Summit: Birth of CERT

Tuesday, June 26, 2012 @ 05:06 PM gHale

By Gregory Hale
In early 2010, Siemens officials were talking about needing to create an area within the company that would test and check products and systems to make sure they were secure.

“We thought Siemens products will become a target of critical infrastructure attacks,” said Thomas Brandstetter, program manager global technology field IT security for Siemens during his presentation at Siemens 2012 Automation Summit in Washington, DC.

Then Stuxnet hit.

Summit: Users Need to be Aware
Summit: Productivity Key to Growth
Risk is Not a Game
Survey: Security a Thought, Not a Focus

That was the birth of Siemens’ ProductCERT. The mission for that organization is to look at and ensure Siemens products, all 15,000 of them, are as secure as possible, Brandstetter said. “We have been working on response and recovery for over two years. We created a CERT (Computer Emergency Response Team) just for Siemens products. We really try to think ahead and protect our customers against attacks.”

“We were called into action when Stuxnet came around,” he said. “After the smoke settled down, we started to look ahead so we didn’t get caught again.”

Some of the areas Brandstetter is seeing as growing are Advanced Persistent Threats (APTs) from political and commercial reasons. Also, hackers are analyzing critical infrastructure components and are beginning to release automated tools for hackers.

With open systems enjoying greater usage, they are also allowing more people to get into industrial control systems to introduce malware or viruses or generally cause problems. “More vulnerability issues are becoming uncovered now more than ever,” Brandstetter said.

That is why this past October Siemens officially started up its ProductCERT program. “Siemens knows they need a focal point regarding product security – especially in a time of crisis” Brandstetter said. The web site for Siemens’ ProductCERT is

One Response to “Summit: Birth of CERT”

  1. […] ICS Systems Using Threat Modeling” at the Siemens 2012 Automation Summit today. RELATED STORIESSummit: Birth of CERTSummit: Users Need to be AwareSummit: Productivity Key to GrowthRisk is Not a […]

Leave a Reply

You must be logged in to post a comment.