How can safety and security be jointly assessed to resolve conflicts, and what role can bowtie analysis play to realise the vision of integrated safety and security? These were the topics discussed on 28 March 2018, at the ‘Integrated approach to safety and security’ event in London, hosted by TÜV Rheinland’s Risktec and CGE.
TÜV Rheinland Blog - Stories from Asia and Africa
As the number of applications developed explodes, the prospect of performing Application Penetration Testing on each application, with limited budgets and scarce resources, becomes increasingly daunting and seemingly impossible. Application risks will never be sufficiently mitigated by relying on automated scanning alone. Typically, there are three main dynamic options practiced today, and they vary in coverage, accuracy, and cost.
The cybersecurity field of operational technology (OT) is buzzing as companies increasingly realise that their production systems, manufacturing plants, chemical processing plants, or industrial control systems are at risk from cyber-attacks. This realisation is fuelled by a big uptick in hacker interest as such systems are insecurely connected to the internet and compromising them is a change from stealing credit card information.
In response to cybersecurity concerns, companies often claim that their OT systems are air gapped and not connected to the internet — so they are immune from cyber attacks via this route. The bad news is that upon further investigation, in almost all instances, such claims are found to be incorrect. The reality is that connections abound and systems light up with data flows without the company even knowing about it.
The number of cybersecurity related incidents in industrial security and industrial control networks has risen in every region in recent years, and there have been well publicized reports of sophisticated malware and threat actors disrupt-ing safety critical industrial operations.
This has raised concerns about cybersecurity vulnerabilities across all types of industries.
The trend to digitization and system inter-connectivity means that operational technology engineering and opera-ting personnel may not realize the full extent of cybersecurity vulnerabilities they face and are thus inadequately prepared to deal with potential attacks.
TUV Rheinland announces the launch of its global Industrial Cybersecurity Centre of Excellence (CoE) based in Kuala Lumpur, Malaysia. The Centre of Excellence will address the cybersecurity needs of its industrial clients such as manufacturing companies, plant operators, energy and utility companies, transportation and transit system operators to secure their operational technology landscape. In a rapidly evolving digitalization of markets across all businesses there is a significant need and demand for deep Industrial Security skills and expertise that this Centre of Excellence will continue to develop worldwide.
TÜV Rheinland announced its plans to further develop a regional GDPR centre of excellence in Japan aimed at helping its clients across industry sectors. This would address the rapidly growing need in Japan to better understand and implement GDPR requirements.
The Smart Home topic is catching on. More and more manufacturers are developing intelligent solutions offering greater comfort and security within our own four walls. That means that more and more devices are having to harmonize and communicate using the same language. Both organizations and consumers are affected by the increasing complexity. From controlling the temperature with an app to automated camera recordings to intelligent locking systems – at the end of the day, the applications in the Smart Home environment have to work smoothly.
TÜV Rheinland and OpenSky, a wholly owned subsidiary of TÜV Rheinland, are thrilled to be selected by RSA as “RSA Archer Suite Partner of the Year” for the second year in a row. The leading providers of Enterprise Risk Consulting, Cybersecurity and Infrastructure Solutions have been awarded for their leading Archer Practice and GRC business, which is part of the whole "Digital Enterprise. Protected" services portfolio.
An international team of security researchers has discovered serious security vulnerabilities in CPUs. The processor vulnerabilities potentially allow attackers to gain access to sensitive data such as passwords, user data or confidential information.
DAkkS, the accreditation body for certification bodies in Germany accredited TÜV Rheinland to be an ISA Security Compliance Institute (ISCI) certification body. TÜV Rheinland authorization to issue certificates of conformance for the ISASecure® control systems cybersecurity certification scheme based on IEC 62443 came into effect at the beginning of July 2017. ISASecure® Conformity Assessment is a standards-based certification scheme that assesses the cybersecurity of control systems and components to the IEC 62443 international standards governing control systems cybersecurity.