Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Cybersecurity Investment Tax Credits

Cyberattacks continue to grow worldwide, which has increased awareness and concern about utilities, industries, and personal risk. There is a universal understanding that this is a national security threat. In the U.S., I suggest the government consider creating cybersecurity investment tax credits for industry to stimulate more protection.

There have been many incidents that prove cyberattacks can bring down businesses and infrastructure. Most recently, the Colonial Pipeline ransomware attack shut down the largest gasoline pipeline in the U.S., which carries 2.5 million barrels per day of gasoline and other refined fuels. 

This cyberattack had the biggest impact on physical operations of critical infrastructure in U.S. history. Some reports attribute the attack to a criminal group called “DarkSide,” known for ransomware attacks. A recent report by Cyberreason estimates that the group has targeted well over 40 victims, with ransom demands ranging from $200,000 to $2 million USD per incident.

On 28 May 2021, Reuters reported that U.S. energy companies are scrambling to buy more cybersecurity insurance after the attack on Colonial Pipeline disrupted the U.S. fuel supply, but they can expect to pay more as cyber insurers plan to hike rates following a slew of ransomware attacks. Fundamentally these companies are trying to hedge risk rather than mitigate root causes.

Ransomware Attack Lesson

The lesson from ransomware attacks is clear: national security is at high risk in any country. Cyberattacks, including those targeting automation and control systems, are increasing significantly. My view is the “big game” has not yet started. Winners of classic military battles generally get good reconnaissance and probe at their opponents’ defenses before launching major attacks. Carrying the war analogy further, there are typically campaigns with many battles. “Even as we speak, there are thousands of attacks on all aspects of the energy sector and the private sector generally. . . . it’s happening all the time,” U.S. Energy Secretary Jennifer Granholm told Jake Tapper on CNN’s “State of the Union” cable show, 7 June 2021.

Cybersecurity Tax Credit

A cybersecurity investment tax credit would work like tax credits for energy conservation that have been around for many years. Energy conservation tax credits had a major goal of achieving energy independence, which was viewed as a national security issue. More recent tax credits include those for installation of alternative energy generation, particularly solar and wind.

A bipartisan group of U.S. House of Representatives members recently introduced legislation to step up cybersecurity literacy and increase awareness among the American public amid the spike in cyberthreats against critical infrastructure. The American Cybersecurity Literacy Act would require the National Telecommunications and Information Administration (NTIA) to establish a cyber literacy campaign to help promote understanding of how to stay safe online and prevent successful cyberattacks.

Action is Needed

Cybersecurity tax credits incentivize companies to invest in personnel education and technologies to protect operations and strengthen national security by selecting an appropriate solution for their businesses. As with energy conservation, there are existing standards, product solutions, and guidelines, including ISA/IEC 62443, that need to be applied based on the specific use case. 

In the June 2021 issue of InTech, Eric Cosman provided guidance in his article, “Automation Systems Cybersecurity: From Standards to Practices.” It is interesting that companies can take a tax deduction for insurance premiums that only provide a level of financial protection.

I spent a number of years in the energy conservation area and realized the value of investment tax credits to achieve results and stimulate the development of superior solutions. The time is now for action on this topic.

This blog has been repurposed from InTech.

Bill Lydon
Bill Lydon
Lydon has been active in manufacturing automation for more than 25 years. He started his career as a designer of computer-based machine tool controls; in other positions, he applied programmable logic controllers and process control technology. In addition to experience at various large companies, he cofounded and was president of a venture-capital-funded industrial automation software company. Lydon believes the success factors in manufacturing are changing, making it imperative to apply automation as a strategic tool to compete.

Related Posts

What Does the Future of Zero Trust in OT Look Like?

Zero trust principles have established themselves in the mindshare of cybersecurity practitioners worldwi...
Jacob Chapman Dec 20, 2024 7:00:00 AM

North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and ISA/IEC 62443 Comparative Analysis

The Utilities Technology Council and Cumulys recently prepared a report in partnership with the ISA Globa...
Kara Phelps Dec 13, 2024 7:00:00 AM

Securing PLCs Through the Backplane: Balancing Performance and Simplicity

With the increasing convergence of operational technology (OT) and information technology (IT), the need ...
Ashraf Sainudeen Dec 6, 2024 7:00:00 AM