The Industrial Cybersecurity Center in Costa Rica

Team

Raúl Rivera

Raúl Rivera is a Bachelor in Systems Engineering, Master in Telematics and Master in Business Administration with Emphasis in Finance, with more than 24 years of professional career. He has extensive experience and knowledge in the application of best practices for Enterprise Risk Management, Process Improvement, Information Technology Government, Business Continuity, Systems Audit, IT Service […]

Mr. Raúl Rivera Méndez, the Industrial Cibersecurity Center Coordinator in Costa Rica (CCI Coordinators Team), helps us to get in context of the state of the industrial cybersecurity in his country, and to do so, he shares with us his impressions.

He describes the level of sensitivity of industrial organizations in his country according to the following percentages:

He also affirms that the trend of recent years has been a slight increase.

Costa Rica counts with local and national public bodies promoting an adequate legal framework, in order to ensure the progressive incorporation of industrial cybersecurity measures in national presence companies (mainly critical infrastructure). The main organizations are:

  • MICITT ICE (Energy - Comunications)
  • RECOPE ACUADUCTOS Y ALCANTARILLADOS
  • CAJA COSTARRICENSE DE SEGURO SOCIAL

Among the main national laws and regulations affecting in this context in Costa Rica, Raul mentions:

  • Law 9048 Section VIII, Computer and Related Offenses, Title VII of the Criminal Code

Analysing the most widely adopted industrial cybersecurity measures by Costa Rica's organizations to protect industrial automation systems, Raúl highlights the application of:

  • Internal security audits
  • External security audits
  • Network design and architectures
  • Development of continuity and / or contingency plans
  • Conventional firewalls
  • Backups
  • Industrial applications control
  • Antivirus

The CCI Coordinator in Costa Rica characterizes the industrial cybersecurity situation in his country with the following SWOT analysis:

Weaknesses

  • Lack of operational technologies certifications, processes and professionals

  • Lack of specific industry cybersecurity legislation

  • Lack of events and forums on industrial cybersecurity Lack of a solutions and services catalogue of industrial cybersecurity

  • Lack of specific CERTs Other (please specify)

Strengths

  • Public organizations driven force (industry, national issues and defence).

  • Awareness, especially regarding industrial critical infrastructures

  • Frequent events and forums on industrial cybersecurity

  • Increase of Industrial cyber security trained professionals

Threats

  • High development of industrial applications without cybersecurity requirements

  • Shortage of local industrial cybersecurity professionals working for manufacturers

  • Shortage of specific industrial cybersecurity risk management tools

Opportunities

  • Increased of cibersecurity demand for Industry 4.0 and the Internet of things.

  • Advantage with the lessons learned from smart grid cibersecurity.

  • Strategic position in the industrial cyber security sector Other (specify)

Activities

Costa Rica: Workshop on Practical Management of Industrial Cybersecurity

The objective of this workshop is to provide professionals from industrial organizations, engineering, IT integrators and OT with the necessary knowledge to carry out a diagnosis on Cybersecurity of an industrial organization identifying the main security gaps, as well as how to establish a risk analysis and treatment plan to manage technological risks at levels […]

XIV International Congress of Industrial Cybersecurity in Latin America, held from October 27 to 29, in Virtual Format

As a fundamental part of its activity, the Center for Industrial Cybersecurity (CCI) has held its XIV International Congress on Industrial Cybersecurity in Latin America. Reference event for the Latin American market, and a meeting point and exchange of knowledge, experiences and relationships of all the actors involved in this field.