There is a lack of adequate engineering considerations for cyber security of control systems

There are millions of installed Purdue Reference Model Level 0,1 field devices (e.g., process sensors, actuators, and drives) and networks in field installations in process control, manufacturing, commercial buildings, and defense applications. Many of these devices and networks serve critical control and safety applications. However, many of these field devices and networks do not meet the defined cyber security requirements in standards such as IEC62443-4-2 - Security for Industrial Automation and Control Systems – Technical security requirements for IACS components. In general, these devices and networks cannot be upgraded to meet the cyber security requirements easily, if at all, including for IOT and Industrie4.0 applications. As a result, ISA99 formed a new Task Group, 99.04WG4TG7, to address the Purdue Reference Model Level 0,1 devices as there is inadequate cyber security guidance. What has been evident since the initial meetings of the Task Group is there is still a lack of understanding by many of what makes these field devices and associated networks unique from a cyber security perspective. Beyond the Level 0,1 considerations, there is a need to address the cyber security of the entire control loop from sensors/analyzers, to controllers, to HMIs (and associated Ethernet networks), to final elements (actuators) - the SYSTEM.  However, I believe the cyber security focus in IEC62443-4-2 and other industry standards (ISA, IEEE, CIGRE, and others) has been on the network, not the SYSTEM. There have been control system cyber incidents affecting each of part of the control SYSTEM including unintended/unexpected system interactions. Level 0,1 is an issue, but not the only issue. The IT mantra is the system is only as secure as the weakest link. Yet, too many people continue to ignore the control system weak links if they are not Ethernet network-related. Consequently, I believe good engineering principles and practices have been neglected when it comes to control system cyber security that not only affects cyber security but also safety. How can you perform a nuclear or non-nuclear (HazOp) safety analyses if you haven't adequately addressed the cyber-induced system interactions and cyber security at all Purdue Reference Model levels including Level 0,1 devices?

Joe Weiss