ABB: Security, Trust Working Together

Wednesday, March 4, 2015 @ 05:03 PM gHale


By Gregory Hale
Security awareness continues its upward growth, just ask Markus Braendle.

“In 2008 I was asked to sit on a panel at an ABB meeting and I was put at the far end hoping no one would ask a question, now it is a main topic of discussion,” said Braendle, ABB’s head of cyber security during a lunch keynote discussion Wednesday at the ABB Automation & Power World 2015 in Houston.

RELATED STORIES
ABB: Safety, Security Underpin Growth
Users Remain Security’s Weakest Link
Patch a Mobile Flaw? Not so Fast
Finding a Balance: Managing OT Cyber Risk

After the opening sessions at the conference, Braendle said a friend asked him why security was not a focus of the opening keynote addresses and he simply said “cybersecurity is everywhere.”

Software comprises 50 percent of our revenues and services is a key component for ABB’s cyber security plans, he said. So, along those lines, cyber security plays a major role in ABB’s movement going forward.

“Security is an increasingly complex topic and no one can attack it by yourself,” he said. “Trust is another aspect of cyber security.”

Tim Rains, chief security advisor of cyber security and data protection at Microsoft, who joined Braendle during the talk agreed trust is a vital factor for any company in this day of increased connectivity.

“Trust is the basis of technology. Trust is super, super important in this space.

One of the reasons trust is so important is attacks are becoming more sophisticated, advanced and abundant.

“Within the threat landscape, bad guys are not slowing down; they are not static,” he said.

Rains pointed to a study that said the average time an attacker is on a system before a compromise ended up detected was 243 days. That means attackers have plenty of time to pull information, plan attacks, steal intellectual property, or anything they can get their hands on.

These days, Rains said you have to assume you are breached. “It is not if, but when you will be attacked. We assume we will be breached and you have to give yourself permission to understand the breach.” You have to locate the breach, isolate it, and know where it is going, he said.

“It is really about understanding risk. It is probability vs. impact,” Rains said.

It all comes back to awareness and knowing more about the potential a security incident could bring to a manufacturer.

“This is now a board level discussion. I have had more C-level discussions about security this past quarter than I ever had.”



Leave a Reply

You must be logged in to post a comment.