‘Clear international rules, and their statutory application, including and above all to IoT (Internet of Things) devices are needed to guarantee industrial cyber security. Considering the importance of the industrial sector for EU member countries, Europe must act as leader on standardization efforts, affirms Roberto Siagri, CEO and president of Eurotech, in Paris following a meeting on Cyber Security and European countries. According to Gartner: this year 5.8 billion industrial devices will be connected at a value of 389 billion dollars. With the interconnection of industrial systems and the ever-increasing diffusion of IoT devices, the challenge to protect OT (Operational Technologies) environments or connections with industrial machinery emerges. Security issues in the OT area are the biggest factor determining investment in digitization, as a security incident can halt production or paralyze critical infrastructures. Moreover, security issues bear the added risk of service loss in general. The digital security (cybersecurity) of machines must therefore be placed at the top of the agenda. A strong cyber-resilience requires a systemic and collective and far-reaching approach. Cybersecurity represents a common social challenge. Siagri further asserts, ‘A European cybersecurity certification framework would give companies not only a set of clearly defined rules, it would eliminate the need to dictate ad hoc certification processes, which could not be uniformly implemented between sectors, thus creating uncertainty and delays in investments in digitization’. The directive on networks and information systems security (“the NIS directive”) is the first legislation on cybersecurity adopted at the EU level. It was designed to strengthen resilience by increasing national cybersecurity capabilities, fostering better cooperation between Member States and calling on companies in important economic sectors to adopt effective risk management practices and report serious incidents to national authorities. Corresponding actions are necessary in the IoT area.
‘The use of AI and Machine Learning algorithms for IT security management grew significantly in 2019, from 22% to 45% in companies that employ such measures. The increase was foremost in monitoring the behavior of systems and people to detect potential threats, in identifying phishing attempts and in preventing possible fraud. These steps are closely followed by the analysis and management of incidents, and the identification of vulnerabilities in the software development phase. ‘The application of artificial intelligence on security systems improves and facilitates the immediate diagnosis of a security threat’ – continues Siagri – ‘and permits the identification of anomalous behaviors that can hide new cyber attacks’. The NIS Directive, which promotes a culture of risk management and the reporting of accidents among the main economic operators, was implemented in Italy on 24 June 2018 but, initiatives for compliance are sluggish and overdue. The Cybersecurity Act, adopted 27 June 2019, with the aim of creating a European framework on the IT security certification of ICT products and digital services, will produce the first real effects in the upcoming years.