Journal of Critical Infrastructure Policy • Volume 1 , Number 2 • Fall / Winter 2020
Control System Cyber Security
Joseph Weiss , PE , CISM , CRISC 1
1
Abstract
Cyber security for Information Technology ( IT )/ Operational Technology ( OT ) is about the protection of Internet protocol ( IP ) networks from cyber attacks . Control system cyber security is about protecting physical processes from unintentional incidents and malicious attacks . Technologically , control system cyber security is different than IT cyber security because of the control system devices and their low-level communication protocols . Yet IT and OT cyber security policy has been developed by the network security organization with minimal participation from the engineering organizations that “ own ” the hardware and control systems .
Control system cyber security is real — there have been more than 1,250 actual incidents identified to date . 1 But there currently is widespread lack of appropriate control system cyber forensics and cyber security training . With the availability of IT cyber security hardware , testing , and training , IT systems continue to be compromised , and control system cyber security is arguably 5-10 years behind IT .
In addition to the need to upgrade control system cyber security at the levels of individual organizations and critical infrastructures , this is a matter of national security import . It was widely reported that a large Chinese-built electric transformer may have contained hardware backdoors , allowing access to transformer equipment control parameters . ( Wall Street Journal , 2020 ). Attack vectors in the control system area resulted in Presidential Executive Order ( EO ) 13920 in May 2020 . 2
1 This observation is derived from a database on control system incidents or cases compiled since 2000 by Joseph Weiss . See “ J . Weiss , Control Unfettered , “ Databases for actual control system cyber incidents exist — and they are important for many reasons ,” November 18 , 2019 .
111 doi : 10.18278 / jcip . 1.2.7