Cybersecurity

Reader feedback: Three key issues correlating to cybersecurity problems outside ICS

A reader says there are three reasons why companies outside the ICS realm are more vulnerable to cybersecurity attacks.

By Amit Kumar

In response to Joe Weiss's blog post (Observations from Advisen Cyber Risk Conference March 3rd in San Francisco): There are at least three key issues correlated to the symptoms of this problem:

  1. Lines of ownership and accountability are generally unclear when it comes to cyber vulnerabilities impacting the ICS infrastructure. The question really is: who is accountable for industrial infrastructure security, and do they have the authority and subject matter expertise to establish the necessary security controls for ICS? What is the governance model associated with the security model?
  2. The primary focus at the organizational level seems to be security for IT systems. The distinction between IT and OT is not well understood. Infrastructure owners have to recognize that compliance does not necessarily equal protection.
  3. Control system cybersecurity requires an interdisciplinary approach. Again, the question is: are businesses investing in their workforce to ensure knowledge sharing and skills enhancement between and across the multiple disciplines of security, IT, OT, cyber, process, etc?

Amit Kumar
akumar@ieee.org

Free Subscriptions

Control Global Digital Edition

Access the entire print issue on-line and be notified each month via e-mail when your new issue is ready for you. Subscribe Today.

controlglobal.com E-Newsletters

Biweekly updates delivering feature articles, headlines with direct links to the top news stories that are critical to staying up to date on the industry — company news, product announcements, technical issues and more. Subscribe Today.