Spanish cloud and IT service providers have OT cybersecurity on the agenda

What else? Cybersecurity on the software supply chain in OT environments, currently the dominant IT topic, was also at the top of the list during the visit of a 20-member business delegation from Catalonia. In particular, the current asvin product for context-based risk analysis and task-proirisation “Eagle Eye” and its diverse applications were a topic of discussion. Now participants want to showcase the advanced approach to OT security in the Spanish “THE LÄND” counterpart Catalonia. Two of them provide information about this and their further findings here.

For Andrea Arenas González from the Spanish business association amec the asvin-research project “Data Chain Sec” war very interesting as it addresses how to ensure the data chain when training Artificial Intelligence, something that is a concern nowadays due to the amount of data that is collected. “On the other hand, something essential that I and my collegues took away is how to emphasize the importance and awareness of preventing cyber-attacks, especially in OT, since it is usually only addressed from an IT perspective”, Andrea said.

Asked for the importance of Cybersecurity she statet that awareness about Cybersec is becoming increasingly relevant: “Companies are getting more and more interconnected, and it may be the case that a large company has good cybersecurity, but the problem arises if it does not continue throughout the entire production chain. Hackers take advantage of the weakest link to attack and gain access to the systems, and find a vulnerability, which normally could be in supplier tier X.” Beneath that, she highlights the increasing importance of integrating automation with humans (as opposed to replacing them) and the need to anticipate potential challenges or risks, such as those related to cybersecurity, but also machine efficiency and hyperconnectivity.

In the same vein is Stefano Melchior, CEO of Barcelona-based BeChained Artificial Intelligence Technologies SL when he emphases that IIoT cyberattacks are today’s key weaknesses: “The more businesses deploy interconnected devices, the more they should take care of exponential risks. They are not manually governable, so they need methodology to prevent and exponential technology to detect weaknesses.” This is why he oved the AI based approach to avoid tampering food supply chain data (temperature), one og the issues in asvin´s “Data Chain Sec” project.

Also in his eyes businesses in Spain, regardless of their side, are not fully aware of the implication of IoT deployment and the cybersecurity risk. Therefor he at BeChained is very sensible to integrate measures to qualify the risk level, while deploying interconnection among IIoT and Cloud-based solutions: “This allows to map where the risk is more likely located and its level.” He further pointed out that to underestimate risks that we are not aware of is not a Spanish or German or European fault. More likely this depends on the speed of technology changes and wide implications. “That is why we believe that there is a need to adopt impact analysis tools to map risks inherited to any new technology adoption and deployment on a large scale. Even more, if it implies the usage of mobility communication.”

His conclusion: “The integration of different vendors and technologies increases exponentially the hurdle of protection. So, the need to deploy a framework to map distributed risk and classify risk level and associate it to related mitigation counter-measures is essential.”

About asvin: asvin GmbH is based in Stuttgart and currently has 22 employees. We develop solutions for software supply chain security. Our unique selling point is graph-based risk analysis. This enables CISOs to identify business-critical vulnerabilities on devices or segments in OT environments and prioritize protective measures. This not only saves effort and costs. Companies receive real-time status data for their cybersecurity management and can act quickly and effectively – both in the event of damage, but above all proactively and with foresight.

Contact for the press

Konrad Buck, asvin GmbH