14 Apr Cyber Security Conference for Industrial Control Systems
On 4th of April 2017 ENEVO Group, in collaboration with ISACA Romanian Chapter, initiated a discussion between key decision-makers from private companies and institutions regarding the digitalization of process industries. The discussion was followed by Sebastian Pitei, IT Director of ENEVO, who held a presentation outlining the main technical challenges of Cyber Security for Industrial Control Systems.
This initiative was launched considering that industrial systems become more complex and interconnected with enterprise systems. Each new investment in technology undergone by a industrial company or utilities company that increases the automation intensity grows exponentially the exposure to a successful cyber-attack.
Cyber Security in industry is still in its inception as a topic around the world. Today, the role of the stakeholders involved is to continue institutional pressure for regulation, implementing minimum security measures on existing infrastructure and developing a cyber-security culture within organizations. Considering the slow pace of regulation rolling in, it is the duty of each infrastructure operator to write best-practice guides specifically tailored on the company profile and follow-up through implementation.
Security by design was the unanimously accepted philosophy of the panel discussion. Equipment vendors, technology integrators and system operators, all must be aligned to the same cyber security guide proprietary for each company. Moreover, considering the fast-paced development of cyber threats, such a guide must be tested, verified and updated frequently considering new vulnerabilities.
Sebastian Pitei followed the panel talk and presented the main vulnerabilities and security measures of equipment and industrial automation systems, as well as Security Operations Center(SOC) solutions, solutions that are designed to monitor cyber threats for an industrial infrastructure. Moreover, he stressed the importance of well-trained personnel, be it employees, contractors or suppliers, as any of them can become a vulnerability from a cyber security perspective. Given the hands-on experience Sebastian has in designing and implementing cyber security solutions in ICS, he pointed out the importance of “Security as a mindset”, a step further than “Security by design”, stressing the importance of human capital. Although a Security Operation Center increases network protection, lack of well-trained operators capable of monitoring and investigating alerts, the security solution would be incomplete. Moreover, during discussions with the audience, Sebastian argued that there is no off-the-shelf solution and that the team developing a security architecture for ICS must have both process knowledge and IT competences.