ServiceNow and Siemens Energy are partnering to deliver new solutions to market that aim to help energy companies respond more effectively to cyber attacks, which are increasingly becoming a concern as energy systems become more digitally connected.
The collaboration comes in the wake of the Colonial Pipeline attack a few days ago, which saw an American oil pipeline system suffer a ransomware cyberattack that forced a shutdown of operations. President Joe Biden declared a state of emergency in response to the situation and it was said that the attack was the ‘largest successful cyberattack on oil infrastructure in the country's history'.
Siemens Energy's AI-based software from its Managed Detection and Response (MDR) service provides visibility and context across industrial operating environments, whilst ServiceNow's Operational Technology (OT) Management system connects cyber threats and digital workflows to allow analysts to quickly assess, prioritise and act against events in the field.
The companies hope that by combining these two platforms, energy companies will be able to more rapidly and precisely respond to any threats that occur, in real-time.
The news was announced as part of ServiceNow's annual user conference, Knowledge 2021, which can be accessed here for on-demand content. For all of diginomica's coverage from the event, check out our dedicated hub here.
We noted yesterday how ServiceNow is pursuing a new verticalization strategy, as part of its efforts to scale to becoming a $15 billion company over the next five years. As we highlighted in our analysis of the new strategy, key to this is going to be collaborating with industry to bring in the knowledge, expertise and solutions to key verticals - which evidenced by this new partnership.
Empowering customers to take action
Siemens Energy and ServiceNow are bringing to market a unified software solution that forms a detection engine and workflows that aim to streamline operations for cybersecurity analysts to monitor anomalous or malicious behavior in Security Operations Centers (SOC), and energy plant operators to act on credible threat intelligence.
We got the chance to speak to Leo Simonovich, Head of Industrial Cybersecurity at Siemens Energy, who said that the Colonial Pipeline attack highlights the need for this collaboration in the energy sector. Commenting on the recent incident, Simonovich said:
The operator had to shut down the whole system because the company was operating largely blind, because they didn't have visibility into what was happening. As a precaution, they needed to use much more of a blunt instrument to respond to this challenge. Where we want to get to is to be more precise, be faster, and to be more proportionate so that we can maintain availability and reliability, while managing the risk.
And with companies and governments needing to respond to the escalating climate emergency, these threats are going to become increasingly common, according to Simonovich, who said:
As you know, with climate change and the push towards a cleaner, more distributed, and more digitalized energy system, connectivity and intelligence are really key.
That cannot be achieved without security. Billions of devices are going to be added to the energy system over the next couple of years and each of those devices introduces a potential vulnerability. So we see ourselves as not just an engineering company, or a digital company, we see ourselves as a security company. One which puts security at the core, to support our customers in their digital and energy journey.
Simonovich said that Siemens Energy and ServiceNow are adopting a "unique" approach to tackling this, where they combine both the physical world view and the digital world view, to provide analysts with an understanding of what's happening in the operations environment, to provide context. He added that it's about "reliability, availability and safety".
The new solution should, for example, enable an analyst to patch vulnerabilities identified by the Siemens Energy detection engine, through a change management process that would be orchestrated through the ServiceNow platform. Commenting on how this will work in practice, Simonovich said:
It's all about incidents and empowering our customers to take action. What we provide is that rich context. We help the analysts understand not just if there's something anomalous, but what asset it's associated with, where that asset sits in the production process, and use that topology to understand what the potential operational impacts would be.
All that information will then get embedded into the ServiceNow platform, all that logic, so we can look at the dependency between the anomalies, so we can filter out what's important and what's consequential. And using the ServiceNow platform for field personnel and for IT personnel to take joint action, because it will require a coordinated response.
For more diginomica stories from Knowledge 2021 visit our Knowledge 2021 event hub. Knowledge 2021 opened on May 11th and sessions are available to view on-demand until October 2021. This is the event registration link.