Network security often does not view control system devices and the process as their problem
- Apr 7, 2021 10:00 am GMTApr 7, 2021 10:10 am GMT
- 178 views
Because of my relationship of being Managing Director of ISA99 and a member of the ISA84.09 working group, I wanted to state that this blog, and all my others, are my personal views and do not necessarily represent ISA.
Industrial, manufacturing, and other organizations are in business to manufacture and/or distribute products. These organizations cannot manufacture and/or distribute products without the control systems performing reliably, safely, efficiently, and resiliently. Organizations have been making and distributing products before the advent of IP networks and can continue, though in a less efficient manner, without the IP networks. This was demonstrated by Ukraine when the Russians cyberattacked the electric grids in December 2015 and 2016 and the Ukrainians were able to operate the grid without their IP networks. On the other hand, control system cyber security is necessary to ensure the connected control system networks and devices can perform their functions securely so as to support safety and reliability. Too often, the IT mentality is to focus on data security rather than what is important when control systems are involved, i.e. safety, reliability and integrity. Real issues occur within cyber security policy-making organizations where operations and engineering support (collectively OT) is not an equal member to the CISO when the focus is Operations, its equipment, and business objectives (https://www.controlglobal.com/blogs/unfettered/an-open-letter-to-cyber-security-policy-makers-control-system-cyber-security-is-different-than-it-and-requires-an-understanding-of-issues-unique-to-control-systems).