SIBERprotect Shields OT Systems

Addition to Siemens suite responds to cyberattacks in milliseconds.

SIBERprotect, from Siemens, St. Paul, MN, delivers an automatic cyber response solution for industrial OT systems. It is part of the overall “Defense In Depth” suite offered by Siemens in compliance with IEC 62443, the international standard for industrial cybersecurity. The system protects critical infrastructure and OT systems at power plants, water-treatment facilities, discrete manufacturing enterprises, military depots, data centers, and control stations. The product brings the SOAR (Security, Orchestration, Automation, Response) concept to cyber-physical systems with an OT-friendly and OT-managed methodology. 

SIBERprotect can respond to and dramatically limit the impact of a cyberattack within milliseconds, identifying infected assets and enabling full visibility and a fast initial response at the automation system level. This quick response leads to much easier remediation and resumption of normal operations, usually in less than a day.  

Working in conjunction with Siemens SCALANCE S industrial security appliances, SIBERprotect can securely place OT into a safe, isolated condition, after credible identification of a cyberattack through best-in-class threat detection technology, including Intrusion Detection Systems, Next Generation Firewalls, Endpoint Solutions, and Threat/Risk Intelligence, often enhanced with AI and machine learning capabilities. SIBERprotect then initiates a rule-based notification, network isolation, and equipment-management sequence to protect the selected equipment, as well as other desired response actions. Rapid assessment and remediation can then be performed, vastly limiting the risk of additional malware contamination. Work cells and equipment clusters can continue operation while it prevents recontamination during remediation.  

The system further provides detailed situational awareness, alerting operators to the exact nature of the threat, where it was detected in the network, and a criticality level. This level of immediately available detail allows the response engine to simultaneously execute emergency measures to alleviate predetermined worst-case scenarios. Unlike a conventional system that merely sends messages to an SOC (Security Operations Center), the system is linked directly to network firewalls, automation hardware, and a prioritized system of alarms to isolate equipment and jumpstart the cyber incident response.

Other key features include the ability to automatically activate emergency backup equipment, interface with legacy technology such as Ethernet hubs, recover one segment or “restore all” functionality, isolate from the site IT network to prevent attack, and provide all the benefits of a truly industrial solution.

According to Chuck Tommey, a Siemens Digital Connectivity Executive, “SIBERprotect represents the reimagining of how to do SOAR, that is, Security, Orchestration, Automation and Response, where an alert was typically sent to an SOC, then reviewed by a security analyst and addressed 30 minutes to hours after initial detection. Meanwhile, a virus could spread throughout a line or the entire plant. What Siemens is doing with SIBERprotect is sending the alerts directly to a PLC for instant action, based upon a predetermined priority of status and threat levels.”

Learn more at usa.siemens.com/industrial-cybersecurity.