ISA Provides Guidance to Newsweek Vantage Report on Cyber Risks to Critical Infrastructure

April 6, 2020

The International Society of Automation (ISA) recently served as the expert partner for an independent report from Newsweek Vantage on cyber risks to critical infrastructure.

The report, titled “Weathering the Perfect Storm: Securing the Cyber-Physical Systems of Critical Infrastructure,” surveyed 415 executives at critical infrastructure organizations to learn whether they are taking a holistic approach to security for operations technology (OT) and information technology (IT). Among other takeaways, the survey found that a holistic approach is a priority for most—and that more than a third of respondents said a cyber breach was the motivating factor.

ISA is the industry expert on standards for automation cybersecurity for OT systems. The ISA/IEC 62443 Series of Standards is the world’s only consensus-based series of standards on automation cybersecurity.

“We’re proud to provide guidance as an expert partner with Newsweek Vantage on this independent report,” said Mary Ramsey, ISA executive director. “The security of critical infrastructure is complex by nature, and we believe research like this is an important part of understanding where the industry can improve as a whole.”

Other key findings from the report include:

  •  –   IT and OT still don’t play well together at many organizations, despite years of effort. Nearly a third of respondents said the primary obstacle is cultural—in other words, that employees are resistant to change.
  •  –   Nearly every executive surveyed said their organization had experienced a security breach within the last year. Almost two-thirds said IT systems were the source of vulnerability leading to at least one of their incidents. A third also attributed their vulnerability to a lack of IT/OT integration, and a quarter added that a lack of secure physical access controls contributed to system vulnerabilities as well.
  •  –   Most organizations are at least partway along the path to IT/OT convergence. 68 percent of respondents said their organizations have integrated some of their OT, IT, and physical systems, and are still working on others. Far fewer—20 percent—have already integrated everything, and fewer still—only 11 percent—have not integrated anything.

Eric Cosman, a consulting engineer and the 2020 ISA president, as well as Steve Mustard, an independent consultant and the incoming 2021 ISA president, also contributed to the report as subject-matter experts.

“It was a privilege to represent ISA and the automation community in providing input to the Newsweek Vantage report,” Cosman said. “Vehicles such as this provide us with an opportunity to reach a much broader audience and raise the awareness of the risks faced by our critical infrastructure. Asset owners must take the time to fully understand the consequence component of this risk and plan their response accordingly using standards, practices, and other resources available to them.”

“The Newsweek Vantage report is the end product of an important piece of research, of which I am very proud to have been a part,” Mustard says. “ISA has long understood the risks to critical infrastructure from cybersecurity incidents, and having the opportunity to be part of this work has allowed us to share our message much further. Although the report shows we still have a long way to go before industry fully embraces the challenge, it provides clear evidence of the need to do so.”

Improving automation cybersecurity across all industries is a central part of ISA’s mission. It created the ISA Global Cybersecurity Alliance (isa.org/ISAGCA) to advance cybersecurity readiness and awareness in manufacturing and critical infrastructure facilities and processes. It also offers a suite of automation cybersecurity training, including certificate programs.

The full Newsweek Vantage report is available for download here.

Source

Related Articles



Editor’s Pick: Featured Article

Weidmüller’s u-control 2000: The Automation Controller

Weidmüller’s u-control 2000: The Automation Controller

Weidmüller’s scalable engineering software, u-control 2000, adapts individually to your requirements. And, the u-control is powerful, compact and fully compatible with Weidmüller’s I/O system u-remote. This article looks at what makes u-control the heart of your automation.

Programmable logic controllers (PLCs) are one of the main components of any automated system. A typical control system has inputs, outputs, controllers (i.e., PLCs), and some type of human interaction with the system, a human machine interface (HMI), for example.

Read More



Latest Articles

  • Understanding Industrial Relay Contact Configurations: NO, NC, SPDT, and DPDT

    November 19, 2024 Relays serve as the backbone of industrial control systems, enabling the control of high-power circuits using low-power signals. Understanding different relay contact configurations is crucial for designing effective control systems. Let’s explore the various types of relay contacts and their applications in industrial automation. Basic Contact Types and Their Applications The foundation of… Read More…

  • Training Courses on Plant and Machinery Safety from Pilz

    November 19, 2024 Plant safety is vitally important for the safe operation of technical plants. As a machine manufacturer or operator you are legally obliged to ensure the safety of plant, machinery and devices. Training courses teaches you to identify risks and avoid accidents. Further training for safety officers and employees is the key to success here. With this knowledge… Read More…