La Voz de la Industria The Voice of the Industry

In the framework of the XIX Meeting “The Voice of Industry”, held on 14 June in Santiago de Chile, the coordinators of the Industrial Cyber ​​Security Center (CCI) Gabriel Bergel and Jesús Peña presented the previous study “State of Cybersecurity in The Chilean industry, “which contains the results of 32 organizations, this study concludes the lack of internal knowledge in industrial organizations, with the need to be delegated protection in external consultants, the promotion of projects and budgets in the ascendancy to short term.

José Valiente, director of the CCI, started the meeting presenting the activities of the Center and its international reach with representatives in fifteen countries, of which more than half are in Latin America.

Daniel Álvarez, a specialist in regulatory issues on cybersecurity and public computer law, from the Undersecretariat for Defense, presented the Chilean National Cybersecurity Policy, whose main motivations are:

· Safeguarding the security of people in cyberspace

· Protect the country’s security

· Promote collaboration and coordination between institutions

· Manage the risks of cyberspace.

The policy establishes 41 actions to be carried out between 2017-2018, including the preparation of a draft law on cybersecurity, the identification of a minimum set of risks for critical infrastructures of information and the creation of a platform to add the Information on cybersecurity incidents. Álvarez highlighted the policy’s first strategic objective: “the country will have a resilient public and private information infrastructure, prepared to withstand and recover from incidents of cybersecurity.”

Also at the meeting was Mariano M. Del Rio of Securetech, representing the sponsor Ran Security, who explained that “we must do things well, and for this the protection of the industrial environment must be based on good practices” mentioning the CIS, Critical Security Controls Or tools like ICS-CERT CSET “.

Enrique Domínguez, director of strategy for InnoTec System, and David Marco, head of the line of industrial cybersecurity business in the same company, explained that the cyber incidents managed by CCN-CERT and InnoTec have gone from 4,003 five years ago to 20,940 in 2016 , Being the majority of criticity “High”. Domínguez and Marco especially warned against extortion: “It is a trend in all sectors, in industry they show that they are in the plant and, if not paid, attack.” 20% of companies are not prepared to respond to computer incidents, they said.

José Valiente, Director of ITC, showed the parallelism between Smart Car and Smart Factory, regarding the application of new technologies and their cybersecurity challenges: the increase of IT suppliers to integrate with OT and Lack of qualified cybersecurity professionals for the coming years.

Valiente presented a fictitious use case of Smart Factory, but based on real events, happened in an industrial plant where several incidents of high impact and serious consequences for the business occurred in an organization of the food sector that had integrated operating systems With corporate systems such as the ERP and a MES system in the Cloud.

Miguel García-Menéndez, Vice-President of ITC, presented at this meeting the document “Benefits of Cybersecurity for Industrial Enterprises”, which affects the role of the board of directors and the general director in cybersecurity, as well as the threats to Industry in the digital age, the enablers for the development of industrial cybersecurity, the benefits for industrial companies and the testimonies of management people.

Garcia warned: “We do not try to turn board members into technologists,” but he stressed that “in the United States there has already been a chip change in counselors and managers, cybersecurity is beginning to be taken quite seriously and not here” . He ended by remembering when, in 1999, an oil pipeline from the Olympic Pipeline Company exploded in Bellingham, Washington. There were three dead and one vice president charged because they had the SCADA systems disconnected, using them in maintenance work.

The morning concluded with a panel discussion on “The implementation of protection in Chilean critical infrastructures”, moderated by José Valiente, who spoke about the level of maturity in industrial cybersecurity in the member states of Europe regarding the protection of ICS systems and SCADA to ask what is the level of preparation of maturity of the Chilean organizations that operate critical infrastructures.