The integration and alignment of information technology (IT) and operational technology (OT) in the industrial internet of things (IIoT) has created new challenges for cyber security. That was the key message from a high-level cyber security summit in the Chinese city of Chengdu.
Senior IEC officials were among the international experts taking part in the event, alongside executives from the Chinese internet giants Alibaba, Baidu and Tencent.
Addressing the meeting via video link, the IEC General-Secretary and CEO, Frans Vreeswijk, said that security grew exponentially in importance as devices that were once isolated became interconnected. “Bringing the ambitious visions expressed by IoT and the Fourth Industrial Revolution safely to reality will require significant efforts in standardization to enable interoperability and ensure cyber security,” he said.
Dennis Chew, Director of IEC Asia-Pacific Regional Centre (IEC APRC) spoke about the advantages of a risk-based approach based on a holistic assessment of threats and vulnerabilities. Such an approach incorporated technology, processes and people, he said.
Mr Chew highlighted the importance of combining International Standards with testing and certification, also known as conformity assessment, as opposed to treating them as distinct areas. He said that when the risk increased, stronger levels of conformity assessment were needed and that the level of conformity assessment should be appropriate to cover the level of the associated risk.
The IEC head of global advocacy, Gabriela Ehrlich, said the emergence of IIoT and the integration of physical machines with networked sensors and software, had blurred the lines between the once separate worlds of IT and OT. She identified the fact that many IT teams had little experience with the physical security requirements of OT systems as a significant challenge.
“That’s why a purely IT-led cyber security strategy is not appropriate for OT,” she said. The IEC not only provided a framework incorporating multiple Standards covering a variety of IT and OT sectors, she noted, but also an international and standardized approach to testing and certification.
Li Chunjiang, director of the certification supervision department of the Certification and Accreditation Administration of the People’s Republic of China, also underlined the importance of International Standards and conformity assessment in cyber security. Li Keqiang, the deputy director-general of China’s Cyber Security Agency highlighted the extensive participation of China in IEC standardization activities and its Conformity Assessment Systems.
Professor Edward Humphreys, who chairs ISO/IEC JTC 1/SC27, the joint IEC and ISO subcommittee on cyber security, discussed the global landscape of cybersecurity certification. He said that conformity assessment added credibility by demonstrating that products or services met the needs of consumers and regulators.
Read more posts about cyber security here