On May 19th we had the opportunity to attend the event “the voice of the Catalan industry” where we enjoyed the presence of professionals with extensive experience in the Cybersecurity sector, especially in the industrial part, where Joan Figueres, coordinator of the CCI of Catalonia, advances the first results of the study “Coordination and management of cybersecurity incidents of high impact in the Catalan industry”.
As an opening, we are contextualized in a scenario where it is necessary to understand three important aspects:
- A major disaster brings major breakthroughs: organizations can provide cybersecurity services in a delocalized manner.
- The possibility of events characterized as “black swans” is increasingly higher and their potential impact greater, favored by the fact that digitalization has grown exponentially.
- The new resilience becomes the only way forward, and it is not enough to recover, but it is necessary to anticipate disaster and be flexible in industrial environments and supply chains.
In general terms, we see the following becoming clear:
- The digitization process is long and it is necessary to plan it from the beginning including security from the very beginning; “it cannot be like the last accessory we put in the suitcase when we go on a trip.”
- The cybersecurity of companies is still integrated in the IT part and, when an incident occurs, in the vast majority of cases the necessary personnel to manage it has not been defined. A good part of these companies will not even have security motorization systems for industrial automatic systems.
- The current trend in cyber-attacks focuses on the supply chain, as pointed out by the Catalan Cybersecurity Agency, and as evidenced by the recent attacks on SolarWinds and Quanta.
Everything points to the fact that industrial cybersecurity is an immature market with high potential. The automation of responses to threats is still being explored, in an area where companies are very concerned about securing the supply chain.
This was followed by a round table discussion composed of:
- Ángel Pérez, CISO Abertis – Autopistas España.
- Ramón Serres, Head of information Security and IT office – Almirall.
- Emilio Angles, Power Controls and information Systems Manager – Kellogg Company.
- Juan José del Río Estévez, Head of ICT Security Unit – TMB.
It raises possible answers to questions such as:
- What are the main cyber incidents of concern in an industrial automation environment, highlighting the damage to people well beyond the possible material losses.
- What are the main cybersecurity risks in IT/OT network integration, highlighting the lack of support from top management, the provision of adequate training and above all not having the OT department on board from the outset.
- What cybersecurity requirements should be contemplated in the design phase of any industrial automation project, where it is worth mentioning the importance of always having an eye on the security of the design, otherwise you are late with the problems that this entails, as well as the importance of people who have to be not only trained, but aware after internalizing the message).
Challenges for Catalan industry in cybersecurity
In a final panel made up of professionals from ACCIÓ, Eurecat, OYTEC, UOC and EIC, the importance of people and their training in overcoming the challenges of Catalan industry to incorporate cybersecurity in its digitization is addressed.
The means to facilitate cybersecurity in the supply chain for industrial digitization projects (access limitations in time, sustainability, ect) are also discussed, and errors that organizations make when approaching the process are identified, among which the lack of procedures or software quality control stands out.