The Industrial Security Center from Hitachi Energy, Telekom Security and Securitas.
Convergence has long been discussed as a destination for security, an industry utopia where physical and logical assets are part of a systems architecture that delivers a unified security operation. As a destination it is highly desirable to security operators, improving situational awareness and leading to a range of operational benefits. However, in practice it has proved difficult to achieve in manufacturing and process industries due in part to the replacement of legacy systems, varying operational concepts and priorities, and cost. Nevertheless, there has been progress, notably the Industrial Security Center collaboration between Hitachi Energy, T-Systems and Securitas, which combines industrial, physical and cyber operations to deliver a unified approach to protecting energy systems.
To explain why the Industrial Security Center concept is unique we should start with a definition. Westlands Advisory has previously defined security convergence as “the interdependency between technology, systems and processes that results in improved functionality, efficiency and security effectiveness.” A definition of Convergence is “the process or state of converging” leading to the eventual meeting of different forces at a Converged point. For tangibles or intangibles to be converging there needs to be a destination. In security, let’s imagine that this is the Security Operations Centre (SOC) which collects and interprets data, detects threats, and automates and co-ordinates response.
Whilst SOC’s have evolved significantly in recent years, collecting and analysing greater quantities of data, they still remain largely independent of each other. At a simplistic level, cyber SOC’s are managed by IT security professionals with the objective of ensuring the right controls are in place to keep nefarious actors out of the network. Physical security operating centres manage surveillance cameras, physical intrusion detection and guarding to protect infrastructure by keeping unauthorised personnel out of restricted areas. Engineering operations focuses on ensuring the safety, availability and reliability of industrial systems. Three operations, three teams and three different sets of objectives, all working largely independently of each other.
However, increasing digital maturity and growing interdependencies between ecosystems and operations challenges this approach to security. Physical and logical security are reliant on one another. A physical attack on a local datacentre may compromise IT service performance, impacting availability. In an industrial context the performance of industrial systems is paramount, and a momentary or prolonged incident affecting system availability can lead to loss of production or an energy outage. This could be the result of a cyber incident, an engineering mistake, or an intruder.
The Industrial Security Center (ISC) was developed to overcome the intelligence and operational gaps caused by siloes. In a traditional model, different companies provide Operational Services, Cyber Security and Physical Security. There is no shared intelligence, limited collaboration and no joint operations.
The ISC flips the siloed approach, uniting operations through a shared, multi-dimensional SOC. Operationally analysts are not co-located but are linked through a shared API which includes information sharing and combined workflows. Part of the innovation relates to the business model and the “three partners – one integrated service approach”. The customer retains the expertise of each partner but benefits from the collaborative and shared service model. 3 different security levels are offered to customers, enabling them to scale in line with the risk model and budget.
The ISC Service Model
Analysis of current operations and earlier pilot projects has shown that overall security performance improved across services following the use of the ISC, including delivery of physical security, vulnerability management, threat intelligence, OT health monitoring and remote access services. Further observed customer benefits, beyond improved protection, includes reduced security cost and operational benefits.
Access to subject matter expertise under a single service level agreement, improving service delivery and response
Triangulation of data from operational, physical and logical systems, reducing false positives, accelerating response, and generating new insight
Improved compliance with current NIST and other relevant frameworks
Increased business resilience and continuity management
Improved security culture
The blending of technology, information, processes, and skills is a significant step towards the benefits derived from convergence, including “improved functionality, efficiency and security effectiveness”. Westlands Advisory expects new convergence concepts to emerge as connectivity between industrial assets, systems and ecosystems grows. However, as demonstrated by Hitachi Energy, T-Systems and Securitas, it will require a strong vision, long term commitment and collaboration between partners, and an attractive business model that can demonstrably reduce risk.
Any questions or for more information please contact us at info@westlandsadvisory.com.