TV Rhienland Cybersecurity Trends 2020 And the case for real-time - PowerPoint PPT Presentation

TÜV Rhienland Cybersecurity Trends 2020 And the case for real-time cyber risk management in operational technology Cybersecurity in Aluminium Workshop February 27 th , 2020

McKinsey Global Institute predicts the global workforce will peak by 2030 This colossal economic pressure demands the adoption of automation through digitalisation to accelerate ! All of us in this room are tasked with delivering growth 2 2/27/2020 Cybersecurity in Aluminum Workshop

IT/OT convergence leaves physical processes vulnerable to cyber attack OT Cyber Risk affects the HW/SW dedicated to detecting or causing changes in physical processes (e.g. Valves, Pumps) Site Operations Local Area Network Level 3 Security Analytics Historian DNS Patch Server Level 4 https:// Scheduling Supervisory Control Web Services Level 2 Local SCADA, HMI and Engineering Workstation Inventory Application Server Basic Control Wide Area Network Level 1 PLCs & RTUs PLC RTU Level 5 Process Remote Cloud Access Level 0 Robot Motor Pump 3 2/27/2020 Cybersecurity in Aluminum Workshop

Our Cybersecurity Trends for 2020 looked at some of the implications Looking at cybercrime and our physical safety, potential impacts on society and risks to the environment 2 4 1 3 The unregulated mining Smart consumer Threats to the shipping Smart supply chains will devices are multiplying of personal data risks be targeted by hackers, industry have moved faster than they can be destabilising digital rendering them ‘dumb’ from theory to reality society secured ▪ Judith Duportail asked a dating ▪ Supply chains increasingly use ▪ Every year, the number and ▪ Seaborne trade continues to company for her personal data IoT automation, robotics, and capability of the smart things in grow as time in port shortens big data management to lower our live expands exponentially ▪ She received an 800-page ▪ There is ample evidence that costs document incl. FB likes, ▪ The commercial pressure on nation states are experimenting rankings, and every online ▪ Although the smart supply chain product development costs and with direct attacks on navigation conversation she’d had with all is dynamic and efficient, it is lifecycles, continues to prioritise systems, while ransomware 870 matches since 2013 also fragile features over security attacks are now being reported 4 2/27/2020 Cybersecurity in Aluminum Workshop

Our Cybersecurity Trends for 2020 looked at some of the implications Looking at cybercrime and our physical safety, potential impacts on society and risks to the environment 6 5 7 Realtime operating ‘Bring your own medical Vehicles and transport systems superflaws risk device’ is an internet infrastructure are a new creating a post-patching candidate for cyber- health crisis in the era making attack ▪ Every IoT device has its own ▪ Over the past decade, personal ▪ Vehicles and traffic software stack, many of which medical devices have been infrastructure are becoming use outsourced and potentially connected to the Internet increasingly integrated vulnerable components ▪ Researchers discovering a ▪ The downside is the rise in https://www.tuv.com/landi growing number of software vulnerabilities that might be ▪ Patching, if available, becomes ngpage/en/cybersecurity- vulnerabilities exploited less effective in older, orphaned trends/ components that remain in use ▪ The complex task of maintaining ▪ A large-scale attack could have devices is revealed to be disruptive impact for uncoordinated, weak or non- transportation and safety in the existent urban evironment 5 2/27/2020 Cybersecurity in Aluminum Workshop

Digitalisation is driving a transition from Complicated to Complex risk Digital complexity, combined with volume and sophistication attacks, demands new emergent practices OT Cyber Risk Complicated 350K new The AV-TEST malware Sense-analyse-respond Institute Complex daily Governing constraints Probe-sense-respond Good Practice Enabling constraints Emergent Practice Hackers University of attack Maryland every 39 seconds Obvious Sense-categorise-respond Average Average Chaotic Fixed constraints lifecycle dwell time time in IBM Best Practice Act-sense-respond in 2019 was 2019 was 206 days No effective constraint 314 days Novel Practice Cynefin Framework by Dave Snowden 6 2/27/2020 Cybersecurity in Aluminum Workshop

Has the risk of cyberattack disrupting operations changed? It’s a simple operations and safety critical question that traditional risk management approaches can’t answer Real Time Risk Management Findings OT Cyber Risk OT Cyber Risk OT Cyber Risk OT Cyber Threat Awareness Assessment Management Detection Incl. Self-Assessment Workshop NIST CSF Business Context Threat Intelligence Training IEC 62443 Auth. Sources SOC Certification Workflow Periodic Bowtie / C2M2 ATT&CK FAIR 7 2/27/2020 Cybersecurity in Aluminum Workshop

Industrial Security in 2019: A TUV Rheinland Perspective We surveyed 370 industrial organisations, predominantly manufacturing, to test likely preparedness FIGURE 8 FIGURE 1 FIGURE 4 Have you implemented OT-related What industry sector are you primarily Have you ever conducted an OT cyber cybersecurity policies and involved with? risk assessment? procedures in your business? Never 40% Manufacturing 242 Don't know 34% Automotive 36 43 % No 31 % Yes, in the past year 16% Other 31 Yes, in the past 5 years 10% Transportation 15 Use IT policies Oil & Gas 11 20 % 6 % FIGURE 7 Are you able to detect all the endpoints Government 11 on your OT network? Telecoms 10 Specific OT No policies response No 62% Energy 10 Yes, manually 19% Chemicals 4 Don't know 5% Yes, automatically 14% 8 2/27/2020 Cybersecurity in Aluminum Workshop

Any questions? Anthony Dickinson Chief Revenue Officer, TUV Rheinland 2MC Email: adickinson@2mc.co Phone: 07824 306 739 www.2mc.co LEGAL DISCLAIMER This document remains the property of TÜV Rheinland. It is supplied in confidence solely for information purposes for the recipient. Neither this document nor any information or data contained therein may be used for any other purposes, or duplicated or disclosed in whole or in part, to any third party, without the prior written authorization by TÜV Rheinland. This document is not complete without a verbal explanation (presentation) of the content. TÜV Rheinland AG