On 29 April, the Cyber Security Council published their advice on digital security of Industrial Automation & Control Systems (IACS) in the critical infrastructure of the Netherlands. The advise was offered to the relevant ministries and supervisors and contains three measures that must be considered as a whole in order to provide more insight, overview and robustness of the IACS and thus the digital security of our society.
The three measures are:
1. Critical sectors without exception have their own sectoral IACS control framework. Where necessary, supervision is strengthened proportionately.
2. Knowledge about IACS is bundled and the sharing of (classified) IACS threat information is facilitated.
3. Administrators of IACS are better supported in the purchasing process.
Did you know that HSD Office is also active on this topic, particulary on the bundling of knowledge and the sharing of IACS threat information. For example HSD Office organises OT (Operational Technology) round tables, from which recommendations are periodically given to the Digital Future Committee of the House of Representatives with the aim of increasing the digital resilience of IACS and thereby reducing cyber security risks. The programming of HSD Office focuses on both digital resilience of the Critical Infrastructure and Industrial Security in the broadest sense.
The diverse pallet of organisations participating in the OT round tables will jointly develop several activities in 2020 to contribute to the Dutch digital resilience:
- Organising an digital HSD Café about OT / IoT / iT and the digital resilience of the Netherlands with regard to IACS (28 May).
- Providing an article with findings from the survey on OT / IoT / IT.
- OT / IoT / IT interpretation study.
- Organising a peer review of an IACS project with OT / IoT / IT components. Other organisations are participating in an recently carried out Digital Resilience (DW) -IACS project.
The goal is to learn more about process improvement in combination with DW-IACS knowledge- and innovating product within a, best-practice portfolio.
Source: Cyber Security Raad (CSR)