SVP of Cybersecurity and Global Chief Information Security Officer (CISO), Schneider Electric
August 31, 2022
This summer, I had the honor of attending Israel Cyber Week 2022, an international cybersecurity event hosted annually at Tel Aviv University, with the U.S. Chamber of Commerce delegation. The event afforded me the opportunity to connect and exchange thoughts with cybersecurity leaders among the more than 9,000 other attendees from over 80 countries.
2022 Israel Cyber Week illuminated many impressive advancements that have been made since last year’s conference to keep our critical systems safe and secure. Each discussion and debate I engaged in offered me important perspectives about how to continue moving forward. Two thoughts resonated with me in particular:
- In order to truly attain and maintain adequate levels of cybersecurity in a world of rapid digital transformation, industry must accelerate collaboration with governments around the world to build trust and shared understanding; and
- As the leading industrial control system (ICS) manufacturer, Schneider Electric will continue to play an important role in fostering the industry-wide momentum needed to secure critical systems for our customers.
Leading up to the conference, my colleagues and I had the privilege of touring the Israel National Laboratory for Cyber Security and Industrial Control Systems (INCD), which was established in collaboration with the Israeli National Cyber Directorate of the Prime Minister’s Office and the Ministry of Energy to conduct ICS research and development. Watching simulations of cyberattack scenarios on water treatment plants, power generation facilities, and smart buildings was a profound reminder of what is at stake. These simulations also underscored the importance of vulnerability research and trainings, such as Israel’s government-supported operational technology (OT) training programs, which equip students with skills to build and implement controls for cyber resilience in their organizations to prevent cyberattacks.
During the conference, I had an opportunity to join a diverse panel of speakers that included experienced cybersecurity leaders from Israeli and U.S. government agencies, critical infrastructure service providers, and the private sector to discuss the topic of ICS Cybersecurity Challenges in the Digital Transformation & Cloud Era. We shared our experiences protecting our assets in increasingly connected environments where the attack surface is ever expanding. I emphasized the need to integrate zero-trust principles into OT environments, ensuring that we are secure-by-design, and secure during commission and operation. These public-private dialogues are crucial in leveraging the unique and critical insights that each stakeholder can bring to the table.
Trust: The Foundation of Schneider Electric’s Strategy
Although my panel contribution focused on zero-trust architectures, it is in fact trust and shared understanding that shape our core values at Schneider Electric. In 2021, we developed our Trust Charter, which serves as a Code of Conduct for Schneider Electric and its ecosystem, demonstrating our commitment to ethics, safety, sustainability, quality, and cybersecurity for all our stakeholders. Trust, therefore, is the cornerstone from which we have built a robust safety culture, and we leverage that mindset to drive our cybersecurity culture.
Building effective and trusted partnerships across our security ecosystem requires cyber discussions to be part of every conversation across our businesses and operational units – not just among the security community of experts. This philosophy guided our decision to appoint over 220 Cyber Owners – cybersecurity site leaders across our industrial footprint who have been trained to monitor cyber risks, follow up on cyber performance, ensure preventive maintenance on IT and OT assets, and, most importantly, boost knowledge and awareness of OT among their colleagues. By including everyone in the cyber conversation, all our employees become individually empowered and driven to collaborate on cybersecurity. Doing so ultimately helps to ensure that our people strategy aligns with our process and technology strategy.
Just as this principle of trust unlocks innovative potential for us internally, so too can it help strengthen public-private collaborations. Governments are rightfully cautious when it comes to protecting their citizens’ data and the integrity of critical infrastructure. It is up to industry leaders to build and demonstrate cyber-resilience to assuage those concerns. As my fellow panelists and I agreed, we must be able to demonstrate that we can swiftly detect, contextualize, and respond to threats. As an example, when the US Department of Energy’s (DOE) Office of Cybersecurity, Energy Security, and Emergency Response (CESER) launched its Cyber Testing for Resilient Industrial Control Systems program (CyTRICS) to help the DOE ensure the integrity and reliability of critical systems components, Schneider Electric was the first equipment manufacturer to participate. By building trust, we not only unlocked new business opportunities, but strengthened the overall security environment as well.
Public-private partnerships are key to boosting national and international cybersecurity capabilities to ensure that, together, we can defend against attempted attacks against our infrastructure, systems, and shared cyberspace. Our teams continue to work to empower these trusted partnerships in Israel and elsewhere around the globe by sharing our experiences and expertise, as well as demonstrating the security of our products and systems. It is our unwavering goal to build trust across communities, and to empower the world to make the most of its energy and resources. We extend our thanks to the entire U.S. Chamber delegation and Tel Aviv University for this wonderful opportunity. Let’s do more, together.