paramet...
CVE-2013-1597
PUBLISHED: 2020-01-24
A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials.