Udo Helmbrecht at Munich Security Conference on connectivity and security in critical infrastructures
Published on September 20, 2016
Udo Helmbrecht participates at the fourth Cyber Security Summit hosted by the Munich Security Conference in Silicon Valley, where on the 19th and 20th September he joins around a hundred key representatives from both the EU and the US scene, from diverse fields of the public and private sphere to debate on trending cyber challenges.
Among the speakers at the MSC panel on "Connectivity vs. Security? Critical Infrastructure under Cyber Attack", ENISA’s Executive Director, Udo Helmbrecht said that while modern economies rely on the newly developed cyber infrastructures assuring their security has become the main priority of many actors such as governments and companies, as this may have implications on the economies and business. “Dependencies of critical infrastructure across the EU increase the attack surface and the potential impact of cyber incidents”. Furthermore, critical infrastructures - such as electricity generation plants, transportation systems, manufacturing facilities – are controlled and monitored by Industrial Control Systems (ICS), including SCADA systems. The importance of continuous improvement of ICS-SCADA[1] security for critical service providers is increasingly recognized as a high priority area among European critical infrastructure operators due to its strategic impact on processes essential for uninterrupted functioning of the EU industries and economy.
It is noted that the most expensive attacks are considered to be insider threats, while DoS/DDoS and malicious insiders attack, are the two types which collectively constitute approximately half the annualized cost of all cybercrime. In terms of country loss, the costs can reach up to 1.6% of GDP in some EU countries[2] while for the global economy, loss is estimated between 330 to 506 billion euros.[3] Finance, ICT and energy sectors display the highest incident costs.
In this context it was explained how mandatory incident reporting from the telecom sector (Art. 13a of the Telecom Package) and trust service providers (Art. 19 of the eIDAS Regulation) provides an aggregated overview of incidents of significant impact. “National cyber security strategies and the recent NIS Directive help enhance cyber security from a policy perspective, setting the foundations for increased EU-level cooperation, risk management and incident reporting obligations, for operators of essential services and digital service providers. Government and the private sector can cooperate more proactively in order to not just respond, but also better deter and defend against potential cyberattacks”.
Video of the Cyber Security Summit in Stanford
Panel Discussion "Connectivity vs. Security? Critical Infrastructures under Cyber Attack"
Cyber Security Summit Stanford - Day 1 Recap
For more info visit: https://www.securityconference.de/en/
For interviews and more on the subject please contact [email protected] Tel. +30 2814 409 576
[1] ICS-SCADA: Industrial Control and Supervisory Control and Data Acquisition Systems
[2] Cost of Cyber Crime Study: France, Ponemon Institute, 2014
[3] Net Losses: Estimating the Global Cost of Cybercrime, McAfee, 2014
Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!
News items:
http://www.enisa.europa.eu/media/news-items/news-wires/RSS
PRs:
http://www.enisa.europa.eu/media/press-releases/press-releases/RSS