#ISAutowk Receive practical guidance on how to improve cybersecurity

Given the increasing concerns about cyberwarfare and the serious damage cyberattack can cause to industry and national infrastructure, the educational track at ISA Automation Week 2013 will provide practical guidance on how to improve cybersecurity of industrial automation and control systems (IACS).

Eric CosmanEric CosmanCosman, a consulting engineer at Dow Chemical Company, is regarded throughout the global automation community as an expert in industrial systems cybersecurity, and on assessing the implications of cybersecurity on manufacturing operations. He is a founding member and the current co-chairman of the ISA99 committee on industrial automation and control systems security and the Vice President of Standards and Practices at ISA.
He served as a member of the Steering Team for the Chemical Sector Cyber Security program, which is associated with the American Chemistry Council, and represents the chemical sector coordinating council in the Industry Control Systems Joint working group with the US Department of Homeland Security. He was one of the authors of the Chemical Sector Cyber Security strategy for the US, originally published in 2002 and updated in 2006.
In his position at Dow Chemical, Cosman specializes in the application of IT to all areas of manufacturing and engineering. His responsibilities include defining policies and practices, system and technical architecture, and technology management and integration planning processes for manufacturing and engineering systems globally.
With more than 30 of experience, he has held process engineering, process systems software development, telecommunications, IT operations, architecture definition and consulting positions in both Canada and the US.
Cosman has represented Dow and the chemical sector on various standards committees, industry focus groups and advisory panels. He has written and spoken on a variety of topics, such as technology lifecycle management, and the use of standards as a basis for a manufacturing information systems architecture and operational excellence.

“The risk of a cyber event is very real, regardless of how much you may want to discount the possibility of a targeted attack,” asserts Eric C. Cosman, a nationally recognized expert on industrial systems cybersecurity and chair of the Industrial Network Security educational track. “Virtually any computer-based system is vulnerable to incidental attack by malicious software. And physical separation from the Internet doesn’t ensure protection. An attack can come through means as simple as a shared storage device.”

Virtually all experts agree that America’s industrial production settings and infrastructure environments are woefully under-prepared to address cyberwarfare. If industrial control systems and critical infrastructure—such as a power plant, water treatment facility, or transportation grid—are attacked, the result could be significant equipment impairment, production loss, regulatory violations, environmental damage, and public endangerment.

Industrial Network Security is one of six educational tracks offered at ISA Automation Week 2013, the premier annual event for automation and control professionals worldwide, to be held 5-7 November 2013 in Nashville, Tennessee, USA. Leading automation and control experts, authors, innovators and thought leaders across the globe will come together at the conference to demonstrate how to fully leverage the power and potential of automation solutions.

“Perhaps the biggest challenge,” Cosman points out, “facing professionals striving to secure their IACS is navigating through the diverse, often conflicting information in order to find the tried-and-true guidance and dependable advice that can be applied now.

Attendees of this educational track will be able to quickly get up to speed on the latest cybersecurity trends and approaches, and the most recent developments in standards and practices so that they can take some immediate steps to safeguard their systems.

Separate sessions within the Industrial Network Security track include:

Effective cybersecurity, Cosman says, requires applying the right mixture of technology, standards, people, business acumen and attention to safety.

“Comprehensive industrial network security must integrate all these factors. In fact, the development of the ANSI/ISA99, Industrial Automation and Control Systems Security standards (also known globally as IEC 62443) is specifically based on a solid footing in people, process, safety and technology. Safety considerations support the business imperative behind effective security simply because an insecure control system can result in unsafe processes.”

Too often, Cosman explains, these multi-faceted interrelationships among key organizational processes and objectives are not fully grasped when implementing a major automation-based initiative, such as cybersecurity.

“Safe processes directly impact business operations because they avoid the costs and impact of business interruption, eroded customer relationships and, of course, personal injury. The primary focus of industrial cybersecurity is protecting the integrity and availability of the underlying process, ensuring safe and reliable operation.

“In addition, cybersecurity involves employing technology and standards in a manner that drive consistent and effective practices. These practices are executed and monitored by people who have the skills, experience and context-specific perspective.”

Of course, technology plays a key role in cybersecurity, Cosman says, because industry and manufacturers need to continue to leverage technical improvements while also improving the processes used to develop and deliver new technologies.

“This is called ‘security by design’ and while major strides have been made in this area, there is considerable room for improvement.”

About Eoin Ó Riain

Sé Read-out iris uaithoibríoch, ionstraim agus stiúradh na hÉireann agus an "Signpost" a áit ar an idirlín! Read-out is Ireland's journal of automation, instrumentation and control and the Instrumentation Signpost is it's web presence.
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s