Mr. Leonardo Huertas Calle, the Industrial Cibersecurity Center Coordinator in Colombia (CCI Coordinators Team), helps us to get in context of the state of the industrial cybersecurity in his country, and to do so, he shares with us his impressions.

He describes the level of sensitivity of industrial organizations in his country according to the following percentages:

He also affirms that the trend of recent years has exponentially grown.

Colombia counts with local and national public bodies promoting an adequate legal framework, in order to ensure the progressive incorporation of industrial cybersecurity measures in national presence companies (mainly critical infrastructure). The main organizations are:

• Ciber Emergency Response Group of Colombia - colCERT
• Cyber Joint Command - CCOC
• Police Cyber Center - CCP
• MINTICS
• Ministry of National Defense

Among the main national laws and regulations affecting in this context in Colombia, Leonardo Huertas mentions:

• CONPES 3701
• Law 1273 2009
• Law 1341 2009
• Law 1621 of 2013 (Legal framework for intelligence functions performance and counterintelligence agencies & Databases Protection)
• Decree 0032 of 2013 (creation of the Digital National Commission and State Information)

Analysing the most widely adopted industrial cybersecurity measures by Colombian organizations to protect industrial automation systems, Leonardo Huertas highlights the application of:

• Industrial cybersecurity consulting / advisory
• Ethical hacking
• Implementation of safety management systems
• Internal security audits
• External security audits
• Network design and architectures
• Development of continuity and / or contingency plans
• Industrial firewalls
• SIEM (Security information and event management)
• Industrial applications control

The CCI Coordinator in Colombia characterizes the industrial cybersecurity situation in his country with the following SWOT analysis: