Gabriel Bergel and Jesus Peña Martinez are the Industrial Cibersecurity Center Coordinators in Chile (CCI Coordinators Team). Both, in collaboration with Eduardo Di Monte (who was CCI Coordinator in Chile, but he changes to CCI Expert Team Member CCI Experts Team), help us to get in context of the state of the industrial cybersecurity in their country, and to do so, they share with us their impressions.
They describe the level of sensitivity of industrial organizations in their country according to the following percentages:
They also affirm that the trend of recent years has been an exponentially grown.
Chile counts with local and national public bodies promoting an adequate legal framework, in order to ensure the progressive incorporation of industrial cybersecurity measures in national presence companies (mainly critical infrastructure). The main organizations are:
- Ministry of Defense
- Ministry of Interior
- EMCO Joint Hight State
Among the main national laws and regulations affecting in this context in Chile, they mention:
- Supreme Decree No. 1299 which describes the standards, and defines the roles for handling cyber crime
- Law No. 19,223, that introduces computer crimes to the Criminal Code
- Law No. 19,628, which covers privacy and data protection (currently draft is been updated in the Congress)
- Finally, through Supreme Decree No. 533 of April 27, 2015, the Interministerial Committee on Cybersecurity (CICS) was created, whose main mission is to propose to the President of the Republic a
- National Cybersecurity Policy. At the moment, this Policy is in draft phase, after the citizen consultation carried out during 2016.
Analysing the most widely adopted industrial cybersecurity measures by Chilean organizations to protect industrial automation systems, Gabriel Bergel and Eduardo Di Monte highlight the application of:
- Industrial cybersecurity consulting / advisory
- Ethical hacking
- Internal security audits
- External security audits
The CCI Coordinators in Chile characterize the industrial cybersecurity situation in their country with the following SWOT analysis:
- Lack of operational technologies certifications, processes and professionals
- Lack of specific industry cybersecurity legislation
- Lack of events and forums on industrial cybersecurity
- Lack of a solutions and services catalogue of industrial cybersecurity
- Lack of specific CERTs
- Public organizations driven force (industry, national issues and defence)..
- Significant industrial cybersecurity innovation projects
- Awareness, especially regarding industrial critical infrastructures
- Frequent events and forums on industrial cybersecurity
- Application of IT security measures without discretion
- High development of industrial applications without cybersecurity requirements
- Slow legislation
- Shortage of local industrial cybersecurity professionals working for manufacturers
- Shortage of specific industrial cybersecurity risk management tools
- Increased of cibersecurity demand for Industry 4.0 and the Internet of things.
- Advantage with the lessons learned from smart grid cibersecurity.
- Strategic position in the industrial cyber security sector