The driving forces

Cybersecurity and Industrial Adoption

An industry perspective

2

The driving forces

Societal

Growing public concerns about data breaches, cyber attacks, identity theft, abuse of data by governments and companies

Technological

Exponential rise in the number of connected devices

Connected devices capable of physical interaction with environment

Legal and regulatory

GDPR, ePrivacy regulation

NIS directive & Cyber Act (certification framework)

eIDAS regulation

Business

Customer awareness -> monetization of security

Secure intellectual property

Cybersecurity impact on the process

M an u fact u ri n g

• SCADA security

• OT security

• Smart products

• Security by design

• Systems security

• Digital assets

S o ft w ar e

development

• Smart products

• Security by design

• Secure DevOps

S e rv ice s

• OT security

• Smart metering

- Legal and regulatory compliance - Secure data lifecycle management

- Protection of privacy, trade secrets and IP

4

Cybersecurity impact on the offer

M an u fact u ri n g

• Smart products

• Standardization and

certification

• Security as product feature

S o ft w ar e

• Smart products

• Standardization and

certification

• SaaS component supply chain

• API security

• Data processor vetting

S e rv ice s

• Privacy-aware services

• Authentication services

• Security as a service

Cybersecurity impact on the business model

M an u fact u ri n g S o ft w ar e S e rv ice s

- Digital subscription model - Digital servitisation

- Data-driven business

- Digital marketplace

6

The challenges

Industry does not keep pace with cybersecurity dynamics

Agile development processes appear incompatible with security engineering rigour

Driving forces are largely ignored (GDPR is getting noticed)

Shortage of needed skills

Organisational change is hard

The cybersecurity industrialization gap

Academic output

•Early-stage IP

•Incomplete technology validation

•Unclear market potential Industrial needs

•Validated IP

•Proven technology

•Clear market potential

Low Risk High

Risk

8

Bridging the cybersecurity industrialization gap

Academic output

• Early-stage IP

• Incomplete

technology validation

• Unclear market potential

Resources

• Brokerage

• Expertise

• Capital

Industrial needs

• Validated IP

• Proven technology

• Clear market potential

Low Risk High

Risk

Help the industry keep pace with cybersecurity

Continue raising awareness

Ensure regular short term calls to tackle dynamism

foster development of specialized industry-driven educational programs

Initiate open, sector- and technology-agnostic industry-driven calls in cybersecurity

set inclusive criteria

bridge the gap between industry & academia (brokerage, expertise, capital)

Foster collaboration within the industry and between industry and research centers

share the technical expertise (e.g. ISAC’s)

work together on the challenges: develop an ambitious partnership project to foster the Flemish cyber security ecosystem (Startups & scaleups - Technological corporates – Cybersecurity research labs)

Principles for an impulse programme on cybersecurity

10

Sirris Bojan Spasic

Project leader Software Security bojan.spasic@sirris.be

Agoria

Ferdinand Casier

Business Group Leader Digital Industries

ferdinand.casier@agoria.be