An Executive Order (EO) on cybersecurity has been desperately needed. However, the May 12, 2021 EO did not address the unique issues associated with control systems. It was evident reading the EO there were no CONTROL SYSTEM cyber security experts that either participated or had their input used. In fact, the terms SCADA, industrial control systems, control systems, and cyber-physical systems were never used and IOT was only addressed for consumer applications. Consequently, the EO exacerbated the cultural gap between network and engineering. The EO’s limitations were demonstrated by examining a number of actual critical infrastructure cyberattacks (including SolarWinds and the Colonial Pipelines) and showing the EO would not address the control system-unique issues. (I did not address the inadequacy of the EO responding to unintentional control system cyber incidents). The impacts of not addressing these cyberattacks could have devastating impacts on US federal facilities as well as the US economy (these issues are not unique to the US). The control system cyber security gaps in the EO need to be reconsidered before it is too late.
No discussions yet. Start a discussion below.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.