Managing Cybersecurity & Safety Risk CTO, Industrial - - PowerPoint PPT Presentation

▶

Mar 20, 2024 277 likes •410 views

Nigel Stanley MSc CEng FIET MIEEE Anthony Dickinson BSc MBA Managing Cybersecurity & Safety Risk CTO, Industrial Cybersecurity CRO, TV Rheinland 2mc In the Aluminium Industry nigel.stanley@us.tuv.com adickinson@2mc.co Building Cyber

SLIDE 1

Managing Cybersecurity & Safety Risk In the Aluminium Industry

Building Cyber Resilience in Aluminium Manufacturing June 17th, 2020

Nigel Stanley MSc CEng FIET MIEEE

CTO, Industrial Cybersecurity

Anthony Dickinson BSc MBA

CRO, TÜV Rheinland 2mc

adickinson@2mc.co nigel.stanley@us.tuv.com

SLIDE 2

Founded to ensure the safety of manufacturing plants

1872

First vehicle inspection

1904

First elevator inspection

1908

First product certification

1955

First branch office abroad in Luxembourg

1970

Global market leader in photovoltaic certification

2009

New test mark with QR code for fast research and more transparency

2012 2014

One of the biggest independent service providers for ICT security Center of Excellence Wireless Internet of Things (IoT)

2017

Protecting society against threats from new technology since the birth of manufacturing plants

SLIDE 3

McKinsey Global Institute predicts the global workforce will peak by 2030

This colossal economic pressure demands the adoption of automation through digitalisation All of us on the webinar are tasked with delivering growth

SLIDE 4

Your production systems are under attack…

SLIDE 5

Cyber attackers now targeting safety systems…

Source: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html

The attacker gained remote access to a safety instrumented system (SIS) engineering workstation and deployed the TRITON attack framework to reprogram Triconex SIS controllers which, in turn, entered a failed safe state Reported December 2017

DECEMBER 2017

M T W H F S U 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 5

SLIDE 6

Industry 4.0 increases exposure to Cyber risk, a complex and evolving risk

It’s easy to think Cyber risk is a risk like any other, … yet Cyber risk is a risk like no other You could prove ‘safe’, BUT … not now you can’t prove secure!

Cybersecurity:

Defence against negligent and wilful actions to protect devices and facilities

Functional Safety:

Defence against random and systematic technical failure to protect life and environment

Established regulations and standards
Common expert opinion
Many years experience
Consistent hazards
OT/ICS an attractive target
New regulations and laws emerging
Continuously changing threats
Experience levels may be low
Conflicts between IT and OT security

SLIDE 7

Summary of key findings.

The findings reveal the cybersecurity vulnerabilities in the OT environment.

OT and IT security risk management efforts are not aligned.

On average, organizations had four security compromises that resulted in the loss of confidential

information or disruption to OT operations.

The majority of organizations have not achieved a high degree of cybersecurity effectiveness.
To minimize OT-related risks organizations need to replace outdated and aging connected control

systems in facilities, according to 61 percent of respondents.

Not enough expertise and budget are often cited as reasons for not having a strong security posture

in the OT environment.

Accountability for executing a successful cybersecurity strategy.
Organizations are lagging behind in adopting advanced security technologies.

SLIDE 8

What does this mean to maintaining business

utput and plant availability?

!

Has the risk of cyber attack against your business changed? What is your OT cyber risk? Is the risk increasing or decreasing? What assets do you have, where are they, and how critical are they right now? Have your safety systems been targeted by cyber attacks? How can you monitor production systems for real-time cyber threats, events, and incidents?

1 2 3 4 5

Ask Yourself

SLIDE 9

Continuous Adaptive Risk Monitoring (CARM) for Operational Technology

Continuous Adaptive Risk Monitoring OT Cyber Risk Awareness OT Cyber Risk Assessment OT Cyber Risk Management OT Cyber Threat Detection

Workshop Training Asset Discovery Threat Intelligence NIST CSF IEC 62443 Business Context

Auth. Sources

Periodic

Incl. Self-Assessment

Certification

Findings

Workflow

OT Cyber Incident Readiness

Table Top Exercise Cyber Range Monitoring … Provides a real time view of business risk in the context of cybersecurity threats and vulnerabilities to OT and safety critical systems Helps protect operational availability and the integrity of safety systems, that are now being targeted by cyber attackers Ideal for asset and risk owners who must manage operational risk and need visibility into the emerging cyber risks inherent in operational technology

SLIDE 10

A real-time view of emerging threats, vulnerabilities and dependencies

Presented within the up to the minute business context necessary to improve operational cyber resilience

What is my OT cyber risk; and is the risk increasing

r decreasing?

What assets do I have, where are they, and how critical are they now? How can I monitor them for real-time cyber threats, events, and incidents? What and where are my safety critical assets, and how are they impacted?

SLIDE 11

Summary

Business needs a way to understand OT cybersecurity risk in the context of the business Threat actors are after intellectual property and are out to cause disruption Safety systems can no longer be safe if they are not secure Regulators and standards bodies are starting to embrace cybersecurity risk and expecting businesses to keep up Cybersecurity by compliance alone will never be enough