Industrial Cybersecurity in Germany

Team

Stephan Gerling

Stephan Gerling is Senior Compliance Manager, who works in the oil and gas industry more than 20 years now. A strong technical and electronical education in several roles is his background. He joined the German Army for more than 6 years as Navigation electronical expert for Helicopters. During this military time, he was in several […]

Marina Krotofil

Marina Krotofil is Senior Automation Security Engineer with the industry. For the past decade she has been focusing on advanced methods for securing Industrial Control Systems. Marina has discovered several novel attack vectors on cyber-physical systems and proposed security approaches from process control engineering discipilne. She specializes on incident response, forensic investigations, ICS malware analysis […]

Maite Carli García

Maite Carli is Communication Manager and European Coordinator at the Industrial Cybersecurity Center. Specialized in administration of networks and communications, industrial critical infrastructures, industry 4.0, data analysis technologies in the Health sector and industrial cybersecurity, having done several courses and a master. She has developed her professional career in the United Kingdom for 9 years.

Marina Krotofil and Stephan Gerling, the Industrial Cibersecurity Center Coordinators in Germany (CCI Coordinators Team), helps us to get in context of the state of the industrial cybersecurity in their country, and to do so, they share with us their impressions.

They describe the level of sensitivity of industrial organizations in their country according to the following percentages:

They also affirm that the trend of recent years has slightly grown.

Germany counts with local and national public bodies promoting an adequate legal framework, in order to ensure the progressive incorporation of industrial cybersecurity measures in national presence companies (mainly critical infrastructure). The main organizations are:

  • Federal Office for Information Security (BSI - Bundesamt für Sicherheit in der Informationstechnik)
  • Bundesverband Informationswirtschaft, Telekommunikation und neue Medien e.V. (Bitkom)
  • UP KRITIS (BBK - Bundesamt für Bevölkerungsschutz und Katastrophenhilfe)
  • Federal Ministry of the Interior

Among the main national laws and regulations affecting in this context in Germany, Marina and Stephan mentions:

  • IT-Sicherheitsgesetz

As industrial cybersecurity measures widely adopted by German organizations to protect industrial automation systems, Marina Krotofil and Stephan Gerling highlights the application of:

  • Industrial cybersecurity consulting / advisory
  • Implementation of safety management systems
  • Internal security audits
  • Network design and architectures
  • Conventional firewalls
  • Backups
  • Whitelisting
  • Antivirus

The CCI Coordinators in Germany characterizes the industrial cybersecurity situation in their country with the following SWOT analysis:

Weaknesses

  • Lack of operational technologies certifications, processes and professionals

  • Lack of specific industry cybersecurity legislation

  • Lack of a solutions and services catalogue of industrial cybersecurity

  • Lack of specific CERTs

  • Lack of financial investments into security projects

Strengths

  • Awareness, especially regarding industrial critical infrastructures

  • Frequent events and forums on industrial cybersecurity

  • In general, there is an strong awareness of security in critical infrastructures and ICS. The industry is currently conducting active conversations with the government about how to improve ICS security, including which new/additional regulations/laws are needed

Threats

  • High development of industrial applications without cybersecurity requirements

  • Slow Legislation

  • Slow legislation Shortage of local industrial cybersecurity professionals working for manufacturers

  • Shortage of specific industrial cybersecurity risk management tools/li>

Opportunities

  • Increased of cibersecurity demand for Industry 4.0 and the Internet of things.

  • Advantage with the lessons learned from Smart Grid cybersecurity.

  • Strategic position in the industrial cyber security sector

Activities

XVI International Congress of experiences in Industrial Cybersecurity. Europe

As a fundamental part of its activity, the Industrial Cybersecurity Center (CCI) will hold its XVI Industrial Cybersecurity International Congress in Europe from September 28th to 30th (9:00 to 14:00 CEST), one of the benchmark events for the European market, and a meeting and exchange point of knowledge, experiences and relationships of all the actors […]