By the numbers…

89 percent of control networks are connected to the enterprise which in turn is interconnected to the Internet, according to Paul Dorey in “Security Management in Process Control: The 3 Waves of Adoption,” Process Control Systems Forum Spring 2006 Conference. $100 + billion is the size of the global market for cyber-crime, as estimated by DHS Cyber Security and Communications Assist...


89 percent of control networks are connected to the enterprise which in turn is interconnected to the Internet, according to Paul Dorey in “Security Management in Process Control: The 3 Waves of Adoption,” Process Control Systems Forum Spring 2006 Conference; ;,%20Paul%20Keynote%20final.pdf

$100+ billion is the size of the global market for cyber-crime, as estimated and cited by Cyber security and Communications Assistant Secretary Greg Garcia at the National Cyber Security Awareness Month Kick-Off Summit in October 2007;

2,000 to 3,000 is the estimated number of industrial cyber security incidents that are probably occurring per year to Fortune 500 companies alone, according to an estimate cited in “Security Incidents and Trends in the SCADA and Process Industries: A statistical review of the Industrial Security Incident Database (ISID),” prepared by:Eric Byres, David Leversage, Nate Kube for Symantec;

63 percent of respondents in Deloitte and Touche’s latest (2007) Global Security Survey say they have established a security strategy. Download the complete report at
20 years—or more—that many automation systems have been in place, using older technology and having been designed before systems were exposed to outside threats, according to ARC Advisory Group in a report for Siemens Energy & Automation on IT Security for Process Control; ; .

99 designation given to the Instrumentation, Systems, and Automation (ISA) Society’s standard on manufacturing and control systems security. ISA SP-99, a work in progress, says its mission, in part, is to define procedures for implementing electronically secure manufacturing and control systems and security practices and assessing electronic security performance;

100 security incidents a year or more are experienced by industry according to the British Columbia Institute of Technology (BCIT) industrial cyber security incident database. This and other statistics are noted in the BCIT report on “The Myths and Facts behind Cyber Security Risks for Industrial Control Systems;”

10 control system security threats identified by the North American Electric Reliability Corp. in its report: “10 Top Vulnerabilities of Control Systems and Their Associated Mitigations.” Download the latest (2007) version at ;

21 steps to improving cyber security of SCADA networks, according to a U.S. Department of Energy report. Download the PDF at

8 reliability standards on cyber security adopted by NERC, the North American Electric Reliability Corp.;

Additional resources

Here are U.S. government and private agencies that offer excellent resources for learning more about industrial cyber security and infrastructure protection:

British Columbia Institute of Technology (Burnaby, BC, Canada) Technology Center includes an Industrial Cyber Security section. See the Publications link for a variety of resources. ( )

Business publications and trade journals such as Control Engineering ( ) provide articles and resources on the security of control systems, SCADA systems, and more. Search security and SCADA on their home pages.

US-CERT (United States Computer Emergency Readiness Team; ), a partnership between the Department of Homeland Security and the public and private sectors formed in 2003 to protect the nation’s Internet infrastructure. This agency has an excellent self assessment tool that can help begin a security dialog in a company. This website contains a wealth of information including a library of references, standards, recommended practices, and

Also see CERT (Computer Emergency Readiness Team; ), located at Carnegie Mellon University’s Software Engineering Institute. It studies Internet security vulnerabilities, researches long-term changes in networked systems, and develops information and training to help improve security. CERT is the home of the CERT Coordination Center ( ) which addresses risks and the software and system level.

Department of Homeland Security ( ) includes a variety of programs including the Homeland Security Institute and the National Critical Infrastructure Protection and Development Plan.

Federal Energy Regulatory Commission ( ) regulates and oversees energy industries of the American public, including cyber security in the bulk power system.

Idaho National Labs ( ). The mission of the INL is to ensure U.S. energy security with safe, competitive, and sustainable energy systems and unique national and homeland security capabilities.

National Institute of Standards and Technology ( ) includes materials on infrastructure protection and cyber security within its Technologies for Public Safety and Security Information for Industry section.

North American Electric Reliability Corp. ( ) is dedicated to improving the reliability and security of the bulk power system in North America.

PCSF (Process Control Systems Forum; ) is a collaboration of representatives from government and academia; industry users, owner/operators, systems integrators; and members of the vendor community who work to advance the design, development, and deployment of more secure control and legacy systems.

Sandia National Laboratories ( ) develops science-based technologies that support U.S. national security. Areas of focus include homeland security and energy and infrastructure assurance.

SANS Institute ( ) is a source for information security training, certification, and research. Topics covered include firewall protection, hacking, and intrusion detection.

System and software vendors offer a selection of generic and product-related information on their Websites. For example Siemens Energy & Automation at provides guidelines and recommendations for creating a secure architecture using SIMATIC PCS 7.

U.S. Department of Energy ( ) offers information on matters of national security, including cyber security and facility security.

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Choosing controllers: PLCs, PACs, IPCs, DCS? What's best for your application?; Wireless trends; Design, integration; Manufacturing Day; Product Exclusive
Variable speed drives: Smooth, efficient, electrically quite motion control; Process control upgrades; Mobile intelligence; Product finalists: Vote now; Product Exclusives
Machine design tips: Pneumatic or electric; Software upgrades; Ethernet advantages; Additive manufacturing; Engineering Leaders; Product exclusives: PLC, HMI, IO
This article collection contains the 5 most referenced articles on improving the use of PID.
Learn how Industry 4.0 adds supply chain efficiency, optimizes pricing, improves quality, and more.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Cyber security cost-efficient for industrial control systems; Extracting full value from operational data; Managing cyber security risks
Drilling for Big Data: Managing the flow of information; Big data drilldown series: Challenge and opportunity; OT to IT: Creating a circle of improvement; Industry loses best workers, again
Pipeline vulnerabilities? Securing hydrocarbon transit; Predictive analytics hit the mainstream; Dirty pipelines decrease flow, production—pig your line; Ensuring pipeline physical and cyber security