The broken record - why do people who don't understand ICSs still continue to speak for ICS cyber security

Dec. 31, 2012
Would anyone with a heart condition go to an orthopedist to check on their heart? An internist and orthopedist are both doctors, but they certainly have different specializations. The fact that someone understands IT security does not make them an ICS cyber security expert. Two different items are driving this rant:
- The SGIP effort to look at IEC62443 (this is ISA99). IEC62443 is an ICS cyber security standard and yet many of the people making comments are not familiar with the unique issues of ICSs. If they are, their comments certainly appear incongruous.

Would anyone with a heart condition go to an orthopedist to check on their heart? An internist and orthopedist are both doctors, but they certainly have different specializations. The fact that someone understands IT security does not make them an ICS cyber security expert. Two different items are driving this rant:
- The SGIP effort to look at IEC62443 (this is ISA99). IEC62443 is an ICS cyber security standard and yet many of the people making comments are not familiar with the unique issues of ICSs. If they are, their comments certainly appear incongruous.
- The Pennwell Cybersecurity Roundtable: Are We Safe? Participants were the CEO of PEPCO, the energy security lead for IBM's Security Systems Division, an information security expert who served as a computer scientist for the National Security Agency (NSA), and the chief product and marketing officer for GlobalSign. None of these people are ICS experts much less ICS cyber security experts. Their recommendations were general in nature and none were specific to the needs of securing the field controllers.

There was a reason the October ICS Cyber Security Conference held a panel session on ICS cyber security functional requirements with ICS experts (a first). That is because there is more to securing an ICS than just securing a network or having a digital certificate (Stuxnet proved both of those points). Yet none of the Rountable participants, or their representatives, demonstrated a willingness to learn about ICS security by attending.

Joe Weiss

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.