Back ZIUR Fundazioa and LEET Security are developing a project to boost cybersecurity in Gipuzkoa’s business sector

2020 / 05 / 25

As part of their objective and plan to strengthen and develop capabilities in cybersecurity in industrial companies in Gipuzkoa, the ZIUR Industrial Cybersecurity Center - Gipuzkoa is working with LEET Security, the leading cybersecurity rating agency in Europe.

Thanks to this business partnerhisp, local industrial companies will have an innovative solution offering self-assessment, as well as the rating and definition of the guidelines and itineraries in the area of cybersecurity. These solutions will be based on international standards, regulations and good practices for information systems and industrial control. As such, industrial companies will be able to discover, on a global level, their cybersecurity levels and, as a result, to take adequate measures to enhance their strong points and improve their weak points, with an application adapted to the characteristics and needs of industrial SMEs in Gipuzkoa.

Carlos Abad, Managing Director of ZIUR, explains the reasons behind opting for this solution: “We’re aware that the industrial sector in Gipuzkoa is taking risks as part of its exposure to a dynamic scenario and increasing threats in cyberspace.”

In accordance with the information provided by the Ertzaintza's (Basque Police) Territorial Intelligence Office of Gipuzkoa, between late 2018 and 2020 there has been an increase of more than 100% in both the number of incidents reported and the accumulated amount of these, reaching a figure of more than €3 million only in terms of the impact of fraud.

Industrial companies will be able to discover, on a global level, their cybersecurity levels and, as a result, to take adequate measures.

“We want to highlight the importance of protection and of tackling the challenges in the área of cybersecurity, both with regard to its information systems and industrial control in order to boost competitiveness and corporate digital transformation. As such, precise knowledge of the company situation and the guidelines to be adhered to are key points for improving this aspect” Abad emphasises.

On his part, Antonio Ramos, CEO of LEET Security, comments that with regard to collaborating with ZIUR on this task: “They are undoubtedly a reference in their sector and are extremely aware of the needs in industry. For LEET Security we are proud that our assessment and rating system forms part of this project.”

The LEET Security solution is based on the most complete and rigorous method on the market, recognised by ENISA, the European Union Agency for Cybersecurity, and INCIBE, the Spanish National Cybersecurity Institute, to make a real assessment of cybersecurity capabilities. Based on this solution, ZIUR will endeavour to promote cybersecurity on the highest level amongst industrial companies in Gipuzkoa.

A cybersecure company is a competitive company

A cyberattack can entail economic losses and security risks, or threaten business continuity for an organisation, in addition to seriously damaging the corporate image and undermining confidence for clients or suppliers. To this end, this solution will also enable industrial companies to bolster the confidence of their clients through issuing a report which demonstrates their cybersecurity level. Above and beyond this, and the diagnosis of their cybersecurity capabilities, it will offer an analysis of their areas for improvement and an independent online service able to measure the evolution of their cybersecurity level.

The aim of this security diagnosis is:

  • To establish a self-diagnosis model in cybersecurity.
  • To facilitate a cybersecurity methodology, itinerary and rating for industrial companies in Gipuzkoa.
  • To facilitate a cybersecurity methodology, itinerary and rating for industrial companies in Gipuzkoa.
  • To increase awareness amongst industrial companies in Gipuzkoa.
  • To have an online self-diagnosis guide.

“Nowadays, a cybersecure company is a competitive company and, from ZIUR, this is what we're working towards in the industrial sector in Gipuzkoa” emphasises Carlos Abad. Moreover, he adds that “having a self-assessment tool will allow them to get to know themselves better, boost their strong points and find a solution to their weak points, thereby making more efficient use of the resources intended for cybersecurity.”

"We're seeing a growing need for companies to have guarantees that serve to reinforce their cybersecurity level."

LEET Security knows a lot about this issue. The company, which was founded five years ago, has the main objective of offering confidence in the value chain through the most rigorous international standards and practices. “We're the only ones in Europe to conduct specific security-level ratings of ICT and ICS services,"; says Ramos, "and, we're seeing a growing need for companies to have guarantees that serve to reinforce their cybersecurity level. This solution will help to create a safer ecosystem and bring confidence and value to the industry; two qualities that are well regarded by clients who are precisely looking for such transparency.”

Confidentiality, integrity and availability

This solution, unique in Europe, works in a simple and precise way.

During a first part, using a process which lasts no longer than 20 minutes, companies register using the online application form and complete a self-assessment questionnaire. This questionnaire performs a global analysis of the threats to cybersecurity in their services and also allows drawing a comparison with the sector average.

Subsequently, during a second phase, companies will be able to acquire greater detail of their security positioning both in terms of domain and section and, likewise, obtain a comparison with the rest of the sector domain by domain. The security level assigned by the solution refers to 3specific criteria: Confidentiality, integrity and availability.

Once the form has been completed, the company immediately receives the overall assessment of their service and the results obtained in each of the 14 domains assessed.

This service will thereby provide a clear model in order to gain more in-depth knowledge of the organisation’s security and to improve cybersecurity capabilities.

All the aspects analysed and assessed are classified into 5 levels, ranging from D (basic measures) to A+ (maximum security level). These levels correspond to the requirements set forth in numerous cybersecurity regulations (IEC62442, NIST 800-53, ISO Series 27000, and the National Security Framework, amongst others).