5 - 6 September 2017 | Germany

Media Centre

Top Featured

'Energising' Security: Germany and Austria building critical cyber defences

The discussion surrounding information security in Europe continues to intensify this year as the pending introductions of new regulations collides with a time of heightened security. For businesses involved in critical national infrastructure (CNI), demand for the discussion has never been more urgent. Not only is the number of attacks increasing on CNI systems, but the sophistication of these attacks continues – in many cases – to outpace the provisions for countermeasure. In a world where disruption of IT systems can have huge impact on the economy, these systems have become seen as a prime target for those trying to create political havoc. In this article, we outline the cyber security efforts being made by Germany and Austria's energy sector, with insight from Cyber ICS DACH speakers Philipp Irschik (Energie-Control Austria) and Karl Waedt (Areva)...

Germany’s IT Security Act: Why Europe is Watching

In 2015, the Bundesrat passed legislation requiring more than 2,000 critical service providers to implement a new minimum standard of information security procedures. Once work on the decree is finalised and provisions are accounted for owners of national critical national infrastructure (CNI) – currently anticipated for April-May – those tasked with undertaking the order will include providers of transportation, utilities, energy, health, finance, telecommunications and insurance firms, all of which manage data that could cause serious disruption to the public should it fall into the wrong hands. In this article, ICS Cyber Security DACH speakers from the authorities involved in the creation of these regulations discusses the potentially crippling fines operators face should they fail to meet standards...[READ  MORE]

From Road to Rail: Cyber threats emerging for manufacturing and transport

As one of the world’s most active manufacturers, and with a reputation for quality engineering, Germany’s ambition to mitigate this threat to its infrastructure is high on the government’s priority list. However, the risks are ever-evolving. As recent months have shown, when it comes to machines, the vulnerabilities can stretch from the conveyor belts to people’s homes, with vehicle systems being hacked and OEMs supplying critical infrastructure under greater pressure to eliminate gaps. This article includes insight from ICS Cybersecurity DACH speakers Matthias Buchhorn (Bombardier Transportation) and Aric Dromi (Volvo)...

Security wake-up call for European critical infrastructure

From the 'cyber attack' on Ukraine assets to power generation problems in the UK, incidents this year have already underscored the potential damage that an unexpected incident can place on a nation’s critical national infrastructure and calls into question whether enough is being done when it comes to resilience and emergency measures. “The main threat is that the critical infrastructure of Europe depends on industrial control systems (ICS), and we simply have really to raise the bar on security,” explains Rossella Mattioli, Security and Resilience of Communication Networks Officer at ENISA (European Union Agency for Network and Information Security). Read more on how Europe is being reshaped to respond to the threats...

Critical Infrastructure - Why the lack of debate?

There was much talk about defence in the run up to last year’s UK General Election. Today, the issues surrounding Trident, border security and the developing issues in the Middle East remain points of public contention. However, there still seems to be no debate about the United Kingdom’s defence and internal protection of its infrastructure and assets. National Security expert Malcolm Warr discusses the elephant in the room...

Industrial OT-IT Convergence: Is It Really Inevitable?

At last year’s Cyber Security for ICS Europe conference, one of the liveliest topics of discussion considered the widespread segregation of IT (information technology) and OT (operational technology) departments, and the prospects for convergence.

As the list of questions surrounding this issue grows, many experts involved in ICS are doing what they can to guide others towards convergence before the risks become overwhelming. This article offers a few of those perspectives ahead of the 2016 event. 

Top 10 Cyber Trends Affecting the CNI Sector

Anthony Leather, Senior Consultant for Aerospace, Defense and Security at Frost & Sullivan, presents the top 10 cyber threats facing critical national infrastructure based on detailed analysis of the most recent incidents. According to Leather, the cyber threat will be the number one risk for the next 20 years. Governments and industry must engage with the cyber threat now in a more strategic and meaningful way than has so far been achieved.

Infoposter: Top 10 Cyber Trends in ICS

View the recent research findings from ICS Cyber Security 2015 knowledge partner Frost & Sullivan in this single infoposter.

Registration form for ICS DACH 2017

Fast track your registration by filling out this form

Exclusive Content

Germany’s IT Security Law: Beware the Regulatory Remedy

In 2015, the upper house of the German parliament approved the IT Sicherheitsgesetz or IT Security Law. The act obliged more than 2,000 designated “operators of critical infrastructure” to implement a range of new information security standards within a two year period or face government sanctions. Time is almost up for those organisations in the crosshairs, but will legislation be the cure-all for ICS cyber security woes? We spoke with Roger Cumming, the former Deputy Director for CPNI and a veteran of the industrial control systems landscape, to find out what he thought about the German initiative and why legislation should be treated with caution rather than a panacea. 

Infographics

ICS DACH Plot Thickens for Cyber Security

In 2015, the upper house of the German parliament, the Bundesrat, approved the IT-Sicherheitsgesetz or IT Security Law.

This act mandated that more than 2,000 “Operators of Critical Infrastructure” should implement a raft of new information security standards and comply with notification obligations within a two year period or face severe penalties. Approaching the half way mark of 2017, that 24 month stay of execution is almost up. Is industry ready?

Since the passage of the IT-Sicherheitsgesetz, companies that employ industrial control systems (ICS) as an integral part of their day-to-day functionality have had a long time to assess their capabilities and weaknesses.

In the run up to our ICS Cyber Security DACH event in Germany, we spoke with leading ICS Security professionals from across the DACH region to learn just where they are in their cyber security journey. Some of the answers are rather disconcerting….


Exclusive Content

28 Solutions to the Cross-Sector ICS Nightmare

In February 2017, two researchers at the Georgia Institute of Technology simulated a cyber attack on a water treatment plant. Using ransomware, the academics managed to access programmable logic controllers (PLCs) to shut off valves, increase the chlorine content of water and show false information on computer displays.

The ICS world is riddled with weaknesses that are ready to be exploited by switched-on wrongdoers for currency and chaos. In this analysis we look at five of the most dangerous roots of ICS breach and how to best prevent them.

Infographics

Intelligence Driven Defense [Lockheed Martin]

See how the Lockheed Martin Computer Incident Response Team (LM-CIRT) used analysis obtained through the intrusion kill chains and robust indicator maturity to successfully detect and mitigate an intrusion leveraging a "zero-day" vulnerability.

This whitepaper also reviews:

  • Using a kill chain model to describe phases of intrusions
  • Mapping adversary kill chain indicators to defender courses of action
  • Identifying patterns that link individual intrusions into broader campaigns
  • Understanding the iterative nature of intelligence gathering form the basis of intelligence-driven computer network defense (CND)

Top Featured

Registration form for ICS DACH 2017

Fast track your registration by filling out this form

Whitepapers

The Weekly Breach #TWB 03.03.2015

Download your free exclusives now and access the hottest cybersecurity topics this week on The Weekly Breach:

  • Top 10 Cyber Trends Affecting the CNI Sector
  • 8 truths the ICS Cyber Security Summit must address
  • Risk of environmental cyber attacks demands “enhanced monitoring”
  • Infographic: Is your business prepared to respond to a data breach

Cyber 9/11: Is The Oil & Gas Industry Sleepwalking Into A Nightmare?

Cyber Security within the oil and gas industry is a threat that is, in many cases, being ignored. It has a direct effect in the creation of government regulation and legislation, can have deep financial impact and – in some cases – can even cost lives.
The 2014 Verizon Data Breach report states that 40% of the attacks performed in the manufacturing and mining industry are cyber espionage based. A UK survey revealed that 81% of large companies were digitally attacked, at an average cost of £1 million per company. Similarly, 62 per cent of small and medium-sized enterprises (SMEs) were digitally attacked in 2014 at an average cost of more than £100,000 per incident.
Cyber 9-11 is coming, and it’s a “when” and not “if” scenario. It is debatable whether anybody can be totally prepared for an event of such magnitude, but our research has shown that the oil and gas industry is unfortunately often unprepared in its basic prevention and mitigation abilities.
Eventually, even your company will be a target and the cost of unpreparedness could be crippling.
In this 15 page Oil & Gas IQ report we examine the current state of Oil and Gas Cyber Security and the mammoth price of not being prepared.

Guide to Implementing the Top 20 Critical Controls for ICS Cybersecurity [Lockheed Martin]

The US State Department in conjunction with the SANS Institute has previously demonstrated more than 94% reduction in "measured" security risk through the rigorous automation and measurement of the Top 20 Critical Controls.

What does this mean for your unique control systems environment?

Find out how The Top 20 Critical Controls map to real-world business value across critical infrastructure operations including:

  • Operational uptime and efficiency
  • Improved situational awareness
  • Cyber risk mitigation
  • Resource relief and scalability of tools
  • Audit success

Articles

8 truths the ICS Cyber Security Summit must address

February 2015
A controversial confession...
From the perils of information legislation to bad advice from self-proclaimed experts, the field of cybersecurity for critical national infrastructure is peppered with pitfalls. Here, Defence IQ examines 8 hard truths that the ICS Cyber Security Summit hopes to discuss to better educate the community on both the dangers and the opportunities impacting this field.

State sponsored hacking highlights public-private security gap [Defence Industry Bulletin]

The April 2015 issue of Defence Industry Bulletin takes a look at the recent revelations made about state-sponsored cyber activities and what this level of threat means for governments and private companies tasked with protecting critical national infrastructure. Are these partnerships working or does more need to be done?...

Digital Danger: How Do You Build An Effective Cyber Strategy For Oil & Gas?

From the technical to the cultural, there a many risks associated with digitizing upstream oil processes. As David Joy, Senior Project Integration at Weatherford explains in the following interview, Cyber threats exists that can be managed if you stay ahead of them – read below to find out the elements that go into building and maintaining a robust and proactive cyber security strategy:   Highlight the range of technological and cultural risks associated with going digital. Technological risks: Company intellectual property, trade secrets, etc. typically are more accessible to a larger audience when stored and accessed via digital methods. Digital surveillance and gathering/storage of personal data is pushing the limits of individual privacy concerns, and increasing the corporate liability for privacy breaches. Cultural risks: Global staff possesses varying degrees of knowledge about cyber-security, the importance of safeguarding company intellectual property, etc. –

Risk of environmental cyber attacks demands “enhanced monitoring”

January 2015
Much has been made of the hacking threat in recent weeks where it concerns the loss of business and intellectual property, but there is a risk that such attention can take the focus off the other – and arguably more vital – side of the spectrum; namely, the physical and environmental risks posed by miscreant or state-led cyber attacks. We explore the potential disasters waiting in the wings for operators in the High Hazard industry, while an anonymous insider clarifies what needs to be kept in mind when it comes to protecting these systems or forming an emergency action plan to respond...