International cybersecurity expert panel announced.

ISA Global Cybersecurity Alliance Members Schneider Electric, 1898 & Co., Dragos, and Idaho National Laboratory will serve as members of the international Operational Technology Cybersecurity Expert Panel* appointed by the Cyber Security Agency of Singapore (CSA).

“Around the world, countries are planning their approaches to the persistent and significant cybersecurity threats to critical infrastructure and industrial operations,” said ISA Global Cybersecurity Alliance Managing Director Andre Ristaino. “The US government is also painfully aware of the importance of protecting critical infrastructure, as highlighted by the recent attack on the Colonial Pipeline. This incident is only a wake-up call if you haven’t been paying attention. Our organizations have been advocating for smarter cybersecurity approaches for a decade or more through our standards committee, certification body, and most recently, the founding of the ISA Global Cybersecurity Alliance.

The 11 panel members  • Marco (Marc) Ayala (US), and is Director of Industrial Control System Cybersecurity (ICS) and sector lead at 1898 & Co, part of Burns & McDonnell • Christophe Blassiau (France), an executive member of the WEF Cyber Resilience in Electricity and Oil and Gas Communities, and senior vice-president for cybersecurity and global chief information security officer at Schneider Electric • Eric Byres (US), chief executive officer of aDolus Technology, and senior partner at ICS Secure; • Robert Hannigan (GB), the chairman of BlueVoyant; • Dr. Ong Chen Hui (Singapore), the cluster director for the BizTech Group at the Infocomm Media Development Authority; • Joel Thomas Langill (US), a managing member of the Industrial Control System Cyber Security Institute, and founder of Scadahacker; • Robert Lee (US), chief executive officer and co-founder of Dragos; • Dale Peterson (US), founder and chairman of S4 Events, and founder and chief executive officer of Digital Bond; • Maggy Powell (US), principal industry specialist at Amazon Web Services; • Zachary Tudor (US), associate laboratory director at the Idaho National Laboratory's National and Homeland Security Science and Technology Directorate;  Kazuo Yamaoka (Japan), senior solution architect at NTT Security Japan.

"Nearly 50 member companies, acting individually and as a group, are serving as subject matter experts in nearly every world region to drive adoption and usage of the ISA/IEC 62443 series of standards as the foundational basis for assessing and managing cybersecurity risk across all industry sectors.”

This will no doubt be of interest in Ireland following the catastrophic ransomware cyberattack that caused all of its Health Service IT systems nationwide to be shut down since last Friday (14 May). Recovery from this attack which will take weeks and months and at time of writing it is thought that the attackers will release some of the data including personal details of patients and clients of the service in the "dark web." 

It is alleged that the attack on the Colonial Pipeline systems led to a payment a ransom however the Irish Government have firmly rejected this. "The only thing paying a ransom guarantees is more ransomware attacks" says Ciarán Martin, founding Chief Executive of the Britain's National Cyber Security Centre. (Irish Times 22/5/2021). 

Singapore’s approach to global concerns over cybersecurity includes a defined plan created by their government and the country’s Cyber Security Agency (CSA.) CSA launched its OT Cybersecurity Masterplan in 2019, providing guidance to professionals working in OT environments with a focus on security industrial control systems. The three objectives of the masterplan are:

• To create awareness of the OT challenges faced across industries within Singapore
• To align the efforts of OT cybersecurity initiatives and to address cyber-threats, including a recommendation to leverage the ISA/IEC 62443 series of standards within the Cybersecurity Code of Practice (CCOP) as one of the key components of a strong cybersecurity approach
• To guide the development of effective cybersecurity initiatives, solutions, and to encourage partnerships with industry leaders and stakeholders

The international Operational Technology Cybersecurity Expert Panel will discuss issues ranging from governance policies and processes, evolving operational technology technologies, emerging trends, capability development, supply chain, threat intelligence information sharing, and incident response. The panel will facilitate the sharing of information between the public and private sectors with a goal of strengthening local cybersecurity capabilities and competencies, protecting critical infrastructure sectors, including energy, water, and transport.

Singapore's operational technology cybersecurity practitioners, operators, researchers and policymakers from the Government, critical information infrastructure (CII) sectors, academia, and other operational technology industries will have direct access to the experts, leveraging their knowledge to shape codes of practice, strategies for training Singapore’s workforce, the proliferation of compliance programs for devices, components, and systems, and more.

In 2019, the ISA Security Compliance Institute announced an agreement with TÜV SÜD PSB, the German training, testing, and certification giant, to conduct certification assessments using ISASecure certification specifications in South East Asia. Simultaneously, the Singapore Accreditation Council (SAC) and ISA signed a Memorandum of Understanding to provide certification body accreditations for the ISASecure® cybersecurity certification programs in the region, including the second certification body DNV GL whose Singapore office has also signed on as an ISASecure CB.

* Establishment of Operational Technology Cybersecurity Expert Panel (3/5/2021)

@ISA_Interchange @CSASingapore @IrelandISA @ncsc_gov_ie #PAuto #Cybersecurity #Singapore #Ireland