The Cybersecurity workshop has been an established and successful part of ARC’s European Industry Forum for years. This year in Sitges, Spain, Thomas Menze, ARC senior consultant, moderated the workshop supported by expert panelists: Zahra Khani of Firmalyzer, Ulrich Seldeslachts of LSEC, Kim Legelis of Nozomi Networks, Doug Wylie of SANS, and Yoni Shohet of SCADAfence.
Cybersecurity Trends & Developments in IT Security
Improving the cybersecurity in industrial control systems (ICS) has been a subject of focus for over a decade. Control systems and security experts have collaborated to develop improved standards and practices, and suppliers are responding with new and innovative products and technologies. Yet, the risks continue to evolve, requiring improved response and increased adoption in virtually all critical infrastructure sectors.
The purpose of this workshop was to present and discuss trends and developments in this area, including, but not limited to, the application of available standards, practices, and guidelines.
The combination of low-cost sensors, robust communication networks, and cloud computing has already had a visible impact on a variety of industries from manufacturing to financial services. Now a new group of industries is beginning to realize the benefits digitalization can deliver.
Manufacturing operations are focused first and foremost on costs. Local plant operators are understandably unsure about the payback associated with automation, particularly in the case of technologies, like cloud computing, that have not been widely adopted in the segment of their industry. They worry that their plant won’t realize the value, especially if their team lacks the technical savvy to successfully implement digital technologies.
The IT Security Challenge
The biggest challenge, however, is and remains IT security. The workshop participants assumed that digitalization will add more interfaces to the automation system and thus increase the risk of attacks. In the further discussion there was an agreement that the operator (human) still represents the greatest danger for IT security. Training measures are not sustainable, because after a short time the learned is forgotten again. These and other cybersecurity concerns will delay the introduction of digital methods.
ARC European Industry Forum
The ARC Advisory Group hosted its yearly European Industry Forum (EIF) in the Meliã Hotel Sitges in Spain on May 21-22, 2019. The European Industry Forum is part of ARC’s successful series of worldwide conferences in the USA, India, China, and Japan.