Council member Claudia de Andrade-de Wit on the importance of cyber-resilient IACS

Welcome. Could you please introduce yourself?
My name is Claudia de Andrade.
I'm a member of the Cyber Security Council CSR...
on behalf of the CIO Platform Nederland, of which I'm a member of the board.
In every day life I am Director Digital & IT at the Port of Rotterdam.
How important is cyber resilience for the Netherlands?
For me this hugely important.
In recent years digitisation has been going further and further.
Over the last months we have found ourselves in a situation...
where we are depending on ICT to a large degree...
to work from home...
and control all sorts of vital processes in society from home.
Increasingly these processes are operated by ICT.
The complete disruption of our society is really just around the corner...
if our cyber security becomes inadequate.
Now I strongly want to make a case.
Just like all of us find the safety of our streets very important...
we should also maintain a high level of digital safety in the Netherlands.
The Cyber Security Council has advised the minister of Justice and Security...
and the state secretary of Economic Affairs....
on cyber resilience of Industrial Automation & Control Systems, or IACS.
What makes cyber resilience of these systems so important?
IACS are measurement and control systems...
to operate, for example, bridges and locks...
and they are used to purify drinking water.
This makes them very important for the safety and continuity...
of the vital infrastructure and vital processes in The Netherlands.
These systems tend to be highly complex and very expensive.
Therefore, they have a long life span...
and increasingly they are connected to the internet.
So it's very important that we can rely on the digital security of these systems.
Can you give a concrete example of the importance...
of the digital security or these systems?
I used to work for Rijkswaterstaat and we would jokingly ask ourselves...
if building a tunnel involved a layer of concrete with some ICT...
or lots of ICT on a thin layer of concrete?
Because it always turned out that if you made a tunnel...
the costs would be 97 percent construction and 3 percent ICT...
while the risk was just the opposite...
because when you are preparing a tunnel for opening...
the ICT measurement and control systems are often the delaying factor.
For example, when the A4 motorway was constructed...
and the tunnel was already in use, it still took months...
to create a good and secure connection with the traffic centre in Rhoon.
According to the CSR, what should happen to make IACS cyber resilient?
Basically there are three things:
For oversight, an IACS control framework needs to be created.
The flow of information should improve...
because sharing knowledge and information...
lies at the heart of cyber resilience.
Finally, the purchase of IACS should be aided...
by creating a virtual support centre.
How did government members respond to the advice?
In a very positive way. They recognise the problems...
and completely agree with our recommendations...
which they will use in their policies.
The Council will be following the progress with interest.