By Gregory Hale
People are the weakest link when it comes to security, but the time is right for end users to know which security professionals have a security certification.
That is where the Global Industrial Cyber Security Professional (GICSP) certification comes into play.
“Cyber attack trends are showing attacks are getting more sophisticated,” said Paul Forney, chief technologist at Invensys Operations Management’s R&D security team during a Wednesday session at the Invensys Software Conference and Tech Support Symposium in Dallas, TX. “Attackers are not necessarily getting smarter, the technology is getting smarter, which makes attacks easier.”
The cause of attacks ends up being people at 65 percent, followed by technology at 20 percent and policies and procedures at 15 percent, Forney said during his talk entitled “GICSP Certification: What it Means for You.”
GICSP is a vendor-neutral certification that will debut this fall. The GICSP will be available to candidates in late November 2013. The goal is to have professionals earn certification to prove they can protect industrial control and automation systems from the evolving security threats. That means getting people involved in developing, designing, operating and maintaining these systems. The effort resulted in a certification program that will advance workforce development, but also improve the security of the critical infrastructure.
That protection remains important with industry attacks up 600 percent since 2010, Forney said.
The certification program looks at:
• Integrated approach for people processes and technology,
• Security work for ICS domain done by non company staff
• Lacking fundamental set of skills
• Missing awareness and unknown consequences to ICS domains
• Easily accessible domain specific
“This new certification focuses on fundamental knowledge for professionals securing critical infrastructure,” Forney said.
The global industry experts involved in this initiative include representatives from: ABB; BP; Cigital; Cimation; Emerson Process Management; Global Information Assurance Certification; Industrial Automated and Control Systems & Smart Grids Thematic Group, ERNCIP project, European Commission’s Joint Research Centre; Invensys; KPMG; Pacific Gas & Electric; Phoenix; Red Tiger Security; Rockwell Automation; SANS Institute; Schneider Electric; Shell; TNO; Wurldtech, and Yokogawa.
The GIAC program gets its accreditation under the IEC/ISO/ANSI 17024 quality standard for certifying bodies. Click here for more information.