CYBER SECURITY – GUIDANCE
towards the smart factory era.
“There is a massive skills gap,” he
declares. “Most employers can nd
people able to perform website
penetration testing, for
example, but if they want
to source someone
who can undertake
penetration testing of
an industrial facility,
there are very few.
When you think about
the criticality of some
of these infrastructures to
society, there is a real issue.
Much more is needed, both from
an industrial training perspective, and
academia.”
The next project phase will focus on
the impact and sustainability of CyBOK.
These e orts will include the practical
application and dissemination of the
guide, and the longer-term evolution
and maintenance of the KAs. “Our
hope is that CyBOK, which contains
over 800 pages of material and is the
result of three years’ work, will provide
a consolidated body of knowledge
that becomes a universal guidebook
and authoritative reference tool
for academia, industry and
government,” says Rashid.
“Educational programmes
ranging from secondary
and undergraduate
education, through
to post-graduate and
continuing professional
development courses, can
then be developed on its basis.”
The open source CyBOK is
available for online download (www.
is.gd/baxodo), along with a host of
other resources, such as webinars and
podcasts, which can be used for either
commercial or non-commercial purposes,
free of charge. “There is not even a
requirement to provide any personal
data: the thinking is that the more highly
trained people we have in cyber security,
the better it is for our infrastructure as a
society,” concludes Rashid.
will not feature integral security, it is
possible to introduce devices in front of
them that provide secure inter-device
communication and monitor foreign
intrusions.
“Of course, some of the newer cloud
platforms may have built-in security
features, but when they are combined
with this melting pot of legacy protocols
and devices, new types of vulnerabilities
emerge,” explains Rashid. “Whenever
deploying an Industry 4.0 solution,
questions must not only be asked about
its potential to expose critical systems,
but whether the expertise exists to guard
against such an eventuality.”
TRAINING
Everything comes back to question of
training, and the availability of experts
in the eld of cyber security. Rashid has
no qualms in stating that while plenty of
trained professionals exist in enterprise
security, there are far fewer in operational
technology. Clearly, this shortage is a
major challenge as the sector moves
48 www.operationsengineer.org.uk Autumn 2020
/www.operationsengineer.org.uk