20 September 2023 Line

My vision is to solve security problems as early as possible

Tobais Halmans on Security-by-Design

Tobias Halmans is a Security Consultant in Automation at admeritia and he is also a speaker at the international Industrial Security Conference 13-15 November in Copenhagen. At the conference, Tobias will talk about security parameters for library-based Security-by-Design, and he will deliver a simple approach to increase the visibility of security decisions within the engineering process by using Security Parameters. Security Parameters are defined as security relevant properties of a system. They should enable system engineers to make conscious security decisions by pointing at the security-relevance of a certain system property.

Before the conference in November you can read an interview with Tobias Halmans here.

What is your background? And how do you work with industrial security on a daily basis?

I am a mechanical- and automation engineer, so my background is actually more on the “industrial” portion of “industrial security”. As a consultant for OT security, I give advice to other engineers. They tell me about their problems in an their “engineer”-language and I can explain security to them in that language as well.

Most of the time, we talk about security risks, security solutions to mitigate risks or about compliance requirements. Standards and regulations for this are often not well understood by engineers since it is simply not their job to be a security expert. Hence, I see myself as a translator between security language and engineering language.

What do you see as the biggest opportunities and challenges in connection with cyber- and industrial security?

I think, Security-by-Design is the biggest challenge and the biggest opportunity at the same time. Whenever a new technology arises, there is a challenge to make its use as secure as possible. This challenge is usually resolved after the technology has been introduced, and the problem is already there.

My vision is to solve security problems as early as possible. This is not only done by security-by-design, but it also affects other areas like product security.

When looking forward just 5-10 years, what do you think will be different within security?

I believe that people’s attitude towards OT-Security will change significantly. I expect Security to be more integrated into operations and business processes, just like IT security is today. In the OT world, you very likely hear excuses like “we cannot be attacked, because we don’t have any connections anywhere”. I am convinced that this attitude must (and will) die out.

From your point of view, how do you think we get more diversity in the industry?

To attract talents to work in OT security, we need to show that it doesn’t matter who you are or where you come from. For this, we need diverse role models to be visible for example at panels, conferences or in publications regarding OT security.

What are your own expectations for the conference? And which keynotes are you looking forward to hearing?

I like to get more perspectives on Security-by-Design, so I’m especially looking forward to Tony Turner’s talk. Furthermore, I’m curious about Sean R. Bouchard’s and John Cheng’s talks as well as the NIS2-discussion.

What will your keynote be about, and which learnings are you hoping the participants take with them?

It will be about the results of a recent research project that I am involved with. We have developed a security-by-design approach tailored to those who actually make the security-relevant decisions: engineers of all disciplines, which are working in an engineering-project. One of our very first insights was, that reusable elements are needed to make those decisions visible. These elements are compiled in a library to be reused in any engineering-project, which I will introduce in the keynote. Doing that, I want to enable participants to implement security into their projects from the very beginning and throughout the whole project. Just like they do it for example with safety.

Do you want to hear more from Tobias Halmans and the security-by-design approach?

At the Industrial Security Conference 13-15 November you can hear an interesting keynote presnetation from Tobias Halmans on Security Parameters for library-based Security-by-Design. Read more about the conference and sign up today.