Cybersecurity has never been more urgent for the power sector. The rush to build AI data centers comes with a race to build new power production and distribution systems — and a need to protect those systems.
Data center customers drive a need for reliability. A data center without power is little more than a heap of cement, silicon, and interesting ductwork, so these customers emphasize the need for continuous, uninterrupted electricity. Various approaches aim to meet the need for reliability and scale, ranging from contract incentives to on-site physical infrastructure like batteries, generators, or full behind-the-meter power stations. Yet each approach shares a common challenge with the overall power sector: protecting the digitized industrial controls systems that manage operational technologies (OT) from an ever-evolving set of cyber threats. Power companies that effectively and efficiently manage cyber risks position themselves well to supply data center customers.
Siemens Energy and the network security company Tenable have pursued a bold new strategy to answer this challenge. Starting this fall, Tenable OT Security will be directly integrated into Siemen’s Energy’s flagship industrial control system, known as Omnivise T3000. To understand how the two companies cane to this innovative first-in-the-world approach —and why Tenable names Siemens Energy its OT Security Partner of the Year — it’s worth considering why OT security is so technically challenging
In the power sector and across OT-intensive sectors like manufacturing or oil and gas, cybersecurity has been bolted on to pre-existing systems for decades. This ‘build-first secure-later’ to cybersecurity proved expensive, technically difficult, and often ineffective. In a recent survey, 77 percent of companies in these industries reported successful cyberattacks causing confidential data loss or disruptions to OT in the prior year.
The new approach from Siemens Energy and Tenable makes cybersecurity built in, instead of bolted on — and addresses several key lessons learned from decades of OT cybersecurity.
Context matters for OT security. When cybersecurity analysts can examine data across devices to understand the physical input and output alongside the digital input and outputs, it becomes easier to identify and trace anomalies. Bringing together the data from the many devices connected to a power plant can be challenging — many operators struggle to keep an accurate inventory of the legitimate devices on their networks.
Cybersecurity is a moving target. Each new attack leaves defenders exposed until the next mitigation can be safely applied. Yet software patches and configuration changes in industrial systems can lead to unwanted consequences. Although testing can ensure the cure is not worse than the disease, the scarcity (and expense) of cybersecurity talent means many companies fall behind the tempo needed to patch, harden, and otherwise maintain up-to-date security controls.
OT hardware often outlasts IT software. Equipment with an expected service life of forty to fifty years often is operated or defended using software with an expected service life closer to four or five years. While startup companies offer innovative solutions, it is not always clear how long they will offer updates, or whether they will pivot to an entirely different focus. Even major software developers systematically sunset patching support for their product lines, which can leave OT systems with a growing set of vulnerabilities requiring mitigation.
Reliable problem-solving partnerships are deeply valuable.
Siemens Energy and Tenable discovered that their initially separate offerings worked significantly better when combined. Siemens Energy, starting with decades of knowledge about the underlying energy assets that require defense, developed a purpose-built platform for securing OT. Recognizing that energy sites use systems from many manufacturers, Siemens Energy made sure its platform could integrate third-party data feeds. Many customers requested Tenable as a third-party data feed.
Analysts found that the combination of these two technology stacks paid big dividends. Correlating network data with production data enables analysts to understand both the digital traces of malicious action and their physical consequences for the plant. Automating asset inventory and vulnerability discovery frees up analyst time and makes it easier to harden the industrial network.
The two companies saw an opportunity for further improvement, building on each other’s strengths. Months of work went into directly integrating Tenable OT Security into the Omnivise T3000 industrial control system. Customers that upgrade to the integrated system for the latest release of T3000 will gain access to Tenable OT Security and its capabilities.
Perhaps equally important is the collaboration itself. Tenable will continue to provide innovative network security, with all the speed and energy of a top tech company. Siemens Energy will confirm that future patches and updates are compatible with the industrial controls system itself — and will continue to find ways to make Tenable’s network monitoring data useful and actionable for power sector customers.
Together, Siemens Energy and Tenable will help ensure that the new infrastructure in power sector planning pipelines today meet the reliability benchmarks needed for power-hungry data centers.
Click here to learn more.
