8th Annual Control Systems Cybersecurity Europe Cyber Senate 8th Annual Control Systems Cybersecurity Europe Cyber Senate

Panel: How Can We Manage Risk Faster? (Correction- "better!")


Robert Sharrock
Emerson Process Systems and Solutions, European Sales Manager for Cyber Security Solutions

Rob Sharrock started his career working in defence engineering in the development of Military Radar Systems and since moving to Industrial Automation over 30 years ago has worked for major automation solution vendors gaining experience in a variety of subjects from Sensors and Acquisition systems to Industrial Networks and Safety Systems both for Machine Safety and Process Systems. Since joining Emerson 8 years ago to take on responsibility for the Process Safety Business in the UK Rob has always been involved in the Cyber Security aspects around Process Control and 3 Years ago, he took on responsibility for the development of Emerson’s Cyber Security Business in Europe in the position of European Sales Manager for Cyber Security Solutions. As a passionate Cyber Evangelists, he believes every organisation must take responsibility for the cyber security of its plant and production systems today and not wait for either Government legislation or a major event to kick start them into action. It is the only way to guarantee security of business, whilst protecting its employees and clients from the impact of present and future Cybercrimes.

Dr. Jannis Stemmann
Bosch CyberCompare, Chief Executive Officer

Fifteen years of experience in managerial positions at McKinsey and Bosch, including time as a production manager. Co-founder and CEO, CyberCompare, VP.

Guido L. Villacis Rivas
EDF Energy, I&C Cyber Security Lead, PWR Technology, Technical Client Organisation

Guido Villacis with over 20 years of world wide experience in design and deployment of operational technology in critical infrastructure and power generation industry, working as OT supplier as well as OT user. 10 years ago Guido joined the Nuclear Generation industry in the UK, to focus his career on the design and development of safety critical and safety related operational technology for nuclear power reactors.

OT Cyber Security has become Guido’s passion, over past years he has been leading a team effort to ensure cyber security is adequately addressed during the deployment of over 200 OT computer based systems, to be used in the safe and reliable Operation of Hinkley Point C, the biggest infrastructure project currently in construction in the UK.

OEMs are taking a more active approach to product security and development, Patching is one of the oldest and most traditional ways to manage risk. It also is a slow and expensive way to manage risk so it is frequently avoided in the OT world. What else should be considered to manage risk?

Do we understand the aspects of cyber risk?

Where is the gap of what you dont know? 

Inside out apporach (product development and features) - Outside in approach (Don't deploy products into a environment that does not have a secure perimeter) >>Getting the balance right<<

What is the impact of the those risks?

Are trying to get ahead or are we simply responding to risk?

What are mitigating controls?

Getting the right talent and thought process in the right positions

Understanding the life cycles and that what we do is never enough but we can plan and anticipate "better"