The Industrial Cybersecurity Center in United Kingdom

Team

Maite Carli García

Maite Carli is Communication Manager and European Coordinator at the Industrial Cybersecurity Center. Specialized in administration of networks and communications, industrial critical infrastructures, industry 4.0, data analysis technologies in the Health sector and industrial cybersecurity, having done several courses and a master. She has developed her professional career in the United Kingdom for 9 years.

Luciano Manfredi

Luciano is Coordinator of the Industrial Cybersecurity Center in the United Kingdom. He works as Head of Cyber Security Advisory (Competent Authority) at Office of Gas and Electricity Markets (Ofgem) the energy regulator in the United Kingdom. His team leads the implementation of the NISR (Network and Information Security Regulation) Cybersecurity regulation, promoting and supporting […]

Dr. John McCarthy

Dr. John McCarthy is an authority on CyberSecurity strategy, development and implementation. John is also a leading expert on social engineering awareness training and best practice. He holds a PhD in CyberSecurity and e-Business Development and is an internationally recognized author of a number of academic papers discussing all aspects of CyberSecurity in the modern […]

Dr. John McCarthy and Luciano Manfredi, the Industrial Cibersecurity Center Coordinators in United Kingdom (CCI Coordinators Team), helps us to get in context of the state of the industrial cybersecurity in their country, and to do so, they share with us their impressions.

They describe the level of sensitivity of industrial organizations in their country according to the following percentages:

They also affirm that the trend of recent years has exponentially grown.

United Kingdom counts with local and national public bodies promoting an adequate legal framework, in order to ensure the progressive incorporation of industrial cybersecurity measures in national presence companies (mainly critical infrastructure). The main organizations are:

  • CNPI
  • Local governemnt
  • National Cyber Security Centre
  • Department for Digital, Culture, Media and Sport (NIS Regulations)
  • Department for Buisness, Energy and Industrial Strategy, Ofgem+H&S
  • Ofcom / Defra / Ofwat / Office for Nuclear Regulation (ONR)
  • Civil Aviation Authority

Among the main national laws and regulations affecting in this context in United Kingdom, Dr. John McCarthy and Luciano Manfredi mentioned:

  • Computer Misuse Act
  • Network and Information Security Regulations 2018 (NIS Regulations)
  • General Data Protection Regulation (GDPR)
  • Communications Act 2003
  • Privacy and Electronic Communications (EC Directive) Regulations 2003

Analysing the most widely adopted industrial cybersecurity measures by United Kingdom's organizations to protect industrial automation systems, Dr. John McCarthy and Luciano Manfredi highlight the application of:

  • Industrial cybersecurity consulting / advisory
  • Internal security audits
  • External security audits
  • Network design and architectures, Development of continuity and / or contingency plans, Backups
  • Compensating controls / Hardening (mostly for legacy systems)
  • SIEM (Security information and event management)

The CCI Coordinators in United Kingdom characterize the industrial cybersecurity situation in their country with the following SWOT analysis:

Weaknesses

  • Lack of operational technologies certifications, processes and professionals

  • Legacy infrastructure

Strengths

  • Public organizations driven force (industry, national issues and defence).

  • Awareness, especially regarding industrial critical infrastructures

  • Increase of Industrial cyber security trained professionals

Threats

  • Shortage of specific industrial cybersecurity risk management tools

  • Application of IT security measures without discretion

  • High development of industrial applications without cybersecurity requirements

Opportunities

  • Increased of cibersecurity demand for Industry 4.0 and the Internet of things.

  • Strategic position in the industrial cyber security sector

Activities

2nd Annual Oil & Gas Security Summit – London – June 12 & 13

On 12 and 13 June, will take place in London this conference dedicated specifically to the study of techniques for the prevention and mitigation of threats to oil and gas facilities, both at sea and on land.

XVI International Congress of experiences in Industrial Cybersecurity. Europe

As a fundamental part of its activity, the Industrial Cybersecurity Center (CCI) will hold its XVI Industrial Cybersecurity International Congress in Europe from September 28th to 30th (9:00 to 14:00 CEST), one of the benchmark events for the European market, and a meeting and exchange point of knowledge, experiences and relationships of all the actors […]