Cybersecurity is hot, and it has the attention of a growing number of clients. They have demands and want organisations to advise them on what is needed and what the parties can deliver. Suppliers are also increasingly looking for answers to these questions. Clients expect them to have knowledge and experience in the field of cybersecurity.
On 1 January 2018, Croonwolter&dros set up a new department dedicated specifically to cybersecurity. Erik van Noort, manager of the new department, already sees that it is meeting a need – for customers as well as colleagues.
Croonwolter&dros had a first group of technicians follow the intensive training course 'IEC 62443: Cyber security for Industrial Automation & Control Systems (IACS)', followed by an examination held by NEN. ‘The cybersecurity exam is a means of making our people's experience more visible. This helps us when performing work for our clients, but also internally so that we can disseminate our knowledge’, says van Noort. In addition to the ISO 27001 certification process, which will take place at Croonwolter&dros in 2018, the new department will use knowledge about the IEC 62443 series to augment its technical expertise.
The first group of cybersecurity professionals has now been trained and certified. Van Noort: ‘In 2018, we will focus on further professionalisation of the new department and we will continue to train and certify our technicians. The new department will consist of about 15 staff members.’ Incidentally, these are people who are already involved in projects where cybersecurity plays a role. Van Noort calls them ++ Technicians. They had already shown interest in the topic and see it as enriching their work at Croonwolter&dros.
The new cybersecurity department at Croonwolter&dros is a knowledge club. The department shares knowledge and trains, advises and supervises staff working on projects, both externally and internally. The department provides services at the interface of policy, procedures and technology. Roodenburg: ‘We can already see the benefits. Colleagues, customers and partners are increasingly finding their way to our cybersecurity professionals.’ Van Noort: ‘They see that we understand our business and that we are professionally involved in cybersecurity and take it seriously.We will initially focus our knowledge and efforts on projects in the infrastructure and industry sectors, but I don't rule out the possibility that there will soon be a demand from marine/offshore and utilities. We are already seeing interest from financial institutions.’
Van Noort: ‘Croonwolter&dros sees it as an important task to make customers and partners aware of the risks. The investments we are making in knowledge building and professionalisation are peanuts compared to what could potentially be lost if cybersecurity is not properly managed. Reputational damage, stagnation – it doesn't bear thinking about.’
According to Roodenburg, Croonwolter&dros will start undertaking projects in other areas as well as a result of professionalisation in cybersecurity. ‘Customers are asking for ISO 27001 (information security), and with our knowledge of the IEC 62443 series (security of indcrooustrial automation and control systems), we can offer them something extra. Security of Information Technology and Operational Technology together offer a truly effective approach against cyber attacks.’
Rob Roodenburg has in any case passed the IEC 62443 NEN exam. ‘The exam was really tough! It's no walk in the park – you won't make it without proper preparation.’ Colleagues were very supportive; messages were immediately posted on LinkedIn and received many likes. Gert de Mooij, Bastiaan Roodink, Marco van Vliet and Erik Jan Wurkum also passed the exam.