On February 4th and 5th, the Manusec took place in Munich, an event held in series around the world every year. This year it will also be held in the USA in October. Inprosec and InprOTech have been present at this specific industrial cyber security event where not only solution vendors are present, but most of the attendees are responsible for factory security, who share their roadmaps and the state of their cyber security.
In the initial discussion, Leonardo Casubolo (Global Director IT & OT Security at Burckhardt Compression), Dr. Bernd Bieker (Program Lead for OT Cybersecurity at Novartis) and Marvin Schlieker (IT & Production Security at ZF Group); began their presentation by commenting on the importance of integrating IT and OT, referring to the weakness of the human factor. One of the problems that have been highlighted about OT is the large volume of data to be handled compared to IT due to the large number of sensors available. Consensus was reached among the three speakers that a security audit is currently a very costly manual process and needs to be integrated with software solutions.
During the presentation on industry attack surfaces, David Van Crout (Senior Director at Claroty), said that there is a big problem at OT due to old legacy systems, which are a danger because they have multiple vulnerabilities, giving as an example the cyber attacks that Fedex and Maersk have recently suffered, which caused losses of 300 million to each company. On the other hand, David commented on how the malware “NotPetya” and “Triton” are wreaking havoc on the industry, putting a large number of companies in check. The most notorious problems in cases of attacks on industry have been unauthorized access to systems and the lack of an inventory of assets, which causes a lack of visibility over connections.
Before concluding with the duty to integrate an IT security service with OT, reference was made to IDS (intrusion detection systems), assuring that they are not perfect since they do not have integration with other sources, in short, there is no magic solution for factory. Finally, another outstanding intervention was that of Ricardo Hormann (expert in industrial safety at Volkswagen), who explained his experiences in WO and what methods they are using to work on this issue.