Industrial Cybersecurity Center: ICC - Samuel Linares Ignacio Paredes José Valiente - CCI-Es
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Industrial Cybersecurity
Center: ICC
Samuel Linares
Ignacio Paredes
José Valiente
Industrial Cybersecurity is the set of practices, processes and
technologies, developed to manage the risk of cyberspace arised from
the use, proccessing, storage and transmision of infomration used in
industrial organizations and infrastructures, using the people,
proccesses and technologies perspectives.
1
Introduction
• Industrial Control Systems are fundamental for our
Society and Economy
• Most Critical Infrastructures are based on Industrial
Control Systems
• Our Society and Economy are at RISK through new
threats to industrial infrastructures: Stuxnet, Flame,
Denial of Service…
2
Industrial Cybersecurity
Consequences: Tangible, Concrete
Production Losses
Environmental Damages
Public Health
Lower Company Valuation
Consequences: Intangible
Web Portal unavailable
No email
3
Industrial Cybersecurity and CIP
Critical
Industrial
Infrastructure Vs
Cybersecurity
Protection
Critical
Infrastructures
Industrial Enviroment
• Industrial Cybersecurity has a broader scope than Critical Infrastructure
Protection: the number of industrial organizations exposed to new
threats is greater than those Critical Infrastructures
• Industrial Cybersecurity develope aspects needed in Critical
Infrastructure Protection, promoted and regulated at national and
international level
4
New Landscape
Compliance:
New Regulations and Laws
New Threats: Impact: Human Losts,
Stuxnet 2010 New National Security
New Technological Landscape: Landscape Corporate-Plant Worlds
General Purpose Systems Convergence: Integration
Industrial LandscapeInternational Environment
¿? 5 a 10 years 5 a 10 years
6Current Environment: Lacks & Needs
• Public Private Partnership: Key Issue
• Lack of Industrial Cybersecurity Initiatives (LN, UK vs ES)
• Common References under development: Standards, Guidelines…
• Europan and Latinamerican Industrial Cybersecurity Events
• Lack of Top Management Awareness and Support
• Lack of Industrial Cybersecurity Integrated Management
• Very Long Industrial Constrol Systems Amortization Periods
• Lack of specialized Industrial Control Systems CERTs (like ICS-CERT)
• Lack of Industrial Cybersecurity Professionals
• Smart Grid as an Industrial Cybersecurity Driver
• Internet of Things: biggest and major challenge for Cybersecurity (Industrial Cybersecurity)
7Cybersecurity Investment in Europe Source: “Critical National Infrastructure:Security Investment in Europe”, HAWK ISM 2011 8
Critical Infrastructure Security Investment Fuente: “Critical National Infrastructure:Security Investment in Europe”, HAWK ISM 2011 9
ICT Dependence & Vulnerability for CNI Sectors Fuente: “Critical National Infrastructure:Security Investment in Europe”, HAWK ISM 2011 10
Current Environment: Lacks & Needs
o Developing of Documentation in Spanish Language (not existent)
o Spanish Speaking Public-Private Partnerships (not existent)
o Discussion Meeting Point (not existent)
o Spanish and Latinamerican Industrial Cybersecurity Congress (not existent)
o Industrial Cybersecurity Roadmap in Spain (not existent)
o Industrial Cybersecurity Management System Structure and Templates (not
existent)
o Spanish involvement in Horizon 2020 European Projects (scarce)
o Spanish Involvement in International Organisms (scarce)
11Industrial Cybersecurity Center as Catalyzer
Industrial Without ICC
Organizations ICC
Vulnerability Foundation
With ICC
Time
2000 2013 2020
12Bottom-Up Vs Top-Down Approach
• It’s proved that Top-Down approaches, although existing, are not sufficient and sometimes, are
negative for the improvement of the Critical and Industrial Infrastructure Protection and
Cybersecurity.
• Bottom-Up approaches (as the one proposed hered) are needed in order to involve the needed
actors, provinding them with adequate tools and resources and motivating them for action.
• Cybersecurity depends mainly on people, not only on policies and regulations
• Increasing corporate resources dedicated to compliance activities, sometimes diminish the
resources available for Cybersecurity improvements
• Sometimes, “Compliance” activities become “Comply and Lie” activities
• “Catalizer”
13Industrial
Cybersecurity Center
Independent Non-profit Organization promoting
and empowering the Industrial Cybersecurity in
Spanish Language
14Mission
To improve Industrial Cybersecurity by developing
analysis, studies and information exchange and sharing
about practices, processes and technologies designed to
manage the cyberspace’s risk derived from the use,
process, storage and transmission of information handled
by organizations and critical infrastructures that are an
important part of nowadays society
15Vision
Industrial Cybersecurity Center aspires to be an independent
meeting point in the Spanish-speaking world, for information and
experiences interchange for private and public companies as well as
professionals related to Industrial Cybersecurity who want to
improve this aspect in the industrial sectors.
16Objectives
• Conglomerate the main experts and actors in industrial cyberseucirty in order to facilitate the
interchange of experiences and information and be kept up to date on the last technologies and
improvements on this subject.
• Provide awareness on current cyber-security state, paying special attention to new threats and attack
techniques.
• Set communication channels with authorities and lawmakers in order to ease communication among the
different actors involved in industrial Cybersecurity (government, industrial associations, critical
infrastructures, engineers, integrators, vendors, consulting firms, associations, standard and good
practice developers and citizens).
• Improve awareness through all the actors by courses, events, seminars, publications and a presence in
the media.
• Qualify professionals on industrial Cybersecurity in order to facilitate hiring.
• Improve and expand the spanish and latin american Industrial Cybersecurity market
17Industrial Cybersecurity Landscape
Business,
ICC Government,
Regulators
Market,
Citizens
Industrial
Vendors Orgs, Critical
Infrast.
Requirements/ Regulations
Engineering
Companies,
IntegratorsMemberships
• End Users: industrial organizations, operators, critical infrastructures, industry,
etc.
• Providers: Vendors, Consultancy and Engineering Companies, Certification
Entities, etc.
• Academia: Universities, Technological Centers, etc.
• Partners: Development of collaboration agreement on exchange of capabilities,
information, documents, services, etc. with other national and international
organizations and associations
• Projects Sponsors: They must be members. Some projects could be opened to
sponsorship opportunities (reports, studies, analysis, documents, etc.)
• Individual Members: professionals interested on Industrial Cybersecurity
19Membership Costs
• Basic Members: Free. Contributing to the maximum representation
of the Industry in the ICC and the “universality” of the Center
(individual members are included here)
• Active Members:
o End Users: 400€
o Providers: 500€
o Academia: 300€
• Partners: Development of collaboration agreement on exchange of
capabilities, information, documents, services, etc. with other
national and international organizations and associations
• Projects Sponsors: depending on project
20Active Members: Annual Suscription
• To facilitate the access to all the deliverables to interested
organizations, there is an annual subscription plan to all
the ICC benefits wich includes:
o All the deliverables (documents, reports) detailde previously
o Free Access to all the organized events on “The voice of the
industry”
o The cost of the subscription until 31/Dec/2013 is 1.350€ . A special
opportunity of subscription until 31/Dec/2014 is available at
3.000€
o This anual subiscription simplifies the internal authorization
processes and allows every ICC benefit on a fixed fee
21Matriz de Beneficios por Tipo de Miembro
Active Member
Benefits Basic Member Active Member
with suscription
Weekly Bulletin on Industrial Cybersecurity X X X
Corporate web portal and Collaborative Web Space X X X
Participation in Linkedin X X X
Participation in twitter X X X
Participation in Corporate Blog X X X
Collaboration with other organizations, etc X X X
Industrial Cybersecurity Spanish & Latinamerican Congress 15% Discount X X
1 Free and 50%
Bimonthly events: “The voice of the industry” 50% Discount X
Discount in the rest
Email Distribution Lists X X
Work Groups X X
Capabilities Catalog X X
Study on the state of Industrial Cybersecurity in Spain Independent Buy X
Roadmap on National Industrial Cybersecurity Independent Buy X
Procedure for Secure inclusion of Industrial Systems in the organization Independent Buy X
Document of Cybersecurity Requirements for Service Providers Independent Buy X
Document Industrial Cybersecurity and Critical Infrastructure Protection Independent Buy X
Templates kit and structure of ICMS (Industrial Cybersecurity Management
Independent Buy X
System)
Industrial Cybersecurity and Critical Infrastructure Protection Courses 15% Discount 15% Discount 15% Discount
22General Benefits
• Work Groups
• Weekly Bulletin on Industrial Cybersecurity
• Representation, for members, on European, national and international meetings
• Industrial Cybersecurity Spanish & Latinamerican Congress
• Bimonthly events: “The voice of the industry”
• Capabilities catalogue
• Corporate web portal and Collaborative Web Space
• Email distribution lists
• Linkedin and Twitter participation
• Corporate Blog Participation
• Collaboration with other organizations, etc
232013 Document Deliverables
o Study on the state of Industrial Cybersecurity in Spain
o Roadmap on National Industrial Cybersecurity
o Procedure for Secure inclusion of Industrial Systems in the
organization
o Document of Cybersecurity Requirements for Service Providers
o Document Industrial Cybersecurity and Critical Infrastructure
Protection
24Sponsorships
ICC sponsorships is meant for organizations which want to adquire great relevance in a
not so competitive environment (blue ocean), to have a bigger profile in meetings and
technical summits and to have their Brand linked to Industrial Cybersecurity
o Platinum (Just 1 sponsor: exclusive):
• 2013: 15.000€
• Special sale 2013 & 2014: 40.000€
o Gold:
• 2013: 7.500€
• Special sale 2013 & 2014: 20.000€
o Silver:
• 2013: 5.000€
• Special sale 2013 & 2014: 13.500€
o Bronze:
• 2013: 2.500€
• Special sale 2013 & 2014: 6.500€
25Thank You
Information:
info@cci-es.org
26You can also read
