Given the increasing concerns about cyberwarfare and the serious damage cyberattack can cause to industry and national infrastructure, the educational track at ISA Automation Week 2013 will provide practical guidance on how to improve cybersecurity of industrial automation and control systems (IACS).
“The risk of a cyber event is very real, regardless of how much you may want to discount the possibility of a targeted attack,” asserts Eric C. Cosman, a nationally recognized expert on industrial systems cybersecurity and chair of the Industrial Network Security educational track. “Virtually any computer-based system is vulnerable to incidental attack by malicious software. And physical separation from the Internet doesn’t ensure protection. An attack can come through means as simple as a shared storage device.”
Virtually all experts agree that America’s industrial production settings and infrastructure environments are woefully under-prepared to address cyberwarfare. If industrial control systems and critical infrastructure—such as a power plant, water treatment facility, or transportation grid—are attacked, the result could be significant equipment impairment, production loss, regulatory violations, environmental damage, and public endangerment.
Industrial Network Security is one of six educational tracks offered at ISA Automation Week 2013, the premier annual event for automation and control professionals worldwide, to be held 5-7 November 2013 in Nashville, Tennessee, USA. Leading automation and control experts, authors, innovators and thought leaders across the globe will come together at the conference to demonstrate how to fully leverage the power and potential of automation solutions.
“Perhaps the biggest challenge,” Cosman points out, “facing professionals striving to secure their IACS is navigating through the diverse, often conflicting information in order to find the tried-and-true guidance and dependable advice that can be applied now.“
Attendees of this educational track will be able to quickly get up to speed on the latest cybersecurity trends and approaches, and the most recent developments in standards and practices so that they can take some immediate steps to safeguard their systems.
Separate sessions within the Industrial Network Security track include:
- Means and Approaches for Protection of Industrial Control Systems I
- Cyber-Security Panel Session
- ICS Critical Skills
- Business Processes Are an Essential Element of Systems Security
- Means and Approaches for Protection of Industrial Control Systems II
- Standards & Practices for Industrial Control Systems Security
- User Experience with Security Programs I
- Collaborating on the Nature of the Cybersecurity Opportunity
- User Experience with Security Programs II
Effective cybersecurity, Cosman says, requires applying the right mixture of technology, standards, people, business acumen and attention to safety.
“Comprehensive industrial network security must integrate all these factors. In fact, the development of the ANSI/ISA99, Industrial Automation and Control Systems Security standards (also known globally as IEC 62443) is specifically based on a solid footing in people, process, safety and technology. Safety considerations support the business imperative behind effective security simply because an insecure control system can result in unsafe processes.”
Too often, Cosman explains, these multi-faceted interrelationships among key organizational processes and objectives are not fully grasped when implementing a major automation-based initiative, such as cybersecurity.
“Safe processes directly impact business operations because they avoid the costs and impact of business interruption, eroded customer relationships and, of course, personal injury. The primary focus of industrial cybersecurity is protecting the integrity and availability of the underlying process, ensuring safe and reliable operation.
“In addition, cybersecurity involves employing technology and standards in a manner that drive consistent and effective practices. These practices are executed and monitored by people who have the skills, experience and context-specific perspective.”
Of course, technology plays a key role in cybersecurity, Cosman says, because industry and manufacturers need to continue to leverage technical improvements while also improving the processes used to develop and deliver new technologies.
“This is called ‘security by design’ and while major strides have been made in this area, there is considerable room for improvement.”