Thoughts on DHS Metrics Primer

    Aug. 13, 2009

    The June 2009 DHS Primer Control Systems Cyber Security Framework and Technical Metrics report is meant to address a critical missing link – metrics for control system cyber security. It is a good start. My comments come from the perspective of how does this Primer address actual control system cyber incidents.  That statement leads to my first concern – most control system cyber events are incidents not attacks. Many of these actual incidents have caused significant damage and yet did not violate IT security policies. However, the Primer is focused on malicious IT-type attacks. Another concern is security knowledge. According to the Primer, “The security group represents those people in an organization who are directly responsible for the cyber security of the control systems.” Many security groups are staffed by IT-trained security experts. There are very few people that actually understand control system cyber and most are not in the security group. There have already been numerous cases where the security organization CAUSED the control system cyber incident. Not only does the metric not account for this, having the wrong people doing the wrong things should lead to a NEGATIVE metric. The final concern is the Primer simply does not recognize the unique issues with legacy control systems. Many systems cannot take complex passwords. Many systems simply cannot be patched expeditiously, if at all.

    I am simply not seeing much coming out of the DHS Control Systems Cyber Security Program to address legacy control system issues or the actual incidents that have occurred.

    Joe Weiss

    Continue Reading

    Sponsored Recommendations

    Municipalities are utilizing inline total solids measurements to enhance sludge thickening, lower polymer usage and cut operational expenses.
    Carbon dioxide is increasingly recognized as a vital resource with significant economic potential. While the conversion of carbon dioxide into products is still in its infancy...
    Discover our wide range of temperature transmitters that convert sensor signals from RTDs and thermocouples into stable and standardized output signals!
    An innovative amine absorption-based carbon capture process enables retrofitting of existing industrial facilities to reduce emissions in hard-to-abate sectors, with advanced ...

    Latest from Home

    Source: Endress+Hauser
    Endress+Hauser’s local and regional outreach efforts include collaborating with k-12 schools, colleges and universities, and its larger communities, via its Community Career+Education Forum (CCEF) that’s been held annually since 2014. These events were joined in 2022 by its Design & Innovation Studio program for coding, 3D modeling, robotics and automation.
    Source: CPET and San Jacinto College
    Figure 1: The 32-ft, propylene glycol distillation and recycling unit at LyondellBasell’s Center for Petrochemical Energy & Technology (CPET) at San Jacinto College in Pasadena, Texas, includes an eight tray column, DeltaV DCS, cooling water, boiler and reverse osmosis utilities, and 72 I/O with smart Rosemount transmitters. CPET’s glass pilot plant has two tank farms, feeding four process units, and all-glass and -acrylic components for easier observation.

    Most Read

    Sponsored