The DeltaV New
RSS feed today points to a U.S. Department of Homeland Security press release, Government, private industry work together to increase cybersecurity. It mentions how the Department of Homeland Security is facilitating a group called the Control Systems Cyber Security Vendors Forum to provide an open discussion on those issues affecting control system security.
Although a U.S. initiative, process manufacturers around the globe have an interest in the cyber-security of their automation and control systems.
I caught up with Bob Huba, whom you might recall from earlier discussions on the issue of cyber-security. Bob explained to me that the goal of this initiative is to share ideas around a common goal of protecting automation systems from unauthorized cyber or physical access. Much like the IEC and ISA standards committees, the Vendor Forum offers a neutral place for suppliers to get together to talk about cyber-security best practices and develop guidelines.
Today there are labs like Idaho National Labs who started the Control System Security Program, Sandia National Laboratories and WurldTech Security. These organizations will test systems for many known exploits and provide reports to the suppliers for these to be fixed. Although these tests are necessary and valuable, there are no existing agreed on standards to test against. Providing inputs to the groups who are defining the security standards is one of the hoped for results of the Control Systems Cyber Security Vendors Forum.
One goal of the vendor group is the partnership of federal regulators working with the automation system suppliers who best understand the issues with their respective systems. It will help lead to workable guidelines and best practices that can be shared with global process manufacturers.
The feeling among the suppliers seems to be that basic cyber-security is not an area for system differentiation–it’s an absolute requirement like PID control or connectivity with business systems. As part of maintaining the security of our process infrastructure we all need to rely on the products process manufacturers make and want to make sure their systems are as secure as they can be made.
