Many engineers from companies, but also some sellers of cybersecurity solutions, do not fully understand the amplitude of the phenomena associated with cyber security activity, said Cristian Cucu, ex-Government CIO & member of the CIO Council, during the DigitALL 2023 conference, organized by Energynomics.
“There is a huge gap in the understanding of cybersecurity phenomena from the engineering side of things, and this gap extends from the engineers who operate the SCADA stations to the solution vendors. It is effectively a gap of understanding of the amplitude of cybersecurity phenomena on all levels,” said Cucu. That is why the incidents that take place in the operational technology (OT) area represent “a huge surprise” and produce devastating effects.
This lack of understanding is based on several causes, one of which is the “set and forget” mentality specific to OT operations. Many companies have become accustomed to the fact that some equipment, once installed, will continue to work for long periods of time, without considering the risks of it being attacked by malicious actors.
“In IT, things are the other way around, because you have to monitor everything on a daily basis so that everything is working according to what it has to offer,” said Cucu, adding that in the OT sector the vast majority of attacks are based on the availability of equipment, which what makes them vulnerable.
For this mindset to change, vendors of cyber security systems and solutions need to adapt their messaging to their potential customers. In addition, responsibility for cybersecurity operations must be shared between the manufacturers and vendors of these systems and their users.
The DigitALL 2023 conference was organized by Energynomics, in partnership with the CIO Council and with the support of our partners Eaton Electric, Huawei, NextGen, Schneider Electric, Siemens.