Another post from Joe Weiss--

May 14, 2007
There are a number of industry organizations and conferences focusing on control system cyber security for specific industries. In some cases, this insular approach is not rigid. In other cases such as nuclear power, this approach has been applied to an extreme.Technically, there is more commonality between control systems, control system suppliers, and control system communication protocols between different industries than the IT infrastructure within a com...
There are a number of industry organizations and conferences focusing on control system cyber security for specific industries. In some cases, this insular approach is not rigid. In other cases such as nuclear power, this approach has been applied to an extreme.Technically, there is more commonality between control systems, control system suppliers, and control system communication protocols between different industries than the IT infrastructure within a company. This was the rationale for ISA establishing SP99 to address control system cyber security on an industry-independent basis. Common control system policies, procedures and cyber vulnerabilities apply to electric power, water, oil/gas, chemicals, manufacturing, etc. However, the 80-20 rule is alive and well. That is, the majority of the efforts in ISA SP99 will be directly applicable to the control system environment. (The Corporate IT environment is assumed to have been independently addressed). Consequently, each industry should review the generic approaches so that unique issues such as reporting requirements or, in some cases, unique technical issues are addressed. The same issue applies to identification and/or reporting of vulnerabilities. There are only a limited number of control system suppliers, system integrators, control system communication protocols, and architecture designs. Generally, cyber vulnerabilities in one industry could potentially impact other industries utilizing the same equipment, protocols, and/or architectures. Focusing on any one industry diminishes the value of information sharing. You can contact Joe Weiss at [email protected]

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.