ICS DACH: Your Opinion Counts! Question Title * 1. How confident are you that your current defence mechanisms can handle/detect threats such as hacktivism, cyber crime, cyber espionage and cyber warfare? Confident Somewhat confident Not confident Do not know Question Title * 2. How confident are you that your defense mechanisms can handle/detect state actors/APTs? (APT=Advanced Persistent Threat) Confident Somewhat confident Not confident Do not know Question Title * 3. Are you using a firewall to segregate your network and are you confident that is sufficient to protect you from all types of cyber attacks? Yes, I have confidence that firewalling is sufficient I have other segregation methods in place No, I have not segregated my network Question Title * 4. What controls do you have in place to prevent malicious commands or data being sent to OT from your IT infrastructure? (please select all appropriate) Strong authentication of employees permitted to do this. Only permitted from dedicated selected workstations not used for other purposes. Only permitted from selected physically secured zones of the office environment. The Four-Eyes principle. Other (please specify) Question Title * 5. Are you monitoring your network? (please select all applicable) No Yes, we have network IDS (IDS = Intrusion Detection System) Yes, we have host IDS Yes, we use honeypots, (a honeypot is a trap set to detect, deflect, or, in some manner, counteract attempts at unauthorised use of information systems) Yes, we use a SIEM (SIEM = Security Information and Event Management) Don’t know Question Title * 6. How visible is what is going on your network to your organisation? We have a fully operational SOC (SOC = Security Operations Center) We are using monitoring tools Our system engineers have this as an additional task I barely have visibility I'm unsure Question Title * 7. In the last three years, how often have you been confronted with a serious ICT cyber incident? (ICT = information and communication technology) Never One to five times Five to ten times More than 10 times Question Title * 8. How fast do you think it is necessary to be able to respond on a (cyber) security incident? Within hours Within days Within weeks Other (please specify) Question Title * 9. Does your organisation have an incident response plan (IRP) in place? No Yes Yes and we do dry runs on a regular basis I am unsure Question Title * 10. In on a scale from 1-100, with 1 being abysmally and 100 being perfectly, how effectively is your organisation managing the relationship between IT and OT? 0 50 100 Clear i We adjusted the number you entered based on the slider’s scale. Question Title * 11. How ready do you think your organisation is for Industry 4.0? Ready Not ready Question Title * 12. Would you be interested in attending an event about ICS Cyber Security? Yes Not sure – please send me more info No I'm not sure, but my colleague might. His/her email address is: Question Title * 13. What industry are you currently working in? Energy Transport Oil and Gas Utilities Manufacturing Construction Food and Beverage Other (please specify) Question Title * 14. What is your role? Director, Risk Head of Protection Chief Technology Officer Chief Information Security Officer Plant Manager Operational Director Engineering Director Other (please specify) Question Title * 15. Which region do you live in? UK Europe USA MENA Other (please specify) Done