Industrial control system cybersecurity is different than IT security in that ICS cybersecurity is focused on reliability and safety, not just data protection. ICS cybersecurity is real, as there have been almost 1,000 actual ICS cyber incidents to date with more than 1,000 fatalities and more than $50 billion in direct damages. The focus of cybersecurity has been on the networks, not the Level 0,1 devices such as process sensors, actuators, and drives. Currently, there is no cybersecurity or authentication in these level 0,1 devices. There needs to be a better understanding of ICS cybersecurity, its impacts, and the technological and cultural gaps that still exist.
Identify the differences between IT and ICS cybersecurity;
Review existing gaps in ICS cybersecurity;
Discuss important steps in working collaboratively between engineering, IT, forensics, and risk organizations.
Joe Weiss, P.E., is an expert on control system cybersecurity. He authored Protecting Industrial Control Systems From Electronic Threats and gave a keynote to the National Academies of Sciences, Engineering, and Medicine. He is an The International Society of Automation fellow and managing director of ISA Control System Cyber Security (ISA99). He was featured in Richard Clarke and RP Eddy’s book Warnings: Finding Cassandras to Stop Catastrophes. He started the ICS Cyber Security Conference in 2002. He has two patents on instrumentation and control systems and is a registered professional engineer.