Q&A: Siemens Industrial Security Exec on Cyber Priorities
It is not just the physical asset you are securing. You are also securing the types of data that flow across your wires.
Today, most industrial organizations do asset management with a clipboard, and, if they are lucky, an Excel spreadsheet. What that leaves behind, especially in OT deployment, is a whole swath of connected devices especially at the edge.
My advice is for organizations to mature their cyber asset management program incrementally. Where I think that begins is with this idea of prioritization.
You secure your most important assets and then, from there, think about how those assets interact with one another. Understand that interaction — and the corresponding data flows — require data classification systems.
What role do you see machine learning and artificial intelligence playing in industrial security?
Simonovich: We at Siemens think that AI and machine learning is an important approach by which to short-circuit some of the core problems in security.
When I talk to customers they will have eight different protocols, on average, if you are not counting what is homegrown. They will have legacy assets some of which are analog, some are digital — with digital often being bolted on.
What that means, is that it is important for the customer to take incremental steps to short circuit this problem. AI and machine learning give you that pathway. It allows you to work in an environment that otherwise is very complex. It establishes a baseline and from there, helps with detection. We, for example, partnered with a company called Darktrace that provides anomaly detection using unsupervised machine learning. And it does this in real time by learning what is happening and from there, detecting even the smallest variances in network traffic. Those variances, no matter how small they are, can have major consequences.
What is important is not just to have AI and machine learning to detect something, but in OT, to actually understand what that [thing] means. So for us, Darktrace does the detection. We’ll help guide, contextualize and understand what this means for the production environment. Whether this particular PLC or RTU sits in a production process, and what this could mean in the case of energy customers to plants and power outages.
Siemens has a significant digital twin initiative. How do you see digital twin technology changing the industrial security landscape?
Simonovich: To do monitoring and detection well, there are three pieces to the puzzle. You have to look at network data, control data and asset data. We at Siemens combine all three through our analytics for security.
Asset data is an indicator, whether it is the comparison between what the control system is saying the turbine should do and what the turbine is doing in real time.
We partnered with PAS, which looks at the control layer. Darktrace looks at the network layer. And of course, we are one of the largest producers of heavy machinery and turbines in the world.
We can adjust all three — not just ourselves but across our customer install base. And then give the customer insights into detection of anomalies but also contextualization of what is happening.
That is a similar concept to digital twins.