WisePlant – A WiseGroup Company

Maximillian Kon

Safety, Security & Cybersecurity Insights with Maximillian G. Kon

Connect with Max in LinkedIn

Episode 01 | Angel Lopez interviews Max. July 2024

This episode features a discussion between Angel Lopez and Max Kon about industrial cybersecurity. Max highlights the importance of ISA standards in industrial automation and cybersecurity, emphasizing his active involvement in ISA activities and training programs. Max’s journey underscores the evolution of cybersecurity in control systems and his dedication to promoting cybersecurity awareness and standards within the industry.

Tell us about yourself.

Max shares his experiences working in the industrial automation field, collaborating with the International Society of Automation (ISA), and transitioning into cybersecurity. He highlights the importance of ISA standards in industrial automation and cybersecurity, emphasizing his active involvement in ISA activities and training programs.

What is the main difference between IT and OT security?

Discusses the significant differences between IT and OT security. It highlights key distinctions such as availability, technology lifespan, and the primary focus of preventing cyber incidents in IT and preventing consequences in OT environments. The crucial dissimilarity lies in managing risks: IT focuses on preventing incidents, while OT prioritizes preventing consequences.

What is the best approach to address industrial cybersecurity?

Emphasizes the necessity of a continuous cultural change towards cybersecurity in industrial operations for end users, service providers, and manufacturers. It highlights the importance of implementing cybersecurity management programs, conducting risk assessments, mitigating risks, and maintaining long-term security measures long-term across the entire supply chain.

What are the most common mistakes that you’ve seen in the market so far?

Outlines common mistakes in industrial cybersecurity, including skipping risk assessments, copying IT security policies without adaptation, and relying solely on employee training. Practical advice is given on how to prevent these errors and improve cybersecurity practices.

What do you think is the most difficult challenge to manage or mitigate the industrial cybersecurity risk?

Discusses the challenges of managing industrial cybersecurity effectively, emphasizing the importance of doing the right things correctly. It highlights why companies struggle with implementing standards and how viewing cybersecurity as an investment, rather than an expense, is crucial for the long-term security and success of businesses.

What are the best training courses or programs for End Users and Providers?

Emphasizes the importance of investing in cybersecurity training programs, particularly the official ISA certificate training and the WisePlant cybersecurity program. It highlights the need for understanding and implementing cybersecurity requirements correctly, tailored to individual roles. The training aims to ensure project success by aligning all participants towards a common goal in the cybersecurity field.

Articles & Technical Documents

The State of Knowledge

The State of Knowledge and Risk Management in Industrial Cybersecurity with ISA/IEC-62443-3-2.

Evolving Knowledge: The state of knowledge is always changing with new discoveries and advancements in various fields.

Influences: Societal and cultural factors, as well as the availability of information, impact the state of knowledge.

Decision-Making: Effective decision-making methods include pros and cons, cost-benefit analysis, decision trees, and group decision-making.

Industrial Cybersecurity: Emphasizes the importance of managing risk and making informed decisions to prevent cyber-incidents and consequences.

  • Title: Episode 1 July 2024

    Type: Safety & Cybersecurity Insights

    Description: Angel Lopez interviews Max.

  • Clip 01 - Max, Tell us about yourself.

  • Clip 2 - What is the main difference between IT and OT security?

  • Clip 3 - What is the best approach to address industrial cybersecurity?

  • Clip 4 - What are the most common mistakes that you’ve seen in the market so far?

  • Clip 5 - What do you think is the most difficult challenge to manage or mitigate the industrial cybersecurity risk?

  • Clip 6 - What are the best training courses or programs for End Users and Providers?