New Brunswick has added another international technology company with a cyber security operation to its roster of partners as it tries to build an IT security hub in the province.
Siemens CEO Joe Kaeser confirmed Wednesday that German industrial manufacturer will open a global cyber security centre of excellence in Fredericton in the fall to help button up the company’s critical infrastructure products. These range from gas turbines for power stations, automation systems for factories to road and rail traffic management systems.
In its first phase, which goes to 2020, the centre will have 30 people working on software development, cyber analysis and consulting. Another 30 could be hired after that.
The centre will be housed in Fredericton’s Knowledge Park, a 26 acre campus.
Siemens is no stranger to the province, or Canada. It has operated in New Brunswick since 1912 and currently has offices in Moncton as well as Fredericton, working closely with the NB Power utility. As part of that relationship, the company opened a Smart Grid centre of competence in Fredericton six years ago. Across Canada it has 4,500 employees.
The announcement was first made to New Brunswick reporters Tuesday. Kaeser and New Brunswick Premier Brian Gallant came to Toronto on Wednesday to repeat it, hoping to get extra attention from national media.
“Any time we’re able to go around the world and tell people that a business like Siemens is investing in our cyber security hub it demonstrates to what extent it is already a success,” the premier told a group of Siemens and provincial officials Wednesday.
“This is going to be a great opportunity for New Brunswickers to work in the short term, but its also, we think, going to represent enormous potential growth going forward. We believe cyber security is going to be exponentially an important industry for the IT sector, and for many other sectors.”
Cyber security has been on Siemens’ mind for some time. Last November the company announced a Charter of Trust initiative with governments and industry partners including IBM, Cisco Systems, Dell Deutsche Telekom and others to try and set minimum general standards for cybersecurity. The Charter says there should be obligatory cybersecurity certifications for critical infrastructures and devices that might pose a danger to life and limb. It also calls for clearly defined areas of responsibility and contacts for cybersecurity at companies, governments, and public authorities.
The private sector plays a key role in cyber security as well as government, Kaeser said. “People estimate that the annual damage that’s caused by cyber security issues could be $750 billion … At the end of the day, practically every cyber security attack of relevance is attacking the physical world … Think about if infrastructure is being attacked by the grid, by cars … That’s why I believe we are well advised to find a way and an answer on how to deal with this.”
Today some 10 billion devices are connected to the Internet, he said. By 2020 it could be three times as many, he added, which is why cyber security is a private sector matter with governments and academics “to make it a better, safer world.”
In an interview Siemens Canada CEO Faisal Kazi said other locations for the cyber centre were looked at, “but we had a very strong relationship with the Smart Grid (centre) with New Brunswick, so that was our natural choice.”
The centre will focus on protecting Siemens devices connected to operational networks. “We need to secure the critical assets of infrastructure,” Kaeser said. “It could be a power plant, it could be the (power) grid … cyber security works to protect and secure critical assets of the customer.”
Like any company with connected devices, Siemens has had its share of vulnerabilities exposed. In January it issued an update to a year-old product vulnerability warning for its SIMATIC S7-300 and S7-400 families of programmable logic controllers. In October 2017 it issued an update that addressed a vulnerability in a measuring device that could potentially allow an attacker to bypass built-in authentication measures and take control of the machine. In August 2017 it had to patch a number of bugs in its molecular imagining products.
The province will give Siemens – which pulls in about $125 billion a year in revenue around the world — a non-repayable $1 million “contribution” to pay for the centre’s initial capital expenditures, plus another $600,000 to pay moving costs of staff hired from outside the province. In addition, the company will be eligible in the first phase for a $1 million payroll rebate, and an equal amount if there is an expansion phase.
New Brunswick expects the first phase will add $17.1 million to the province’s GDP over seven years. Kazi said Siemens will be making “a pretty significant investment. We will put our R&D people here, we will have about 20 R&D people.”
The province’s goal of making it a cyber security hub dates back to 2016 when the premier announced an economic development strategy on cybersecurity and cyber innovation called CyberNB. In an interview Gallant said the groundwork was laid several years before that when University of New Brunswick graduates created Q1 Labs, which makes the QRadar security incident and event management suite, eventually bought by IBM. In 20017 the University of New Brunswick opened a cyber security centre of excellence, now called the Canadian Cyber Security Institute.
The overall initiative is led by CyberNB, a branch of the provincial development agency. It includes attracting companies, a cyber startup incubator, the business park as well as encouraging high school students to study cyber security.
Tyson Johnson, CyberNB”s chief operating officer, said what makes the effort work is the partnership of the province, academia and the IT industry. “There’s an appetite for security operations and cyber security for critical infrastructure,” he said. But cyber security also plays a role in other companies the government is attracting to the province.
In talking about solving cyber security problems with partnerships, Kaeser also said companies should also ask how they can team up to help citizens understand what the Internet of Things is and how they could affect their jobs and personal life. “Today’s world is not just Twitter and the like. People in German and China and everywhere are doing as well as they’ve never done before. But people wonder sometimes why is it that populism, nationalism is growing if everyone does that well? Well, it’s because people do well today, but they are afraid that it will be worse in the future. People need to understand what the Internet of Things is all about, what will it do to me, my family, to my job and to my well-being.”
