Electricity 2017 - התאגדות מהנדסי חשמל ... · Medium Cyber Maturity Organizations...

Electricity 2017Eilat, Israel | November 9, 2017

siemens.com/oil-gasUnrestricted © Siemens AG 2017

Unrestricted © Siemens AG 2017August 2017 CG PD OM

Securing the Energy SectorTable of contents

• Digitalization offers operational efficiencies

• Cyber threats are the new Energy risk frontier

• How to secure a complex digital production ecosystem

• Operational technology security methodology

• Helping organizations reduce risk and vulnerability


Digitalization Opportunities and Benefits

Focus on digitalization efforts resultin game-changing operational improvements

3.82

1.82

2.05

3.21

3.33

2.70

Energy

Chemicals

Telecom

Automotive

Construction

Manufacturing

Electronics2.35

Source: McKinsey and Co; Accenture; 1 = high, 2 = medium, 3 = low, 4 = rudimentary

Digitalization by Industry

Remote Operation

Industrial Internet of Things (Web of Systems)

Cloud applications

Big data analytics

Asset management and business analytics $80B

-25%

+11%

8%

Will be spent in the next24 months on operationalefficiency…

… that could lead toreduction in OPEX if smartlyspent on digital…

… and produce game-changing field recoveryrates …

… resulting in sustainedprofit increase


Rising number of cyber threatsto industrial control systems

67% believe the risk level to industrialcontrol systems over the past years hasmarkedly increased because of cyberthreats

Increased complexity of riskmanagement across value chain

61% say their organization hasdifficulty in mitigating cyber risksacross the oil and gas value chain

Risk migrating fromIT to OT environment

59% believe that there is nowa greater level of cyber risk inthe OT than in the IT environment

In a digital environment industrial cyber is the new risk frontier

2012: Malware attempting to accessSCADA infiltrated Telvent systems

2014: Energetic Bear virus (Havex)infected ICS software updates

2014: Black Energy malwareinfiltrating 37% of US energy firms

2011: Virus Duqu collected indus-trial control system information

Source: State of OT Cybersecurity in the Oil and Gas Industry, 2017, SGT research


Energy companies are not prepared …

Source: State of OT Cybersecurity in the Oil and Gas Industry, 2017

What best describes the maturity levelof your organization’s cyber readiness?

62%

29%

9%

Middle Stage

Early Stage

Mature Stage

O&G organizations face recurring painpoints in maturing OT cyber programs

Limited visibilityacross OT asset base

Shortage of internalOT security expertise

Lack of an OT-specific securitystrategy

Difficulty of securingmulti-vendor,legacy OT assets

Inability to monitorand respond rapidlyto threats

IT solutions donot translate toOT environment

Most organizations in earlyto middle stages


… with current Operational Technology (OT)programs leaving significant security gaps exposed

People

60%of respondents say they do nothave enough staff to effectivelymeet the challenge

Organizational

1 in 3respondents believe thereis full alignment betweenIT and OT on security operations

Processes

40%of respondents havecyber training and aware-ness initiatives in place

Solutions

Yet onlyuse this technology today20%63% of respondents view analytics

as effective/very effective



Low Cyber MaturityOrganizationsThe solutions viewed byrespondents as most effective …

Medium Cyber MaturityOrganizationsThe solutions viewed byrespondents as most effective …

High Cyber MaturityOrganizationsThe solutions viewed byrespondents as most effective …

Customers are looking to address fundamentalsbefore building advanced monitoring capabilities

Security policiesand training 50%

Firewall/IDS 56%

Endpointhardening 62%

Secureremoteaccess

36%

Assetmanagement 41%

On-site/remote SIEM

deployment47% 68%

50%

Securityanalytics

Managedintrusiondetection

Networksecurity

monitoring51%



How do you secure complex digital production environmentswithout sacrificing production efficiency?

Facilities integratemonitoring and safe

surveillance

Drill RigMonitoring

Asset FieldOffices

GPS trans-ponders

on movingequipment

Centraloperationsmonitoring

VirtualCollaboration

Emissionsand

equipmentmonitoring

HandheldData

Acquisition4-D

SeismicAutomated

well detection

Wireless wet head

WirelessMonitoring ofStorage Tank

Electricalequipment

Compressors

Gas turbines

AnalyticPlatforms


The first steps to addressing industrial cyber areto understand the OT risk, get transparency and harden defenses

… that meet the uniqueperformance andsafety requirements

… as benefits ofdigitalization are toogreat. Connectivityequals insight

… to baseline OT risk,harden the infrastructureand begin to addressfundamentals

Demand OT CyberSolutions

Overcome the Fearof Connectivity

Get cyber transparency

Siemens Best Practices

… to drive the changeagainst this complexand quickly growingproblem

… which in the worldof digitalization hasbecome the new center

… as the sophisticationand complexity of OTattacks has reachedmachine speeds

Assign ownership for OT

Secure the edge

Leverage securityanalytics to get theadvantage


Today's typical dilemma –Understanding security event data

Disconnected Data Repositories

Security and AssetMonitoring

Scheduled andUnplannedOutages/Maintenance

Production(historical/forecast)

NetworkAdmins

Cumbersomecollection of qualitysecurity data

AssetOwners

Security perfor-mance difficultto benchmark

O&MStaff

No access to fullinformation forsecurity decisions

All usergroups

Different referencepoints and inputdata for accuratesecurity diagnostic

Information out of contextis often irrelevant

1

1

1

1

1

1

1

11

1

1

1

1

1

11

11

1

1

1

1

11

00

0 0

0

0

0

0

0 0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

11

10101

0

0

1

1

01

1

00

0

11

0

0

0

1

1

0

1

11

1

0101

00


Asset DependencyHierarchyAnd criticality, that revealsexpected attack path inthe ICS cyber kill chain

Data Enrichment Sourcesfor Contextualization

Control System, Sensor,and Machine BehaviorProfiled in-depth profiled in realtime leveraging asset owner’sknowledge with automatedmethods at the fleet level

Ongoing External AttackCampaigns (TTP)And vulnerabilities relevantto actually owned SCADA/ICSsystems and IIoT

Production and Plant StatusCritical process variables thatindicates what is expected next


6 sensors 2,000 data pointsIndustryexpertiseis key to success

Asset Profiling Challengeand Handling Security Big Data in the IIoT Age


These challenges can onlybe met when precise

Managing this complexity demands

How to Address this Challenge?

realtime security andperformance data

better situationawarenessand integrated contextualizationapproaches to leverage knowledge

are available for all critical assets


How does Detection Work whenwe approach this as an OT Challenge

Alert andRespond

Specific actions

Real-time contextualinformation

Specific recommendedactions to decrease risk

Single result frommultiple sources

Improved businessoperationcontinuity

Control systemnetwork anomaly

AttackDetected

Longitudinal Analysis çè Clustered Analysis éêSpatio-Temporalçèé

ê

Process variablebehavior change

Control systemconfiguration change


€

Continuous Monitoring of the Production Processcomes along and delivers additional value

Continuous monitoringof your entire globalmachine fleet

Large data volumesprocessed

Different deploymentoptions: Public-/Private-Cloud, On-Premise

Today only

3.5% of allfactories!


Thank you for your attention

Eitan Goldstein

Director, Industrial Cyber and Digital SecuritySiemens Energy

E-mail: [email protected]

siemens.com

Electricity 2017 - התאגדות מהנדסי חשמל ... · Medium Cyber Maturity Organizations...

Documents

Transcript of Electricity 2017 - התאגדות מהנדסי חשמל ... · Medium Cyber Maturity Organizations...