Tenable Inc. and Siemens have entered a strategic partnership to deliver industrial cybersecurity solutions to energy, utilities and oil and gas companies. The agreement revolves around Tenable’s Industrial Security offering, which Siemens will deliver as a service with the aim of helping companies secure and protect their critical operational technology (OT) assets.
Industrial organizations should start with the basics and reduce their attack surface. That starts with first understanding and accepting that the risk is real.
The agreement is a response to the rising cyber threat facing industrial systems. The number of cyberattacks worldwide continues to grow, with OT becoming a growing target and comprising 30 percent of all cyberattacks, according to recent research conducted by Ponemon Institute on the state of cybersecurity in the U.S. oil and gas industry. The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) issued an official alert last month, citing advanced persistent threat (APT) actions targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors.1
Industrial Security from Tenable provides asset discovery and vulnerability detection purpose-built for industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems. Using passive network monitoring based on Tenable’s Nessus Network Monitor, designed for critical systems which require a nonintrusive approach to vulnerability detection, the OT-native solution helps identify and prioritize OT risks so organizations can keep safety-critical production assets secure and fully functional.
Following the announcement of the Tenable-Siemens partnership, Flow Control discussed the state of industrial cybersecurity with Ray Komar, vice president of Technical Alliances for Tenable, and Leo Simonovich, vice president and global head of Industrial Cyber and Digital Security, Siemens Energy. The conversation helped shed some light on what is the monumental task of cyber securing today’s industrial systems.
What does the recent DHS warning about cyber threats to critical infrastructure tell us about the state of industrial cybersecurity?
This is just the latest example of cyber threats targeting critical infrastructure, and another reason that organizations need to consider operational technologies (OT) an important piece of the modern attack surface. It’s yet another data point that the exposure is real, and the state of industrial cybersecurity needs to mature quickly.
What are the primary challenges OT faces in addressing the cybersecurity challenge?
There are five primary challenges of securing OT, all revolving around basic cyber hygiene. First, the mistaken belief that OT environments are not exposed because they’re “air gapped." The second is a lack of knowledge of the assets that make up your OT environment. Third, not knowing what exposures those assets introduce into your OT environment. Fourth, a lack of an effective and ongoing remediation/mitigation strategy. Lastly, there’s a huge shortage of skilled cybersecurity professionals working in OT environments.
How are cyber threats on the OT side of industrial organizations different, if at all, from what we would typically see on the IT side?
The cyber threats impacting OT are conceptually similar to the IT side. There are technical nuances that differ based on the technology stack that attackers are targeting, but the methods of attacks are not wholly different. What is different, obviously, are the possible consequences of a successful attack.
How much, if any, collaboration needs to happen between IT and OT to effectively protect an industrial organization from cyber threats? Or are IT and OT cybersecurity completely independent practices?
OT and IT need to work very collaboratively. IT and OT are both critical pieces of the modern attack surface and the security challenges need to be addressed holistically. We need to defend organizations from mounting cyber threats, but trying to do so in silos is a recipe for failure.
If you could recommend any specific actions an industrial organization can take in the near term to more effectively protect against cyber threats, what would your top recommendations be?
Industrial organizations should start with the basics and reduce their attack surface. That starts with first understanding and accepting that the risk is real. Then, they need to discover the assets in their OT environment, assess them for issues that increase cyber exposure, analyze the business impact of those issues and put a remediation plan in place. This needs to happen on a continuous and ongoing basis.
What does the partnership between Siemens and Tenable mean for customers who are facing industrial cybersecurity challenges?
We believe that together, Tenable and Siemens make it easier for our joint customers to more effectively manage the cyber exposure of their OT environments, increase their operational resiliency and do so in a cost effective way.
How do you see the industrial cybersecurity landscape evolving over the next five years? How do you envision the threats and level of organizational preparation changing as we look to the future?
We think that the next five years are going to be critically important for industrial cybersecurity. Digitalization will continue to impact OT environments, while attackers will launch more sophisticated attacks targeting critical infrastructure. As a result, organizations will recognize the importance of industrial cybersecurity, and increasingly acquire tailored solutions that help them manage their cyber exposure and increase their resiliency.
Matt Migliore is director of content strategy for the Process Flow Network. He has covered technology and industry for 15 years. He can be reached at [email protected] or 484-255-9032.
1. "Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors" US-Cert, https://www.us-cert.gov/ncas/alerts/TA17-293A.