Cybersecurity

Providing security data in context for operators

Operators need to know the quality of that data within the proper context as the volume of data continues to increase to better prepare them for potential cyber attacks and other malicious events.
By Gregory Hale June 18, 2019
Courtesy: Chris Vavra, CFE Media

Increased connectivity means more data is coming into manufacturing facilities, and all that data is great and important, but operators need to know the quality of that data within the proper context.

“You can argue the industrial space is the new risk frontier,” said Leo Simonovich, vice president and global head of industrial and digital security at Siemens during the Spotlight on Innovation in Orlando. “Our goal is to protect energy’s industrial infrastructure from increasingly sophisticated and malicious industrial threats.”

Siemens, along those lines, partnered with Chronicle in an effort to protect the energy industry’s critical infrastructure from increasingly sophisticated and malicious industrial cyber threats.

“Operational insights and allow customers to act confidently against threats. Chronicle’s backstory will serve as the backbone to Siemens managed services providing a centralized analytical engine to aggregate OT data, identify associated patterns of behavior and conducting deep forensic analysis. The combo of Chronicle technology and Siemens know how will not only allow customers to detect anomalies but give context and give them the confidence to take action.

Chronicle’s Backstory is a global security telemetry platform for investigation and threat hunting. It allows for increased visibility and puts data in proper context for end users to utilize.

“Over the last decade I have been trying to work on trying to detect and disrupt advanced persistent threats from nation state actors that can cause so much harm to traditional systems as well as industrial control systems and all of the type of hardware that exists in the world that we have come to rely on,” said Mike Wiacek, co-founder and chief security officer at Chronicle, which was born in Alphabet’s moonshot factory, and inspired by Google’s own security techniques. “Security analytics make up our DNA. At Google we were always trying to detect and deter attacks. We have to be as agile as the bad guys.”

Chronicle wants to bring more to the table in terms of agility.

“We looked at some of the systems we built for Google’s protection and we thought how can we take these and develop it for the world,” Wiacek said. “Backstory is a global security analytics platform designed to collect, integrate and store petabytes of data to allow analysts to analyze that over a significant piece of time.

We can utilize the platform in the industrial space to tackle the interconnected world between information technology and operational technology. At its core, Backstory provides us visibility and context. It is a tool that can provide in-depth forensic investigation and forensic analysis. We can look at behaviors where analysts can look back across time at different dimensions of data to identify and understand unusual activity that an attack is underway.

The Siemens-Chronicle partnership is intended to help energy companies leverage the cloud to store and categorize data, while applying analytics, artificial intelligence, and machine learning to OT systems that can identify patterns, anomalies, and cyber threats. This combined solution enables security across the industry’s operating environment – from energy exploration and extraction to power generation and delivery.

“The energy industry faces a fairly low level of maturity, most customers don’t know what is in their environment, and don’t know how to prioritize their risk and ultimately what to do about it. The core challenge today is visibility,” Simonovich said. “To take advantage of digitalization we have to do security right. Today’s attacks like WannaCry, NotPetya, Triton and Norsk Hydro are leading to a breakdown of trust in the physical and digital worlds,” he said. “Customers are skittish to connect and take advantage of digitalization. We need to give customers transparency, help them understand what is happening and work together on a joint blueprint to take action.”

This content originally appeared on ISSSource.com. ISSSource is a CFE Media content partner. Edited by Chris Vavra, production editor, CFE Media, cvavra@cfemedia.com.


Gregory Hale
Author Bio: Gregory Hale is the editor and founder of Industrial Safety and Security Source (ISSSource.com), a news and information website covering safety and security issues in the manufacturing automation sector.