The need for secure, standards-based control systems

Many people have been expressing the need for standards-based, secure control systems for years. This need is driven by the painful steps needed to upgrade control systems, even from the same vendors, and the lack of secure-by-design control systems from most of the control system suppliers. Admiral Rogers in his keynote to the October 2016 ICS Cyber Security Conference (see November 1st Unfettered blog) stated that secure control systems need to be designed to be secure from the beginning and not utilize “bolt-on” cyber technologies. Also at the Conference, Don Bartusiak, the ExxonMobil project manager, stated that cyber security cannot be a bolt-on solution but must be part of the initial design. Unfortunately, the need for secure, standards-based control systems has been viewed as an industry-specific, not general effort. However, in early 2016, having seen how a similar Open Group standards effort transformed the avionics industry, ExxonMobil approached The Open Group to initiate a new open standards activity for a standards based, secure control system. (see From March to September 2016, ExxonMobil and staff of The Open Group established a “coalition of the willing” comprising end-users in the process control industries and their key suppliers. As the information about this effort became more public, it was obvious there was interest from many different industry sectors who use similar systems from the same community of suppliers in their process control environments. The Open Group blog identifies the interested parties to date. This is a project whose time has come, in fact, is well over-due.

Joe Weiss