Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

All Posts

Securing Cyber-Physical Systems: ISA in Conversation with Newsweek

In March 2020, Newsweek Vantage published an independent report on securing cyber-physical systems. The International Society of Automation (ISA) served as its expert partner, helping Newsweek staff with concept development, research, and survey creation and analysis.

Eric Cosman, a consulting engineer and the 2020 ISA president, as well as Steve Mustard, an independent consultant and the incoming 2021 ISA president, also shared their industry knowledge as subject-matter experts. Eric and Steve recently joined a phone call with Nigel Holloway, the director of research and editorial at Newsweek Vantage, to discuss key findings—as well as new developments since the report's publication.

A recent post on ISA Interchange, ISA's official blog, features about 30 minutes of audio from the in-depth conversation. You can also read the full transcript, which addresses issues such as IT/OT convergence, the impact of COVID-19 on cybersecurity for critical infrastructure, and why cybersecurity culture at an organization should be treated like safety culture.

Read on for a sampling of quotes from Eric and Steve that illustrate some of the points they make in their conversation with Newsweek Vantage:

Eric Cosman

"The pandemic has shown [organizations] that unanticipated events are something that they have to be prepared for, and I think we're seeing an increased interest in business continuity planning at the at the operations level."

"We need to find ways to make security robust, yet almost invisible."

"I think sometimes the use of 'IT/OT' [as a phrase] just clouds the issue, because it allows people to assume that if you're an IT person, you don't understand high availability. That's a false assumption."

Steve Mustard

"Something like COVID-19 provides the perfect opportunity, for instance, for a hacker to pretend to be a customer to ask an IT company for the credentials it needs in order to get access to the system because they can't get to the office and such like. It creates opportunities for plausible scenarios where hackers can get sensitive information."

"People are the weakest link, but they're also the best line of defense for an organization."

"We're still not at the point where organizations see cybersecurity being a cause of significant failure, whether it be a health and safety or environmental incident or production loss. They still believe it's a relatively minor thing that usually will happen to someone else and not them."

 

To dig in to more insights, listen to the conversation, and read the transcript in full, visit the blog post on ISA Interchange.

Kara Phelps
Kara Phelps
Kara Phelps was the content manager for ISA from 2019-2021.

Related Posts

Cybersecurity Investment Tax Credits

Cyberattacks continue to grow worldwide, which has increased awareness and concern about utilities, indus...
Bill Lydon Nov 30, 2021 5:30:00 AM

IEC Designates ISA/IEC 62443 as a Horizontal Standard

The International Society of Automation (ISA) and the ISA Global Cybersecurity Alliance (ISAGCA) are prou...
Steven Aliano Nov 23, 2021 5:30:00 AM

Architecture vs. Design

Many Operational Technology (OT) projects start with identifying the requirements and then diving straigh...
Achal Lekhi Nov 16, 2021 5:30:00 AM