Are we asking too much of existing industrial control systems?

If you ask users of industrial control system if they meet their design and performance requirements, I think you will find the answer is a resounding yes.  However, if you ask security personnel if they are secure, you will probably get a resounding no. What needs to be understood is that control systems do a very good job of what they were designed to do – performance - but a poor job of not doing what they weren’t designed to do - security (notice the double negative). Unfortunately, bolting on security can, and has, caused unforeseen problems.  Moreover, it is not clear these bolt-on security solutions have actually provided additional security. I continue to believe control system cyber security is primarily a “people problem”. Until the culture changes from the top down and appropriate control system policies and procedures are developed, I see little chance to significantly improve cyber security of industrial control systems.

Joe Weiss 

Join the discussion

We welcome your thoughtful comments. Please comply with our Community rules.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.


No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments