5 Questions on Critical Infrastructure with Ryan Wessels
Ryan Wessels, Information Security Manager, Schreiber Foods, Tells Qatalyst Global his Thoughts on the State of Cyber Security in Critical Infrastructure
What three Cyber Security trends do you see happening within the Critical Infrastructure Industry?
Specifically within critical infrastructure, user awareness. We have users today who traditionally haven’t been considered full network users, they may be factory floor workers, manufacturing workers for example who haven’t traditionally used a PC. Today they are just as much of a threat, if not more of a threat to critical infrastructure in computing devices as regular users because of their IT awareness, or lack thereof.
Ransomware is another trend. We’ve seen enough technology in that, it’s certainly a growing problem.
User life cycle management, again this relates to my first point where you have these individuals that don’t traditionally use PCs in the same way that an office worker or I would. It’s important to ensure provisioning and ongoing maintenance when workers for example change jobs, or their job functions change.
Is the Industry prepared to handle these trends? Or is this a serious issue that needs to be addressed?
It probably depends on whether or not you are under some form of regulation. Those that have to be prepared almost by default because of their industry regulations will be better prepared. I think industries and organisations that haven’t had to abide by regulations may be caught more off guard.
From your experience at Schreiber Foods do you think it has become accepted that Cyber Security is no longer just an IT issue, but an issue for a company as a whole?
Specifically at Schreiber Foods, yes it’s become accepted that it is not only just IT related. Probably 5 to 10 years ago when you said IT security, everybody thought firewalls, antivirus and so on, yet today, at least at Schreiber Foods, it’s certainly become more of a cultural fixture than just simply technical and for IT to deal with.
You are moderating the opening panel at the ManuSec USA Summit in October, on: ‘Insuring that your company will support security effort and improving your employee awareness through training’. If there is only one key point that you would like the audience to take away from your presentation, what would that be and why?
Supports of an attack is key. Our security awareness and security programmes in general would not approach any form of success without the buy in from the executive board of directors.
Finally, what are you most looking forward to at the event?
Attending an event that’s focused specifically in the area of industrial control. When you think of industrial control systems in general, they tend to lag 5+ years behind normal computing technology when it comes to security, so attending an event that focuses specifically on an area that seems to have been neglected for so long in our community is what I’m most looking forward to.