What is the state of ICS cyber security technology

Much has transpired since I first got involved in ICS cyber security in 2000.  At that time, cyber security was almost universally viewed as an IT problem. There has been a tremendous increase in awareness of the issue. When I held the first Control System Cyber Security Conference in 2002, the only other ICS cyber security discussions were at the ISA Expo where I was holding panel sessions.  That has certainly changed with numerous conferences, articles from many experts (including many I have never heard of), and legislation now aimed at securing ICSs.

There has been significant improvement in securing the Windows-based Human-Machine Interface - HMI.  There are now many companies offering firewalls, IDS/IPS, and other Windows solutions that have been modified (I hope) for ICS applications.  Assuming these solutions have been tested in ICS applications, this should certainly help.  The down side is applying IT solutions that have not been tested in ICS applications. Unfortunately, this has already happened with negative consequences to the ICSs. The appropriate technologies applied appropriately (notice both need to be addressed) should help reduce the risk from typical IT threats either aimed at the ICS HMI or through the unintended consequences of connecting ICS HMIs to Corporate networks (lack of airgaps).

There has also been the establishment of a cottage industry in compliance monitoring and reporting to meet NERC CIP requirements. 

However, work is still needed in securing the Programmable Logic Controllers (PLCs) and other resource-constrained, deterministic field devices that could cause devastating failures and loss-of-life. This includes both Internet Protocol (IP) and serial communications. Many of the high impact cyber incidents to date including Stuxnet and Aurora were control system issues that would not be addressed by existing IT or even many of the ICS HMI solutions. There is also a need to identify what an ICS cyber attack would look like (Stuxnet was obviously not detected as it was in the wild for more than a year). As with the HMI, the appropriate ICS technologies applied appropriately should help reduce cyber risk and improve safety and reliability. I will have several vendors presenting control system solutions that I believe address important security issues at the September ACS Conference.  

Joe Weiss