sogic 2018 - siemens... · 2020-05-31 · ics/scada environments sources: state of ot cybersecurity...
TRANSCRIPT
SOGIC 2018May 8, 2018 | Hyatt Regency, Calgary, Alberta
Siemens Industrial Cyber for EnergyPerpetual Vigilance for What’s Critical
www.siemens.com/industrial-securityUnrestricted © Siemens 2018
Unrestricted © Siemens AG 2018May 2018Page 3 SOGIC 2018
Rising number of cyber threatsto industrial control systems
67% believe the risk level to industrialcontrol systems over the past yearshas markedly increased becauseof cyber threats
Increased complexity of riskmanagement across value chain
61% say their organization hasdifficulty in mitigating cyber risksacross the oil and gas value chain
Risk migrating fromIT to OT environment
59% believe that there is nowa greater level of cyber risk inthe OT than in the IT environment
Industrial cyber is the new risk frontier in Energy
2012: Malware attempting to accessSCADA infiltrated Telvent systems
2014: Energetic Bear virus (Havex)infected ICS software updates
2014: Black Energy malwareinfiltrating 37% of US energy firms
2011: Virus Duqu collected indus-trial control system information
Source: State of OT Cybersecurity in the Oil and Gas Industry, 2017, SGT research
Unrestricted © Siemens AG 2018May 2018Page 4 SOGIC 2018
Most energy companies are not prepared to addressOT cyber risk …
What best describes the maturity levelof your organization’s cyber readiness?
Most organizations in earlyto middle stages
Limited visibilityacross OT asset base
Shortage of internalOT security expertise
Limited understandingof where infrastructureis most vulnerable
Difficulty of securingmulti-vendor, legacyOT assets
Inability to monitorand respond rapidlyto threats
IT solutions donot translate toOT environment
Energy organizations face similar painpoints in managing OT cyber programs
Source: State of OT Cybersecurity in the Oil and Gas Industry, 2017
9%Early Stage
29%
62%Middle Stage
Mature Stage
Unrestricted © Siemens AG 2018May 2018Page 5 SOGIC 2018
…and are struggling to effectively deploy and managetheir OT security programs
Inadequate manpower
60%of respondents say they do nothave enough staff to effectivelymeet the challenge
Limited visibility
84%of respondents say they do not have fullvisibility of potential vulnerabilities to theirICS/SCADA environments
Sources: State of OT Cybersecurity in the Oil and Gas Industry, 2017; Ponemon Institute, 2014 Critical Infrastructure Survey; Forrester purchased study, 2014
Lack of real-time information
83%of security professionals areconcerned about missingthreats between vulnerability scans
Inability to prioritize OT cyber risk
66%of responded say they lack a clearpicture of the risks required toaccurately prioritize and take action
Unrestricted © Siemens AG 2018May 2018Page 6 SOGIC 2018
Demand OT CyberSolutions
Leverage securityanalytics to getthe advantage
Overcome the Fearof Connectivity
Get cybertransparency
Assign ownershipfor OT
Secure the edge
that meet the uniqueperformance and safetyrequirements
as benefits of digitalizationare too great. Connectivityequals insight.
to baseline OT risk, hardenthe infrastructure andbegin to addressfundamentals
to drive the change againstthis complex and quicklygrowing problem
which in the world ofdigitalization has becomethe new center
as the sophistication andcomplexity of OT attackshas reached machinespeeds
Siemens Best Practices
The first steps to addressing industrial cyber areto understand the OT risk, get transparency and harden defenses
Unrestricted © Siemens AG 2018May 2018Page 7 SOGIC 2018
Today's typical dilemma –Understanding security event data
Disconnected Data Repositories
Security and AssetMonitoring
Scheduled andUnplannedOutages/Maintenance
Production(historical/forecast)
NetworkAdmins
Cumbersomecollection of qualitysecurity data
AssetOwners
Security perfor-mance difficultto benchmark
O&MStaff
No access to fullinformation forsecurity decisions
All usergroups
Different referencepoints and inputdata for accuratesecurity diagnostic
Information out of contextis often irrelevant
1
1
1
1
1
1
1
11
1
1
1
1
1
11
11
1
1
1
1
11
00
0 0
0
0
0
0
0 0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
11
10101
0
0
1
1
01
1
00
0
11
0
0
0
1
1
0
1
11
1
0101
00
Unrestricted © Siemens AG 2018May 2018Page 8 SOGIC 2018
Siemens has built a dedicated Energy cyber portfolio to addresscustomer needs at every point in the journey
• Cyber Gap Assessment• Asset Inventory• Sec. Program Standup• Sec. Architecture Design
Step 1Evaluate
ConsultingServices
• Endpoint Hardening• Whitelisting Deployment• Secure Remote Access• Sec. Awareness Training• Cyber Security Center
SecurityProducts
Step 2Implement & Intervene
• Vulnerability Assessment• Penetration Testing• Incident ResponsePlan Testing
Step 3Test
ProfessionalServices
• Device and event monitoring• Advanced Threat Detection• Vulnerability Management• Cyber Asset Management• 24/7 incident response
Step 4Monitor & Maintain
ManagedServices
Siemens Cyber Offering for Energy
Unrestricted © Siemens AG 2018May 2018Page 9 SOGIC 2018
Siemens is leveraging its deep OT knowhow and DarktraceAI analytics to offer a first of its kind MSP
• Global collection of events• Monitoring and detection platforms (e.g. SIEM)• Experienced Cyber Analysts• Threat intelligence and forensics• Security management platform• Vulnerability mgmt. and global remediation
Assesssecurity
Managesecurity
Imple-ment
security
1 CDC in Milford, Lisbon and Munich
Milford, OH, USA
Lisbon, PRT
Munich, DEU
Shanghai, CHN
Cyber Defense CenterInternal knowledge as foundation …
OT Cyber Security Operation Center… for external Security Services
Customers Benefit
Serving Customers with a Global Footprint
RespondInvestigateDetect • Self-learning; no configuration• Advanced Threat Detection• Stop or slow down threats without
disrupting operations• Passive, non-obtrusive• Prioritizes threats through
correlation
Unrestricted © Siemens AG 2018May 2018Page 10 SOGIC 2018
Siemens MSP is powered by theDarktrace’s Industrial Immune System
Learns “self” in real-timeAnalyzes every individualuser, device andnetwork, usingunsupervisedmachine learning
Detects threats in networkDetects both insider and sophisti-cated external threats from withinthe network
Provides 100% visibilityVisualizes entire network, includingtraditional and non-traditional OT
Supports every protocoland standardIncludes Modbus,DNP3, OPC, ICCP,IEC-60870-5-104,IEC-61850, etc.
Works across all net-works and OT devicesWorks across IT, SCADA/ICSsystems, and IIoT
Offers unmatchedinsights into OTEmpowers organizationsto make smarter, fastersecurity decisions
Unrestricted © Siemens AG 2018May 2018Page 11 SOGIC 2018
Siemens provides automated inventory and configurationmanagement from PAS for multi-vendor asset visibility
Enables standardscomplianceDrives internal and regulatorystandards compliance (e.g.,ISA/IEC 62443, NERC-CIP,NEI 08-09, NIST & more)
Reduces incidentrecovery timeSpeeds recovery withbackups of criticalcontrol system data andhistorical change monitoring
Automates multi-vendorinventory managementMaintains industrialendpoint inventory for allmajor production-centricICS and IT-centric assets
Hardens industrial cyberassetsWorks across heterogeneousenvironment assuringsecurity patch currencyvia process automation
Detects unauthorizedchangeBaselines security configurationdata, identifies changes,and drives investigativeworkflows
Provides comprehensiveasset visibilityAutomates discovery ofnetworked and transientcyber assets inICS environments
Unrestricted © Siemens AG 2018May 2018Page 12 SOGIC 2018
Tenable vulnerability management backed by Siemens expertisehelps customers prioritize and manage OT risk
Thank youSOGIC 2018