Industrial control and automation multinational Siemens and the International Society of Automation (ISA) have partnered to raise awareness of global industrial cybersecurity needs, standards and the changing security landscape, as well as provide joint expertise for production information technology (IT).
Threats to automation equipment are always changing and evolving as are protection concepts for industrial plants, a joint news release says.
“Cybersecurity needs to be addressed by industrial companies, as recent global ransomware attacks have demonstrated the possible impacts. Our customers need to adequately manage the associated risk arising from the vulnerabilities of IT, combined with the increased connectedness in our digital age,” says Siemens Plant Security Services global head Henning Rudolf.
Siemens and ISA will share expertise in protecting the automation environment based on the IEC 62443 standards and appropriate security measures through events, Webinars and educational material.
The ISA Security Compliance Institute operates a standardised assessment scheme for the IEC 62443 Industrial Automation and Control Systems cybersecurity standards. This programme has been heavily adopted by Siemens as a provider of automation equipment and industrial security services, and a global manufacturing company. The IEC 62443 standards were originally developed by ISA.
“Siemens Plant Security Services adheres to the IEC 62443 guidelines and is available for Siemens customers and third-party equipment. They provide a multilayer protection-level approach, asset inventory and tracking, patch and vulnerability management, network segmentation, industrial security management, incident handling and security consulting services,” says Rudolf.
Siemens also provides a comprehensive Product Computer Emergency Response Team for Siemens solutions. It operates several Cyber Security Operation Centres in Lisbon, in Portugal, Munich, in Germany, and Milford, in the US.
Siemens industrial security specialists based at these sites monitor industrial facilities all around the world for cyberthreats, warn companies in the event of security incidents and coordinate proactive countermeasures. These protective measures are also part of Siemens Plant Security Services.
Industrial cybersecurity is one of the central tasks of management, as a high level of security for all parties involved must be guaranteed without limiting productivity, says Rudolf. Companies must consider many factors to develop their industrial security measures. Guidelines and measures must be defined for each area.
“These organisational measures include: definition of responsibilities, awareness training for production personnel, and handling of identified/eliminated vulnerabilities while taking the production process into consideration.”