Episode 02 | Mastering Industrial Cybersecurity Risk Assessment. August 2024
This episode features a discussion between Angel Lopez and Max Kon about industrial cybersecurity risk assessment. Max highlights the importance of making the right decisions as it would most probably be the only and the best chance that the plant may have. The need to use the resources of the company wisely is not an option. Furthermore, it is not about money, it is about time and opportunity.
The importance of Risk Assessment.
This video cast focuses on the importance of risk assessment in industrial cybersecurity. The speakers discuss the significance of identifying and mitigating intolerable risks through proper risk assessment practices. They emphasize the different disciplines of risk present in typical plants and stress the need for accurate decision-making based on sound analysis.
The true goals of industrial cybersecurity.
This clip discusses the importance of industrial cybersecurity in preventing consequences rather than just incidents. It emphasizes the need for strategic management of risks to ensure plant safety and longevity, highlighting the key role of correctly implemented cybersecurity measures. The interview also touches on calculating return on investment and the significance of maintaining a comprehensive cybersecurity strategy for overall business success.
The formula for calculating cyber risk.
The clip discusses the challenges of calculating industrial cybersecurity risk, emphasizing the importance of understanding and effectively implementing risk formulas, highlighting the role of system design in preventing cyber incidents, and stressing the significance of informed decision-making and proper investment in cybersecurity solutions.
The importance of ISA/IEC-62443 series.
The discussion focuses on the importance of adhering to the ISA IEC 62443-32 standard, which outlines a consequence-based methodology for risk assessment. The video also highlights the significance of a multidisciplinary approach, the integration of industrial cybersecurity risks with other risk disciplines, and the challenges posed by inertia from traditional IT cybersecurity practices.
Avoiding the typical errors.
This video emphasizes the critical need for proper risk assessment in IT practices, discusses common mistakes like skipping risk assessment, using the wrong methodology, and highlights the importance of a consequence-based approach for preventing incidents effectively.
Mastering risk analysis and decisions.
In this clip, an industrial cybersecurity expert discusses the differences between various cybersecurity standards such as 62443, NIST, and NERC, emphasizing the unique advantages of the 62443 standard in effectively mitigating risks.
Episode 01 | Angel Lopez interviews Max. July 2024
This episode features a discussion between Angel Lopez and Max Kon about industrial cybersecurity. Max highlights the importance of ISA standards in industrial automation and cybersecurity, emphasizing his active involvement in ISA activities and training programs. Max’s journey underscores the evolution of cybersecurity in control systems and his dedication to promoting cybersecurity awareness and standards within the industry.
Tell us about yourself.
Max shares his experiences working in the industrial automation field, collaborating with the International Society of Automation (ISA), and transitioning into cybersecurity. He highlights the importance of ISA standards in industrial automation and cybersecurity, emphasizing his active involvement in ISA activities and training programs.
What is the main difference between IT and OT security?
Discusses the significant differences between IT and OT security. It highlights key distinctions such as availability, technology lifespan, and the primary focus of preventing cyber incidents in IT and preventing consequences in OT environments. The crucial dissimilarity lies in managing risks: IT focuses on preventing incidents, while OT prioritizes preventing consequences.
What is the best approach to address industrial cybersecurity?
Emphasizes the necessity of a continuous cultural change towards cybersecurity in industrial operations for end users, service providers, and manufacturers. It highlights the importance of implementing cybersecurity management programs, conducting risk assessments, mitigating risks, and maintaining long-term security measures long-term across the entire supply chain.
What are the most common mistakes that you’ve seen in the market so far?
Outlines common mistakes in industrial cybersecurity, including skipping risk assessments, copying IT security policies without adaptation, and relying solely on employee training. Practical advice is given on how to prevent these errors and improve cybersecurity practices.
What do you think is the most difficult challenge to manage or mitigate the industrial cybersecurity risk?
Discusses the challenges of managing industrial cybersecurity effectively, emphasizing the importance of doing the right things correctly. It highlights why companies struggle with implementing standards and how viewing cybersecurity as an investment, rather than an expense, is crucial for the long-term security and success of businesses.
What are the best training courses or programs for End Users and Providers?
Emphasizes the importance of investing in cybersecurity training programs, particularly the official ISA certificate training and the WisePlant cybersecurity program. It highlights the need for understanding and implementing cybersecurity requirements correctly, tailored to individual roles. The training aims to ensure project success by aligning all participants towards a common goal in the cybersecurity field.
Watch the complete interview here.
Articles & Technical Documents
Evolving Knowledge: The state of knowledge is always changing with new discoveries and advancements in various fields.
Influences: Societal and cultural factors, as well as the availability of information, impact the state of knowledge.
Decision-Making: Effective decision-making methods include pros and cons, cost-benefit analysis, decision trees, and group decision-making.
Industrial Cybersecurity: Emphasizes the importance of managing risk and making informed decisions to prevent cyber-incidents and consequences.