The Industrial Cybersecurity Center in United States

Team

Patrick Miller

Patrick Miller has dedicated his career to the protection and defense of critical infrastructures as a trusted independent security and regulatory advisor. He is the CEO of Ampere Industrial Security, as well as the founder, director and president emeritus of EnergySec and US. Coordinator for the Industrial Cybersecurity Center. Patrick’s diverse background spans the Energy, […]

Patrick Miller, the Industrial Cybersecurity Center Coordinator in United States (CCI Coordinators Team), helps us to get in context of the state of the industrial cybersecurity in his country, and to do so, he shares with us his impressions.

He describes the level of sensitivity of industrial organizations in his country according to the following percentages:

He also affirms that the trend of recent years has been a slight increase.

United States counts with local and national public bodies promoting an adequate legal framework, in order to ensure the progressive incorporation of industrial cybersecurity measures in national presence companies (mainly critical infrastructure). The main organizations are:

  • Department of Homeland Security
  • Federal Energy Regulatory Commission
  • Environmental Protection Agency
  • Federal Trade Commission
  • Federal Communications Commission

Among the main national laws and regulations affecting in this context in United States, Patrick mentions:

  • NERC CIP
  • TSA Pipeline Safety Regulations

Analysing the most widely adopted industrial cybersecurity measures by American organizations to protect industrial automation systems, Patrick Miller highlights the application of:

  • Industrial cybersecurity consulting / advisory
  • Implementation of safety management systems
  • Network design and architectures
  • Conventional firewalls
  • Industrial firewalls
  • Encrypted communications
  • Whitelisting

The CCI Coordinator in United States characterizes the industrial cybersecurity situation in his country with the following SWOT analysis:

Weaknesses

  • Lack of operational technologies certifications, processes and professionals

  • Lack of specific industry cybersecurity legislation

  • Lack of (under-appreciation) of the risk

Strengths

  • Frequent events and forums on industrial cybersecurity

  • Leadership and recognition in the international markets

  • National industrial cybersecurity specific CERTs

Threats

  • Application of IT security measures without discretion

  • High development of industrial applications without cybersecurity requirements

  • Slow legislation

  • Shortage of local industrial cybersecurity professionals working for manufacturers

Opportunities

  • Strategic position in the industrial cyber security sector

Activities

Publication of the first study on the state of Industrial Cybersecurity in the utilities of the United States

This document, published in English, presents the results of the study carried out to 55 utility managers from the United States. It provides an interpretation of the collected data based on the knowledge and experience of its editors.

XVI International Congress of experiences in Industrial Cybersecurity. Europe

As a fundamental part of its activity, the Industrial Cybersecurity Center (CCI) will hold its XVI Industrial Cybersecurity International Congress in Europe from September 28th to 30th (9:00 to 14:00 CEST), one of the benchmark events for the European market, and a meeting and exchange point of knowledge, experiences and relationships of all the actors […]