“We have to be able to eliminate the reactive break-and-fix solutions most of these companies live by and replace it with a proactive information-gathering approach,” Rai says, pointing out that better intel makes for better solutions and end results. “There is a wide chasm between what the security needs are in the manufacturing space and management’s approach to mitigating their risk.”
According to Raj, Siemens will take a three-pronged approach to help their clients coordinate their risk strategies in conjunction with its new managed security services unit. The Siemens team will provide the initial assessment and help the client understand their liabilities and develop a security roadmap. This process will begin with a comprehensive vulnerability assessment, followed by a gap analysis, threat assessment and a risk analysis.
Once the assessments have been completed and a plan of attack established, Siemens will work with the organization on implementing a holistic cyber security plan, which will include training, the development of security policies and procedures, and finally the implementation of appropriate security technology. But it is the third stage of the plan that Raj and his team are expecting to be the differentiating factor, as the MSS unit will look to ensure success by providing a continuous proactive strategy for management and operations. Real-time threat intelligence will be coming to the client through dashboards and alerts to expedite both incident detection and remediation.
“The goal here is to protect the life cycle of the manufacturer’s equipment. The manufacturing community is going up against threats from hackers and corporate espionage that they just aren’t prepared to address,” concludes Raj. “Mitigating these ongoing cyber security threats requires you to continually monitor your program –not just periodically upgrade your software and hardware. This is not the core competency of manufacturers. So the approach here will be to let our clients do what they do best and let Siemens worry about not only our installed solutions, but plans to protect their entire manufacturing process.”
Roger Hill, R&D manager for the Industrial Security Services division, further illustrates the stark contrast between threats faced by enterprise organizations and their manufacturing counterparts when noting that this MSS solution was exclusively created to meet the specific needs of the industrial controls market.
“Manufacturing is about protecting information, equipment and the process. It is about creating a safe solution that protects the redundancy, the uninterrupted process and the safe operation of the plant,” explains Hill. “For manufacturers, it is all about the up time!”