Building a Resilient World:

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

All Posts

Cybersecurity Investment Tax Credits

Cyberattacks continue to grow worldwide, which has increased awareness and concern about utilities, industries, and personal risk. There is a universal understanding that this is a national security threat. In the U.S., I suggest the government consider creating cybersecurity investment tax credits for industry to stimulate more protection.

There have been many incidents that prove cyberattacks can bring down businesses and infrastructure. Most recently, the Colonial Pipeline ransomware attack shut down the largest gasoline pipeline in the U.S., which carries 2.5 million barrels per day of gasoline and other refined fuels. 

This cyberattack had the biggest impact on physical operations of critical infrastructure in U.S. history. Some reports attribute the attack to a criminal group called “DarkSide,” known for ransomware attacks. A recent report by Cyberreason estimates that the group has targeted well over 40 victims, with ransom demands ranging from $200,000 to $2 million USD per incident.

On 28 May 2021, Reuters reported that U.S. energy companies are scrambling to buy more cybersecurity insurance after the attack on Colonial Pipeline disrupted the U.S. fuel supply, but they can expect to pay more as cyber insurers plan to hike rates following a slew of ransomware attacks. Fundamentally these companies are trying to hedge risk rather than mitigate root causes.

Ransomware Attack Lesson

The lesson from ransomware attacks is clear: national security is at high risk in any country. Cyberattacks, including those targeting automation and control systems, are increasing significantly. My view is the “big game” has not yet started. Winners of classic military battles generally get good reconnaissance and probe at their opponents’ defenses before launching major attacks. Carrying the war analogy further, there are typically campaigns with many battles. “Even as we speak, there are thousands of attacks on all aspects of the energy sector and the private sector generally. . . . it’s happening all the time,” U.S. Energy Secretary Jennifer Granholm told Jake Tapper on CNN’s “State of the Union” cable show, 7 June 2021.

Cybersecurity Tax Credit

A cybersecurity investment tax credit would work like tax credits for energy conservation that have been around for many years. Energy conservation tax credits had a major goal of achieving energy independence, which was viewed as a national security issue. More recent tax credits include those for installation of alternative energy generation, particularly solar and wind.

A bipartisan group of U.S. House of Representatives members recently introduced legislation to step up cybersecurity literacy and increase awareness among the American public amid the spike in cyberthreats against critical infrastructure. The American Cybersecurity Literacy Act would require the National Telecommunications and Information Administration (NTIA) to establish a cyber literacy campaign to help promote understanding of how to stay safe online and prevent successful cyberattacks.

Action is Needed

Cybersecurity tax credits incentivize companies to invest in personnel education and technologies to protect operations and strengthen national security by selecting an appropriate solution for their businesses. As with energy conservation, there are existing standards, product solutions, and guidelines, including ISA/IEC 62443, that need to be applied based on the specific use case. 

In the June 2021 issue of InTech, Eric Cosman provided guidance in his article, “Automation Systems Cybersecurity: From Standards to Practices.” It is interesting that companies can take a tax deduction for insurance premiums that only provide a level of financial protection.

I spent a number of years in the energy conservation area and realized the value of investment tax credits to achieve results and stimulate the development of superior solutions. The time is now for action on this topic.

This blog has been repurposed from InTech.

Bill Lydon
Bill Lydon
Lydon has been active in manufacturing automation for more than 25 years. He started his career as a designer of computer-based machine tool controls; in other positions, he applied programmable logic controllers and process control technology. In addition to experience at various large companies, he cofounded and was president of a venture-capital-funded industrial automation software company. Lydon believes the success factors in manufacturing are changing, making it imperative to apply automation as a strategic tool to compete.

Related Posts

ICS4ICS Launches First Ever Exercise at S4

The first exercise of Incident Command System for Industrial Control Systems (ICS4ICS) capabilities was c...
Brian Peterson Jun 21, 2022 5:30:00 AM

Electrical Panel Connectivity

Terminal blocks, connectors/cordsets, and interface modules connect electrical and control panels to the ...
Matt Hou Jun 14, 2022 5:30:00 AM