This e-book includes new insight from experts within the field of information security, including strategic expert Ryan Lai on ransomware, and Dr. Chris Rivinus on developing an ‘InfoSec culture’. Alongside these, we offer access to some of the most impactful articles that Cyber IQ has released in the past six months, covering elements from national infrastructure protection to incident response. Meanwhile, readers will be able to find the results of our summer survey of cybersecurity professionals, in which we uncover some interesting trends and statistics, including what they believe to be the most critical vulnerabilities and where organizations are failing on implementing policies and procedures. Download the Cyber IQ Review today.
The discussion surrounding information security in Europe continues to intensify this year as the pending introductions of new regulations collides with a time of heightened security. For businesses involved in critical national infrastructure (CNI), demand for the discussion has never been more urgent. Not only is the number of attacks increasing on CNI systems, but the sophistication of these attacks continues – in many cases – to outpace the provisions for countermeasure. In a world where disruption of IT systems can have huge impact on the economy, these systems have become seen as a prime target for those trying to create political havoc. In this article, we outline the cyber security efforts being made by Germany and Austria's energy sector, with insight from Cyber ICS DACH speakers Philipp Irschik (Energie-Control Austria) and Karl Waedt (Areva)...
In 2015, the Bundesrat passed legislation requiring more than 2,000 critical service providers to implement a new minimum standard of information security procedures. Once work on the decree is finalised and provisions are accounted for owners of national critical national infrastructure (CNI) – currently anticipated for April-May – those tasked with undertaking the order will include providers of transportation, utilities, energy, health, finance, telecommunications and insurance firms, all of which manage data that could cause serious disruption to the public should it fall into the wrong hands. In this article, ICS Cyber Security DACH speakers from the authorities involved in the creation of these regulations discusses the potentially crippling fines operators face should they fail to meet standards...[READ MORE]
As one of the world’s most active manufacturers, and with a reputation for quality engineering, Germany’s ambition to mitigate this threat to its infrastructure is high on the government’s priority list. However, the risks are ever-evolving. As recent months have shown, when it comes to machines, the vulnerabilities can stretch from the conveyor belts to people’s homes, with vehicle systems being hacked and OEMs supplying critical infrastructure under greater pressure to eliminate gaps. This article includes insight from ICS Cybersecurity DACH speakers Matthias Buchhorn (Bombardier Transportation) and Aric Dromi (Volvo)...
From the 'cyber attack' on Ukraine assets to power generation problems in the UK, incidents this year have already underscored the potential damage that an unexpected incident can place on a nation’s critical national infrastructure and calls into question whether enough is being done when it comes to resilience and emergency measures. “The main threat is that the critical infrastructure of Europe depends on industrial control systems (ICS), and we simply have really to raise the bar on security,” explains Rossella Mattioli, Security and Resilience of Communication Networks Officer at ENISA (European Union Agency for Network and Information Security). Read more on how Europe is being reshaped to respond to the threats...
There was much talk about defence in the run up to last year’s UK General Election. Today, the issues surrounding Trident, border security and the developing issues in the Middle East remain points of public contention. However, there still seems to be no debate about the United Kingdom’s defence and internal protection of its infrastructure and assets. National Security expert Malcolm Warr discusses the elephant in the room...
At last year’s Cyber Security for ICS Europe conference, one of the liveliest topics of discussion considered the widespread segregation of IT (information technology) and OT (operational technology) departments, and the prospects for convergence.
As the list of questions surrounding this issue grows, many experts involved in ICS are doing what they can to guide others towards convergence before the risks become overwhelming. This article offers a few of those perspectives ahead of the 2016 event.
Anthony Leather, Senior Consultant for Aerospace, Defense and Security at Frost & Sullivan, presents the top 10 cyber threats facing critical national infrastructure based on detailed analysis of the most recent incidents. According to Leather, the cyber threat will be the number one risk for the next 20 years. Governments and industry must engage with the cyber threat now in a more strategic and meaningful way than has so far been achieved.
View the recent research findings from ICS Cyber Security 2015 knowledge partner Frost & Sullivan in this single infoposter.
In 2015, the upper house of the German parliament approved the IT Sicherheitsgesetz or IT Security Law. The act obliged more than 2,000 designated “operators of critical infrastructure” to implement a range of new information security standards within a two year period or face government sanctions. Time is almost up for those organisations in the crosshairs, but will legislation be the cure-all for ICS cyber security woes? We spoke with Roger Cumming, the former Deputy Director for CPNI and a veteran of the industrial control systems landscape, to find out what he thought about the German initiative and why legislation should be treated with caution rather than a panacea.
In 2015, the upper house of the German parliament, the Bundesrat, approved the IT-Sicherheitsgesetz or IT Security Law.
This act mandated that more than 2,000 “Operators of Critical Infrastructure” should implement a raft of new information security standards and comply with notification obligations within a two year period or face severe penalties. Approaching the half way mark of 2017, that 24 month stay of execution is almost up. Is industry ready?
Since the passage of the IT-Sicherheitsgesetz, companies that employ industrial control systems (ICS) as an integral part of their day-to-day functionality have had a long time to assess their capabilities and weaknesses.
In the run up to our ICS Cyber Security DACH event in Germany, we spoke with leading ICS Security professionals from across the DACH region to learn just where they are in their cyber security journey. Some of the answers are rather disconcerting….