I did a podcast for Geoffrey Cann’s Digital Innovations in Oil & Gas. The podcast was on the culture issues between engineering and network security and the need to have engineering be part of the cyber security policy-making process. The podcast can be found at https://digitaloilgas.libsyn.com/why-oil-and-gas-lags-in-cyber-and-what-to-do-about-it
November 15, 2022, Dale Peterson in his Tuesday blog referred to a Chief Information Security Officer (CISO) stating that “like it or not, the days of Operations being responsible for OT cybersecurity and cyber risk are fading away. The Board and CEO are increasingly pointing at the CISO when OT cybersecurity issues arise.” This makes sense with the current cyber security focus on attacks against IP networks. However, this approach seems to have crowded out interest in unintentional incidents and engineering-based cyberattacks that don’t fit the familiar IT model. Moreover, the IP-network focus approach has contributed to control system impacts from using inappropriate network security technologies, testing, and training on control system networks and field devices.
