Interview of a CISO & DPO

Interview of Christos Syngelakis, CISO & DPO at Motor Oil Hellas Group

1/1
  • Noir Twitter Icon
  • Noir LinkedIn Icône

Companies have been investing in cybersecurity for a few years now. You as a chief information security officer (CISO), would you say that organizations are secure?

 

There is huge talk about applying cybersecurity measures in an operational technology (OT) environment. As we know, cybersecurity technologies applied first in IT environments which are safer to deal with business activities interruptions or delays. In IT environments we find signature, behavior or AI based auto prevention tools that although most of the times are accurate, sometimes are not, due to false positive alarms. In these environments we can afford this. In OT environments we cannot afford false alarms due to safety consequence. Sometimes, even if a real cyber incident is taking place, we cannot stop the production chain due to same safety issues or since stopping production may cost more than the actual event. 

There is a long way to go before we can claim that the infrastructure environment has reached a satisfactory cyber security level. This is not the problem of an infrastructure. It is a more general problem that we must deal with, as a society, in order to be able to have the promised service. The EU identified this gap and the corresponding need and, for the main body of the critical infrastructures, published Network and Information Systems Regulation, so that there is a basis and principle to address the problem. And among EU-funded Horizon 2020 programs there is the European Cluster for Securing Critical infrastructures which aims to securing critical infrastructures in Europe. InfraStress is part of this cluster. 

 

Have you seen that industrial control systems are often a sitting target for cybercriminals? 

 

The industrial environment has existed for years away from the current technological revolution. But day by day, all these have disappeared and is constantly becoming part of the connected world. This gives us many advantages, but Pandora's box can be opened. We live in an imperfect world and there are some people who do not always have good intentions.

The industrial control systems are built with safety and availability in mind but are not cybersecure by design. We must address this weakness in order to facilitate their participation in the fourth-generation industrial revolution

 

What led you to participate in the InfraStress Project?

 

Motor Oil Hellas is a complex industrial infrastructure that provides many types of energy products to society. It has a vital production on a national and international scale. Based on the sense of social responsibility, it participates in forms of research that aim to upgrade security in both the physical and digital worlds.

InfraStress is a unique funded program that combines physical safety with cyber security, taking into account the interaction between them and the impact they can have on other actors in the social environment in the form of cascaded effect. 

It was a unique opportunity to get in touch not only with solution builders and research centers but also with equally important infrastructure that each has an important role to play in its national economy.

The large number of participants in combination with the limited duration of the action, is a constant challenge as it requires proper organization and cooperation at many different levels.

 

What do you consider the most important aspect of this project? 

 

I will speak from the pilot’s view. Of course, this program has given us the opportunity to build and test tools for physical and cyber risk mitigation. But there is one more hidden benefit.  Engineers in industrial environment have their own mentality in cyber risk view. It is not something easy to jump in an industrial world and connect something, based on their feelings about the existing side risk for potentially interruption of productive cycle.  

In order to have their cooperation, you must accept them as a part of the decision team, engage them to the product selection and enrollment and prove in a safe way that the outcome will be an environment with no possibility of downtime.  

With InfraStress we have the opportunity to engage these teams to the tools production cycle giving them the opportunity to decide what part of risk they want to share with us and make them a part of the production chain. These empower all the participants and give to the created products the chance to be tested and prove, first in a simulated environment and then perhaps in real live, that these products can have significant income. 

 

Is this worth the effort so far taking into account the complexity of the project and any unexpected/raised criticality? 

 

The large number of participants in combination with the limited duration of the action, is a constant challenge as it requires proper organization and cooperation at many different levels.

Our participation as WP leaders in the implementation phase of the solutions to the pilots of the program is a special challenge. As a company we have know-how in the management of European programs, but these did not touch on digital security issues. The know-how we acquire in the management of similar programs in this field is a parallel profit that will help us in future programs that we will probably participate in.

 

What is the expected added value of this project in your infrastructure?

 

We will work with and test tools and services that aim to offer a solution to existing problems. Products will be created and tested based on each critical infrastructure needs. These products transfer generated knowledge to each other and interact with each other as their manufacturers are in a state of noble rivalry and cooperation and no competition.

Through our cooperation with the bodies that create the respective products, we hope that something innovative and efficient will emerge that will have a benefit on a practical and not just a theoretical level. 

If some of these products succeed, and their testing for some time proves their usefulness, their adoption for productive use will be the natural consequence of an efficient collaboration.

© 2020 by ATRISC. Created with Wix.com

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement n°833088

Follow us:

  • Blanc Twitter Icon
  • LinkedIn Clean