Cyber is ‘Core’ to Digital Future

Wednesday, March 28, 2018 @ 06:03 PM gHale

By Gregory Hale
Digital is the future for manufacturers but getting there could be a smooth ride or very turbulent depending on how users plan their cybersecurity program.

With the industrial control environment facing more attacks almost on a daily basis, and awareness reaching heightened levels, it is time for users to roll up their sleeves and start working toward a more secure environment.

RELATED STORIES
SANS: ‘Unique’ Safety System Attack
SANS: ‘We Can Do This’
Feds Alert on Russian Cyber Activity Targeting ICS
Hacking Robots with Ease

That is one topic a group of cybersecurity experts hit upon during a wide-ranging discussion at the Siemens Innovation Day USA held in Chicago Tuesday.

“Digitalization offers great promise,” said Leo Simonovich, vice president for global cyber security at Siemens who moderated the discussion. “At the core of digitalization is trust. The latest wave of cyberattacks have eroded that trust. Cyber and digitalization are two sides of the same coin. Cyber is an enabler to digitalization.”

While digitalization, he said, allows organizations to achieve greater advances to achieve greater productivity and profitability. But that can’t happen if the enterprise is not secure.

Along those lines, to help achieve a greater level of trust, Dr. Roland Busch, Siemens managing board member and chief technology officer, talked about the Charter of Trust which his company is a member along with 11 other firms. The Charter of Trust has three primary goals: To protect the data of individuals and businesses; to prevent harm to people, businesses, and infrastructure, and establish a reliable basis where confidence in a networked, digital world can take root and grow.

Creating that trust is one thing, but most companies have to learn where and how to start.

Starting Point
“There are a multitude of companies that have to work together to build in a platform of security,” said Sami Nassar, vice president cybersecurity at NXP Semiconductor. “They have to set at least a minimum level of security.”

Along with that minimum level of security, there also needs to be a fundamental level of security hygiene.

“With all these high profile attacks, so many of them were preventable,” said Amit Yoran, chief executive at Tenable Inc. “Many organizations are not doing the basics very well.”

One of the reasons is because of a lack of security people coming into the industry.

“There is a big problem where most companies we see is they invest in defense capabilities, but they don’t have the people,” said Sid Snitkin, vice president and general manager enterprise services at ARC Advisory Group. “That is undermining security.”

To help offset the lack of people in the security environment, more companies are adopting cyber technologies.

But Nassar told a cautionary tale.

Build in Security
“It is important to look into what went wrong on the Internet,” he said. “That architecture was never built for security. Security by design needs to happen from the start. One common denominator is to start security from the most basic level and work up from there.”

“When you buy a product, you need to know there is built in cybersecurity,” Busch said. “If you use products that have a certification you know it is built in.”

On top of that, the cybersecurity technology industry is growing.

“If you look at cybersecurity, there are over 1,500 investor-backed companies,” Yoran said. “There is a lot of innovation going on. Not all of it is sustainable. There is a lot of innovation happening, but make sure the innovation that is happening is meaningful.”

With new technologies coming out, the idea of manufacturers becoming more resilient in the face of an attack is becoming a bigger issue.

Risk Management
“The challenge is you can’t protect everything correctly,” Yoran said. “It is all about risk management. Understand what it is you have to correct. What is mission critical and then apply risk management.”

“Reducing the likelihood of people getting in is important, but once they do, how can you minimize damage to resolve the issue quickly,” Snitkin said.

Security today is much like safety years ago and Busch related safety to security.

“We still have fatalities in safety, but the diligence companies continue to show continues to show a decline (in deaths),” Busch said. “This diligence has to move forward in security.”

Circling back to the digitalization movement, Busch said there are tremendous advantages in a more digital future, but there are risks.

“We would not be where we are today if we did not take risks. Cyber is a core feature that is embedded that you have to build around.”



Leave a Reply

You must be logged in to post a comment.