Marina Krotofil and Stephan Gerling, the Industrial Cibersecurity Center Coordinators in Germany (CCI Coordinators Team), helps us to get in context of the state of the industrial cybersecurity in their country, and to do so, they share with us their impressions.
They describe the level of sensitivity of industrial organizations in their country according to the following percentages:
They also affirm that the trend of recent years has slightly grown.
Germany counts with local and national public bodies promoting an adequate legal framework, in order to ensure the progressive incorporation of industrial cybersecurity measures in national presence companies (mainly critical infrastructure). The main organizations are:
- Federal Office for Information Security (BSI - Bundesamt für Sicherheit in der Informationstechnik)
- Bundesverband Informationswirtschaft, Telekommunikation und neue Medien e.V. (Bitkom)
- UP KRITIS (BBK - Bundesamt für Bevölkerungsschutz und Katastrophenhilfe)
- Federal Ministry of the Interior
Among the main national laws and regulations affecting in this context in Germany, Marina and Stephan mentions:
As industrial cybersecurity measures widely adopted by German organizations to protect industrial automation systems, Marina Krotofil and Stephan Gerling highlights the application of:
- Industrial cybersecurity consulting / advisory
- Implementation of safety management systems
- Internal security audits
- Network design and architectures
- Conventional firewalls
The CCI Coordinators in Germany characterizes the industrial cybersecurity situation in their country with the following SWOT analysis:
- Lack of operational technologies certifications, processes and professionals
- Lack of specific industry cybersecurity legislation
- Lack of a solutions and services catalogue of industrial cybersecurity
- Lack of specific CERTs
- Lack of financial investments into security projects
- Awareness, especially regarding industrial critical infrastructures
- Frequent events and forums on industrial cybersecurity
- In general, there is an strong awareness of security in critical infrastructures and ICS. The industry is currently conducting active conversations with the government about how to improve ICS security, including which new/additional regulations/laws are needed
- High development of industrial applications without cybersecurity requirements
- Slow Legislation
- Slow legislation Shortage of local industrial cybersecurity professionals working for manufacturers
- Shortage of specific industrial cybersecurity risk management tools/li>
- Increased of cibersecurity demand for Industry 4.0 and the Internet of things.
- Advantage with the lessons learned from Smart Grid cybersecurity.
- Strategic position in the industrial cyber security sector