Engineering expertise is needed to secure control systems

July 20, 2018
Network cyber security (IT and OT) is necessary, but NOT sufficient to secure control systems. Securing control systems require an engineering understanding of the systems and their impact, yet the engineers have not been adequately involved. There was a desire expressed by several key individuals about NSPE talking a more active role in control system cyber security.

July 19, 2018, I gave a presentation on control system cyber security to the National Society of Professional Engineers (NSPE) in Las Vegas. This presentation as well as my blog, https://www.controlglobal.com/blogs/unfettered/cyber-security-of-sensors-are-not-being-addressed-and-vulnerabilities-are-not-correlated-to-system-impacts/, was a response to the network-centric view of cyber security, including for control systems. Network cyber security (IT and OT) is necessary, but NOT sufficient to secure control systems. Process sensors, actuators, and drives and their lower level networks have minimal to no security nor authentication. These devices are the control system end devices and are not the same as IT end devices. Moreover, these tens of millions of devices may not be able to be updated to what is considered minimally acceptable cyber security. This was the stimulus for ISA99 to form a task group to reassess the adequacy of the IEC62443 series of standards for field devices and field device networks (TG7). These engineering systems directly affect process reliability and safety. They require an engineering understanding of the systems and their impact, yet the engineers have not been adequately involved. As control system cyber security affect industries as diverse as power grids, process plants, pipelines, manufacturing, transportation, and defense, it affects multiple standards organizations such as ISA, ASME, IEEE, API, NERC, ANSI, CIGRE, etc. I believe my NSPE presentation stimulated interest in the engineering profession taking a more active role in securing control systems. There was a desire expressed by several key individuals about NSPE talking a more active role in control system cyber security.

Joe Weiss

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.