Mr. Freddy Macho, the Industrial Cibersecurity Center Coordinator in Venezuela (CCI Coordinators Team), helps us to get in context of the state of the industrial cybersecurity in his country, and to do so, he shares with us his impressions.
He describes the level of sensitivity of industrial organizations in his country according to the following percentages:
He also affirms that the trend of recent years has remained unchanged.
Venezuela counts with local and national public bodies promoting an adequate legal framework, in order to ensure the progressive incorporation of industrial cybersecurity measures in national presence companies (mainly critical infrastructure). The main organizations are:
- Ministry of the Popular Power of Petroleum and Mining
- Ministry of Popular Power for Electric Energy
- Forensic Informatics Expertise Services (CENIF in Spanish)
- Telematic Incident Management Services (VenCERT in Spanish)
Among the main national laws and regulations affecting in this context in Venezuela, Freddy mentions:
- There is no specific law that covers Cybersecurity in industrial areas
- Law on Protection of the Privacy of Communications
- Copyright Law of August 14, 1993
- Decree with Force of Law 1,204 on Data Messages and Electronic Signatures of February 10, 2001.
- Law 48 of September 4, 2001. Special against Computer Crimes
Analysing the most widely adopted industrial cybersecurity measures by Venezuela's organizations to protect industrial automation systems, Freddy highlights the application of:
- Industrial Cybersecurity Consulting / Advisory
- Ethical Hacking
- Internal Security Audits
- Design and Architectures of Networks
- Conventional firewalls
- Encrypted Communications
The CCI Coordinator in Venezuela characterizes the industrial cybersecurity situation in his country with the following SWOT analysis:
- Lack of operational technologies certifications, processes and professionals
- Lack of specific industry cybersecurity legislation
- Lack of events and forums on industrial cybersecurity Lack of a solutions and services catalogue of industrial cybersecurity
- Lack of a catalog of solutions and services in industrial cybersecurity
- Existence of specific CERTs for Industrial Cybersecurity
- High development of industrial applications without cybersecurity requirements
- Slow legislation
- Shortage of specific industrial cybersecurity risk management tools
- Increased of cibersecurity demand for Industry 4.0 and the Internet of things.
- Advantage with the lessons learned from smart grid cibersecurity.
- Strategic position in the industrial cyber security sector Other