Figure 2. In the instance of an "unknown" access vector, forensic evidence could not point to a specific method of intrusion due to a lack of detection and monitoring capabilities within the compromised network. Source: NCCIC, 2015.
Siemens uses the following three-step process to build industrial cybersecurity programs for its customers:
- Assess: Analyze your present security environment and develop a security roadmap. This is always an eye-opening experience as companies typically do not have a comprehensive grasp of the nature of their industrial networks or what data could be compromised.
- Implement: Engineer, design, and implement a cybersecurity program based on your specific situation to protect the gaps between your level of protection and potential risk, creating a program that follows important industrial security standards such as ISA 99, IEC62443, NERC-CIP, and others. Siemens applies standards, best practices, and security frameworks resulting in a Defense-in-Depth approach which includes the use of Secure Automation Cells.
- Operate and Manage: Continuous detection and protection through proactive defense. Support is provided for maintaining your security posture against current and potential cyber threats. Your adversaries are intelligent, and they are always looking for new ways to get into your system.
An ongoing process
Ken Keiser is Practice Lead, Plant Security, for Siemens Industry, Inc. Ken has spent more than 30 years in the process control industries with Fischer & Porter, Bailey Controls, ABB, and Siemens. In the last five years, he has also concentrated in Industrial Cyber Security within the Siemens Process Automation segment. He has worked with ISA99 on various workgroups, is the Industrial Security liaison to key Siemens customers, and recently received his CISSP certification from (ISC)2. Ken has an Electrical Engineering degree from Drexel University and a Business Administration degree from Temple University.
Ongoing services for managing and maintaining your security against current and potential cyber threats are a critical element. A cybersecurity operations center such as the Siemens CSOC can provide 24/7 monitoring as well as operations and updates of deployed security controls based on real-time intelligence. Proactive monitoring and continuous security management reduces the risk of production loss and equipment damage caused by cybersecurity threats and protects intellectual property, company reputation, and brand image.
In addition, on-demand remote-incident-handling support should be implemented, ideally with ICS cybersecurity experts available to respond quickly to support you in executing forensic investigations, containing possible damages to your environment, and eradicating risks.
When industrial manufacturing leaders partner with effective cybersecurity services providers, they allow their internal resources to concentrate on the core business. They also provide protection for their company’s assets, people, and customers.
Reference:
1. National Cybersecurity and Communications Integration Center (NCCIC), 2015. "ICS-CERT Monitor, September 2014-February 2015."