Leo Simonovich, vice president, Global Cyber Strategy, Siemens Government Technologies spoke to Pipeline Magazine’s Julian Walker about its cyber strategy
Siemens collaborated with the Ponemon Institute, a think tank on cyber security, to understand the risk, the awareness levels and lastly the solutions that can be brought to the table to help companies deal with the growing industrial operational technology risk.
What is Siemens cyber strategy going forward?
Holistic cyber security emphasises not only how to prevent but also respond to an attack. We take our customers on a cyber security journey that brings maturity to their cyber enterprise. This means starting with a strategy that deals in fundamentals, transforms an organisation’s response to the environment, and most importantly, builds their capacity to monitor and respond, from the oilfields to the control centers to the enterprise networks. For Siemens, cyber security is an essential component of our vision for digitalisation and intelligent infrastructure. Over the last ten years, we have invested over US$8.5 billion to make digitalisation a core part of our own business transformation. We make this internal capability and its complimentary external offerings available to our customers.
What are your customers’ top priorities when it comes to cyber security?
A simple list can help a company know if it is doing the right thing. Network segmentation, identify and access management, two factor authentication, life cycle management and basic monitoring – these are foundational capabilities for every industrial company. Options exist for companies to build up their cyber threat monitoring capability, even if they lack an in-house cyber capability and are not in the position to add cyber skilled staff. In addition to monitoring solutions, incident response programs are critical to mitigating damage and minimising costs from cyber attacks?
Are your oil and gas clients’ cyber ready? Our clients themselves acknowledge they are not ready. According to a recent study by the Ponemon Institute that surveyed the world’s largest oil companies, barely a third of respondents rated their OT cyber readiness as high. Moreover, while 63 per cent of respondents identify analytics as an important tool for strengthening their cyber defences, only 20 per cent say they have that capability today. It is worth noting, however, that of those same respondents to that Ponemon study, 68 per cent said their operations experienced at least one security compromise within the past year. Of course, that should not be surprising, given that the energy sector is by far the number one target for hackers, according to Pricewaterhouse Coopers (PwC). Acknowledging that the threat is real is an important and essential step.
What are the major hurdles companies face when looking to implement a cyber security strategy?
Some companies don’t understand the relationship between connectivity and security. They often fear that isolating their systems reduces their attack surface and therefore their vulnerability. But this misunderstands the origins of many cyber threats. The Ponemon study found that 69 per cent of all attacks come from inside the company. Isolation does not equal risk reduction. In fact, connectivity provides the very transparency that is required to detect and take action. Connectivity makes a system vulnerable but it also makes it safe. That is why we advocate a holistic view of the cyber threat with our customers. This means taking a risk-based approach to managing cyber security and building connectivity in blocks. Those oil and gas companies that move proactively to build their capability to detect and respond will be best positioned to meet the growing cyber threat.