In May, ARC Advisory Group has hosted its European Industry Forum (EIF) in the Meliã Hotel Sitges in Spain. The European Industry Forum is part of ARC’s successful series of worldwide conferences in the USA, India, China, and Japan.
As more and more significant security breaches become known, protection of information and control systems is becoming important to the management. A company's executive management must continuously and meticulously identify, categorize, and mitigate risks resulting from cyber attacks.
In many cases, the largest risk to your people, your processes, and your profits may be the vulnerabilities of your industrial control system—not a data breach.
Ask yourself the following questions about your company's exposure to industrial control systems cybersecurity vulnerabilities:
- What opportunities exist for a breach?
- What risk exposure does my company have and what are the consequences of that exposure?
- What is the maximum damage that might be done if one of these breaches occurs?
- What specific security deployments protect each of our assets?
- If our systems have cybersecurity vulnerabilities, how do those vulnerabilities impact our safety-related goals and initiatives?
- Who in our organization is responsible for these security measures? Are our IT and operations teams coordinated and working together to secure our systems?
- Have we allocated the right resources, implemented the right standards, and sourced the right equipment to give us the best possible outcome?
The workshop addressed these and other questions in the context of the following objectives:
- Introduce the unique characteristics and vulnerabilities of industrial control systems;
- Explore the key differences between an IT and an operations perspective on cybersecurity;
- Detail potential impacts of attack on critical infrastructure and manufacturing processes;
- Identify standards, training, and compliance programs to aid companies in their approach to these challenges;
- And of course, some additional information on incidents that have already taken place.
In order to create and maintain secure systems, we first have to ensure that our processes and the communication between them is secure; industrial control systems need to be targeted for more detailed review on a consistent basis. Second, we need to make sure that our operations staff have expertise in industrial control systems cybersecurity and are closely coordinating with our IT-team to protect our systems and processes. Third, we need to make sure our equipment is inherently secure and addresses known vulnerabilities by leveraging industry standards and conformance programs.
In May 2018, ARC will host its European Industry Forum (EIF) again. For further details, please contact your Client Manager or email firstname.lastname@example.org.