La Voz de la Industria The Voice of the Industry

The new regulations, the role of CSIRTs and experiences, keys to the XX Meeting "The Voice of Industry" held on September 21

21/09/2017

The Center for Industrial Cybersecurity presented its study “European Industrial Cybersecurity Regulatory Landscape” and its tool “Evaluation of Maturity of the Process of Cybersecurity in Industrial Organizations”

The Industrial Cybersecurity Center (CCI) presented the document “European Industrial Cybersecurity Regulatory Landscape”, which contains a non-exhaustive list of the current European legislation applying to the industrial ecosystem, which relates or can be related to cybersecurity in this area. A number of regulatory frameworks have been explored in the following countries: Belgium (BE), Germany (DE), Spain (ES), France (FR), Italy (IT), Netherlands (NL), Portugal (PO) ), Romania (RO), Turkey (TR) and the United Kingdom (United Kingdom). With special mention to the implications of the transposition of the European NIS directive for critical infrastructure operators and essential services.
  José Valiente, director of the CCI, started the day by announcing that the Center has three teams of expertise, “Industrial Critical Infrastructures”, “Smart OT” and “EPC”, which will be joined by a new team called “Compliance”. will focus on the implications of compliance in industrial cybersecurity.
  Miguel García-Menéndez then presented the document “European Industrial Cybersecurity Regulatory Landscape”, and some standards or regulatory frameworks that have appeared in Europe in recent years and are linked to cybersecurity. referred to the popularly known as NIS Directive, “whose main objective is to achieve a high and homogeneous level of security in the networks and information systems of the European Union.” Likewise, García-Menéndez referred to the new European Data Protection Regulation , whose transposition to the Spanish scope must materialize before August 25, 2018. Finally, he referred to the ICCF, which aims to become an articulated frame of reference that specifies the principles, activities and actors of an evaluation of components of an industrial automation solution. ICCF have been involved the ICC, industrial manufacturers, such as SIEMENS, certifiers, and the National Institute of Cybersecurity (Incibe) of Spain.
  Sergio J. Fernández, operations analyst at CNPIC, presented the CERT of Safety and Industry (CERTSI_), which, by agreement of the National Cybersecurity Council of May 29, 2015, is the National CERT competent in prevention, mitigation and response to cyber incidents in business, citizens and critical infrastructure operators. Fernández, presented some of the most outstanding services of CERTSI, such as the ICARO service for preventive detection, or cyber-exercises. He ended his presentation by commenting on the situation of the working group on transposition of the NIS directive, made up of MINETAD, CCN, DSN and MIR.
  A representative of the CNPIC then presented the CCN-CERT, competent Government / National CERT, as well as some of its main services for the detection, analysis, auditing and exchange of sensitive information, especially highlighting the early warning service, highlighting sat-inet, internet probes and the recent sat-ICS, specific for industrial control systems, within which are inspected protocols and anomalies in industrial processes.
  Nuria Andrés and Santiago Pérez, representing Dimension Data, presented IoT and Cloud as enablers of the Digital and Secure Industry, showing their technological experience in the Tour de France, and some of the main risks in IoT, such as lack of perimeter or standardization , but also recommendations such as good practice in code development or security testing.
  Then came the makers of cybersecurity technologies. Bosco Espinosa began, representing Kaspersky, which showed the need for awareness and mutual association of engineers, business management and IT security. It ended with the presentation of “Kaspersky Industrial Cybersecurity” based on solutions and services to predict, detect, protect and respond. Highlighting agreements with industrial manufacturers such as Siemens, ABB or Schneider of their solutions.
  Then David Galdrán, Check Point’s Security Engineer who talked about the era of digital transformation highlighting the role of connectivity to the cloud from mobile devices. It showed the vectors of attack in an OT network and the best practices for its protection, highlighting the segmentation, protection against APTs and the use of specialized technologies.
Then came the makers of cybersecurity technologies. Bosco Espinosa began, representing Kaspersky, which showed the need for awareness and mutual association of engineers, business management and IT security. It ended with the presentation of “Kaspersky Industrial Cybersecurity” based on solutions and services to predict, detect, protect and respond. Highlighting agreements with industrial manufacturers such as Siemens, ABB or Schneider of their solutions.
  Then David Galdrán, Check Point’s Security Engineer who talked about the era of digital transformation highlighting the role of connectivity to the cloud from mobile devices. It showed the vectors of attack in an OT network and the best practices for its protection, highlighting the segmentation, protection against APTs and the use of specialized technologies.
The turn of manufacturers was closed by David Fuertes, representing Palo Alto Networks, his paper showed an approach based on the experience of recent cases such as Blackenergy or the Kemury case, attack on water treatment systems. The solution proposed is based on Awareness, Segmentation and Prevention, for which it presented the TRAP solution that allows the detection of exploits, both known and unknown. He finished his presentation with the solution Autofocus that allows to apply intelligence in the cloud.
The morning concluded with a discussion table on “Internal Normative Frameworks and the IT-OT relationship”, moderated by Oscar Bou, CCI Coordinator in Valencia and Partner of Govertis. Ignacio Álvarez, Director of Sensory, Instrumentation and Industrial Communications at SIEMENS, Jorge Edo, ISACA representative and Miguel García Menéndez, vice-president of CCI participated in this table.
With the afternoon came a case study. José Valiente, director of the CCI, presented a practical case for evaluating the level of maturity in cybersecurity of CAPSA FOOD. The director of the ICC stressed that it is important to evaluate, since this makes it possible to reach “up to continuous improvement”. And as a document to help achieve this, he referred to the Cybersecurity Process Maturity Assessment Tool in Industrial Organizations, downloadable through the ITC website and of general application to any industrial organization. In addition, it makes it possible to establish comparisons with third entities. With a total of 122 targets, the document, explained Valiente, has already been used to evaluate companies such as Argentine oil company YPF.
Aarón Flecha, ICS security consultant at S21Sec, spoke about recent attacks, presenting in detail “CrassOverride” which he described as one of the most sophisticated recent attacks directed at industrial environments in sectors such as the electric. After presenting some of the main vectors of attack, he performed a practical demonstration of access taking advantage of the weaknesses of the protocol IEC 104. He then presented some defense recommendations against these attacks.
The day ended with the panel discussion “Successes and Failures in the protection of Critical Business Infrastructures”, moderated by José Valiente and in which Jose Fernánde Zapata, from Port of Valencia, Sergio J. Fernández, from CNPIC, Jose Luis Laguna, of Fortinet and Álvaro Sampedro, of Phoenix Contact.

Agenda Schedule

  • 8:30 am
    Accreditations
  • 9:00 am
    Welcome and Context of Industrial Cybersecurity. CCI
  • 9:15 am
    Multilateral collaboration on Digital Security: NIS Directive, GDPR, ... CCI
  • 9:45 am
    CSIRTs - Computer Security Incident Response Team for Essential Services. CCNCERT, CERTSI_
  • 10:30 am
    IoT and Cloud as enablers of the Digital and Secure Industry.. DIMENSION DATA
  • 11:00 am
    Coffee Break / Networking
  • 11:30 am
    KICS (Kaspersky Industrial CyberSecurity). Kaspersky
  • 12:00 am
    Digital transformation in critical infrastructures. Check Point
  • 12:30 am
    Prevención, Automatización y Big Data como herramientas de Operación de Seguridad Industrial. Palo Alto Networks
  • 1:00 pm
    Discussion Table: Internal Normative Frameworks and the IT-OT relationship
  • 1:45 pm
    Cocktail / Networking
  • 3:00 pm
    Practical example of Maturity Assessment in the Cybersecurity process. CCI
  • 3:30 pm
    Practical example to protect an industrial environment. S21 Sec
  • 4:00 pm
    Debate Panel: Successes and Failures in Critical Infrastructure Protection
  • 5:00 pm
    Conclusions and closure of the meeting

September 21, 2017
Hotel TRYP VALENCIA OCEANIC (Carrer del Pintor Maella, 35, 46023, Valencia)