Secior is a 100% Dutch solution provider that effectively increases and perpetuates the cyber resilience of data centre operational technology (OT). Data centres nowadays have to comply with new laws and regulations such as the EU NIS2 Directive. Secior combines the knowledge of the data centre world with the cybersecurity industry (OT, IT & IoT). The competences are complemented with audit and compliance services; thus, we help data centres direct the accountability and obligations that come with the new essential status.
test EN
DATA CENTRE CYBER SECURITY
combined know-how
cyber security strategy
FIND, FIX & MANAGE
Cybersecurity Risk
Secior helps data centres with a pragmatic cybersecurity strategy. Implementing measures to increase and maintain the digital resilience of a data centre. We do this in close cooperation with our client.
FIND:
The Secior Health Check provides an inventory of operational systems, an overview of networks and identification of vulnerabilities such as errors in configurations, missing patches, etc.
FIX:
Secior analyses the contaterings from the Health Check and advises the client with a cybersecurity roadmap for mitigating the vulnerabilities to the desired level.
MANAGE:
The Managed Services portfolio is designed to keep the facility data centre infrastructure secure. These services are offered as a Service Level Agreement (SLA), whereby the specialist OT cybersecurity knowledge can be deployed at multiple levels; from occasional support to full offloading. This allows you to focus on the core tasks of the data centre, but fully comply with the ongoing duty of care as described in the NIS2 Directive. The Secior CISO-as-a-Service programme is available from € 475 per month.
Risk Management, Compliance & Audit
Don't wait for the (NIS2) regulator!
The European Union adopted the NIS2 legislation in late November 2022 for strong common cybersecurity. NIS2 (network & information systems) will form the basis for risk management and reporting obligations for data centres as they fall under the Digital Infrastructure Directive. As a data centre, what exactly you need to put in place is not always 100% clear. Our consultants have extensive experience with this type of legislation and its regulation. Secior closely monitors all legislation and regulations, and can therefore anticipate in good time. In any case, this provides certainty that you are taking the right steps as an organisation. Clients also often require conformity with accepted security standards, such as ISO 27001 or ISA/IEC 62334. Secior has certified internal auditors with extensive experience in OT/IT audits, governance and cyber risks.
Partners
-
Raymond Bierens: Measuring is knowing… if you know what you are measuring
-
The difference between “Good’ and ‘Best’ in Cybersecurity!
June 2023 – My compliments if you’ve decided to perform a Penetration Test (Pen-Test) on your infrastructure, web applications, mobile apps, or software code; it demonstrates your awareness for, and commitment to, cybersecurity, and the digital security of the important business and personal data you are holding.
-
Protecting critical infrastructure top priority in new US cybersecurity strategy
MARCH 2023 – On 01 March 2023, President Joe Biden launched the US National Cybersecurity Strategy. This release describes the digital challenges facing the United States in recent years and how they are acting on them. Interesting to see that protecting critical infrastructure is at the top of the US government’s cybersecurity priority list
-
Ukrainian datacenters moved outside their borders
Novemver 2022, The latest OT/IoT Security Report from Nozomi Networks, which was published this month, showed some remarkable developments within the cybersecurity domain. The main take-away is the fact that the Ukraine/Russia conflict influenced the industry significantly.
-
Digital Security Risk Management for datacentres
New digital technologies are increasingly transforming the way organisations work. Data centres play an important role in this transformation and are therefore considered critical national infrastructure in a growing number of countries. Without data centres, online digital services as we know them are unavailable, digital devices cannot be operated without connectivity and big data cannot be exchanged.
-
Multidisciplinary Aspects of Digital Security
With the collection ‘Multidisciplinary aspects of digital security’, the Netherlands Association of Information Professionals (KNVI) once again shows the value of its professionals’ focal area. Authors from a range of professions in information technology, information management and information governance have examined and described the topic from different angles of approach.
-
Siemens industrial devices in datacenters vulnerable to hackers
October 2022 – Siemens industrial devices in datacenters vulnerable to hackers
Recently, a research team of the cybersecurity company Claroty discovered a method to extract private encryption keys from Siemens industrial devices and compromise whole Siemens product lines. -
Lloyd’s ends coverage for state cyber attacks
September 2022 – Lloyd’s of London will no longer provide cover for catastrophic state cyber attacks through its standard cyber policies from March 31 next year. Lloyd’s is a marketplace where insurance brokers from around the world negotiate directly with the insurers covering their clients’ risks.
-
Pentester says he broke into datacenter via hidden route running behind toilets
July 2022, Many security breaches involve leaks, but not perhaps in the same way as one revealed by noted security consultant Andrew Tierney, who managed to gain unauthorized access to a datacenter via what he delightfully terms the “piss corridor.”
-
UK government gathers insights on how to make data centers and cloud platforms more resilient
June 2022, as part of the UK’s National Data Strategy and National Cyber Strategy, the UK government is currently gathering insights from data center operators, cloud platform providers and cybersecurity experts to understand how to improve the security and resilience of the country’s data centers and online platforms.
-
Management liable for non-compliance with cybersecurity obligations
May 2022, The European Parliament and EU Member States reached a political agreement on May 13 on the Directive on measures for a high common level of cybersecurity across the Union (NIS 2 Directive).
-
Physical Infrastructure Cybersecurity: A Growing Problem for Datacenters
April 2022, Physical Infrastructure Cybersecurity: A Growing Problem for Datacenters. Datacenters are becoming faster, more scalable, and more efficient. But with this comes a greater risk of cyberattacks against physical infrastructure.
-
Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure
March 2022, Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure. The ‘TLStorm’ vulnerabilities, found in APC Smart-UPS products, could allow attackers to cause both cyber and physical damage by taking down critical infrastructure.
-
Oil terminals in several European ports were hacked
January 2022, oil terminals in several European ports were hacked. There are a total of 17 terminals, 11 in Germany and the other six in Belgium and the Netherlands. The hacks caused the terminals to struggle to load and unload the oil.
-
EU considers data centers as critical infrastructure
December 2021 – The European Commission is tackling cyber resilience through NIS2 legislation. Digital infrastructure such as Internet Exchange Point (IXP) providers, Domain Name System (DNS) service providers, Top Level Domain (TLD) registries, and cloud and data center providers would be considered “essential” entities.
-
Gas stations out of service
November 2021 – Insufficient security of industrial components pose a serious threat to the availability of critical facilities was again proven on October 26th by the cyberattack on the petrol distribution network in Iran.
-
Cyber insurance makes the ransomware crisis worse
October 2021 – Ransomware is one of the biggest cybersecurity problems facing businesses today. To cover financial risks, including the handling of cyber incidents, it is now easy to take out Cyber insurance.
-
T-Mobile data center hacker ‘Their Security was Awful’
September 2021 – A 21 year old hacker told the Wall Street Journal he was able to hack into T-Mobile’s datacenter. He was the main force behind exposing the sensitive information of more than 50 million people.
-
IoT killer bees are swarming the industrial control and operational systems
August 2021 – Entire botnets of IoT devices are targeting decades-old and legacy equipment that resides widely in the systems that power critical infrastructure.
-
Critical vulnerability discovered PLC’s Schneider Electric
July 2021 – Critical vulnerability discovered in PLC’s Schneider Electric. The ‘ModiPwn’ bug lays open production lines, sensors, HVACs and more that use Schneider Electric PLCs.
-
Food giant JBS Foods has paid $11 million ransom after cyberattack
June 2021 – JBS Foods, a leading food company and the largest meat producer globally, had to shut down production at multiple sites worldwide following a cyberattack.
-
The consequence of the Colonial Pipeline hack – US department of Justice equates ransomware attacks with terrorism
June 2021 – Cyber criminals have announced that they will avoid critical infrastructure in the future. Several ransomware developers declare that their malicious software should no longer be used to attack
-
Colonial Pipeline paid hackers a $4.4 million ransom
The cyber attack on oil pipeline company Colonial Pipeline is attributed by the FBI to the Russian cybercriminal gang ‘DarkSide’. The hackers used ransomware
-
Cyber criminals target facility infrastructure with ransomware
Cyber criminals are now targeting the facility infrastructure with ransomware and the damage can be extensive and long-lasting.
-
Cyber warfare: China possibly behind 2020 power outage India
The cyber war between Israel and Iran dates back to June 2010. Iran was the victim of a cyber attack when its nuclear facility in Natanz was infiltrated by the cyberworm ‘Stuxnet’.
-
Technical datacenter infrastructure, the ‘forgotten security risk’
On May 9, all systems controlling shipping and road traffic around the Iranian port of Sharid Rejaee crashed simultaneously.
Stay informed
Latest developments and events in cybersecurity of critical infrastructure