The new CYBERSECURITY scenario
“Cybersecurity is the set of practices, processes, and technologies designed to manage the cyberspace risks arising from the use, processing, storage and transmission of information used in industrial organizations and infrastructures, using the perspectives of people, processes and technologies.” (Source: Industrial Cybersecurity Centre, CCI).
Cybersecurity is a need and an essential requirement in the fast-paced and ever-growing IT markets and applications, extending from the demanding field of new industry (e.g. 4.0) to today’s end-consumer environments and the new Internet of Things (IoT) applications. Traditional compliance-oriented cybersecurity approaches are insufficient and obsolete. The growing demand is accompanied by a combination of real public cases of vulnerabilities and attacks on services and content, together with a confusing regulatory situation and standardized tools that allow the industry and its users to establish common criteria for protection and security against cyber threats.
Despite this demand, security regulations for IT threats have not been able to adapt to the rapid evolution of the deployment of new services and industrial applications (e.g. 27001 and 61508). Only in the most critical sectors, such as aeronautics, energy or special installations, and obliged by recent legislation (e.g. GDPR, NIS, Spain’s LPIC, etc.), have concise regulatory frameworks been established that allow for the correct deployment of protection and tools to provide adequate levels of cybersecurity.
The vulnerabilities of SCADA systems (Supervisory Control and Data Acquisition systems that help improve remote decision-making from a control room in Industry 4.0.) in the industrial environment, the uncertainty about how to apply cybersecurity in smart home and IoT systems, and the risks of implementing systems that are increasingly interconnected with masses of confidential data without a common security criterion, have resulted in standardisation bodies (IEC / ISA99) developing a new family of standards that are much more flexible, appropriate and powerful than those existing to date. The IEC 62443 family of standards unifies the safety and security requirements demanded by industry and those providing services to end-users.
The company has developed an application methodology based on IEC 62443 that allows the homologation and certification of IT systems and products, giving evidence of cybersecurity, reducing risks, allowing clients to differentiate their systems and products from the competition, and offering better benefits to consumers.
This post is also available in: Spanish