Critical

Infrastructure
Defense Center (CIDC)
Cybersecurity Services Brochure
Introduction
Today’s world is rapidly changing. Globalization and geopolitical
tension along with the increasing digitalization of products, sys-
tems and solutions is changing the way business is conducted.
Information Technology (IT) and Operations Technology (OT) is
converging, and the security challenge is expanding. This reality is
creating new opportunities, but also new challenges and increas-
ing the risk of cyber threats the world progresses its digitalization.

According to Gartner Inc., ....by

2025, cyber attackers will have
weaponized operational tech-
nology (OT) environments to
successfully harm or kill
humans.

Gartner also predicts, ....that the financial impact of cyber

physical attacks resulting in fatal casualties will reach over
$50 billion by 2023. Even without taking the value of human
life into account, the costs for organizations in terms of com-
pensation, litigation, insurance, regulatory fines and reputa-
tion loss will be significant. Gartner also predicts that most
CEOs will be personally liable for such incidents.”

Cybersecurity Ventures expects global cybercrime costs to

grow by 15 percent per year over the next five years, reach-
ing $10.5 trillion USD annually by 2025, up from $3 trillion
USD in 2015.
 Critical
Infrastructure
Defense Center
(CIDC)
Critical infrastructure and strategic manufacturing
organizations rely heavily on OT and increasingly
on Digitalization. This dependency poses new
cybersecurity challenges that Siemens can solve.

Siemens is uniquely positioned to leverage its deep

domain knowledge and experience in Operations
Technology (OT) security enabling technology
agnostic best practices that have been refined for
more than 10 years.

At CIDC, we have a team of world class

cybersecurity researchers, coupled with the first
dedicated OT Security Operations Center (SOC)
in Canada. We aim to solve the OT cyber security
challenge holistically by taking a lifecycle
approach to security that starts from embedding
security at the inception and taking it all the way
to the delivery of any initiative or program. The Siemens competency in OT cybersecurity is situated
within the Siemens Critical Infrastructure Defense Center
(CIDC) in New Brunswick, Canada. The CIDC is a first of its
kind, focused on OT, offering Advisory, Managed Security,
and Research & Development Services.
 1
Our Services Cybersecurity
Assessment
We provide a wide range of cybersecurity Our advisory services include a variety of
cybersecurity assessments to help organiza-
services delivered through our Consulting tions understand their cybersecurity programs
Services, Professional Services, and relative to baselines and different frameworks

Managed Security Services. Our services

include the following: NIST CSF Assessment and review of cybersecurity program and
existing controls using the NIST Cybersecurity Frame-
work

NIST SP800-53 Assessment and review of Enterprise/IT cybersecurity

program and existing controls using the NIST Special
Publications 800-53

NIST SP 800-82 Assessment and review of OT network and existing

controls using the NIST Special Publications 800-82
for Industrial Control Systems

ISA/IEC 62443 Assessment and review of cybersecurity manage-

ment system (CSMS) against the ISA/IEC 62443
cybersecurity standards

C2M2 Assessing the maturity of an organization’s cyberse-

curity program using the cybersecurity capability
maturity model from the United States Department
of Energy (DoE)

AESCSF Assessment and review of cybersecurity program and

existing controls using the Australia Energy Sector
Cybersecurity Framework

ISO/IEC Assessment and implementation of an Information

Security Management Systems (ISMS) based on
ISO/IEC 27001
 2 3
Vulnerability Program Management
Assessment
Comprehensive integrated program manage-
We offer specialized OT vulnerability assessments, ment of security strategy and project, risk
IT vulnerability assessments, and IT/OT combination management, and security services planning
vulnerability assessments through the following: guided by PM@Siemens methodology

Network Active or passive vulnerability assessment (includ-

4
Vulnerability ing scanning services) of an OT network and infra-
structure using a combination of best-in-class tools,
Assessment
techniques, and procedures on customer's site Penetration Testing and
Red Team Services
Vulnerability this includes:
OT focused penetration testing exercises
Assessment
that is inclusive of penetration test exercises
as a Service of Level 4 and 5 of the Purdue Enterprise
Reference Architecture

Scheduled Vulnerability Specialized VA testing to

Assessments (VA’s) include database and web

5
application assessments,
wireless technology testing
and analysis as part of
Reports, findings, and planned security assurance Threat Analysis and
recommendations to mitigate
security gaps and vulnerabilities and
activities
Intelligence
provide support to cybersecurity Detect, monitor, analyze, and mitigate
by interpreting scan results and targeted, highly organized, or sophisticated
recommend remediation plans Ad-hoc or emergency VA threats
scanning to support targeted Perform consolidated and comprehensive
incident investigation, information and intelligence analysis of
escalation, and emergency threat data obtained from various sources
VA summary reports of the testing response to security events to provide indication and warnings of
and documentation of findings impending attacks

Provide reporting on technical network and

host-based attack vectors, emerging cyber
NERC CIP Vulnerability monitoring services using bulletin threats, new vulnerabilities, and current
trends used by malicious actors
Vulnerability & notification system to meet NERC CIP 007-6 R2.2
Patch Notification requirement through Siemens SVM or Villocify
Solution
6
OT Security Operations
Monitoring and Detection
Center
The cornerstone of our security services offering
is our OT Security Operations Centre (SOC). The
SOC is the first of its kind in North America that
is purely dedicated to monitoring and protecting
critical infrastructure services and strategic automated detection
manufacturing of security outliers by
observing deviations
automated from known good
monitoring of core baseline
The SOC provides the much-needed visibility into OT and related IT automated
detecting threats and vulnerabilities within the security events in generation of
operational technology network customer’s OT security alerts
environment and tracking
cases

We provide automated 24 hours per day, 7 days per week,

365 days per year (“24x7”) network monitoring,

24/7
security event triage, analysis, alerting, computer security
incident response support, threat intelligence and reporting

triaging of security presentation of

alerts to validate select KPI’s in a
findings customer facing
dashboard

initiation of security
incidents as needed
 Security Investigation

Investigation and identification of anomalous events

detected by security devices, or reported by external
entities, system administrators, and general users

Documentation of all event investigation activities,

incoming request for information, or suspected inci-
dent reports as required to support the incident
management process

Advanced Analytics

Automated population and management of a database

of observed OT and related IT assets in core OT
environments

Searchable asset database through customer facing

dashboard, and periodic generation of reports for
review

Incident Response

Provision of 24x7 incident response, remediation, and

recovery support services

Provision of support to perform technical analysis of

potentially malicious services that have occurred or
believed to have occurred through security event data
from the SOC
Global Customer References
Port of Antwerp, Belgium
– Clear OT cybersecurity
roadmap thanks to IEC
62443 Assessment As CISO, I’m responsible for both IT and OT
cybersecurity. Having a clear understanding
of the challenges specific for OT is very
Customer profile Customer objectives important.

Port of Antwerp plays an

important public role in
To have a clear overview of the
cybersecurity maturity of its IT and
Siemens helped us by providing a clear
Belgium by OT environment analysis of the current situation, as well as
Managing and maintaining the defining a roadmap to mitigate the risks.
second largest port in Europe
Causing more than 1,500 direct
and more than 140,000 indirect
jobs

Realizing 4.8% of Belgian’s

Gross Domestic Product (GDP)

Siemens solution Customer value

IEC 62443 Assessment
Siemens mapped the OT Siemens provided Port of Antwerp Yannick Herrebaut, CISO
systems of Port of Antwerp on a clear OT cybersecurity roadmap at Port of Antwerp
the IEC 62443 standard to have
a good understanding of the A synergy was found between the
as-is situation knowledge/experience available
within Port of Antwerp’ internal
Afterwards, Siemens provided IT/OT cybersecurity teams and
clear guidance on how to Siemens’ expertise in IEC 62443
achieve a higher security level
in the form of a very detailed
and tangible roadmap
Süd-West Netz Wiesbaden VSB / VMB – Vallourec & Sumitomo Tubes (Steel
ISO 27001 / 27019 Assessment and Certification
Making)

Advised for implementation of ISO 27001 Designed, deployed, and operated OT Security,
Governance, Service Management
Conducted certification readiness and assisted with gaps
remediation IT and OT network and security controls for a large plant,
designed and operated OT service desk

VALE – second world’s largest iron ore mining

Stadtwerke Hockenheim
company
ISO 27001 / 27019 Assessment and Certification
Created a company wide OT Security Program
Advised for implementation of ISO 27001
Assessment of IT & Network Security
Conducted certification readiness and assisted with gaps
Identified and prioritized OT security controls
remediation
Created internal standards, policies and procedures
Designed and deployed controls in many plants

EnergieSüdwest Netz GmbH

Grupo Energía Bogotá” (GEB) in Latin America
ISO 27001 / 27019 Assessment and Certification
Cybersecurity consultancy services
Advised for implementation of ISO 27001
Develop program based on NERC CIP
Conducted certification readiness and assisted with gaps
remediation Audit of security measures, threats and risks analysis,
definition of a cybersecurity policy and plans

A large utility in Europe Dubai Electricity and Water Authority (DEWA)

Secure substation Migration and Security Management Design and implement threat OT detection/monitoring
Services
Designed and deployed IDS
18 Substations – security design, hardening and Malware Integrated IDS with SIEM
protection
Developed use cases for IEC 61850 and IEC 104
Logs and event management communication
 Contact Us

CIDC.ca@siemens.com

Fredericton, New Brunswick, CA

siemens.ca/cidc

Published by
Siemens Canada Limited
1577 North Service Road East
Oakville, ON L6H0H6
Canada

Subject to changes and errors.

The information given in this document only contains general descriptions and/or
performance features which may not always specifically reflect those de-scribed, or
which may undergo modification in the course of further development of the products.
The requested performance features are binding only when they are expressly agreed
upon in the concluded contract.
All product designations may be trademarks or product names of Siemens AG or other
companies whose use by third parties for their own purposes could violate the rights of
the owners.