The first Ibero-American Industrial Cybersecurity Congress has taken place

02/10/2013

The celebration of the first Ibero-American Industrial Cybersecurity Congress has been a great success of attendance as well as of contents. For the first time in Ibero-america, actors from every scope related to Industrial Cybersecurity have been reunited in a common ground.

The congress, held in Madrid on October 2 and 3 had also interesting activities pre and post congress such as workshops given by prominent professionals. It had almost 200 attendees from the industrial world with the following distribution:

The celebration of the first Ibero-American Industrial Cybersecurity Congress has been a great success of attendance as well as of contents. For the first time in Ibero-america, actors from every scope related to Industrial Cybersecurity have been reunited in a common ground.

The morning of the first day was an unprecedented experience where speakers from the United States (Patrick Miller, Energysec), Middle East (Omar Sherin, Qatar CERT), The Netherlands (Auke Huistra TNO), Argentina (Maximillian Kon, ISA) and Japan (Seiichi Shin, CSSC)  gave the attendance different points of view about how Industrial Cybersecurity is faced in different sides of the world. These international speakers were also  at a discussion panel where the social and geographical implications of Industrial Cybersecurity were discussed.

The conference continued with Manuel Carpio (Telefónica) who presented the way that syndication of web feeds can improve communication and interoperability among CIP stakeholders. The morning ended with Ginter (Waterfall) who explained that having firewalls is important, but not enough to guarantee security on critical facilities.

The afternoon session started with keynotes from industrial equipment vendors.  Maximillian Korff and Juan Carlos Pozas (Siemens) explained the way that Siemens has followed to include security in the design and deployment of their systems. Also, Frans Van der Scheer (Honeywell) explained how Honyewell uses standards such as ISA-99 and techniques such as defines in depth for the development of secure solutions.

Later it was time for Kim Legelis (Industrial Defender) who showed the way that ICS security devices can help to comply with SANS 20 critical controls.
The first day of the congress ended with a lively discussion panel where industrial vendors discussed the problems that cybersecurity means to their systems.

Some of the attendants had the chance of assisting to a gala dinner where in a relaxed setting new cooperation and friendship links were made.

The second day started with the view of public entities about Industrial Cybersecurity. Manel Medina (ENISA) detailed some of the challenges that organisations will have to face during the following years. Alberto López (INTECO) made a detailed exposition on Advanced Persistent Threats. Then, Ricardo Nieto (CNPIC) exposed the missions and challenges that CNPIC has in the scope of Industrial Cybersecurity.

After the coffee break, Jose Valiente (CCI) detailed the CCI plans for the near future which are based in: Expansion of the CCI ecosystem, Knowledge teams and a person based internationalization plan.
Later, Jose Luis Laguna (Fortinet) explained how a cybersecurity vendor can use its experience for including in its solutions the security features that industrial environments need.
This was followed by Xavier Cardeña y Fernando Sevillano (Logitek) who talked about the integration of industrial cybersecurity specific devices for protecting SCADA systems.

At the end of the morning, Samuel Linares (CCI) introduced the concept C3R: Collaboration, Commitment and Coordination based Relationships which focuses collaboration efforts in people instead of organisations. This lead to a discussion panel where representatives from public entities and private companies debated about collaboration in Industrial Cybersecurity.

After lunch, Silvia Villanueva (PWC) explained how cybersecurity should be faced in industrial networks performing a demo that allowed the attendees to see a life attack on a ICS. Andrey Nikishin (Kaspersky Lab) detailed the effort that Kaspersky is doing in the development of new security solutions for industrial environments such as their new operating system.
The last presentation was from Javier Zubieta (GMV) who described how whitelisting can help in the protection of industrial environments.

The finishing touch of the congress was a discussion table that joined the different stakeholders on industrial projects where some of the previous panelists were joined by Hector Puyosa (Sabic) and Javier Fernández (Grupo TSK) who provided the point of view of and end user and an EPC firm.

 

Results of the congress

We wish to thank all the attendees that have evaluated the event as having excellent contents and have proposed new ideas for the next congress:

“Experiences from end users in Spain and Ibero-america”
“Strategic and management aspects”
“Cybersecurity from SMBs”
“Practical cases”
“Countermeasures end users should ask to EPC firms”
“State of the art of vulnerabilities”
“Future perspective for SCADA systems”
“Deep analysis of advanced malware”
“Industrial cybersecurity from a comprehensive view”
“Simulations for vulnerabilities exploiting”
“Smartgrids security experiences”

We will be delighted to accomplish all these requirements and suggestions and will start to do it through our events “The voice of the industry”

Agenda