1660602883277 Cg1210cybersafety

Securing Control Systems in Cyberspace

Oct. 2, 2012
One of Our Readers Says That Even the ISA99 Memeber Will Say It Is Hard to Quantify Security From Their Security Access Level (SAL) Work

[Editor's note: The following is a response to a post by Joe Weiss on the "Unfettered" blog, wherein he discussed control system cybersecurity and the appropriate metrics to use to measure its effectiveness. (See "What Is Control System Cybersecurity and What Are the Appropriate Metrics?" )]

I think the ISA99 members would agree that it is hard to quantify security from their security access level (SAL) work. We're still hoping we can do it along with quantifying risk in the future.

A small nit on your IT security comments. IT security is much more than data protection. There are e-commerce systems where the cost of a minute of downtime is known and very high. There are many corporate systems were integrity is extremely important.

Both IT and operations cybersecurity are about applying technical and administrative security controls to meet the security objectives. Both also fail if you replace judgement with checklists. You will hear very similar complaints about PCI, as you do with NERC CIP.

Dale Peterson
Digital Bond

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.