The week of Sept. 11, 2001, I was in Houston along with 40,000 others for the ISA Expo. On Sept. 9, I was made an ISA Fellow. On Sept. 10, we held two sessions on control systems (there was no such term as OT at the time) cybersecurity that were well attended by the engineers with minimal IT attendance because on Sept. 10, control system cybersecurity was a business imperative (as you can't make things if the control systems don't work). On Sept. 11, I was scheduled to take a tour of NASA's Johnson Space Flight Center that was cancelled after the planes crashed into the Twin Towers. It took three days before I could get a rental car to drive back to San Jose – there were no planes flying.
Get your subscription to Control's tri-weekly newsletter.
There should have been many lessons learned from 9/11. Three of the most important were connecting the dots, lack of imagination, and having multidisciplinary teams involved. When it comes to control system cybersecurity, those lessons have not been learned.
