In this era of digital transformation, technologies cannot become a pain for organizations, it must be the answer that adds value. That is why it is so important to identify and know the ecosystem in which the transformation strategy is going to be developed, which makes a difference with respect to digitalization.
Eric Cosman, chairman of ISA99 Committee, explains that standards, guidance, and direction are available from several sources, but surveys and anecdotal reports have shown that many still struggle with how to turn this information into effective programs. Suppliers have a clear imperative to improve their products, but asset owners often struggle with how to get started. Practical approach into cybersecurity is very hard to find in the market, still today.
When the owner of the industrial plant has the possibility of having the best of both worlds, the best control systems and the best security. When the consequences occur the damage is done, and there is no turning back. That is why we say that it is never too late to deal with security (redesign), but the sooner much better (design).
We continue to watch as many professionals with vast experience in Information Security, industrial companies taking action, renowned cybersecurity consultancies, government organizations and technology developers are wrong (by far) when it comes to mitigating industrial cyber risk. One of the main mistakes is to implement the same strategies as in industrial information security.
There are many myths around industrial cybersecurity, beliefs that have been generated in collective thinking by mistake, lack of knowledge, lack of experience, lack of information, and even disinformation.
During the assessment of industrial cyber risks with the industrial cyber risk management system "ZCM-RM-ASSESS" we can mitigate the risk of vulnerabilities that do not yet exist or that are unknown. The unique methodology developed within the ZCM system allows long-term decisions to be made that are appropriate for industrial areas.