Cybersecurity

What you need to know about cybersecurity

A webcast on cybersecurity offers information about cybersecurity architectures, training, best practices, risk assessment and trends based on research.

By Mark T. Hoske November 20, 2020
Cybersecurity risk assessment can benefit from a risk-based prioritized approach, according to Anil Gosine, global projects, MG Strategy+. Courtesy: MGStrategy+ and Control Engineering

What do you need to know about cybersecurity related to controls, automation, and instrumentation, especially with more remote connections resulting from the COVID-19 pandemic? Capabilities inherent in existing cybersecurity design methodologies and technologies will be explored along with what should be covered in cybersecurity training. When was your last cybersecurity risk assessment? The webcast is designed to help attendees:

  • Identify architectures for cybersecurity designs for controls, automation, and instrumentation.
  • Learn what should be covered in cybersecurity training.
  • Receive tips about cybersecurity best practices.
  • Review elements of a cybersecurity risk assessment.
  • Review related Control Engineering cybersecurity research results and advice.

Presenters are:

Mark Hoske, content manager, Control Engineering, CFE Media and Technology will serve as moderator and present cybersecurity research.

ICS cybersecurity

In discussions prior to the Dec. 3 webcast “Cybersecurity: What you need to know,” the presenters offered the following information.

Gosine noted that cyber threats to the industrial control system (ICS) potentially can create health and safety catastrophes through the interruption of critical operations. Those involved with ICS cybersecurity should:

  • Make the security strategy your own
  • Build a security program will result in reduced perimeter operating costs and costs of compliance with NERC-CIP, NRC, CFATS, NIST, ISA-SP99 and other standards, guidance, and regulations.
  • Visibility of your operations, partners and vendors – know who is on your network, what they are running and how they are configured
  • Adopt security intelligence/situational awareness – it is about integration, visibility and system feedback
  • Have a governance structure that includes all stakeholders.

Mind your cybersecurity zones

Bonnette said what distinguishes or defines a cybersecurity zone is often misunderstood. Unique zones may be driven by either a higher or lower consequence of the subsystem being compromised, or an increased likelihood (threat exposure) due to physical or logical access, such as “exposed” or “untrusted” edges. Bonnette said third-party interfaces are often lumped into one large zone, but they require additional zoning following a risk assessment as not all third-party systems have the same consequence, vulnerability or threat exposure.

For more on these points, view the webcast; a question and answer session with the speakers will be archived with the webcast for one year from the Dec. 3 event.

Edited by Mark T. Hoske, content manager, Control Engineering, CFE Media, mhoske@cfemedia.com.

KEYWORDS: Industrial cybersecurity, cybersecurity risk assessment

Industrial cybersecurity webcast looks at what you need to know.

Considerations include industrial control system cybersecurity

Cybersecurity zones often are misunderstood.

CONSIDER THIS

Are you reducing cybersecurity risk to an acceptable level?


Mark T. Hoske
Author Bio: Mark Hoske has been Control Engineering editor/content manager since 1994 and in a leadership role since 1999, covering all major areas: control systems, networking and information systems, control equipment and energy, and system integration, everything that comprises or facilitates the control loop. He has been writing about technology since 1987, writing professionally since 1982, and has a Bachelor of Science in Journalism degree from UW-Madison.