The continuing lack of understanding of Level 0,1 device security and safety

Feb. 16, 2018

Separating ICS cyber security safety risk from cyber security economic risk has to be done at Level 0,1. This gives management the ability to make better business decisions. Additionally, the latest safety standards requiring ICS cyber security risk assessments, yet there are no explicit Level 0,1 considerations in the standards. Cyber security of Level 0,1 devices requires much more attention - and soon.

February 13-15, 2018 I participated in the 2018 ARC Industry Forum – Digitizing and Securing Industry, Infrastructure, and Cities. There was a separate cyber security track Monday and Tuesday-Thursday were embedded cyber security presentations. With the exception of our session on Thursday, all of the cyber sessions were network-focused. Many of the security practitioners continue with the mantra: “you can’t be safe if you are not secure”. However, since none of the Purdue Reference Model Level 0,1 devices (process sensors, actuators, and drives) have any security, that would mean there is no safety!  Consequently, Dave Bennett and I spoke about the cyber security considerations of Level 0,1 devices. The question most people ask is if process sensors, actuators, and drives can actually be remotely compromised. The answer is yes.  Dave gave a great presentation illustrating the process risk from compromising Level 0,1 devices. Dave outlined a method to separate ICS cyber security safety risk from cyber security economic risk. This has to be done at Level 0,1. This gives management the ability to make better business decisions. Additionally, there were discussions about the latest safety standards requiring ICS cyber security risk assessments, yet there are no explicit Level 0,1 considerations in the standards. Cyber security of Level 0,1 devices requires much more attention - and soon.

Joe Weiss

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Why should American-Made Products be a top priority?

Within this white paper, Shalabh “Shalli” Kumar, founder of AVG Advanced Technologies, stresses the importance of prioritizing American-made products to safeguard the country'...