A managed security service model in the physical security space is not a new concept. Physical security vendors and systems integrators have found that migrating services to either a cloud-based option or enhancing their customer service and value-added proposition can be a game-changer and a differentiator that increases revenue and ensures a loyal customer base.
Large security solutions providers like Tyco have been helping their customers improve their operating efficiencies through a suite of web-enabled commercial security services for some time. The managed security service helps clients manage everything from physical card access control and video surveillance, to alert notifications that can quickly spread emergency messaging via mobile devices.
But as the lines between physical and logical security systems continue to blur, IT-centric security vendors and integrators are now finding that managed security services might be a viable approach to addressing their client’s cyber security threats.
Siemens announced this week that it’s Industrial Security Services group is launching a Managed Security Service offering in the U.S that is aimed at providing continuous protection to manufacturing and industrial production environments. The offering includes assessment of security posture, implementation of recommended security measures and transitions into ongoing defense against rapidly evolving cyber security threats in Industrial Control System environments. The new program will first be introduced in the U.S. followed by Europe and Asia.
What makes the Siemens managed security services (MSS) unique is the fact that the initiative is being spearheaded by its Industrial Security Services group which is targeting the specific security requirements found in the manufacturing vertical market space. The cyber security needs of an Industrial Control System (ICS) environment differ from the enterprise requirements of corporate IT. In a production environment, availability is a key security goal. To ensure uninterrupted production and maximized uptime requires comprehensive protection of the people, processes and equipment.
The impacts of a successful attack can be serious, and include health, safety and ICS environmental impacts along with manipulation of data, IP theft, sabotage of production and plant downtime.
The goal of this new Siemens MSS approach is to offer its customers a holistic plan that will be more comprehensive and better able to integrate into an organization’s ongoing security and operations life cycle.
“Manufacturing is clamoring for best practices in this space. Cyber security has now grabbed the undivided attention of the C-Suite in almost every organization,” says Raj Batra, president of Siemens Industry Automation division. “With that C-level focus, the rest of the enterprise quickly follows suit, but they need help, and that’s where vendors like Siemens come in. Shareholders now expect that there be a mediation plan in place for mitigating risk.”
Batra explains that the challenges faced by operators of critical infrastructure facilities have become more complex and potentially more destructive. The threats are across the board, ranging from insider threats from disaffected employees and terrorists to domestic hackers and infiltration by nation states seeking proprietary data.
With these myriad threats come a wide range of impacts that might include:
• Unplanned downtime
• Loss of product or impaired quality
• Manipulation of data
• Unauthorized use of systems
• Employee death or injury
• Environmental damage
• Loss of intellectual property
• Damage to brand image
• Financial loss
When it comes to addressing the cyber security threats faced by many owner/operators in the industrial and manufacturing sectors, the challenges are even greater. Most are ill-equipped to deal with security issues, much less the barrage of new regulations that are testing their aging control systems and outdated corporate cultures that, in many instances, still foster partisan departmental silos and non-existent security budgets.