1. Home

The broken record - why do people who don't understand ICSs still continue to speak for ICS cyber security

Dec. 31, 2012
Would anyone with a heart condition go to an orthopedist to check on their heart? An internist and orthopedist are both doctors, but they certainly have different specializations. The fact that someone understands IT security does not make them an ICS cyber security expert. Two different items are driving this rant:
- The SGIP effort to look at IEC62443 (this is ISA99). IEC62443 is an ICS cyber security standard and yet many of the people making comments are not familiar with the unique issues of ICSs. If they are, their comments certainly appear incongruous.

Would anyone with a heart condition go to an orthopedist to check on their heart? An internist and orthopedist are both doctors, but they certainly have different specializations. The fact that someone understands IT security does not make them an ICS cyber security expert. Two different items are driving this rant:
- The SGIP effort to look at IEC62443 (this is ISA99). IEC62443 is an ICS cyber security standard and yet many of the people making comments are not familiar with the unique issues of ICSs. If they are, their comments certainly appear incongruous.
- The Pennwell Cybersecurity Roundtable: Are We Safe? Participants were the CEO of PEPCO, the energy security lead for IBM's Security Systems Division, an information security expert who served as a computer scientist for the National Security Agency (NSA), and the chief product and marketing officer for GlobalSign. None of these people are ICS experts much less ICS cyber security experts. Their recommendations were general in nature and none were specific to the needs of securing the field controllers.

There was a reason the October ICS Cyber Security Conference held a panel session on ICS cyber security functional requirements with ICS experts (a first). That is because there is more to securing an ICS than just securing a network or having a digital certificate (Stuxnet proved both of those points). Yet none of the Rountable participants, or their representatives, demonstrated a willingness to learn about ICS security by attending.

Joe Weiss

About the Author

Joe Weiss | Cybersecurity Contributor

Joe Weiss P.E., CISM, is managing partner of Applied Control Solutions, LLC, in Cupertino, CA. Formerly of KEMA and EPRI, Joe is an international authority on cybersecurity. You can contact him at [email protected]

Email

Continue Reading

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...

Latest from Home

Woman, mentor and whiteboard in office for training, teaching and learning for skill or career development
Construction worker man in protective suit and reflective green vest standing with building structure in the background
Electricity and electrical maintenance service, Engineer hand holding AC voltmeter checking electric current voltage at circuit breaker terminal and cable wiring main power distribution board.

Most Read

Sponsored