Digitisation is continuing its steady advance. Industrial processes are increasingly controlled autonomously by machines rather than by people aided by machines. The operation and maintenance of this industrial machinery often also takes place remotely. If these systems are vulnerable to cyber attacks, you could lose control of them and of the associated operating processes. And that could in turn put the safety of people, the environment and your production capacity at risk.

It is easier to keep ICT systems up-to-date in an office automation environment than in an industrial environment. Keeping them up-to-date will more effectively protect them against cyber attacks. In an industrial automation environment, it tends to be very difficult to keep on top of these updates. For example, when a system has been updated, you may have to have it completely re-certified before it can be taken into use again.

Yet it is important that not only your office automation but also your industrial systems are sufficiently resilient to cyber attacks, so that you can limit the impact of a potential attack on your organisation as much as possible.

Cybersecurity laws in Europe and in the Netherlands

The European Parliament also recognises the importance of cybersecurity and is encouraging EU Member States to work together in the fight against cybercrime, especially when it comes to protecting critical infrastructure such as water management, energy and telecoms. This has been formalised in the Network Information Security (NIS) Directive, which specifies that EU Member States must implement their own laws on cybersecurity. In the Netherlands, this has been transposed into national law in the form of the Cybersecurity Act, which stipulates that serious cyber incidents must now be reported to the regulatory authorities. They will monitor compliance with prescribed security measures and reporting requirements, and if necessary impose sanctions such as an administrative fine. The Cybersecurity Act covers critical infrastructure in the Netherlands, such as energy, drinking water and water management, as well as online market, cloud service and search engine providers. BDO can advise you on the consequences of the Cybersecurity Act for your organisation.

ISO-IEC62443 for industrial security

Just as there is an ISO standard for cybersecurity in the office automation environment (ISO27000), there is also one for cybersecurity in the industrial environment: ISO-IEC62443. BDO can help your organisation to implement this standard. We can also use the standard to test the degree to which your industrial environment may be vulnerable to cyber attacks and help you to define and implement any additional measures.

How BDO can help you

Our cyber team consists of a broad range of experts: IT experts, auditors, lawyers, criminologists, behavioural experts, business administration experts, change managers and cyber experts. We strive for a team composition that will always provide you with the best possible service. We offer a comprehensive portfolio of services, including:

ISO-IEC62443 support and implementation
Temporary fulfilment of the role of Industrial Security Officer
Industrial security risk assessments
Awareness campaigns
Hacking tests (such as penetration testing and vulnerability scans)
Security (ICT) monitoring (such as intrusion detection)

Contact

To find out how BDO can help you make your industrial environment comply with ISO-27001 and/or IEC 62443 security standards or whether the new Cybersecurity Act is applicable to your organisation and what its effects on your organisation might be, please feel free to contact our specialists for an informal chat.