What you need to know about cybersecurity
What do you need to know about cybersecurity related to controls, automation, and instrumentation, especially with more remote connections resulting from the COVID-19 pandemic? Capabilities inherent in existing cybersecurity design methodologies and technologies will be explored along with what should be covered in cybersecurity training. When was your last cybersecurity risk assessment? The webcast is designed to help attendees:
- Identify architectures for cybersecurity designs for controls, automation, and instrumentation.
- Learn what should be covered in cybersecurity training.
- Receive tips about cybersecurity best practices.
- Review elements of a cybersecurity risk assessment.
- Review related Control Engineering cybersecurity research results and advice.
- Brad Bonnette, technical director, Wood Automation and Control, Wood
- Anil Gosine, global projects, MG Strategy .
Mark Hoske, content manager, Control Engineering, CFE Media and Technology will serve as moderator and present cybersecurity research.
In discussions prior to the Dec. 3 webcast “Cybersecurity: What you need to know,” the presenters offered the following information.
Gosine noted that cyber threats to the industrial control system (ICS) potentially can create health and safety catastrophes through the interruption of critical operations. Those involved with ICS cybersecurity should:
- Make the security strategy your own
- Build a security program will result in reduced perimeter operating costs and costs of compliance with NERC-CIP, NRC, CFATS, NIST, ISA-SP99 and other standards, guidance, and regulations.
- Visibility of your operations, partners and vendors – know who is on your network, what they are running and how they are configured
- Adopt security intelligence/situational awareness – it is about integration, visibility and system feedback
- Have a governance structure that includes all stakeholders.
Mind your cybersecurity zones
Bonnette said what distinguishes or defines a cybersecurity zone is often misunderstood. Unique zones may be driven by either a higher or lower consequence of the subsystem being compromised, or an increased likelihood (threat exposure) due to physical or logical access, such as “exposed” or “untrusted” edges. Bonnette said third-party interfaces are often lumped into one large zone, but they require additional zoning following a risk assessment as not all third-party systems have the same consequence, vulnerability or threat exposure.
For more on these points, view the webcast; a question and answer session with the speakers will be archived with the webcast for one year from the Dec. 3 event.
Edited by Mark T. Hoske, content manager, Control Engineering, CFE Media, [email protected].
KEYWORDS: Industrial cybersecurity, cybersecurity risk assessment
Industrial cybersecurity webcast looks at what you need to know.
Considerations include industrial control system cybersecurity
Cybersecurity zones often are misunderstood.
Are you reducing cybersecurity risk to an acceptable level?