Four years ago when I was working at another security company, my team and I brought to executive product management the idea to add OT network security features to our SOC platform. Why did I care? Well, I was troubled by the dire outcomes that could result from a security breach of an OT network. While consequences of an IT cyberattack typically are of economic proportions like proprietary data release and possible fraud, an attack on an assembly line, like automobile or prescription drug production lines, can cause a shortage of critical goods and services, or even adversely impact human health.
Here are four examples to show what I mean:
- Summer 2017: Triton, a type of malware, took over safety instruments manufactured by a leading industrial device maker at a petrochemical plant. In this case, the malware was designed to prevent the safety mechanisms in the plant from triggering, which could have led to the toxic release of gasses and caused explosions, harming factory workers. Fortunately, a flaw in the code allowed for the malware to be detected and mitigated before harm was done.
- Winter 2021: A Florida water plant was hacked, adding poisonous levels of sodium hydroxide. People feared, was the water safe to drink?
- Spring 2021: Colonial pipeline, the largest purveyor of gas to the US East Coast, was taken down due to a compromised VPN. People feared, would we run out of gas?
- Spring 2022: Russia attempted (and the Ukrainian government thwarted) an attack in the middle of the 2022 Ukraine-Russian War designed to bring down Ukraine’s power grid. This would have caused widespread blackouts with extreme consequences ranging from turning off refrigerators (eliminating food for the Ukrainian people), turning off water pumps powered by electricity, and preventing Ukrainians from receiving information that could help them fight the war, among other consequences. People thought, sounds like an armageddon-themed science fiction movie come true…
With that, it’s been an honor to have the opportunity to follow through on my curiosity and desire to help customers address this growing security problem, by leading the creation of the first strategic partnership between a worldwide industrial manufacturing giant and a leader in cloud security. Together, Siemens and Zscaler are making the OT/IT convergence very real, while also meeting increased demand for secure cloud connectivity from the OT space.
What exactly did we do? First, we’ve recognized that in order for factories to digitally transform themselves, so they can use cloud-based and internet-connected innovations around artificial intelligence and automation to become more agile and productive, the security needs to be more robust than it’s ever been. Next, we’ve recognized that the traditional OT network architecture can be adapted to incorporate cloud security principles while still adhering to concepts endorsed by critical regulations like IEC62443. With this context, we’ve built an innovative joint solution centered on zero trust architecture and industrial edge gateways like the SCALANCE LPE, and made it available through the Siemens sales force to industrial customers worldwide. The result: customers can now securely access cloud-provided and internet-connected technological innovations that enhance uptime and productivity, while mitigating cyber risk.
Here are some key features of our zero trust offering, and why it’s going to lead to higher levels of factory productivity while turning the tables on cyber attackers:
- Layer in zero trust for secure cloud and internet connectivity - augment traditional defense-in-depth concepts at factory sites, with zero trust connectivity that reduces the risk of accessing cloud and internet based applications.
- Secure remote access to plants and machines — As CISA points out, VPNs aren’t often updated and can contain vulnerabilities. VPN access into the factory can be replaced with a zero trust access product.
- Privileged remote access for internal and third-party users — Use Zscaler’s easy agentless option to allow authorized admins on remote machines to perform factory maintenance and monitoring over secure and fully isolated connections.
- Jump-host alternative for reduced attack surface — Zero trust can replace jump hosts that can be hijacked, leading to a far more secure OT network access alternative. Because Zscaler’s solution is powered by a cloud exchange, not an appliance, there is no attack surface for an attacker to target in the DMZ. Hello resilience, and goodbye disruption.
- Seamless integration into existing OT networks — We created docker-based app connectors that are easy to run alongside industrial edge arm- and intel-based devices, like the Siemens SCALANCE LPE or Ruggedcom RX line of devices.
- Powered by a SaaS solution and a multi-tenant cloud exchange — Zscaler’s solution has the largest security cloud with more than150 data centers worldwide. Our powerful cloud stops 7 billion threats and provides 200K unique security updates daily and has unparalleled ability to support transaction volume, which ensures the fastest connections between users and assets and supports factories no matter where they are in the world.
- Security, scalability, and stability — Zscaler Private Access has been in the market for six years and the Zscaler Zero Trust Exchange for 14 years, yielding a proven and reliable exchange service to govern access. It also can scale quickly to hundreds of thousands of users, becoming fully deployed in a matter of days to weeks.
As exciting as this is, we’re not stopping. We’re working together on making other OT connections secured via zero trust too, like device-to-device and device-to-internet access. I’m pumped to see what we and Siemens are going to develop over the years and to see the great security and productivity benefits play out in our industrial clients.
Our CEO Jay Chaudry has a companion blog post that talks about the benefits of our all-in-one solution for joint customers.
I also encourage you to read our whitepaper entitled 3 Essential Zero Trust Principles for Reducing Security Risk in OT Environments to learn how you can layer zero trust concepts into your defense-in-depth strategy.