1. Home

IEEE Computer article – “Does Security Trump Reliability”

Jan. 1, 2000

The October 2013 issue of IEEE Computer magazine has an article titles “Does security trump reliability?” The question of security vs reliability/safety is a critical one for industrial control systems (ICSs). For ICSs, security and reliability are NOT equals - reliability and safety MUST win or the system doesn’t work and the hackers have won without even trying. The real question is how close can the trade-off be made between reliability and security. The question of security vs reliability/safety really goes to the heart of one the major differences between and IT and ICSs and must be correctly answered if lights are to remain on, water flowing, etc.

The November 2013 issue of IEEE Computer magazine has an article titles “Does security trump reliability?” The question of security vs reliability/safety is a critical one for industrial control systems (ICSs). For ICSs, security and reliability are NOT equals - reliability and safety MUST win or the system doesn’t work and the hackers have won without even trying. The real question is how close can the trade-off be made between reliability and security. 

The title of my book is Protecting Industrial Control Systems from Electronic Threats. Since reliability must win, it becomes “rocket science” to protect these systems.  The trade-offs between reliability/safety and security make it rocket science as so many existing IT security solutions cannot be used without impacting the performance of the ICSs.

The question of security vs reliability is also one of the drivers for the International Society of Automation (ISA) needing to develop standards for ICS cyber security (the ISA99/IEC62443 set of standards of which I am the Managing Director).

Considering the negative impact security has had on control system reliability, you might find the summary of the recent ICS Cyber Security Conference held at Georgia Tech to be of interest - www.controlglobal.com/unfettered.  One of the case histories discussed was a security patch causing the LOSS OF CONTROL of a large industrial turbine providing power to a large industrial complex! This case led to significant discussions concerning the issues involved in implementing security (in this case patches) without impacting the reliability of the systems. One of the major drivers for the ICS Conference over the past 13 years has been to improve the understanding between the ICS and IT communities as they have the precise disparate goals as the above question – IT is focused on security and ICS focuses on reliability and safety. 

I am currently working with the ONLY utility in the US willing to be a test bed for evaluating ICS cyber security solutions for RELIABILITY! The questions are why is this the only one and why isn’t there more participation.

The question of security vs reliability/safety really goes to the heart of one the major differences between and IT and ICSs and must be correctly answered if lights are to remain on, water flowing, etc.

 Joe Weiss

Continue Reading

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.

Latest from Home

Most Read

Sponsored