Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Securing Cyber-Physical Systems: ISA in Conversation with Newsweek

In March 2020, Newsweek Vantage published an independent report on securing cyber-physical systems. The International Society of Automation (ISA) served as its expert partner, helping Newsweek staff with concept development, research, and survey creation and analysis.

Eric Cosman, a consulting engineer and the 2020 ISA president, as well as Steve Mustard, an independent consultant and the incoming 2021 ISA president, also shared their industry knowledge as subject-matter experts. Eric and Steve recently joined a phone call with Nigel Holloway, the director of research and editorial at Newsweek Vantage, to discuss key findings—as well as new developments since the report's publication.

A recent post on ISA Interchange, ISA's official blog, features about 30 minutes of audio from the in-depth conversation. You can also read the full transcript, which addresses issues such as IT/OT convergence, the impact of COVID-19 on cybersecurity for critical infrastructure, and why cybersecurity culture at an organization should be treated like safety culture.

Read on for a sampling of quotes from Eric and Steve that illustrate some of the points they make in their conversation with Newsweek Vantage:

Eric Cosman

"The pandemic has shown [organizations] that unanticipated events are something that they have to be prepared for, and I think we're seeing an increased interest in business continuity planning at the at the operations level."

"We need to find ways to make security robust, yet almost invisible."

"I think sometimes the use of 'IT/OT' [as a phrase] just clouds the issue, because it allows people to assume that if you're an IT person, you don't understand high availability. That's a false assumption."

Steve Mustard

"Something like COVID-19 provides the perfect opportunity, for instance, for a hacker to pretend to be a customer to ask an IT company for the credentials it needs in order to get access to the system because they can't get to the office and such like. It creates opportunities for plausible scenarios where hackers can get sensitive information."

"People are the weakest link, but they're also the best line of defense for an organization."

"We're still not at the point where organizations see cybersecurity being a cause of significant failure, whether it be a health and safety or environmental incident or production loss. They still believe it's a relatively minor thing that usually will happen to someone else and not them."

 

To dig in to more insights, listen to the conversation, and read the transcript in full, visit the blog post on ISA Interchange.

Kara Phelps
Kara Phelps
Kara Phelps was the content manager for ISA from 2019-2021.

Related Posts

Securing Industrial Networks Can–And Should–Be Simple

A version of this blog originally appeared on Cisco
Andrew McPhee Jan 24, 2023 5:30:00 AM

Double Extortion Ransomware: What It Is and How to Respond

New attack methods in the cybersecurity landscape continue to emerge in the digitally driven world. One t...
Zac Amos Jan 17, 2023 5:30:00 AM

Defending Remote-Friendly Environments from Cyberattacks

This blog has been repurposed from the December 2022 issue of InTech
Damon Purvis Jan 10, 2023 5:30:00 AM