The broken record - why do people who don't understand ICSs still continue to speak for ICS cyber security

    Dec. 31, 2012
    Would anyone with a heart condition go to an orthopedist to check on their heart? An internist and orthopedist are both doctors, but they certainly have different specializations. The fact that someone understands IT security does not make them an ICS cyber security expert. Two different items are driving this rant:
    - The SGIP effort to look at IEC62443 (this is ISA99). IEC62443 is an ICS cyber security standard and yet many of the people making comments are not familiar with the unique issues of ICSs. If they are, their comments certainly appear incongruous.

    Would anyone with a heart condition go to an orthopedist to check on their heart? An internist and orthopedist are both doctors, but they certainly have different specializations. The fact that someone understands IT security does not make them an ICS cyber security expert. Two different items are driving this rant:
    - The SGIP effort to look at IEC62443 (this is ISA99). IEC62443 is an ICS cyber security standard and yet many of the people making comments are not familiar with the unique issues of ICSs. If they are, their comments certainly appear incongruous.
    - The Pennwell Cybersecurity Roundtable: Are We Safe? Participants were the CEO of PEPCO, the energy security lead for IBM's Security Systems Division, an information security expert who served as a computer scientist for the National Security Agency (NSA), and the chief product and marketing officer for GlobalSign. None of these people are ICS experts much less ICS cyber security experts. Their recommendations were general in nature and none were specific to the needs of securing the field controllers.

    There was a reason the October ICS Cyber Security Conference held a panel session on ICS cyber security functional requirements with ICS experts (a first). That is because there is more to securing an ICS than just securing a network or having a digital certificate (Stuxnet proved both of those points). Yet none of the Rountable participants, or their representatives, demonstrated a willingness to learn about ICS security by attending.

    Joe Weiss

    About the Author

    Joe Weiss | Cybersecurity Contributor

    Joe Weiss P.E., CISM, is managing partner of Applied Control Solutions, LLC, in Cupertino, CA. Formerly of KEMA and EPRI, Joe is an international authority on cybersecurity. You can contact him at [email protected]

    Email

    Continue Reading

    Sponsored Recommendations

    Municipalities are utilizing inline total solids measurements to enhance sludge thickening, lower polymer usage and cut operational expenses.
    Carbon dioxide is increasingly recognized as a vital resource with significant economic potential. While the conversion of carbon dioxide into products is still in its infancy...
    Discover our wide range of temperature transmitters that convert sensor signals from RTDs and thermocouples into stable and standardized output signals!
    An innovative amine absorption-based carbon capture process enables retrofitting of existing industrial facilities to reduce emissions in hard-to-abate sectors, with advanced ...

    Latest from Home

    Control Talk September 2025 cartoon
    shutterstock_2286850243
    A group of powerful electric motors. Electric drive of industrial equipment. Abstract industrial background.

    Most Read

    Sponsored