From data diodes to NIS II: this was the Industrial Cyber Security Event

There is a buzz of mainly low voices when I enter the 1931 Congress Center in Den Bosch. With a cup of coffee and a piece of fruit in hand, I take a seat in the large room. “It's better to turn off your Bluetooth, because of the security of your data,” a fellow visitor tells me. He glances at my laptop and immediately spots the blue icon. It is immediately clear: the visitors of the FHI Industrial Cyber Security Event have a passion for the theme. 

“It is good that the NIS II guideline is being discussed in such detail. That is why I am attending this event. And for networking, of course.” - Visitor 

Secure connection

“When it comes to safety, the importance of collaboration is paramount,” says Maarten de Caluwé, Technical Architect at Dow Chemical and also chairman of the ICS Event. “It requires collective wisdom, partnership and innovative thinking.” The purpose of this event is to share insights, engage in discussions and jointly arrive at the best solutions to connect OT and IT in a secure manner.  

In depth with data diodes

Tomorrow will be a lot safer than today: that is what Maurice Snoeren wishes (OT security officer at RWE) to the companies present. He inspires the audience with his keynote about the risks associated with linking OT and IT and about data diodes. He goes quite in depth. Plenty of photos were taken of his presentation. The audience is so curious about more that there is not enough time to answer all the questions. Fortunately, Maurice will soon be at one of the many stands to talk to visitors.  

Sparring about NIS II

In the attractively decorated hall we have plenty of time to discuss what we have just heard. I am not short of anything: sandwiches, fruit, a hearty snack and drinks have been thought of. 

With a Bossche bun in hand, I meet Jacolien Frentz, industrial automation project manager at FHI. I ask her why an event like this is organized. “The need is increasing: the NIS II directive is being converted into Dutch legislation. From 2024, everyone must meet the stricter security requirements of the NIS II. Companies in the operations industry know this, but the details are lacking. That's why they get all kinds of tools and tips here to get started.” 

Your own program

Our paths part. Visitors all go in different directions – on to the next interesting speaker. Because prior to the event, everyone put together their own program. It went like this: in the app I found the complete program with two plenary and twenty-three individual lectures; I chose the speakers and topics that interested me most. I attend a total of eight lectures of about half an hour. 

 “Choosing your own program is nice. Especially if, like me, you come to orientate yourself on what is going on in cybersecurity.” - Visitor  

A good preparation 

I continue my way to Mischa van der Geld and Bart Scholten from Kiwa Nederland. Together they explain in detail what the IEC 62443 entails. The most important conclusion is: prepare yourself. And see what impact the NIS II has: which standards frameworks are there and which ones suit your organization best?  

In the packed room at MODELEC and TXOne, Yuri Nijdam and Christian Søgaard Nielsen speak, based on the credo: Keep the operation running. 

Ransomware 

Lucas van den Berg from Trend Micro talks about ransomware with charisma. How do professional hacking organizations work? He opens a book about it. And that causes a lot of surprise and outrage. When he shares a true case of a major ransomware attack, the audience nods in agreement and there is recognition. Lucas ends the lecture with an endless list of what to do to prevent such an attack. He has a lot of laughs on his hands and we leave for the lunch buffet in a positive mood.  

One thing is striking: whether you come to the Industrial Cyber Security Event as a newcomer or as a seasoned IT professional, you will go home with new insights. And that blue Bluetooth check mark? That will be turned off from now on.