It is possible to build a more secure control system

I have often been asked if it is possible to build a more secure control system. Because most initial control system designs did not adequately address cyber security, adding cyber security has been by “bolt-on” additions. “Bolt-on” additions can improve cyber security by adding functions such as white-listing but may not address inherent control system design cyber vulnerabilities such as unauthorized control logic changes. However, there is at least one control system vendor that has addressed cyber security as part of its initial design – Bedrock. I think it is important to acknowledge that it is possible to build a more secure control system from initial design that addresses known control system cyber vulnerabilities.

Joe Weiss  

Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.


  • Easy to say that how Joe ... hind-sight is always 20-20! I am impressed with what Bedrock has done, but remember, it is consider "secure by design" based on today's view of security. It doesn't sound like you have been directly involved with the ICS system product design. Having spent 17 years at one of the leading vendors, I was involved in the specification and design of 3 different generations of high-performance ICS systems, and let me tell you, it is not as easy as you make it sound! Back in the early 90's when we moved from proprietary to COTS, Unix (which failed to gain widespread acceptance) and then Windows NT was to provide enormous improvements to both operability and security of control systems based on what we knew at that time. It did - then! Today we look back and laugh! System design will never be able to keep up with the rapidly changing threat landscape, and for that reason, people need to stop focusing on the "component design" so much, and focus more on safe, secure and reliable "system engineering, integration, and maintenance". This is going to be the only answer that will address not only the trillions of dollars of installed base, but also ensuring that even new systems remain resilient throughout their life cycle.


RSS feed for comments on this page | RSS feed for all comments