Here’s how to get everyone’s attention at a cybersecurity discussion: Say that some people think a cyber Pearl Harbor has already occurred, but that you think the realcyber Pearl Harboris still to come because the cybersecurity breaches that have occurred to date have not involved the loss of life and impacted the economy as much as a full-on cyber Pearl Harbor will.
这就是退休的USAF准将鲁道夫·佩克斯斯(Rudolf Peksens)在2013年开始首次网络安全小组讨论ISAAutomation Week. He then went on to say that if you are involved in automation, you are already involved in cyber conflict. “The bits and bytes in our systems have been weaponized,” he said, “and your systems are being penetrated at will.”
As someone responsible for automation use and application, if those two observations don't get your attention, I’m not sure what will.
小组讨论的目的Peksens chaired at the event focused on how the government and private industry have been working and continue to work together to address critical infrastructure cybersecurity issues. If you're thinking you’re probably not a part of the country’s critical infrastructure, think again. Here’s the official list: chemical manufacturers, commercial facilities, communications, critical manufacturing, defense industrial base, emergency services, energy, financial services, food and agriculture, government facilities, healthcare and public health, information technology, nuclear reactors/materials/waste, transportation systems, and water/wastewater systems. Chances are, if you’re reading this, you are in or closely connected to one of these identified sectors.
该小组的其他成员包括:白宫国家安全委员会工作人员网络安全关键基础设施保护总监Samara Moore;埃里克·科斯曼(Eric Cosman),运营IT咨询工程师陶氏化学; Lee Lane, business director atRockwell Automation; and retired USAF Lt. General Bob Elder. Elder was on the panel due to his position as research professor atGeorge Mason University在综合命令和控制领域进行研究,降级环境中的运营弹性,战略威慑以及使用建模来支持国家安全决策。领导面板的佩克斯斯现在在iiGrowth帮助公司适应网络挑战。他之前在国防行业工作了15年,最近他是雷神公司以网络为中心系统的战略追求总监。
Less than a year following the release of the Obama Administration’sexecutive order 13636to improve critical infrastructure cybersecurity and总统政策指令21aimed at critical infrastructure security and resilience, a great deal of groundwork in getting government and private industry to collaborate around cybersecurity has been laid. Much of that groundwork, according to Moore, has been focused on improving “the timeliness and quality of the information we share internally with other government agencies and with industry.”
This focus on information sharing is aimed at helping all players understand where security gaps exist and how to address them, Moore says. It is also aimed at sharing tips on how to best monitor for unexpected activities and have a plan in place for what to do when/if something occurs.
Eric Cosman of Dow Chemical explained that, through his work as vice president of standards and practices at ISA, he is an advocate for “the needs and constraints of industrial automation” and is focused on providing practical direction for industrial control system security to foster a collaborative response to create a comprehensive approach to industrial cybersecurity.
Cosman说:“对IT(信息技术)和OT(运营技术)合作的需求最为明显。”科斯曼说,通过专注于这种群体的相互作用,他希望引起人们的注意,即人类行为对有效的网络安全至关重要。他补充说:“网络安全并不全部与技术有关。”
Elder added to Cosman’s human factor comments in his discussion of a cyber ecosystem, which involves developing a “dynamic defense process that detects behaviors and indicates problems. Situational awareness for operators is critical to the success of the cyber ecosystem.”
As an example of the need for greater situational awareness, Elder cited the mass damage done as result of Hurricane Katrina in 2005. It wasn’t the hurricane that caused all the damage, he said, it was that some floodgates weren’t operating properly and key people weren’t aware of it. As a result, the floodwaters overcame the levies and submerged low-lying areas of New Orleans.
为了帮助解决围绕工业网络安全问题的最终用户知识差距ISA 99证明员工的网络安全功能。他补充说自动化忠贞ration还有一个安全合规机构,该机构正在“开发材料来评估技术的合规性,最终是按照IEC 62443系列.
There is also a good deal of private company cybersecurity certification in process,” Cosman says. As a result of the numerous ongoing efforts, he expects there will be some shakeout in widely accepted certifications as they develop.
In the near term, Moore added that input is still being sought from industry for NIST’s Cybersecurity Framework, developed to support the Administration’s executive order 13636. View information about the草稿的最新版本并通过cyberframework@nist.gov.
