1660602883277 Cg1210cybersafety

Securing Control Systems in Cyberspace

Oct. 2, 2012
One of Our Readers Says That Even the ISA99 Memeber Will Say It Is Hard to Quantify Security From Their Security Access Level (SAL) Work

[Editor's note: The following is a response to a post by Joe Weiss on the "Unfettered" blog, wherein he discussed control system cybersecurity and the appropriate metrics to use to measure its effectiveness. (See "What Is Control System Cybersecurity and What Are the Appropriate Metrics?" )]

I think the ISA99 members would agree that it is hard to quantify security from their security access level (SAL) work. We're still hoping we can do it along with quantifying risk in the future.

A small nit on your IT security comments. IT security is much more than data protection. There are e-commerce systems where the cost of a minute of downtime is known and very high. There are many corporate systems were integrity is extremely important.

Both IT and operations cybersecurity are about applying technical and administrative security controls to meet the security objectives. Both also fail if you replace judgement with checklists. You will hear very similar complaints about PCI, as you do with NERC CIP.

Dale Peterson
Digital Bond

Sponsored Recommendations

Municipalities are utilizing inline total solids measurements to enhance sludge thickening, lower polymer usage and cut operational expenses.
Carbon dioxide is increasingly recognized as a vital resource with significant economic potential. While the conversion of carbon dioxide into products is still in its infancy...
Discover our wide range of temperature transmitters that convert sensor signals from RTDs and thermocouples into stable and standardized output signals!
An innovative amine absorption-based carbon capture process enables retrofitting of existing industrial facilities to reduce emissions in hard-to-abate sectors, with advanced ...