These events have arisen through organisations which are focused on industrial security, or through public entities whose purpose is to raise awareness on and disseminate new plans for supporting security improvement. This feature has not only operated at national level, but at global scale all over the world.
Events within the national territory
In the national scenario, more and more companies, associations and institutions are working on the creation and dissemination of industrial cybersecurity events. Over the past few years, we have witnessed how nowadays, industry-exclusive conferences, focused on the operating process and products offer, after the arrival of the Industry 4.0 and the Industrial Internet of Things (IIoT), talks and workshops focused on a certain cybersecurity topic. Likewise, throughout the Spanish territory, several exclusive industrial cybersecurity conferences have emerged; this shows a clear commitment of the industry to its renovation and improvement from the cyber-point of view, in order to achieve a cyber secure industry.
- CITECH (Cumbre de Industria y Tecnología): Held in Gijón on 26-29 April. This first edition of the conference dealt with different topics related to innovation, smart cars and cities and even IT for the healthcare sector. Also, there were certain synergies between companies related to the cybersecurity sector and industrial sector companies.
- Gipuzkoa IndustrySec: The Provincial Authority of Gipuzkoa organised this event on 10 and 11 May in San Sebastian. This congress is aimed at being a reference for industrial cybersecurity and, especially, informs SMEs of the importance cybersecurity plays in this sector. Demos of actual cyber-attacks were shown, as well as different points of view of industrial cyber-security by sector experts and experiences of successful cases in the sector.
- IndusSec 2018: Organised by the Basque Cybersecurity Centre together with SPRI and the Basque Government, was held in San Sebastián on 6 March. This congress is aimed at those responsible for computing, production, officers and any other positions within the company who must, in one way or another, deal with or make decisions regarding cybersecurity. Real cases of the industrial companies were presented, with the participation of different experts, who offered their point of view on cybersecurity nowadays and the new challenges that will be faced in the future by industrial companies.
- Congreso Internacional de Ciberseguridad Industrial: Once again, the Centro de Ciberseguridad Industrial has organised a double annual event, in Latin America, which this year took place in the capital of Ecuador, on 30 and 31 May and in Madrid (Spain) on 10 and 11 October. Both editions have been positioned as reference events in that sector, both the Latin American and the European ones, as they are the meeting point for all stakeholders of this sector, such as manufacturers, cybersecurity companies, engineering companies, consultancy companies or critical infrastructure operators, to mention just a few.
- La Voz de la Industria: On the other hand, the CCI holds, in different cities of the country during the year, another type of more humble events, thus taking cybersecurity to every corner of the world.
- Industria Conectada 4.0: The Ministry of Industry, Commerce and Tourism has organised the second edition of the congress in Madrid, on 26 September. Said event will be the reference meeting point for digital transformation of the Spanish industry.
- Basque Industry 4.0: Organised by with SPRI and the Basque Government in San Sebastián at the end of November. Even if this is not an industrial cybersecurity event, it allows participants to obtain an overview of the industry nowadays, as most of the industrial sector participates in it. This congress focuses on industrial innovation, as well as on technological progress in this sector; in its last edition, certain conferences on industrial cybersecurity could already be seen.
The proliferation of industrial cybersecurity-related events has not only taken place in Spain; many countries around the world are hosting this type of events. The congresses mentioned here are just a sample of the many conferences organised globally.
- S4: Organised by DigitalBond at different locations around the globe, this is probably the main event regarding industrial cybersecurity at international level. The USA edition this year was held in Miami and its equivalent European edition took place in June in Vienna. This event is also characterised by its CTF (Capture The Flag), completely oriented towards challenges on industrial devices and by its specific Challenge, a set of technical tests to try the different solutions available in the market for the protection and detection of defects within the industrial sector. All talks and workshops offered are usually of a technical nature.
- SANS Security Summit: Organised by the SANS institute, it was held in Orlando in March this year. Its main characteristic is the possibility to receive training during the days following the event. The training provided is of a technical nature and can be used, in certain cases, to prepare candidates for certification exams recognised within the industrial cybersecurity sector, such as the GICSP certificate.
- ICS Cybersecurity Conference: Organised by SecurityWeek, this conference has been held for over 10 years with two editions per year, in the Americas (October) and another one in Asia (April). Considered to be the longest-running cyber security-focused conferences, it is a meeting point for stakeholders from all the critical-infrastructure related areas, and is the perfect environment for those wishing to exchange ideas on the latest cyberattacks, and to enjoy different talks and trainings offered during the event. Each edition focused on an industrial cybersecurity topic; for 2018, it will deal with "threats to infrastructure operators, operation centres and substations".
- Kaspersky Industrial Cybersecurity Conference: Kaspersky is in charge of promotion security in Russia with this conference, held in October. It is notable for the presence of several international experts, as well as for the quality of its conferences. Also, this year a CTF has been organised on industrial control systems; coming editions are likely to deal with the Internet of Things (IoT).
- Meridian: Meridian Process is in charge of giving shape to this conference every year in a different part of the world during the last quarter of the year. This year, the conference will be held in Seoul on 19 and 20 October. It brings together the governments of several countries, where their initiatives for IC cybersecurity are set out.
Trends in upcoming events
Over the coming years, we might see more cybersecurity-related events, which help raise the awareness of all stakeholders involved in this sector and which, thanks to the synergies and collaborations generated by this type of event, allow efforts to be focused on a cyber secure international industry. The trend indicates that the content of the conferences and events will be of an increasingly technical nature, as little by little, more and more researchers are focusing their efforts on researching and discovering the vulnerabilities of industrial control systems. The trend in industrial cybersecurity is oriented towards the monitoring, both of events (logs) and networks (defects), as well as new techniques and means to apply encryption to communication. Other aspects, such as segmentation, are already solidly established, but must not lose their focus.
The efforts to disclose cybersecurity to raise awareness of the interested parties and promote the values provided must continue, both from the public administrations and from the private entities. The message has already got through the management personnel of companies; now, it is important to increase the technical nature of conferences, and make them more oriented towards the operators and the personnel who operate the process every day.