DOE Risk Management Process for the Electric Sector - Doesn't DOE understand the difference between IT and Control Systems?

March 5, 2012
DOE has issued for public comment- Electricity SubSector Cybersecurity Risk Management Process dated March 2012.September 2011 DOE issued the first draft of the Electricity SubSector Cybersecurity Risk Management Process document for comments. The document essentially equated IT and ICS.

DOE has issued for public comment- Electricity SubSector Cybersecurity Risk Management Process dated March 2012.

September 2011 DOE issued the first draft of the Electricity SubSector Cybersecurity Risk Management Process document for comments. The document essentially equated IT and ICS.  The only mention of differences between IT and ICS in the new version is the following:

"It is acknowledged that IT and ICS have different cybersecurity requirements. An ICS is primarily concerned with availability. The ICS communication is time critical with specific determination requirements for jitter and latency. Conversely, delays within an IT system database or Web page access are not unexpected by IT users. While the use of encryption or packet authentication is more common with an IT system to protect confidentiality and integrity, the same use in an ICS may reduce the level of ICS performance. The activities at Tier 3 will assist in determining the controls and risk responses that apply to the cybersecurity requirements of the IT and ICS."

The entire Tier 3 section uses the term "IT and ICS" as if the two domains were the same. In Section 5.1.2.2 "Define or Refine Cybersecurity Plans" the reference is to National Rural Electric Cooperative Association and NIST SP 800-18.  Neither of these documents are specific to ICS and there is no reference to ISA99 which provides cybersecurity plan development for ICSs. Appendix A References do not even include ISA99.

Doesn't DOE understand the difference between IT and Control Systems?

Joe Weiss

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...