HOUSTON/MUNICH, May 24 (WNM staff) - Siemens and Chronicle, an Alphabet company, today announced a new partnership to protect the energy industry's critical infrastructure from increasingly sophisticated and malicious industrial cyber threats at Spotlight on Innovation, Siemens flagship U.S. technology and innovation conference. Through a unified approach that will leverage Chronicle's Backstory platform and Siemens' strength in industrial cyber security, the combined offering gives energy customers unparalleled visibility across information technology (IT) and operational technology (OT) to provide operational insights and confidentially act on threats.
According to SDX Central, Backstory is Chronicle’s cloud-based security information and event management (SIEM) product, announced the day before the annual security mega event, RSA Conference, in March. At the time Chronicle also announced a handful of Backstory’s early customers, and Siemens was one of them.
The platform is built on sister company Google’s infrastructure and provides a centralized location for companies to upload and store all of their security log information from endpoints, network devices, and cloud services. It then uses artificial intelligence (AI) and machine learning to analyze this data to detect and investigate potential threats.
The energy industry has historically been unable to centrally apply analytics to process data streams, cost-effectively store and secure data, and identify malicious threats within OT systems. Research conducted by Siemens and Ponemon Institute found that while 60 percent of energy companies want to leverage analytics, only 20 percent are utilizing any analytics to do security monitoring in the OT environment. Small and medium enterprises are particularly vulnerable to security breaches as they frequently do not have the internal expertise to manage and address increasingly sophisticated attacks.
"The innovative partnership between Siemens and Chronicle demonstrates a new frontier in applying the power of security analytics to critical infrastructure that is increasingly dependent on digital technology," said Leo Simonovich, Vice President and Global Head, Industrial Cyber and Digital Security at Siemens Gas and Power.
"Cyber-attacks targeting energy companies have reached unprecedented speeds, and our cutting-edge managed service unlocks the analytics ecosystem offering a new level of protection from potential operational, business and safety losses."
"Energy infrastructure is an obvious example of cyber-attacks affecting the physical world and directly impacting people's lives," said Ansh Patnaik, Chief Product Officer, Chronicle. "Backstory's security telemetry processing capabilities, combined with Siemens' deep expertise, gives customers new options for protecting their operations."
The partnership between Siemens and Chronicle will help energy companies securely and cost-effectively leverage the cloud to store and categorize data, while applying analytics, artificial intelligence, and machine learning to OT systems that can identify patterns, anomalies, and cyber threats. Chronicle's Backstory, a global security telemetry platform for investigation and threat hunting, will be the backbone of Siemens managed service for industrial cyber monitoring, including in both hybrid and cloud environments. This combined solution enables security across the industry's operating environment – from energy exploration and extraction to power generation and delivery.
Siemens Gas and Power (GP) is a global pacesetter in energy, helping customers to meet the evolving demands of today's industries and societies. GP comprises broad competencies across the entire energy value chain and offers a uniquely comprehensive portfolio for utilities, independent power producers, transmission system operators and the oil and gas industry. Products, solutions and services address the extraction, processing and the transport of oil and gas as well as power generation in central and distributed thermal power plants and power transmission in grids.
Partnership with TÜV SÜD
Siemens and TÜV SÜD have recently come together to address the growing risk of cyberattacks on critical infrastructure by collaborating to provide digital safety and security assessments, as well as industrial vulnerability assessments to help global energy customers identify asset risk and cybersecurity solutions.
Under this partnership, TÜV SÜD will offer digital assessments that incorporate Siemens as a provider of cybersecurity vulnerability assessments across the entire cyber asset management lifecycle. The digital assessments of industrial control systems in both the oil and gas and power generation sectors (nuclear applications excluded) will be vendor-agnostic, meaning they will not be limited to customers using products and technologies manufactured and supplied by Siemens.
Critical infrastructure in the energy sector continues to be a primary target for hackers. This new risk environment, with a record number of near-miss safety events at plants around the world, poses significant potential for damage to the health and safety of people, processes, plants and products. Cyber threats to the environment, finance and supply chains jeopardize the entire global economy. In this IoT-driven (Internet of Things) environment, where energy systems are increasingly connected, supplying data consolidation, visualization and evaluation, there is a heightened need for high-level trust and confidence in digital safety and security.
This is particularly relevant as cyberattacks are being executed more frequently, with higher level of sophistication, and at a lower cost. Increased connectivity magnifies the threat surface in energy systems. From Shamoon to Industroyer, to WannaCry, the need for a holistic cybersecurity solution should incorporate resiliency, hygiene and security by design.
"Leveraging TÜV SÜD's expertise in safety and Siemens's strength in digital security, redefines how energy companies will manage their growing physical and digital safety and security challenges," said John Tesoro, President and CEO of TÜV SÜD North America. "TÜV SÜD has a long history of driving innovation, and is now at the forefront of cybersecurity testing, inspection and certification. TÜV SÜD's role is consistent with the need for developing mandatory, independent third-party certification for critical infrastructure and solutions," added Tesoro.
"This is about reducing risk," says Leo Simonovich, Vice President and Global Head for Industrial Cyber and Digital Security at Siemens. "Together, we will redefine an approach that will lead to reduction in the growing risks in the digital world, reducing risk in the physical world as well. Combining safety and security to address the human element – and strengthen trust – will provide an unprecedented view into risk," says Simonovich.
In addition to this activity, both companies are also driving the Charter of Trust. As members of this global cybersecurity initiative, both Siemens and TÜV SÜD are committed to ensuring the security of a digital world. With 16 members, the Charter of Trust calls for binding rules and standards to build trust in cybersecurity and further advance digitalization. The Charter delineates 10 action areas in cybersecurity where governments and businesses must both become active.