A topic that’s growing in importanceMalicious hacker attacks on companies, industrial plants and infrastructure facilities are unfortunately commonplace these days. With the growing level of digitalization and expanding Industrial Internet of Things (IIOT), risks of hacking attacks are increasing not only on a company’s IT but especially on its operational technology (OT).
Six key global trends making cybersecurity a top priority
“Cybersecurity plays a key role – in designing resilient energy systems and guaranteeing a secure power supply. For Siemens Energy, this means a special responsibility: about one-sixth of all electricity generated worldwide is based on our technologies. We offer products and services that help our customers, partners and suppliers to strengthen their own ‘digital readiness’. One thing is clear: No digital transformation without cybersecurity.”Tim Holt, Member of the Executive Board of Siemens Energy
Taking the right measuresBusinesses today face cyberattacks on a number of fronts. In so-called ransomware attacks, for example, attackers seek to lock companies out of their own IT systems so they can extort substantial ransom sums. Other criminal groups attempt to sabotage energy supplies by attacking power plants or electricity grids.
The damage to companies and national economies can be immense. The average payment by victims of ransomware jumped 31% in the second quarter of 2021 compared to the same prior-year period, according to the U.S. Federal Bureau of Investigation (FBI). And cybersecurity complaints to the FBI more than tripled during pandemic-stricken 2020.
But if the right measures are taken, there can be effective protection against such attacks. Siemens Energy is a leader in the field of industrial cybersecurity, backed by comprehensive expertise and many years of experience. We have developed highly effective concepts and approaches to help our customers secure themselves against any type of cyberattack.
Applying a holistic security concept
Cybersecurity must be viewed as a whole. At Siemens Energy, our job is to ensure the security of entire value chains and system lifecycles. We are exposed to and must neutralize an increasing number of security risks. Similarly, our customers have to deal with security risks, and they don’t want to have these risks increased by the use of our products, solutions, and services.
Providing secure products, solutions, and services for our customers not only requires secure development, engineering and operation from our side. Just as important is ensuring the security of the associated Siemens Energy infrastructure, premises and people. We ensure that all relevant components and processes are seamlessly integrated into a well-fortified overall system to ensure fully protected operation.
Our Product and Solution Security (PSS) initiative enables our customers to securely operate and maintain their facilities. As an integrator and contractor, we provide state-of-the-art cybersecurity solutions including secure products that meet all legal requirements. To address risks, challenges and opportunities, Siemens Energy maintains a management system for PSS and controls risks in a systematic way.
Relying on proven mechanisms, we ensure the integrity of our portfolio by leveraging secure-by-design and defense-in-depth concepts. Our products and processes are based on international security standards such as IEC 62443. We ensure our technology leadership by continuously enhancing our products, systems, solutions, and services with state-of-the-art cybersecurity features.
Active cyber risk management
The integrated Cybersecurity Risk Management Framework at Siemens Energy aims at safeguarding all relevant company assets against cyber threats by managing associated risks. We combine information from various sources to actively monitor, communicate and mitigate critical cyber risks in close collaboration with our colleagues from within the business.
Our Cybersecurity Risk Management Framework is based on ISO 27005 and aligned with industry best practices. By constantly evolving our tools, methods, and processes, we support the achievement of corporate objectives, the protection of company assets and financial sustainability.