View
0
Download
0
Category
Preview:
Citation preview
DNV GL © 2017 SAFER, SMARTER, GREENERDNV GL © 2017
DIGITAL SOLUTIONS
Når går IT-sikkerhet over i Cybersikkerhet?
1
5. juni 2018Erling Hessvik
DNV GL © 20172
DNV GL © 20173
We are a quality assurance and risk management company
DNV GL © 2017
DNV GL Digital Solutions~1000 experts coming together to optimize development and deliver pure data smart and digital solutions
4
DNV GL © 2017
From IT Security to Cyber Security
Information SecurityIT Security Cyber Security
5
DNV GL © 2017
IT and Cyber Security
6
Information Security
IT Security
Cyber Security
Digitally accessibleInformation
Based on von Solms & van Niekerk, Computers & Security, 2013
DNV GL ©
Cyber-physical systems are everywhere
7
Power & Water Utilities Transportation
Home Automation & IoT Food production
DNV GL © 2017
Tech unicorns and autonomous cars
8
DNV GL © 2017
What happens when there are thousands of autonomous cars?
9
USA Today, July 2017https://eu.usatoday.com/story/tech/2017/07/28/chinese-group-hacks-tesla-second-year-row/518430001/
DNV GL © 2017
Tesla Model 3 breaking issue is pure software
10
Consumer Reports, May 2018https://www.consumerreports.org/hybrids-evs/tesla-model-3-review-falls-short-of-consumer-reports-recommendation/https://www.consumerreports.org/car-safety/tesla-model-3-gets-cr-recommendation-after-braking-update/
DNV GL © 2017
How does the software handle the unexpected?
11
TechCrunch, May 2018https://techcrunch.com/2018/05/24/uber-in-fatal-crash-detected-pedestrian-but-had-emergency-braking-disabled/?guccounter=1
DNV GL © 2017
Internet of Things
12
How much security can you expect in a $10 product?
DNV GL © 2017
Attacks still fail more often than they succeed
13
Harvard Business Review, 2018https://hbr.org/2018/05/security-trends-by-the-numbers
DNV GL © 2017
Cost consequences of an attack
14
DNV GL © 2017
The effect on the global economy is significant
15
Global Opportunity Report 2017
DNV GL © 2017
There is a global lack of cyber security talent
16
Procurement Development Operation
Cyber security talent is needed to several roles
Governance Control
DNV GL © 201717
DNV GL © 2017
What should we do?
18
DNV GL © 2017
We need a coherent and standardised approach
19
We need to request sufficient security
We need standards to reuse knowledge
We need to consider the life time of
products
DNV GL © 2017
Different standards and goals for different segments
20
Industrial Control SystemsIoT The Crown Jewels
DNV GL © 2017
5 possible actions
32
Identify what you need to protect
What are the threats?
What can you improve?
Which vulnerabilities do you have?
What can you learn from others?
DNV GL © 2017
DNV GL’s Business Impact Approach
22
L 12
B 17
Revenue MNOK
Number of employees
C 8
E 12
N 24
D 8
H 6
I 5
J 8
K 16
M 8
F 9
G 13A12
O 5
S 8
A B
A
A
Hosted in branch B
Integration tools and databases, fileservers, infrastructure
Indicates cloud serviceA Hosted in branch A B
Corporate IT platformLocal IT platform
DNV GL © 2017
Learn from others: How to secure a cyber-physical system
23
Created by the industry -DNV GL’s recommended
practice shows howIEC 62443 says what to do
Openly available:
https://www.dnvgl.com/oilgas/download/dnvgl-rp-g108-cyber-security-in-the-oil-and-gas-industry-based-on-IEC-
62443.html
DNV GL © 2017
SAFER, SMARTER, GREENER
www.dnvgl.com
Takk for oppmerksomheten
33
Erling HessvikErling.Hessvik@dnvgl.com+47 95 90 77 90
Recommended