ICS Cyber Security – where is the American Society of Mechanical Engineers (ASME)

March 25, 2014
The March 2014 issue of ASME’s Mechanical Engineering magazine had an article entitled "The Internet of Very Big Things". The article focused on the productivity and safety benefits of connectivity, including to the Internet. The discussion on security was either not correct or misleading.  This is not the first time that ASME appears to have missed the boat on ICS cybersecurity. Having been involved in ICS standards since 2000, it has been evident to me that ASME has been missing in action. What will it take to get ASME involved?

The March 2014 issue of ASME’s Mechanical Engineering magazine had an article entitled "The Internet of Very Big Things". The article focused on the productivity and safety benefits of connectivity, including to the Internet. The organizations used as examples of using remote connectivity are not participating in the ISA99 control system cybersecurity efforts. Moreover, the discussion on security was either not correct or misleading.  This is not the first time that ASME appears to have missed the boat on ICS cyber security. I had a discussion with one of the ASME magazine editors in 2001 after the 9/11 attacks when Mechanical Engineering had an editorial on security and didn’t mention cyber. The idea of connecting control systems from nuclear plants, water treatment facilities, wind turbines, pipelines, etc directly to the Internet has potentially horrifying downsides and needs to be reassessed.

Having been involved in ICS standards since 2000, it has been evident to me that ASME has been missing in action. When I have given lectures at various universities, the Mechanical Engineering Departments have not been involved even though computer-aided engineering and control system design and theory are parts of most Mechanical Engineering curricula. What will it take to get ASME involved?

Joe Weiss