Smart Grid Executive Forum asks about control system cyber security

Dec. 27, 2011

Don McDonnell, the moderator of the Smart Grid Executive Form Linked-In Site had a comment on my blog- "Industrial control systems are reliable and safe, just not secure".  His comments were:

 

Don McDonnell, the moderator of the Smart Grid Executive Form Linked-In Site had a comment on my blog- "Industrial control systems are reliable and safe, just not secure".  His comments were:

"Joe, realizing that you get paid to dispense advice to many on these topics, what is your near term top recommendation to the utility members of SGEF who are responsible for securing control systems? Beyond NERC CIP compliance and programs, what can utility control system managers do to protect their utilities and advance the overall efforts towards greater system security?  As OT (operations technology) and IT (information technology) continue to converge in utility systems, clearly these issues will become more challenging and critical over time."

I would like to make a point of why we are in such a precarious position in securing the grid.  When I managed the EPRI Instrumentation and Controls (I&C) Program, who were our advisors?  Obviously, it was utility I&C managers not IT. Why is it when it comes to securing the same instrumentation and control systems, it is now IT telling us what to do? Consequently my recommendations:

-         Senior management needs to make securing control systems to be as important as securing IT systems and make appropriate resources available.  Senior management also needs to require that IT and Operations must work together as control systems are interconnected with IT systems and also utilize IT technologies at the Human-Machine Interface (HMI)- the Windows machines in control centers and control rooms. Senior management needs to incent IT security with Operational goals and Operations with security goals so each has "skin in the game".

-         Control systems are engineering systems. They must be treated as such with control system expertise (regardless of whether they are used in Smart Grid or non-Smart Grid applications).

-         Control system cyber security policies need to be developed by control system experts as many control systems simply cannot be secured by technological means.

Joe Weiss

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...