Can not See the Wood for the Trees - Too Many Security Standards for Automation Industry

Presented at DeepSec 2018 „I like to mov &6974,%bx“, Unknown date/time (Unknown duration)

Plant operators and manufacturers are currently faced with many challenges in the field of automation. Issues such as digitization, Industry 4.0, legal requirements or complex business processes that connect IT and OT are paramount. Related security problems and risks need to be addressed promptly and lastingly. Existing and newly created industry security standards (such as 62443, 61508 and 61511, 27001, ...) are designed to help to improve security. But do the different approaches of these standards fit together? Are managers of the companies and manufacturers supported or rather confused by them? The presentation provides an overview of the key security industry standards, discusses the dependency and coverage of the standards, and aims to encourage discussion about if the standards optimize general security in industrial control systems.

Presenters:

• Frank Ackermann - Yokogawa Deutschland GmbH
  Frank Ackermann has been active in the field of IT and information security for over 15 years. At renowned international companies, he worked in the core security team or examined the implementation of security solutions. Modern business processes today require a bridge between an industrialized automation environment (OT) and classical information technology (IT). This means that processes, organizations and technical measures should be designed holistically and inherently secure. All parties involved must work continuously on this.

Links:

• https://deepsec.net/archive/2018.deepsec.net/speaker.html#PSLOT386

Similar Presentations:

• AppSec USA 2017 / How To Approach InfoSec Like a Fed(eral Auditor)
• HOPE X (2014) / The Web Strikes Back - Fighting Mass Surveillance with Open Standards
• Kernelcon 2019 / Security of Industrial Control Systems: How IEC 62443 Can Help