Industry news 4 Survey shows low adoption of industrial cyber security Almost two thirds of the surveyed companies don’t monitor for suspicious behavior. Many companies are conducting regular risk assessments, but 20% are not doing them at all. Cyber security study suggests three priorities for any industrial organization.: (1) make security part of your company's digital strategy; (2) adopt best practices and processes; and (3) leverage organizational leadership. Secure Configuration and Operation of OPC UA industrial ethernet book 2.2018 A NEW STUDY SHOWS INDUSTRIAL COMPANIES are not moving quickly to adopt cyber security measures to protect data and operations, even as attacks have increased around the globe. Cyber security survey The survey, "Putting Industrial Cyber Security at the Top of the CEO Agenda", was conducted by LNS Research and sponsored by Honeywell. It polled 130 strategic decision makers from industrial companies about their approach to the Industrial Internet of Things (IIoT), and their use of industrial cyber security technologies and practices. Among the findings were: • More than half of respondents reported working in an industrial facility that already has had a cyber security breach. • 45% of the responding companies still do not have an accountable enterprise leader for cyber security. • Only 37% are monitoring for suspicious behavior. • Although many companies are conducting regular risk assessments, 20% are not doing them at all. “Decision makers are more aware of threats and some progress has been made to address them, but this report reinforces that cyber security fundamentals haven’t been adopted by a significant portion of the industrial community,” said Jeff Zindel, vice president and general manager, Honeywell Industrial Cyber Security. “In order to take advantage of the tremendous benefits of industrial digital transformation and IIoT, companies must improve their cyber security defenses and adapt to the heightened threat landscape now.” The study suggests these three immediate actions for any industrial organization to capture the value of the new technologies: 1. Make industrial cyber security part of digital transformation strategies; 2. Drive best practice adoption across people, processes and technology, from access controls to risk monitoring, and tap external cyber expertise to fill gaps 3. Empower leaders and build an organizational structure that breaks down the silos between IT and OT. SOURCE: IIC “Cyber security needs to be part of every CEO’s agenda to ensure the effective, immediate and long-term deployment of strategies and technologies such as IIoT,” said Matthew Littlefield, president and principal analyst, LNS Research. “In short, in order for a business to succeed on its digital transformation journey, it needs to succeed with industrial cyber security.” For more information, visit becybersecure. com and https://hwll.co/uhrgs. THE OPC FOUNDATION HAS PUBLISHED a set of practical guidelines for the secure configuration and use of OPC UA in industry. Rapid growth in the networking and digitization of industrial systems has introduced a host of new security challenges that must be addressed systematically to be effectively mitigated. In particular, beyond the need for implementing secure network infrastructures, it is essential to protect product and production data moving throughout the systems. Device vendors, engineers, and system integrators need to ensure they use these technologies in a secure way. While industry acknowledges the need for data security, OT and IT professionals alike are often unsure on how to best get started. “Currently, users and developers are overwhelmed with making security decisions during their daily job. Incorrect use of security features causes many security vulnerabilities, due to difficulties to use software and a lack of security knowledge. Documentation, tutorials, and good examples are often missing”, said Dr. Eric Bodden, professor of Software Engineering at Paderborn University and director of Software Engineering at Fraunhofer IEM. The OPC Foundation established a security user group. The aim of this group is to develop best practices and guidelines for typical OPC UA security use cases. The document is available on the OPC Foundation website (https://opcfoundation. org/security) News from OPC Foundation.
Industrial Ethernet Book 104
To see the actual publication please follow the link above