Personal Experience in Cybersecurity

  • Merck (2018–2022): Enterprise Resilience & Modernization program, focusing on enhancing operational security and robustness.
  • ASML (2022–2024): Industrial Control Systems Security program, emphasizing the protection of critical manufacturing processes.
  • VIRO (2025): Business development initiatives to expand cybersecurity capabilities for VIRO customers.

What is Cybersecurity?

Cybersecurity refers to the practice of safeguarding networks, devices, and data from unauthorized access or malicious activities. It encompasses measures to ensure the confidentiality, integrity, and availability of information.

In today’s digital age, nearly every aspect of life depends on technology—communication (e.g., email, smartphones, tablets), entertainment (e.g., video games, social media), transportation (e.g., navigation systems), commerce (e.g., online shopping, credit cards), and healthcare (e.g., medical records, equipment). With this reliance comes a significant need for robust cybersecurity to protect personal and organizational information. (Source: CISA)

Difference Between Information Technology (IT) and Operational Technology (OT)

Key Distinctions:

  • Information Technology (IT):
    • Focus: Data management and processing.
    • Applications: Systems such as computers, servers, and networks to store, retrieve, and transmit information.
    • Role: Vital for business operations, decision-making, and ensuring data security. IT supports tasks like email communication, financial systems, and cloud computing infrastructure.
  • Operational Technology (OT):
    • Focus: Monitoring and controlling physical devices and processes in industrial environments.
    • Applications: Includes hardware and software for manufacturing, energy production, transportation, and utilities.
    • Role: Ensures safety and efficiency of machinery and processes, often requiring real-time operations and specialized control systems like SCADA (Supervisory Control and Data Acquisition).

In Summary: While IT is centered on managing data and information, OT is concerned with the operation of physical processes and equipment. These two domains increasingly intersect to optimize industrial performance and strengthen security.

History of Cybersecurity in Operational Technology

  • 2010: Stuxnet Worm
    • A groundbreaking attack on Siemens logic controllers, specifically targeting OT systems.
  • 2017: WannaCry Ransomware
    • Severely disrupted production at Maersk and Merck by infecting computers connected to production networks.
    • This attack prompted the initiation of the Enterprise Resilience & Modernization program at Merck, demonstrating the critical need for enhanced cybersecurity measures in OT environments.
source: https://www.researchgate.net/figure/History-and-timeline-of-international-industrial-control-system-ICS-cyberattacks_fig1_362391159"
source: https://www.researchgate.net/figure/History-and-timeline-of-international-industrial-control-system-ICS-cyberattacks_fig1_362391159″

 

 Recent ransomware attacks in the Netherlands
Ransomware attacks continue to pose significant threats to production environments in the Netherlands. Here are some recent developments:

  1. VDL Group: This major Dutch company experienced a ransomware attack that disrupted operations for a month. The attackers were later apprehended in Ukraine.
  2. TU Eindhoven: A ransomware incident delayed exams and restricted student access to networks. This highlights how ransomware can impact not only production but also educational institutions.
  3. Lockbit Gang Arrests: Authorities recently dismantled the infamous Lockbit ransomware group in an international operation. While this was a significant achievement, experts warn that similar ransomware may reappear under different names.
  4. General Trends: The Dutch Data Protection Authority reported over 178 successful ransomware attacks in 2023, affecting hundreds of organizations and millions of individuals. These attacks often target IT suppliers, leading to widespread consequences.
  5. Shift in Tactics: Cybercriminals are increasingly using “double extortion” methods, threatening to publish stolen data rather than just encrypting files. This approach has become more prevalent as organizations strengthen their defenses against traditional ransomware.

Cybersecurity Programs to improve cybersecurity and avoid ransomware attacks are mostly based on the NIST Cybersecurity Framework

The cybersecurity programs were both developed in alignment with the NIST Cybersecurity Framework, utilizing its core functions to structure and enhance operational security measures. Below are examples of how each part of the framework was applied:

source: https://www.ermes.company/blog/nist-framework-2-0-a-comprehensive-overview/
source: https://www.ermes.company/blog/nist-framework-2-0-a-comprehensive-overview/

Framework Implementation

Identify:

  • Implementation of OT-specific scanning tools.
  • Establishment of OT Asset Management processes.
  • Enhancement of OT Visibility.

Protect:

  • Segmentation of IT and OT environments.
  • Deployment of secure remote access solutions for OT.
  • Introduction of secure USB usage protocols.

Detect:

  • Development of an OT Vulnerability Response system.

Respond:

  • Implementation of OT Service Management practices.
  • Creation of an Incident Response script tailored to OT environments.

Recover:

  • Development of backup and restore solutions for OT.

Govern:

  • Execution of awareness campaigns and training programs to educate stakeholders on cybersecurity risks and best practices.

Applied Tools in Security Programs

The following tools were employed to implement and manage cybersecurity measures:

  • Tenable OT for vulnerability management.
  • ServiceNow Configuration Management Database (CMDB) for asset tracking and management.
  • Octoplant Backup & Restore for OT data recovery.
  • Acronis Backup for system protection and restoration.
  • AnywhereUSB for secure USB management.
  • Secomea Secure Remote Access for protected connectivity.
  • OT Risk Training to build awareness and enhance cybersecurity skills.

European Directive: Network and Information Security (NIS)

The NIS Directive establishes requirements to strengthen cybersecurity across critical sectors. The original directive, NIS1, has been operational since 2016. Its successor, NIS2, will take effect by Q3 2025 and introduces additional sectors and enhanced requirements.

NIS1 and NIS2 Sectors Comparison

NIS1 Sectors (Since 2016) NIS2 Sectors (Effective Q3, 2025)
Banking Chemicals
Energy Food
Health ICT Service Management
Transport Manufacturing
Drinking Water Postal & Courier
Digital Infrastructure Providers of Public Electronic Communication Network or services
Financial Market Public Administration
Digital Service Providers Research
Infrastructure Space
Waste Management
Waste Water

NIS2 Applicability:

Organizations in the above sectors with more than 50 employees or annual revenue exceeding €10 million must comply with the NIS2 Directive’s requirements.

If you are looking for an specialist in cybersecurity with experience in OT but awareness of IT please reach out to Linq-id.