In 2019, the NIS legislation came into force in Belgium, prompting many companies to increase their cyber security efforts. "There have been clear steps in the right direction. Where the focus used to be mainly on the IT environment, we now also see attention on the security of industrial equipment and critical infrastructure. This is necessary, as many companies have made the switch to Industry 4.0, making them easier prey for hackers,” states Wim Van Langenhove, Head of Cybersecurity Advisory Services at Orange Cyberdefense Belgium.
More and more systems and processes are interconnected; as a consequence, more people have access to sensitive company information. "Once a hacker gets hold of that data, he can manipulate equipment, and cause a lot of damage to a company. Look at what happened at Picanol, for example. Fortunately, we can learn from such attacks. The importance of creating extra barriers and segmenting company networks becomes clear," adds Dirk Daems, Senior ICS Security Consultant at Toreon.
Raising awareness
Nevertheless, the human factor remains decisive. 80% of successful cyber attacks can be attributed to human error. "That is why we need to create more awareness, especially among people on the shop floor. Every company should have a structured, overarching approach that maps out all cyber risks and involves multiple actors, including suppliers", Wim continues.
However, getting everyone on board is not so easy. The OT/ICS Focus Group acts as a lever to put cyber security on the agenda. "During our sessions, we try to reconcile IT and OT professionals. The group is very diverse, which creates a nice dynamic. Our members can implement the ideas from the sessions within their own organisations."
Taking a leading role
The Focus Group has already addressed five themes: Anticipate, Identify, Detect, Respond and Recover. Wim Van Langenhove explains, "We have based our approach on the NIST Cyber Security Framework. Each pillar is treated separately, and we dive deep with keynotes. For example, how to set up a cyber security structure within an organisation. We also strive to inspire each other with practical examples. We keep the sessions as interactive as possible, so that everyone can learn from them.”
"At the same time, we also try to respond to current events, and pay particular attention to new technologies,” adds Dirk Daems. "After all, the cyber world evolves continuously. Thanks to the Coalition, we are in the front row. By uniting forces, we progressively gain insights that help to reconcile the IT and OT professionals and set the tone for a strong cyber security approach in Belgium."