First article of 3-part Cyber Observatory series on control system cyber security published

Nov. 10, 2020
I have prepared a three-part series for the Cyber Observatory with the first part describing the history of control system cyber security and differences between control systems and networking. Part 1 can be found at https://cyberstartupobservatory.com/the-need-to-change-the-paradigm-of-control-system-cyber-security-part-1-background/ . The second part will provide actual control system cyber incidents to demonstrate control system cyber security is a real issue. It will also address the lack of control system cyber incident information sharing, control system cyber forensics, and the need for cyber security training for the engineers. The third part will address the hole in control system cyber security – the lack of cyber security, authentication, and cyber logging in Purdue Reference Model Level 0,1 devices (e.g., process sensors, actuators, drives, etc.).

There have been many articles, webinars, surveys, and books on cyber security of Operational Technology (OT) networks and control systems. I put them into three bins. The first bin includes those presentations, papers, webinars, and surveys that apply to “keeping lights on and water flowing”. The second bin includes those presentations,  papers, webinars, and surveys that apply to Operational Technology (OT) networks but do not include “keeping lights on and water flowing”. This is generally where the IT/OT convergence discussions lie. The third bin are those presentations, papers, webinars, and surveys that are factually not correct or not applicable to control systems. Unfortunately, there are very few articles, discussions, books, webinars, or surveys that fit into the first bin. Most fit into the second bin. Consequently, I have prepared a three-part series for the Cyber Observatory with the first part describing the history of control system cyber security and differences between control systems and networking. Part 1 can be found at https://cyberstartupobservatory.com/the-need-to-change-the-paradigm-of-control-system-cyber-security-part-1-background/ . The second part will provide actual control system cyber incidents to demonstrate control system cyber security is a real issue. It will also address the lack of control system cyber incident information sharing, control system cyber forensics, and the need for cyber security training for the engineers. The third part will address the hole in control system cyber security – the lack of cyber security, authentication, and cyber logging in Purdue Reference Model Level 0,1 devices (e.g., process sensors, actuators, drives, etc.). Without the ability to validate the integrity and authenticity of the sensor input, OT cyber security, predictive maintenance, and process safety is based on untrusted input.

Joe Weiss

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...