Siemens and Tenable Partner to Provide Asset Discovery and Vulnerability Management For Industial Networks
Worsening geopolitical tensions and increasing awareness of the potential harm caused by cyber attacks against the operational technology (OT) networks of critical industries has made industrial control systems (ICS) a focus of cybersecurity attention. But protecting ICS remains problematic as it emerges from its pre-internet security-unaware origins into the modern internet-connected world: it now has to add remaining secure to remaining operational.
“Organizations running operational technology face a foundational security challenge — the need to understand the entirety of their cyber exposure in the context of a modern attack surface that is constantly evolving,” explains Amit Yoran, CEO of Tenable. “We’ve seen the rise of cloud, mobile and IoT and now the convergence of IT with OT, which have made critical systems vulnerable to increasingly aggressive adversaries and attacks.”
OT, however, remains behind IT in its security defenses. A study by Ponemon in February 2017 highlighted the dire state of security awareness (in this case, specifically the oil and gas industry) in OT. It found that 46% of cyber attacks were thought to go undetected; that 61% of respondents believe their organization’s industrial control systems protection and security is not adequate; and that less than half of the respondents believe they have the internal expertise needed to manage cyber threats in the OT environment.
Improved visibility into existing vulnerabilities within the OT environment will improve OT security staff’s ability to defend against cyber attacks. “Cyberattacks against the O&G and utilities sector are on the rise and growing more sophisticated and aggressive by the day,” comments Leo Simonovich, VP and global head of industrial cyber and digital security at Siemens Energy. “Passive monitoring of all assets in these systems is critical to detecting and addressing vulnerabilities before they can be exploited and lead to disruption of essential public services like electricity, gas, and water.”
Tenable and Siemens have now partnered to provide this passive visibility. Siemens is a major provider of ICS. Tenable owns one of the world’s most-used vulnerable scanning engines — Nessus. Announced today is the new Industrial Security provided as a security service by Siemens, and based on Tenable’s Nessus.
It provides, says Tenable, “safe, reliable asset discovery and vulnerability detection purpose-built for ICS and supervisory control and data acquisition (SCADA) systems.” Key to this solution is the passive nature of Nessus which is used to detect vulnerabilities without affecting operational functionality. “Joining forces with Siemens is a natural next step,” says Yoran. “Together we provide a way for organizations to monitor and address their attack surface in totality, so they can see where they are vulnerable and protect those systems — and the people who depend on them — from threats.”
Siemens AG is a major provider of ICS equipment. It generated €79.6 billion in 2016, and employs more than 350,000 people around the world.
Tenable raised $50 million in 2012, and followed this with a massive $250 million Series B funding round in November 2015. Its customers include more 50% of the Fortune 500, the ten largest U.S. technology companies, and 8 of the 10 largest U.S. financial companies.
Related: DHS, FBI Warn of Ongoing APT Attack Against Critical Infrastructure
Related: U.S. Oil and Gas Industry Lagging in Security