Incorporating cybersecurity in the supply chain in an industrial environment


The Centre for Industrial Cybersecurity (CIC) has organised “The Voice of Aragonese Industry” meeting to share experiences on cybersecurity in the automation and digitalisation of industry.

During the meeting, Javier Hidalgo, GMV Industry Sector Solutions Architect, presented the main cyber threats and examples of the different types of cyber threat to the supply chain (to software providers, collaborating companies, third-party infrastructures and watering hole attacks), he then commented the principles of cybersecurity and good practices to be considered.

During his presentation he stressed the importance of designing an approach to security based on the premise that any company can suffer an intrusion sooner or later. He also highlighted that cybersecurity is not merely a technological problem, it is a problem of people, processes and knowledge, so simply having the most robust system in the world for your industry is not enough; staff must be aware that all systems will suffer incidents. Necessary controls and suitable processes must also be established to monitor who enters and leaves the company, whether staff who do not turn up to work or information exchanged with a third party.

In his conclusions, Javier Hidalgo noted that we must take into account that in order to incorporate cybersecurity into logistics, we must understand the security risk posed by the supply chain, establish controls and requirements in order to comply with security responsibilities, conduct security validation activities in supply chain management to verify security status, and foster continuous improvement in security, promoting cybersecurity from the design phase and created trusting relationships with providers, understanding that cybersecurity in the supply chain must be considered from a perspective of shared responsibility.


Source URL: