The latest and likely last addition to the S4xEurope agenda is a session I’ve wanted ever since seeing Tyler Williams from Shell present at the ARC Industry Forum in early 2015. It is a very honest session on Shell’s ICS cybersecurity failures, lessons learned and what they believe, and I concur, is a path to success. The short version is set a minimal number of key security controls for all ICS, tie to performance objectives, measure, and make results visible at the right levels.
In our experience once a company, particularly senior management and boards, get the ICS cybersecurity religion the challenge is more often to stop them from trying to do too much rather than too little. They want it all solved as soon as possible when they understand the risk. The problem is the organization and culture can only absorb so much.
Shell has some hard numbers on this, and I’m really looking forward to hearing what has happened in the program over the last 18 months.
Shell is not the only asset owner presenting at S4xEurope. Fo example Kevin Jones, Head of Product & Cyber Security Research at Airbus, will provide his views on what the Factory of the Future will look like.