Siemens Energy Launches AI SIEM for Industrial Internet of Things

Siemens Energy recently announced the launch of a platform-as-a-service (PaaS) offering for enterprises in the industrial space: a Security Information and Event Management (SIEM) targeted for use within Security Operation Centers (SOC) that can provide visibility, context, insights and actions on industrial data, assets, processes, and threats. The industrial cybersecurity monitoring and detection platform, named Eos.ii, leverages a proprietary monitoring method called Process Security Analytics that has been developed and tested in-house. It builds on Siemens’ Managed Detection and Response service which the firm launched last year.

The cybersecurity product is a first in the market from a company that specializes in energy technologies and industrial control systems. Key to the reasoning behind this market offer is the lack of industrial cybersecurity solutions which are fit for the purpose. In large part, while industrial cybersecurity solutions exist, they are adapted from the IT ecosystem. Eos.ii, on the other hand, has been created from the OT ecosystem.

The difficulty is not to conflate industrial and operational technologies (OT) with information technologies (IT). Even though OT are connected to IT, they have different builds, functions, requirements, and prerogatives, which means the application of conventional cybersecurity tools is problematic. They need to be adapted. Few vendors have been successful in doing so, leading to the emergence of niche vendors in the IoT/industrial security space, but these remain few and far between and most still tackling the problem from an IT perspective. Hence, the inadequacies of current market offerings.

Beyond that, the rise of ransomware and the increasingly high-profile attacks against enterprises with large industrial operations has been highly damaging (both economically and reputation-wise). This has only amplified demand for effective solutions.

These events have driven Siemens in its SIEM strategy. The firm is unfortunately well acquainted with cyberthreats, having been one of the first industrial victims of sophisticated malware campaigns with Stuxnet more than a decade ago. That incident alone drove some significant internal processes and management changes, including the implementation of comprehensive cybersecurity strategies which transformed how the firm perceived and dealt with threats in a way that was groundbreaking in the industrial space.

That fifteen-year time frame has undoubtedly provided the firm with experience, knowledge, and expertise in how best to deploy and manage cybersecurity for industrial technologies. Certainly, once those costs are sunk, and the resulting investments proven to work, it is clear that a return on that investment through a PaaS is a smart choice. The firm’s initial Managed Detection and Response system (MDR) and its current Eos.ii platform are timely offerings in a space that is in visible turmoil.

There are a number of factors that need to align in order for Siemens to be successful in its bid, all of which seem to be happening. The growing threat to industrial systems, which has been ongoing since Stuxnet in a slow but progressive manner, has exploded recently with ransomware campaigns profiting off insecure deployments following digital transformation strategies, and industrial IoT adoption. But in and of themselves, these drivers are not enough. After all, there is a mature and highly competitive cybersecurity market already, with an emerging and focused market on IoT security. So what is missing from this market that Siemens believes it can offer? More pertinently, will that be enough to make Siemens’ Eos.ii successful?

Security vendors lack true understanding in industrial matters, and industrial operators lack the skill to identify and translate risks back to those vendors (and internally, as well). Ideally, industrial cybersecurity requires skills in both industrial operations and IT security: enter Siemens. Stuxnet was the catalyst that drove security education within the company, so its engineers and operations personnel all have cybersecurity training. As such, the firm has been deploying advanced cybersecurity for its own industrial processes for some time. Eos.ii is the culmination of those efforts offered to the outside world. It is a tool for Chief Information Security Officers (CISOs) and SOCs (the IT part of the equation) that effectively pulls in all production process data (the industrial part) and runs it through a home-brewed Artificial Intelligence (AI) to provide effective monitoring and detection of industrial threats. In time, Siemens hopes to add automated response as well.

For Siemens, success in adoption of its platform will depend on its ability to make it work for all the flavors of industrial operations that will differ from its own, something which it is already doing by ensuring the platform can also provide visibility into industrial devices and systems manufactured by its competitors. Second will be how well it competes in the cybersecurity market. The cybersecurity industry may be lagging today in offering fit-for-purpose IIoT security, but that should not be mistaken for an inability to bounce back and respond to new entrants. Cybersecurity is adversarial in nature, and its market participants well versed in the game. Further, cybersecurity AI developments are fast-paced and continually breaking ground in threat detection and incident response, and there is no shortage of companies fine-tuning their algorithms to new applications. Industrial is already on many incumbents’ radars. Further, other industrial players with similar internal cybersecurity platforms may view Siemens’ success as an opportunity to release their own home-made platforms in a similar manner. For Siemens, their past security experience and current industrial clout makes them a credible player in the IIoT SIEM space, and so long as they remain agile and responsive to both competitors and threats, their stake may become permanent.