The 2016 Business Insurance Risk Summit was a great opportunity for the insurance and risk managers to get an initial understanding of the issues associated with ICS cyber security and what it can mean to insurance risk.
On March 22 to 23, 2016, I attended the Business Insurance (BI) Cyber Risk Summit in New York City. I believe getting the message out about Industrial Control Systems (ICS) cybersecurity to the insurance industry and to Wall Street rating agencies is very important as they can influence end user behavior where attempts at regulation have not succeeded.
There were approximately 120 attendees. Most of the discussions were around IT risk. The ICS issues were new to many (I presented at a previous BI conference in September in San Francisco).
A few of the key points were:
ICS cyber incidents are real and can be very costly
There are minimal ICS cyber forensics or appropriate training so many ICS cyber incidents will not be identified as cyber
Loss control engineers generally are not trained to address ICS cybersecurity
The recent Ukrainian cyber attack should be a wake-up call to risk managers as it can happen here. Most U.S. utilities are unprepared, and the attack vectors can also impact other industries.
There was progress as we had a lunch breakout on power grid hacking that someone else had proposed. The breakout session noted the following:
It will take time before the cause is known (was it really cyber)
If there is no damage, it could take 2-3 days before power is restored
Restoration will be on a priority basis based on life safety, etc.
Restoration teams are preassigned
Maintain order in workplace
Transportation can be an issue due to road/bridge closures (need prearranged passes for utility vehicles)
Alternate communications (and batteries) need to be available - AM/FM radio, satellite phones, etc.
Crisis management needs to be strengthened for cyber
Manual back-ups need to be available and crews need to be trained to use the them
Lack of mutual aid can be an issue if there are cyber attacks against multiple utilities
There was a session on securing supply chains. The three speakers viewed supply chain in its “retail concept.” That is, workplace injuries in “sweat shops” in Southeast Asia and other “supply chain” impacts such as delays in getting finished goods to the retailer. The concept of ICS supply chain issues such as where do the computer chips come from and what is embedded them, was not discussed.
This was a great opportunity for the insurance and risk managers to get an initial understanding of the issues associated with ICS cyber security and what it can mean to insurance risk.
The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...
Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...
Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...
Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...