21 February 2024 Line

How can we better secure our critical infrastructure?

Søren Egede Knudsen is a part of this year’s advisory board for the international Industrial Security Conference 2024, which takes place on the 12 – 13 – 14 November. Warm up to the conference in November, with an interesting interview with Søren.

 

Would you like to start by introducing yourself, what is your background and how do you work with industrial security? 

My name is Søren Egede Knudsen, and I am working as an IT/OT cybersecurity expert in Egede Aps. Since I was young, I have been interested in electronics and computers and my school educations are Data technician, radio and TV repair and master’s in business administration (MBA). In addition to the education, I have a long range of trainings within IT and OT cybersecurity and network.

I have worked with IT since 1996 and from 2009 I have been dedicated to OT/ICS within network and cybersecurity in these industrial networks and critical infrastructure. I have primary worked as a consultant in my years but have also been employed at the Danish Energy Agency as chef advisor, so I do not only have good understanding of the technical aspects of the industrial cybersecurity, but also on the regulation of these critical networks and systems. The areas I work with in industrial cybersecurity are many e.g., legislation advice, cybersecurity assessments, penetration testing, software & hardware research and testing, and Cybersecurity due diligence to name some.

You are a part of the Advisory board 2024 at the Industrial Security Conference CPH. Why and what do you get out of being on the board?

I believe the conference is very important and the information that is shared is critical for the sector. In addition, it is great to see and being a part of building the conference over the years to help make it into an international and one of the biggest industrial cybersecurity conferences in Europe, if not the biggest.

It is also important to meet and share information with the attendants and the other advisory group members. This is also a great benefit for me.

What do you think is relevant in the industry right now? 

There are several things. In Europe, it is important to know the new regulations that are coming. This is not only the NIS2 directive, but also the CER directive and especially the coming CRA Act. In addition, it is important that people do understand that all attacks is not only using phishing and equal attacks. There is a big growth and has evolved the last year on the exploitation of the embedded software that today often uses old and very vulnerable software. We have seen hacks that uses the embedded (firmware) as an entry point. This has been seen for some years ago on the hack of HackerTeam and more newly in the Danish industrial sector.

The deadline for Call for Papers is May 1st for the conference. What will you be looking for in the selection of submissions?

Yes, indeed. Last year we got a lot of very interesting talks, and I do expect to get even more this year. I will be looking for talks that are new or uses different angles and have a clear line on the talk, both in terms of the technical and non-technical talks.

What are you focusing on in your workplace right now? What are you working on at the moment?

That is no easy to say as there are many areas. At this time, it can be summarized to work within the following areas:

  • Secure and modern architecture for solar plants
  • Developing a solution to secure “flat or old” network in the industrial environment without downtime for the production.
  • Industrial assessments and penetration testing
  • NIS2 directive and alignment for clients.
  • Embedded hardware and firmware security assessment

What is the value for you of attending the Industrial Security Conference CPH? And why do you think it’s important for others to attend? 

The event is critical for people and myself in several ways. It has a learning aspect to get information on new developments from vendors, new solutions for vendors and other people in the industry and of course, the talks to get more and new information on securing and exploiting industrial systems and networks.

What projects are you excited about right now when it comes to Industrial Security? 

Many of the areas I work at in this time. In addition to these new ways to protect or assess industrial networks and solutions, the information from EU and how we can better secure our critical infrastructure now.

What does the future look like in industrial security?

This is a very difficult question, as Europe is in war and the attack to the industry only increases. I hope that companies and organizations will be better at understanding and give budget to the work in industrial cybersecurity. I do think this is and will increase more due to the coming regulation, but I also hope that companies and organizations do see regulation as the low level and will do more than only the regulation. I can see that some are doing that and have been doing that for some time, but there is other that lack behind and that is not good.

Do you want to join the conference?

Take a look at the conference here and sign up today. Last year more than 300 attendees joined, so this year we have teamed up with a new venue to make room for even more attendees. This year the conference is held at Scandic Copenhagen. Read more about the conference and join today.