RSSInterested in linking to "Securing Control Systems in Cyberspace"?
You may use the Headline, Deck, Byline and URL of this article on your Web site. To link to this article, select and copy the HTML code below and paste it on your own Web site.
Securing Control Systems in Cyberspace
One of Our Readers Says That Even the ISA99 Memeber Will Say It Is Hard to Quantify Security From Their Security Access Level (SAL) Work
10/02/2012
To cast your vote, log in or become a member. This quick, one-time registration gives you access to members-only site benefits.
1 vote
[Editor's note: The following is a response to a post by Joe Weiss on the "Unfettered" blog, wherein he discussed control system cybersecurity and the appropriate metrics to use to measure its effectiveness. (See "What Is Control System Cybersecurity and What Are the Appropriate Metrics?" )]
I think the ISA99 members would agree that it is hard to quantify security from their security access level (SAL) work. We're still hoping we can do it along with quantifying risk in the future.
A small nit on your IT security comments. IT security is much more than data protection. There are e-commerce systems where the cost of a minute of downtime is known and very high. There are many corporate systems were integrity is extremely important.
ADVERTISEMENT
Both IT and operations cybersecurity are about applying technical and administrative security controls to meet the security objectives. Both also fail if you replace judgement with checklists. You will hear very similar complaints about PCI, as you do with NERC CIP.
Dale Peterson
Digital Bond
To cast your vote, log in or become a member. This quick, one-time registration gives you access to members-only site benefits.
1 vote
