In May 2019 the Basque Government opened a new edition of the industrial cybersecurity programme of grants with the aid of the BCSC and Grupo SPRI. The aim was to help raise the level of protection in companies based in the Basque Country, and thereby help this improved level of cybersecurity to give these companies a competitive edge. The first edition of the programme in 2018, the first of its kind in the whole of Spain, was so successful, and was in such demand, that the initial 600,000¤ earmarked for the project was eventually raised to 1 million Euros, in order to cater for the massive number of applicants.
The monies initially set aside for this second edition amounted to 55,000¤, but the budget has once again had to be extended as a result of the great number of applicants.
This year a total of 224 applications were made, 219 of which were accepted. 112 of these successful applicants are based in Gipuzkoa, 72 in Biscay and 35 in Alava, making a total of 207 industrial businesses which have benefited from the 2019 edition of the grant programme with projects eligible up to a maximum of 18,000¤.
The industrial cybersecurity programme has taken the form of 1.95 million in aid from the Basque Government, and 4.45 million from private investors (compared with 2.34 million Euros in 2018).
The programme considered the following projects as eligible for aid:
- Convergence and integration of protection systems against cyberattacks for IT/OT (Information Technology / Operational Technology) environments. Design and execution of secure architectures and, where appropriate, the realisation of segmented industrial networks.
- Securing remote access OT to a production plant's industrial equipment, in order to maintain, monitor and operate this equipment. These are tasks which are more and more frequently performed remotely.
- Securing industrial information and data. Audits and simulated attacks by third parties, and audits of internal profiles with different levels of access to company data.
- Evaluating and improving the industrial cybersecurity software in production plants.
- Cybersecurity awareness-raising initiatives for employees in industrial businesses.
- Diagnosis of the current situation in industry in matters of industrial cybersecurity, and drawing up an action plan to improve Cybersecurity. Industrial risk and industrial vulnerability analysis. Inventory of the various elements present in key industrial systems. Industrial intrusion test. Analysis of vulnerabilities in web applications. Audits of wireless industrial communication.
- Adapting to industrial Cybersecurity standards. Managing ISO27001 standards, National Security Scheme, PIC, continuous improvement of the cybersecurity process and the like.
- Modelling zones and conducts in Industrial Cybersecurity projects.
- Monitoring perimetre security devices and other industrial devices (Switches, probes, Appliances, industrial firewalls, PLCs, etc.).
- Other projects to significantly increase the level of cybersecurity in industrial companies, and reduce the risk from and vulnerability towards different types of possible attack.
The Basque Government continues to demonstrate its commitment to helping Basque businesses by fostering continuous improvement and competition through the challenge of cybersecurity.