Contrasted gaps: Common Solutions in a Global OT Environment

Industrial Cybersecurity Center

Susana Asensio

Agenda

Contrasted gaps: Common Solutions in a

Global OT Environment

Initiatives to decrease these barriers

Who is CCI & Why CCI has the capacity

to detect global gaps

More remarkable contrasted gaps and

their consequences

CCI

The Industrial Cybersecurity

Center

Kaspersky Industrial Cybersecurity Conference 2019

+2.000 Members worldwide

All actors involved in

Cybersecurity in Industrial Environments

Endusers

Publicbodies

Devicemanufacturers

Engineering

Integrators

Cybersecurity providers

CCI Coordinators

Andrea ParadaClaudio Caracciolo

Diego Andrés Zuluaga

Fernando Guerrero

Ernesto Landa Gabriel Bergel

Hernán Vázquez Jesus Peña Jorge Abanto

Juan Carlos Gómez

Marcelo Branquinho

Mateo Martinez

Nora AlzuaSantiago Vazquez

South America

Raúl Rivera

José Torres

Patrick MillerCentre America

North America

Javier Cao

Jesús Mérida Joan Figueras

Susana Asensio

Marcin Dudek

José Luis Jiménez

Belén PérezDr. John McCarthy

Edorta Echave

Europe

Vicente Asensi

Óscar Bou

José Valiente

Stephen Smith

Laurent Pelud

Piotr Jasinski

Juan Miguel Pulpillo

Anton Shipulin

Asia

AyhanGücüyener

Can Demiral

Ignacio Paredes

Ayman Al-Issa

Middle East

CCI Coordinators

- Forensic Analysis Expert: Javier Pagès Joan Figueras

- Industrial Hacking: Claudio Caracciolo

Ignacio Paredes Silvia Villanueva

- Critical Infrastructure: Santiago G. Gonzalez

Robert M. Lee- ICS Threat Intelligence:

Gustavo Presman

- Cybersecurity Management Systems: José Valiente Samuel Linares

- Industrial Security: Arturo Trujillo

CCI Experts

CCI Experts

- Legal Compliance:Paloma Llaneza

- Industrial Systems: David Marco Hector Puyosa

- Industrial Networks: Ignacio Álvarez

- Physical Security: Miguel Merino

Eduardo Di Monte- Resilience and Continuity:

- Security and Privacy Management Systems: Carlos Asún

- Manufacturing Execution Systems: Antonio Rodríguez U.

21

studies

21

studies

11 countries

21

studies

11

countries

+650

industrial organizations

21

studies

North Americ

a

Central & South Americ

a

Europe

11

countries

+650

industrial organizations

Contrasted gaps

Kaspersky Industrial Cybersecurity Conference 2019

Contrasted

gaps

Common Solutions in a Global OT

Environment

UNAWARENESS, LACK OF TRAINING &

QUALIFICATION

INDUSTRIAL CYBERSECURITY

RESPONSIBLE

CIBERSECURITY IN NEW PROYECTS

INCIDENT INFORMATION SHARING

REGULATIONS, NORMS & STANDARDS

UNAWARENESS, LACK OF TRAINING & QUALIFICATION

?

ASSETS

IF YOU DON’T KNOW WHAT YOU’VE GOT…

HOW CAN YOU PROTECT IT?

NO

DIAGNOSIS

217

organizations

Our participants

33%Have not carry out a risk assessment

63.500

Industrial

organizations

700.000

employees33%

VULNERABILITIES

30% 40% 50% 60% 70% 80% 90%

20% 25% 30% 35% 40% 45%

Incident response management; 38%

6% 8% 10% 12% 14% 16% 18%

NO

INTEGRATION

30%Have not defined an incident procedure

Electricity, water, oil & gas

A cyber incident response process has

been defined, implemented and tested 50%

Electricity, water, oil & gas

A cyber incident response

process is being defined 33%

Electricity, water, oil & gas

Cyber incident response is reactive 17%

17%CYBER INCIDENT RESPONSE IS REACTIVE

8.529Infrastructures

215.739 Employees

RISK PERCEPTION

SUPPORT

REQUIREMENTS

CRITICAL CAPACITY

SUPPLY

LA

CK

OF

TR

AIN

ING

&

QU

AL

IFIC

AT

ION

RISK PERCEPTION

SUPPORT

REQUIREMENTS

CRITICAL CAPACITY

SUPPLY

LA

CK

OF

TR

AIN

ING

&

QU

AL

IFIC

AT

ION

0% 20% 40% 60% 80% 100%

Fairly well aware

19%

Have an average

awareness

36%

Very little

awareness

37%

I don't know

9%19% 37%

RISK PERCEPTION

SUPPORT

REQUIREMENTS

CRITICAL CAPACITY

SUPPLY

LA

CK

OF

TR

AIN

ING

&

QU

AL

IFIC

AT

ION

PLEASE,

work on

awareness,

training, and

qualifications

Kaspersky Industrial Cybersecurity Conference 2019

CYBERSECURITY IN NEW PROJECTS

IMPACT

• Performance

• Deployment

• Budget

EXISTANCE

• Industrial technology

• Providers

• Law orstandard

VALIDATION PROFESSIONALS

Design phaserequirements

Completely; 19,95%

At a basic level;

48,55%

Never; 20,34%

I don't know; 11,17%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

INDUSTRIAL CYBERSECURITY RESPONSIBLE

INDUSTRIAL CYBERSECURITY RESPONSIBLE

COMMITMENT

CONSEQUENCES

LACK OF STRATEGIC ALIGMENT

LACK OF SUPPORT

LACK OF LEADERSHIP

WITHOUT THE INDUSTRIAL CYBERSECURITY RESPONSIBLE

LEADERSHIP TEAM

RESPONSIBLE FOR BUYING

HAVE NOT DEFINED INCIDENT PROCESS

ONLY BASIC CYBERSECURITY

REQUIREMENTS IN NEW PROJECTS

HAVE NOT CARRY OUT A RISK ASSESSTEMENT

CHARACTIRIZATION

WITHOUT THE INDUSTRIAL CYBERSECURITY RESPONSIBLE

>250Emp

National

>2M$

60%

70%

80%

75%

INCIDENT INFORMATION SHARING

We all are in the same boat…

Kaspersky Industrial Cybersecurity Conference 2019

Incident notification systems

• Incident notification systems implemented by the states

• Teams need also to get prepare

Cybersecurity

exercises

• Attacker & Defense point

of view

• Theory and reality are not

always the same

Sharing Platform of Industrial Cybersecurity Incident Information

• Incident scenario

• Incident full characterization

• Incident treatment

• EMPOWERMENT TEAMS

REGULATIONS, NORMS & STANDARDS

Do not startthe housefrom the roof

30%DO NOT USE ANY NORMS & STANDARDS

ISO 27001; 42%PERSONAL DATA

PROTECTION; 34%NONE; 30%

CRITICAL INFRASTRUCTURE

PROTECTION LAW; 16%

But they are not enough

Proactive measuresDisinformation

&

Uncertainty

Reactive measuresControl actions based on

analisys of malicious activity

Learning algorithms

&

Model training

Anticipative measures

Initiatives

Kaspersky Industrial Cybersecurity Conference 2019

CCI INITIATIVES

UNAWARENESS, LACK OF TRAINING & QUALIFICATION

INDUSTRIAL CYBERSECURITY

RESPONSIBLE

CIBERSECURITY IN NEW PROYECTS

INCIDENT INFORMATION

SHARING

REGULATIONS, NORMS &

STANDARDS

TECHNICAL

PLATFORM OF

INDUSTRIAL

CYBERSECURITY

REQUIREMENTS

EVENTS &

TEAMS &

INDUSTRIAL

CYBERSECURITY

SCHOOL

GUIDE &

CREDENTIALS &

INDUSTRIAL

CYBERSECURITY

SCHOOL

INDUSTRIAL

CYBERSECURITY

INCIDENT

INFORMATION

SHARING

PLATFORM

ICMS,

INDUSTRIAL

CYBERSECURITY

SCHOOL,

EUROPEAN LAW

GUIDE

PLEASE,

BUILD TEAM

THAT, NEVER

FAILS

Rumba chiva bus

Cybersecurity grows, as it grows the team trust

Kaspersky Industrial Cybersecurity Conference 2019

THAT’S ALL

THANK YOU

;-)

www.cci-es.orgsusana.asensio@cci-es.org