Process industry initiative to develop standards-based, secure control systems - looking for utility support

Feb. 2, 2017

The process industry initiative to develop a standards-based, secure-by-design control system is getting interest from many different industry sectors. Unfortunately, there are no electric utilities participating. February 28th, I will be participating in a webinar with the ExxonMobil Chief Engineer to discuss the initiative and what it means to power utilities - http://www.opengroup.org/events/our-webinars

For years, many organizations in multiple industries have expressed the need for standards-based, secure control systems. This need is driven by the painful steps needed to upgrade control systems, even from the same vendors, and the lack of secure-by-design control systems from most of the control system suppliers (one exception). ExxonMobil recognized the lack of vendor support to address the need for standards-based, secure by design control systems for process control applications (the plant distributed control systems used in fossil and nuclear power plants). Because of ExxonMobil’s dependence on control systems, ExxonMobil is very concerned about the lack of control system cyber security. Consequently, ExxonMobil approached The Open Group to initiate a new open standards activity for a standards based, secure control system. This is not unique to industry as Admiral Rogers in his keynote to the October 2016 ICS Cyber Security Conference stated that secure control systems need to be designed to be secure from the beginning and not utilize “bolt-on” cyber technologies. Also at the Conference, Don Bartusiak, the ExxonMobil Chief Engineer, reiterated that cyber security cannot be a bolt-on solution but must be part of the initial design. Unfortunately, the need for secure, standards-based control systems has been viewed as an industry-specific, not general effort.

From March to September 2016, ExxonMobil and staff of The Open Group worked to build a “coalition of the willing” comprising end-users in the process control industries and their key suppliers (which are also the key suppliers to the electric industry). As the information about this effort became more public, it was obvious there was interest from many different industry sectors who use similar systems from the same community of suppliers in their process control environments. Unfortunately, there are no electric utilities participating. February 28th, I will be participating in a webinar with the ExxonMobil Chief Engineer to discuss the initiative and what it means to power utilities - http://www.opengroup.org/events/our-webinars

Joe Weiss