Mr. Jose Valiente, the Industrial Cibersecurity Center Coordinator in Spain (CCI Coordinators Team), helps us to get in context of the state of the industrial cybersecurity in his country, and to do so, he shares with us his impressions.
He describes the level of sensitivity of industrial organizations in his country according to the following percentages:
He also affirms that the trend of recent years has been a slight increase.
Spain counts with local and national public bodies promoting an adequate legal framework, in order to ensure the progressive incorporation of industrial cybersecurity measures in national presence companies (mainly critical infrastructure). The main organizations are:
- CNPIC (NATIONAL CENTER FOR CRITICAL INFRASTRUCTURE PROTECTION)
- INCIBE (NATIONAL INSTITUTE OF CYBER SECURITY)
- CERTSI (SAFETY AND INDUSTRY CERT) FORMED BY CNPIC E INCIBE
Among the main national laws and regulations affecting in this context in Spain, Jose Valiente mentions:
- CRITICAL INFRASTRUCTURE PROTECTION LAW
- NATIONAL CYBERSECURITY STRATEGY
- ENCI (NATIONAL CYBERSECURITY INDUSTRIAL SCHEME)
Analysing the most widely adopted industrial cybersecurity measures by Spanish organizations to protect industrial automation systems, Jose Valiente highlights the application of:
- Network security measures (firewalls and IDS)
- Certified antivirus
The CCI Coordinator in Spain characterizes the industrial cybersecurity situation in his country with the following SWOT analysis:
- Lack of operational technologies certifications, processes and professionals
- Lack of specific industry cybersecurity legislation
- Public organizations driven force (industry, national issues and defence).
- Significant industrial cybersecurity innovation projects
- Awareness, especially regarding industrial critical infrastructures
- Frequent events and forums on industrial cybersecurity
- Increase of Industrial cyber security trained professionals
- Leadership and recognition in the international markets
- National industrial cybersecurity specific CERTs
- Solutions and services catalogue in industrial cybersecurity
- Application of IT security measures without discretion
- High development of industrial applications without cybersecurity requirements/li>
- Slow legislation
- Shortage of local industrial cybersecurity professionals working for manufacturers
- Shortage of specific industrial cybersecurity risk management tools
- Increased of cibersecurity demand for Industry 4.0 and the Internet of things.
- Advantage with the lessons learned from smart grid cibersecurity.
- Strategic position in the industrial cyber security sector