Industrial cybersecurity experts from government and private industry explore advances in protecting energy sector from cyberattack

November 13, 2018

Leading industrial cybersecurity officials from government and private industry gathered in Houston on Monday, October 29, to discuss new ways of countering the rising threats of cyberattack in the energy sector.

“Using the Power of Analytics to Address Cyber Security” was a half-day workshop sponsored by the International Society of Automation (ISA) and its Premier Strategic Partner in Industrial Cybersecurity, Siemens. The workshop was held prior to ISA’s PCS 2018-Process Industry Event, a technical conference for professionals in the energy processing and process manufacturing industries.

During the workshop, featured experts reported that the rapid pace of digital technology and the increasing sophistication of cyber tools at the disposal of foreign entities are making it more difficult to protect critical infrastructure and the industrial control systems that operate them. However, they said advances in security analytics and machine learning are improving detection and threat assessment, and enabling more proactive and responsive defense measures.

Owners and operators of energy infrastructure also are recognizing the real threats to their businesses that cyberattacks pose and are more willing to invest in cybersecurity solutions-such as best-practice standards and in-house or outsourced security operations-and hire a qualified cybersecurity work force.

The workshop was kicked off by Leo Simonovich, Vice President and Global Head of Industrial Cyber and Digital Security at Siemens. Simonovich set the stage by explaining digital technology and the cyber world in general are evolving too fast for government and private industry to fully keep pace.

Companies must take the lead, he said, “and data analytics are the key.” Armed with these tools, companies can “own their environment” by significantly improving detection when an operation system is being attacked and implement effective risk mitigation efforts. “Context and speed,” according to Simonovich, are the two necessary ingredients needed to identify and thwart a cyberattack.

Providing a vital perspective from the US government was Bob Kolasky, Director of the National Risk Management Center for the US Department of Homeland Security. Kolasky outlined the federal government’s functional approach to risk management in protecting the nation’s critical infrastructure. He reinforced the point that data analytics and data aggregation are critical in order to better anticipate and evaluate possible threats.

Kolasky reported that while many nations in the world do not pose a significant military threat to the US, they often do present threats from the cyber realm. He said that while some of these nation states are not currently attacking US domestic infrastructure, they are conducting attacks throughout the world and could, at some point, turn their attention to the US.

Because of the public/private nature of US infrastructure, Kolasky said it’s important to implement consistent cybersecurity standards and practices across public and private sectors. To further these efforts, he said the US government is incentivizing R&D and cybersecurity investment. He emphasized the importance of greater engagement among private companies in cybersecurity as solutions cannot come solely from government.

Kolasky agreed that data and security analytics hold great promise in identifying those risks that require greater and more immediate levels of response and connecting patterns and instances of vulnerability.

Sean Plankey, Global Cyber Intelligence Advisor at BP, urged more companies to take a more active approach to cybersecurity given the risks cyberwarfare presents to business operations. He said he is constantly gathering intelligence and scanning the external environment to identify and evaluate potential threats.

He is particularly focused on the operations side, where continuous processes may be affected by an attack. He agreed with Kolasky that cyberattacks differ in their ability to cause actual damage and impact business operations. By defining threats in a hierarchical manner, a business can establish a baseline.

This “baseline” concept was a recurring theme at the workshop. Given the number and types of cyberattack, it’s difficult for cybersecurity systems to engage them all. Plankey said for a security system to be effective, it must work from a baseline so it can accurately distinguish viable threats from non-viable ones. Plankey said one factor to determine is whether the attack is levied by individuals acting alone or through state sponsorship. State-sponsored actors, he noted, are much more capable of executing a potentially damaging intrusion. 

Ernesto Ballesteros, the State Cybersecurity Coordinator for Texas, said he focuses his efforts largely on information sharing and analysis because his mandate extends beyond government facilities and systems. “We’re trying to secure the state as a whole,” he explains.

To combat the shortage of workers trained in cybersecurity, Ballesteros said Texas encourages students through scholarships, and supports workforce development programs and apprenticeships so staff can gain vital skills on the job.

Matt Stewart, Head of Research and Development for Industrial Cyber Security at Siemens, highlighted Siemens’ advanced security monitoring solutions. He acknowledged that many companies don’t have the resources to staff a dedicated Security Operation Center (SOC) and said it can be more efficient to outsource data analysis.

Siemens, he pointed out, can extract data on potential threats at a customer facility and then rapidly get the metadata analysis in front of Siemens’ cyber experts. Stewart explained that Siemens uses an industrial security product to monitor traffic on the customer networks, looking for anomalies. Using machine learning, the system monitors all network traffic, defines what is “normal” operation based on millions of transactions, then continues to seek out and flag any abnormal activity.

Siemens technology, he said, can also distinguish between activity that is simply “different” from normal, and that which could be considered dangerous. Potentially harmful activity is either acted upon by the software, or circulated up to an expert, on-call team at Siemens that can evaluate and counter high-level threats.

Related Articles


Changing Scene


Sponsored Content
The Easy Way to the Industrial IoT

The way to the Industrial IoT does not have to be complicated. Whether access to valuable data is required or new, data-driven services are to be generated, Weidmuller enables its customers to go from data to value the easy way. Weidmuller’s comprehensive and cutting-edge IIoT portfolio applies to greenfield and brownfield applications. Weidmuller offers components and solutions from data acquisition, data pre-processing, data communication and data analysis.

Visit Weidmuller’s Industrial IoT Portfolio.


ADVANCED Motion Controls Takes Servo Drives to New Heights (and Depths) with FlexPro Extended Environment Product Line

Advanced Motion Controls is proud to announce the addition of six new CANopen servo drives with Extended Environment capabilities to their FlexPro line. These new drives join AMC’s existing EtherCAT Extended Environment FlexPro drives, making the FlexPro line the go-to solution for motion control applications in harsh environments.

Many motion control applications take place in conditions that are less than ideal, such as extreme temperatures, high and low pressures, shocks and vibrations, and contamination. Electronics, including servo drives, can malfunction or sustain permanent damage in these conditions.

Read More


Service Wire Co. Announces New Titles for Key Executives

Bruce Kesler and Mark Gatewood have been given new titles and responsibilities for Service Wire Co.

Bruce Kesler has assumed the role of Senior Director – Business Development. Bruce will be responsible for Service Wire’s largest strategic accounts and our growing Strategic Accounts Team.

Mark Gatewood has been promoted to the role of Vice President – Sales & Marketing. In this role, Gatewood will lead the efforts of Service Wire Company’s entire sales and marketing organization in all market verticals.

Read More


Tri-Mach Announces the Purchase of an Additional 45,000 sq ft. Facility

Tri-Mach Elmira Facility

Recently, Tri-Mach Inc. was thrilled to announce the addition of a new 45,000 sq ft. facility. Located at 285 Union St., Elmira, ON, this facility expands Tri-Mach’s capabilities, allowing them to better serve the growing needs of their customers.

Positioning for growth, this additional facility will allow Tri-Mach to continue taking on large-scale projects, enhance product performance testing, and provide equipment storage for their customers. The building will also be the new home to their Skilled Trades Centre of Excellence.

Read More


JMP Parent Company, CONVERGIX Acquires AGR Automation, Expanding Global Reach

Convergix Automation Solutions has completed the acquisition of AGR Automation (“AGR”), a UK-based provider of custom, high-performance automation design and systems integration primarily to the life sciences industry.

Following Convergix’s acquisitions of JMP Solutions in August 2021 and Classic Design in February 2022, AGR marks the third investment in Crestview’s strategy to build Convergix into a diversified automation solutions provider targeting the global $500+ billion market, with a particular focus on the $70 billion global systems integration and connectivity segments. Financial terms of the transaction were not disclosed.

Read More


Latest Articles

  • Implementing Functional Safety Requirements

    Implementing Functional Safety Requirements

    The Safety Functional Requirements Specification (SFRS; sometimes referred to as SRS or Safety Requirements Specification) is the plan for the safety controls on a machine and is the second step of the safety lifecycle. The SFRS document serves as a framework for the safety control system design, is informed by prior work done in the… Read More…

  • From Endress+Hauser, 24/7 Digital, Plant-Wide Health Monitoring for Rockwell Systems Optimizes Workflows and Processes

    From Endress+Hauser, 24/7 Digital, Plant-Wide Health Monitoring for Rockwell Systems Optimizes Workflows and Processes

    Endress+Hauser’s Asset Health Monitoring Solution–Rockwell Edition, now available for installation, provides operators with a centralized, digital overview of plant-wide device health to avoid unscheduled shutdowns and accelerate troubleshooting. It not only presents early visibility of problematic devices but distinguishes itself by adding likely causes and remedies to such a report so problems can be fixed… Read More…