Ronald Brash, the Industrial Cybersecurity Center Coordinator in Canada (CCI Coordinators Team), helps us to get in context of the state of the industrial cybersecurity in his country, and to do so, he shares with us his impressions.

He describes the level of sensitivity of industrial organizations in his country according to the following percentages:

He also affirms that the trend of recent years has exponentially grown.

Canada counts with local and national public bodies promoting an adequate legal framework, in order to ensure the progressive incorporation of industrial cybersecurity measures in national presence companies (mainly critical infrastructure). The main organizations are:

• Public Safety Canada
• Canadian Center for Cyber Security
• Canadian Security Intelligence Service
• Communications Security Establishment
• Royal Canadian Mounted Police

Among the main national laws and regulations affecting in this context in Canada, Ronald mentions:

• Environmental regulations
• NERC CIP
• Common law (negligence, hacking insider damage etc.
• Tort Law
• Statutory Law

Analysing the most widely adopted industrial cybersecurity measures by Canadian organizations to protect industrial automation systems, Ronald Brash highlights the application of:

• Industrial cybersecurity consulting / advisory
• Implementation of safety management systems
• External security audits
• Network design and architectures
• Development of continuity and / or contingency plans
• Managed cybersecurity services
• Conventional firewalls
• Industrial firewalls
• One-way gateways IDS / IPS
• Backups SIEM (Security information and event management
• Encrypted communications
• Industrial applications control
• Whitelisting
• Antivirus
• Identity management

The CCI Coordinator in United States characterizes the industrial cybersecurity situation in his country with the following SWOT analysis: