Contrasted gaps: Common Solutions in a Global OT Environment€¦ · Contrasted gaps: Common...
Transcript of Contrasted gaps: Common Solutions in a Global OT Environment€¦ · Contrasted gaps: Common...
Contrasted gaps: Common Solutions in a Global OT Environment
Industrial Cybersecurity Center
Susana Asensio
Agenda
Contrasted gaps: Common Solutions in a
Global OT Environment
Initiatives to decrease these barriers
Who is CCI & Why CCI has the capacity
to detect global gaps
More remarkable contrasted gaps and
their consequences
CCI
The Industrial Cybersecurity
Center
Kaspersky Industrial Cybersecurity Conference 2019
+2.000 Members worldwide
All actors involved in
Cybersecurity in Industrial Environments
Endusers
Publicbodies
Devicemanufacturers
Engineering
Integrators
Cybersecurity providers
CCI Coordinators
Andrea ParadaClaudio Caracciolo
Diego Andrés Zuluaga
Fernando Guerrero
Ernesto Landa Gabriel Bergel
Hernán Vázquez Jesus Peña Jorge Abanto
Juan Carlos Gómez
Marcelo Branquinho
Mateo Martinez
Nora AlzuaSantiago Vazquez
South America
Raúl Rivera
José Torres
Patrick MillerCentre America
North America
Javier Cao
Jesús Mérida Joan Figueras
Susana Asensio
Marcin Dudek
José Luis Jiménez
Belén PérezDr. John McCarthy
Edorta Echave
Europe
Vicente Asensi
Óscar Bou
José Valiente
Stephen Smith
Laurent Pelud
Piotr Jasinski
Juan Miguel Pulpillo
Anton Shipulin
Asia
AyhanGücüyener
Can Demiral
Ignacio Paredes
Ayman Al-Issa
Middle East
CCI Coordinators
- Forensic Analysis Expert: Javier Pagès Joan Figueras
- Industrial Hacking: Claudio Caracciolo
Ignacio Paredes Silvia Villanueva
- Critical Infrastructure: Santiago G. Gonzalez
Robert M. Lee- ICS Threat Intelligence:
Gustavo Presman
- Cybersecurity Management Systems: José Valiente Samuel Linares
- Industrial Security: Arturo Trujillo
CCI Experts
CCI Experts
- Legal Compliance:Paloma Llaneza
- Industrial Systems: David Marco Hector Puyosa
- Industrial Networks: Ignacio Álvarez
- Physical Security: Miguel Merino
Eduardo Di Monte- Resilience and Continuity:
- Security and Privacy Management Systems: Carlos Asún
- Manufacturing Execution Systems: Antonio Rodríguez U.
21
studies
21
studies
11 countries
21
studies
11
countries
+650
industrial organizations
21
studies
North Americ
a
Central & South Americ
a
Europe
11
countries
+650
industrial organizations
Contrasted gaps
Kaspersky Industrial Cybersecurity Conference 2019
Contrasted
gaps
Common Solutions in a Global OT
Environment
UNAWARENESS, LACK OF TRAINING &
QUALIFICATION
INDUSTRIAL CYBERSECURITY
RESPONSIBLE
CIBERSECURITY IN NEW PROYECTS
INCIDENT INFORMATION SHARING
REGULATIONS, NORMS & STANDARDS
UNAWARENESS, LACK OF TRAINING & QUALIFICATION
?
ASSETS
IF YOU DON’T KNOW WHAT YOU’VE GOT…
HOW CAN YOU PROTECT IT?
NO
DIAGNOSIS
217
organizations
Our participants
33%Have not carry out a risk assessment
63.500
Industrial
organizations
700.000
employees33%
VULNERABILITIES
30% 40% 50% 60% 70% 80% 90%
20% 25% 30% 35% 40% 45%
Incident response management; 38%
6% 8% 10% 12% 14% 16% 18%
NO
INTEGRATION
30%Have not defined an incident procedure
Electricity, water, oil & gas
A cyber incident response process has
been defined, implemented and tested 50%
Electricity, water, oil & gas
A cyber incident response
process is being defined 33%
Electricity, water, oil & gas
Cyber incident response is reactive 17%
17%CYBER INCIDENT RESPONSE IS REACTIVE
8.529Infrastructures
215.739 Employees
RISK PERCEPTION
SUPPORT
REQUIREMENTS
CRITICAL CAPACITY
SUPPLY
LA
CK
OF
TR
AIN
ING
&
QU
AL
IFIC
AT
ION
RISK PERCEPTION
SUPPORT
REQUIREMENTS
CRITICAL CAPACITY
SUPPLY
LA
CK
OF
TR
AIN
ING
&
QU
AL
IFIC
AT
ION
0% 20% 40% 60% 80% 100%
Fairly well aware
19%
Have an average
awareness
36%
Very little
awareness
37%
I don't know
9%19% 37%
RISK PERCEPTION
SUPPORT
REQUIREMENTS
CRITICAL CAPACITY
SUPPLY
LA
CK
OF
TR
AIN
ING
&
QU
AL
IFIC
AT
ION
PLEASE,
work on
awareness,
training, and
qualifications
Kaspersky Industrial Cybersecurity Conference 2019
CYBERSECURITY IN NEW PROJECTS
IMPACT
• Performance
• Deployment
• Budget
EXISTANCE
• Industrial technology
• Providers
• Law orstandard
VALIDATION PROFESSIONALS
Design phaserequirements
Completely; 19,95%
At a basic level;
48,55%
Never; 20,34%
I don't know; 11,17%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
INDUSTRIAL CYBERSECURITY RESPONSIBLE
INDUSTRIAL CYBERSECURITY RESPONSIBLE
COMMITMENT
CONSEQUENCES
LACK OF STRATEGIC ALIGMENT
LACK OF SUPPORT
LACK OF LEADERSHIP
WITHOUT THE INDUSTRIAL CYBERSECURITY RESPONSIBLE
LEADERSHIP TEAM
RESPONSIBLE FOR BUYING
HAVE NOT DEFINED INCIDENT PROCESS
ONLY BASIC CYBERSECURITY
REQUIREMENTS IN NEW PROJECTS
HAVE NOT CARRY OUT A RISK ASSESSTEMENT
CHARACTIRIZATION
WITHOUT THE INDUSTRIAL CYBERSECURITY RESPONSIBLE
>250Emp
National
>2M$
60%
70%
80%
75%
INCIDENT INFORMATION SHARING
We all are in the same boat…
Kaspersky Industrial Cybersecurity Conference 2019
Incident notification systems
• Incident notification systems implemented by the states
• Teams need also to get prepare
Cybersecurity
exercises
• Attacker & Defense point
of view
• Theory and reality are not
always the same
Sharing Platform of Industrial Cybersecurity Incident Information
• Incident scenario
• Incident full characterization
• Incident treatment
• EMPOWERMENT TEAMS
REGULATIONS, NORMS & STANDARDS
Do not startthe housefrom the roof
30%DO NOT USE ANY NORMS & STANDARDS
ISO 27001; 42%PERSONAL DATA
PROTECTION; 34%NONE; 30%
CRITICAL INFRASTRUCTURE
PROTECTION LAW; 16%
But they are not enough
Proactive measuresDisinformation
&
Uncertainty
Reactive measuresControl actions based on
analisys of malicious activity
Learning algorithms
&
Model training
Anticipative measures
Initiatives
Kaspersky Industrial Cybersecurity Conference 2019
CCI INITIATIVES
UNAWARENESS, LACK OF TRAINING & QUALIFICATION
INDUSTRIAL CYBERSECURITY
RESPONSIBLE
CIBERSECURITY IN NEW PROYECTS
INCIDENT INFORMATION
SHARING
REGULATIONS, NORMS &
STANDARDS
TECHNICAL
PLATFORM OF
INDUSTRIAL
CYBERSECURITY
REQUIREMENTS
EVENTS &
TEAMS &
INDUSTRIAL
CYBERSECURITY
SCHOOL
GUIDE &
CREDENTIALS &
INDUSTRIAL
CYBERSECURITY
SCHOOL
INDUSTRIAL
CYBERSECURITY
INCIDENT
INFORMATION
SHARING
PLATFORM
ICMS,
INDUSTRIAL
CYBERSECURITY
SCHOOL,
EUROPEAN LAW
GUIDE
PLEASE,
BUILD TEAM
THAT, NEVER
FAILS
Rumba chiva bus
Cybersecurity grows, as it grows the team trust
Kaspersky Industrial Cybersecurity Conference 2019
THAT’S ALL
THANK YOU
;-)