Increased awareness and certification for cyber security

What is the state of cybersecurity in the industry, water and infrastructure sectors in the year 2021? According to Michael Theuerzeit, Lead Consultant at Hudson Cybertec and Marcel Jutte, Managing Director at Hudson Cybertec, there is more attention than ever for cybersecurity. As a result an increasing number of organizations certify (parts of) their OT/PA domain against the international IEC. 62443 standards. On the other hand, it has never been easier for the average hacker to get effective tools, to attack the OT/PA domain.

What do the infrastructure, industry and water sectors have in common when it comes to cyber security? All three sectors have to deal with both an IT/OA domain and an OT/PA domain. Whereas the OT/PA domain originally was never conceived to connect to the Internet while with today’s digitalization, such connectivity is increasingly expected to be a requirement.

Waterschap moet zich wapenen tegen cybercrime

IEC 62443

One of the most striking developments in the field of cyber security is the increased attention for certification. Besides the fact that more and more companies that recognize the importance of the international IEC 62443 standard, there is increasing attention to cybersecurity nationally. “For example, we see that in the Netherlands the Cybersecurity Implementation Directive (CSIR) gains wider adoption”, says Jutte.

Generalization

The CSIR for Rijkswaterstaat has been recently updated and there is increasing interest to support using it for other applications. For example, within the Management Agreement for Water (BAW): parties such as Rijkswaterstaat, the water boards, the Association of Provincial Authorities, the Association of Netherlands Municipalities, and the drinking water companies are represented in the BAW. Theuerzeit: “The aim of generalising the CSIR is to make it suitable for other parties besides Rijkswaterstaat. Just as IEC 62443 is now widely accepted, it would be good if the CSIR could also count on wider acceptance. We are currently focusing mainly on the water boards, but other BAW partners could join us in the short term.” For the process industry, the CSIR becomes relevant the moment companies outsource the processing of wastewater to a party covered by the CSIR.

The whole picture

The CSIR is not simply a national implementation of the IEC 62443 standard. Theuerzeit: “They are two different things. The IEC 62443 describes that you must arrange certain things regarding cybersecurity. It says what you should do, but not exactly how you should do it. The CSIR speaks of measure sets: it describes in detail how you must implement measures. In addition to technical and process requirements, concrete measures are prescribed for several risk areas. The CSIR also contains guidelines with industry best practices, and thus the CSIR gives a concrete interpretation of cyber security measures.”

Meer aandacht en meer certificering voor cybersecurity

Trends

There are more trends to observe than just the above mentioned developments regarding standards. The media regularly reports on successful hacks, new forms of cybercrime and observations on the degree of cybersecurity of certain sectors. “Recently the media reported that many Dutch municipalities are not prepared for cyber-attacks,” says Theuerzeit. “When you read reports like that, you might think that things are bad when it comes to cybercrime, but the reality is a bit more nuanced.” Theuerzeit notes an increase in awareness regarding cybercrime. “Even in the boardroom, cybersecurity is now significantly more often on the agenda than a few years ago. And that is due in part to those reports in the media. The CEOs of large companies also read those reports and then want to know how resilient their organization is.”

OT Insight

It becomes increasingly more difficult to keep attackers out, therefore it becomes more important to take the necessary measures to ensure that detect when an attacker has successfully penetrated your defences to minimize the potential consequences. Monitoring is extremely important in this respect. “You then have to do that in a way that suits your situation,” clarifies Theuerzeit. “Monitoring in an OT/PA environment requires very different tools than monitoring an IT/OA environment. For example, our monitoring solution, called ‘OT Insight’ is built precisely for the OT environment, taking into account all the risks that are inherent to such an environment.”

This is a summary, read the whole article here

Source: Process Control, July 2021

HUDSON CYBERTEC

In the spotlight

Monitoring your OT environment is essential. You know what is happening on your network and see to what extent you are compliant with various cyber security standards and laws and regulations.

OT Monitoring

With our monitoring solution OT Insight you increase the digital resilience of your OT network and your compliance. We offer you, in cooperation with our partner Rhebo, a range of possibilities with one solution that grows with your needs.

IEC 62443 Standard

The IEC 62443 standard offers your organization tools to improve the digital security and safety of your IACS environment. Implementation of the standard improves the cybersecurity level of your organization's OT / ICS / SCADA environment.

The IEC 62443 is the international cybersecurity standards framework for operational technology (OT). The framework consists of a collection of standards, technical reports and related information for securing Industrial Automation and Control Systems (IACS).

read more

Hudson Cybertec’s IEC 62443 Competence Center has extensive experience with this standard. We play an active role in the development of the standard, actively promote it internationally and have developed a training program around the IEC 62443.

read more

It is becoming increasingly important for organizations to be able to demonstrate that the digital security of the OT environment is in accordance with standards frameworks. It is therefore possible to certify (parts of) your IACS environment according to IEC 62443.

read more

If you want to know more about this standard and need training on how to apply it within your own organization or at your clients, Hudson Cybertec has a number of very interesting training courses for you.

read more

The IEC 62443 standard provides organizations with tools to improve the digital security and safety of OT / ICS / SCADA environments.

read more

How digitally safe is your organization?

Curious about the possibilities? Please contact us!

Contact us

Newsletter

Sign up for our newsletter. We will keep you posted on the latest developments in our cybersecurity services.

  • This field is for validation purposes and should be left unchanged.
© 2024 Hudson Cybertec
Privacy en cookies | Responsible Disclosure