On September 24, the Center for Industrial Cybersecurity (CCI) held the event La Voz de la Industria Gallega (The Voice of Galician Industry) in virtual format, which was attended by our industrial cyber security consultant Alba Ramos.
In this event, aimed especially at professionals of the Galician industry, has been presented for the first time the conclusions of the study on the state of cybersecurity in the industry of Galicia, a study recently published and conducted by the CCI, from which it has been possible to draw various conclusions such as the lack of training in industrial cyber security in organizations, as well as reactive action in cybersecurity, only act when an incident occurs. However, there is beginning to be a growing concern about cybersecurity among industry organizations, but there is still a long way to go.
The virtual meeting also included a representative from the Xunta de Galicia who presented a series of initiatives that are being carried out to promote cybersecurity in Galicia, such as the cybersecurity node CIBER. gal, made up of Galician public administrations and private institutions with the aim of working collaboratively on aspects related to cybersecurity.
One of the highlights of the event were the presentations by the JRC, which addressed how to address cybersecurity in the Life Cycle of an industrial cybersecurity project as well as the characterization of high-impact cybersecurity incidents in industrial environments. As a result of these presentations, the CCI has presented the platforms on which it is working: RECIN and ESCIN.
Platforms developed by the CCI
On the one hand, the RECIN tool will facilitate experts to model industrial automation projects and provide a series of recommendations and cyber security requirements on a catalogue taking into account regulations and standards according to the scenario.
On the other hand, ESCIM will be a technical platform for the characterization of high-impact industrial cyber security incidents. Its objective is to facilitate the preparation of organizations and their industrial suppliers by allowing them to know in advance what type of incidents could affect their infrastructures.
Presentations by private companies
Renowned companies in the world of industrial cyber security such as Phoenix Contact, Kaspersky and Palo Alto Networks also participated in the event.
First of all, Phoenix Contact has explained how to cover the cyber safety requirements of IEC62443 4-2, which is part of the IEC 62443 series that groups together the technical requirements for improving the safety of components, as well as requirements in the network segmentation.
Kaspersky then gave a practical demonstration of how to handle cyber security in WO environments using his industry-oriented KICS solution.
Finally, from Palo Alto Networks they have presented us with the new risks that the convergence between the IT and WO world represents and how to manage them with their specific firewall solution for industrial networks.
To conclude the meeting, a discussion panel was opened in which experts responsible for cybersecurity in industrial companies shared their experiences and views on the state of industrial cybersecurity both in their companies and in general, as well as the challenges that cybersecurity has brought to the organization.