Siemens launches its first automated cyber defense system for CNI

0 3

By Matthew Griffin Security and Privacy 8th July 2024

WHY THIS MATTERS IN BRIEF

With the speed and sophistication of cyber attacks against CNI rising so fast we increasingly need AI systems that can automate defensive responses.

Love the Exponential Future? Join our XPotential Community, future proof yourself with courses from XPotential University, read about exponential tech and trends, connect, watch a keynote, or browse my blog.

As we continue to see the number of cyber attacks soar it will be inevitable, as I discussed a long time ago, that cyber defense has to become more autonomous, one day perhaps becoming fully autonomous – especially as we see cyber attacks themselves now becoming fully autonomous thanks to recent developments in the ability to weaponise Artificial Intelligence (AI) Agents.

The threat of cyberattacks on manufacturing Operational Technology (OT) stacks – like those in the Critical National Infrastructure (CNI) industries – is also becoming a serious concern for companies throughout the industrial sector, and in the past few years we’ve seen huge cyber attacks wiping out everything from US gas pipelines, and huge swathes of the internet, through to the use of RAT attacks to blow up chemical plants.

Now, German giant Siemens has developed a new first of a kind of autonomous response cyber platform SIBERprotect which is aimed at protecting critical infrastructure and OT systems at industrial companies, including power plants, water treatment facilities, discrete manufacturing enterprises, military depots, data centers and control stations.

Siemens says its new SIBERprotect “brings the Security, Orchestration, Automation, Response (SOAR) concept to cyber-physical systems with an OT-friendly and OT-managed methodology.”

See also

The future of jobs in a Machine World

SIBERprotect responds to limit the impact of a cyber attack within milliseconds. It identifies the infected production equipment groups or plant networks and enables full visibility and a fast automated initial response at the automation system level.

Siemens says this quick response can result in resumption of normal operations in less than a day. Working in conjunction with Siemens SCALANCE S industrial security appliances, SIBERprotect places OT into a safe, isolated condition.

It determines the credible identification of a cyber-attack through threat detection technology that includes intrusion detection systems, next generation firewalls, endpoint solutions, threat/risk intelligence and other attack or intrusion detection platforms, often enhanced with AI and machine learning capabilities.

The system then initiates a rule-based notification, network isolation and equipment management sequence to protect the selected equipment. Rapid assessment and remediation can then be performed, vastly limiting the risk of additional malware contamination. Work cells and equipment clusters that aren’t infected can continue operation, while SIBERprotect prevents recontamination during remediation.

The system provides detailed situational awareness, alerting operators to the exact nature of the threat, where it was detected in the network and the criticality level so the response team can execute emergency measures to prevent worst-case scenarios.

Unlike a conventional system that merely sends messages to an SOC (Security Operations Center), the SIBERprotect system is linked directly to network firewalls, automation hardware and a prioritized system of alarms to facilitate isolation of equipment and jumpstart the cyber incident response.

Other key features include automatically activating emergency backup equipment, interfacing with legacy technology such as Ethernet hubs, recovering one segment or “restore all” functionality and isolation from the site IT network to prevent further attack.

“SIBERprotect represents the reimagining of how to do SOAR, where an alert was typically sent to an SOC, then reviewed by a security analyst and addressed 30 minutes to hours after initial detection. Meanwhile, a virus could spread throughout a line or the entire plant,” said As Chuck Tommey, a digital connectivity executive with Siemens. “SIBERprotect is sending the alerts directly to a PLC for instant action, based upon a predetermined priority of status and threat levels. The PLC parses the messages for its criticality level and instantly responds.”

SIBERprotect is part of the overall “Defense in Depth” suite offered by Siemens in compliance with IEC 62443, the international standard for industrial cybersecurity.

Matthew Griffin / About Author

Matthew Griffin, is a multi-award winning geopolitical advisor, leadership coach, and Futurist who NASA have described as a "Walking encyclopaedia of the future" and a "Futurist polymath." One of the world's most renowned Futurists and strategic foresight experts Matthew is the 15 times author of the blockbuster "Codex of the Future" series, and is the Founder and Futurist in Chief of the 311 Institute, a global Futures and Deep Futures advisory firm working across the next 50 years whose mission it is to democratise access to the future for everyone, irrespective of their abilities or background. An in demand international keynote speaker, university lecturer, and mentor he is also the only Futurist to have been invited to speak alongside world leaders at both the UN COP and WEF Davos, and his two multi-award winning YouTube channels put him in the top 0.1% of YouTubers worldwide.

A rare talent in his past Matthew helped build and run several multi-billion dollar business units for Atos, Dell-EMC, and IBM, and his ability to identify, track, and explain the impacts of hundreds of emerging technologies and trends on global business, culture, and society has earned him a powerful reputation and a roster of clients that include royal households, world leaders, G7, G20, and G77+ governments, and many of the world's most respected brands including ABB, Accenture, Adidas, AON, ARM, BCG, Centrica, Citi Group, Coca Cola, Dentons, Deloitte, Disney, Dow, EY, KPMG, Lego, Legal & General, LinkedIn, Microsoft, PepsiCo, Qualcomm, RWE, Samsung, T-Mobile, UBS, VISA, and many others.

Regularly featured in the global media including the AP, BBC, Bloomberg, CNBC, Discovery, Forbes, Khaleej Times, Telegraph, TIME, ViacomCBS, WIRED, and the WSJ, Matthews mission is to help organisations create a fair and sustainable future whose benefits are shared by everyone irrespective of their ability, background, or circumstances.