Expert interview: CyberCompare talks Cybersecurity with Vijay Ratnaparkhe, CIO of Robert Bosch GmbH

Vijay Ratnaparkhe

Vijay Ratnaparkhe is the CIO of the Robert Bosch GmbH. Previously, he was President and Managing Director of Robert Bosch Engineering & Business Solutions India. In this role, he was responsible for the software development centers in Bangalore and Coimbatore in India, Ho Chi Minh City in Vietnam, and Guadalajara in Mexico since 2010. Earlier, he completed his education with a Master of Technology from the Indian Institute of Technology in Mumbai.

Dear Vijay, you lead the global Bosch IT organization. How many users and locations does your organization support worldwide?

We support around 300.000 users with their IT-workplaces and more than 360 locations worldwide. At around 325 locations we are actually working on site.

Being responsible for this complexity– how to really keep the overview about the relevant IT programs and the balance between stable and secure operations as well as required transformation projects?

This only works in close collaboration with all stakeholders: There is the Corporate Security Governance for our Bosch security strategy and the operations teams of our Corporate IT: Here we work closely with the security experts from ETAS GmbH. To ensure that everything is running smoothly, communication is key. For major security topics we establish programs to bring these experts together in a common team under one common goal.

When you talk to other CIOs or the Bosch executive management – do you think that the awareness for cybersecurity has changed during the past few years?

The awareness for cybersecurity as well as the level of threat has increased worldwide over the years. One of the reasons is the flexibility we have, today, to access information: more applications and better user experience as the world adopts ever more digital technologies. The heightened leverage of digital technology creates opportunities on one hand and threat on the other hand.

Security has a lot of dimensions: rather organizational and process-focused measures like guidelines & governance; more technical topics like nextGen Firewall & Endpoint Security up to people-centric approaches with awareness & phishing campaigns or trainings. How do you find the best mix of suitable measures?

I would refer to our Bosch Corporate Security Governance. We follow standards like ISO27000 which is structuring our Information Security Management System and we derive measures with risk-based approaches. As leading automotive supplier, we of course follow the Trusted Information Security Assessment Exchange (TISAX). TISAX is a standard for information security defined by the automotive industry.

In addition to the stand standards, it is very important to always stay very close to the technology and cybersecurity provider network to understand latest technologies.

Here we also face challenges of course: For instance, the size of Bosch when it comes to rollouts of new technologies or hardware components – the financial or technical impact can be huge. Or in the field of OT Security with the relatively low standardization in machines and equipment.

Therefore, we like to try-out new cybersecurity products as Proof of Concepts e.g. within selected plants or locations and develop global rollout approaches.

As you refer to OT: one of our focus topics is OT and IoT Security: why can’t Bosch adapt all IT security standards 1:1 to our production and logistics areas?

Because our machinery & equipment comes with a completely different degree in standardization. This is caused by the extremely long lifecycle of 15 – sometimes more than 30 years. We modernize and patch wherever possible, but if you still have Windows computers which are out of support, this won’t help.

Also, legacy systems must be treated differently: often we cannot install programs due to liability to the machine vendor. Downtimes are not accepted. Strong network segmentation, isolation of the affected machines and secure remote access is crucial. To solve this problem, we developed our Bosch-own solution together with partners: Remote Shopfloor Access.

Again, to tackle these challenges, collaboration is key! We are in close exchange with the Bosch Corporate Department for OT Security to align on required measures and adjustments for IT tools like for example asset management.

Formerly you led Bosch Engineering in India with >20.000 developers and IT experts incl. a strong expertise in security. How would you see the threat of cyber-attacks in India? Is this growing comparably as in Europe?

Threat of cyber-attacks in India would not be far different from elsewhere if you see it from a point of view of a business such as ours.  One of the dimensions of India that we must, however, consider, is the younger and IT enthusiastic population. Hence there is more opportunity to create defense centers or services leveraging the talent available against these cyber threats.

Is cybersecurity a topic of interest for your company? As an independent entity with a portfolio of proven security providers, CyberCompare can provide you with comparative offers at no charge and with no obligation. Reach out to us or use our diagnostic to learn more about your cyber risk profile.

Please remember: this article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.

And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.