Cybersecurity and Industrial Adoption
An industry perspective
2
The driving forces
Societal
Growing public concerns about data breaches, cyber attacks, identity theft, abuse of data by governments and companies
Technological
Exponential rise in the number of connected devices
Connected devices capable of physical interaction with environment
Legal and regulatory
GDPR, ePrivacy regulation
NIS directive & Cyber Act (certification framework)
eIDAS regulation
Business
Customer awareness -> monetization of security
Secure intellectual property
Cybersecurity impact on the process
M an u fact u ri n g
• Factories• SCADA security
• OT security
• Smart products
• Security by design
• Systems security
• Digital assets
S o ft w ar e
• SaaSdevelopment
• Smart products
• Security by design
• Secure DevOps
S e rv ice s
• Utilities• OT security
• Smart metering
- Legal and regulatory compliance - Secure data lifecycle management
- Protection of privacy, trade secrets and IP
4
Cybersecurity impact on the offer
M an u fact u ri n g
• Smart products
• Standardization and
certification
• Security as product feature
S o ft w ar e
• Smart products
• Standardization and
certification
• SaaS component supply chain
• API security
• Data processor vetting
S e rv ice s
• Privacy-aware services
• Authentication services
• Security as a service
Cybersecurity impact on the business model
M an u fact u ri n g S o ft w ar e S e rv ice s
- Digital subscription model - Digital servitisation
- Data-driven business
- Digital marketplace
6
The challenges
Industry does not keep pace with cybersecurity dynamics
Agile development processes appear incompatible with security engineering rigour
Driving forces are largely ignored (GDPR is getting noticed)
Shortage of needed skills
Organisational change is hard
The cybersecurity industrialization gap
Academic output
•Early-stage IP
•Incomplete technology validation
•Unclear market potential Industrial needs
•Validated IP
•Proven technology
•Clear market potential
Low Risk High
Risk
8
Bridging the cybersecurity industrialization gap
Academic output
• Early-stage IP
• Incomplete
technology validation
• Unclear market potential
Resources
• Brokerage
• Expertise
• Capital
Industrial needs
• Validated IP
• Proven technology
• Clear market potential
Low Risk High
Risk
Help the industry keep pace with cybersecurity
Continue raising awareness
Ensure regular short term calls to tackle dynamism
foster development of specialized industry-driven educational programs
Initiate open, sector- and technology-agnostic industry-driven calls in cybersecurity
set inclusive criteria
bridge the gap between industry & academia (brokerage, expertise, capital)
Foster collaboration within the industry and between industry and research centers
share the technical expertise (e.g. ISAC’s)
work together on the challenges: develop an ambitious partnership project to foster the Flemish cyber security ecosystem (Startups & scaleups - Technological corporates – Cybersecurity research labs)
Principles for an impulse programme on cybersecurity
10