Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Uniting Controls and OT Security Engineers for Stronger ICS Security

Controls engineers often face significant pressure when collaborating with OT cybersecurity teams due to several factors:

1. Operational Continuity

  • Downtime Avoidance: Controls engineers are responsible for ensuring that industrial processes run smoothly with minimal downtime. Implementing cybersecurity measures can sometimes require system changes or interruptions, leading to potential conflicts between maintaining operational continuity and enhancing security.
  • Safety Concerns: Changes to control systems can impact the safety of operations. Engineers must ensure that security measures do not introduce risks that could endanger personnel or equipment.

2. Complexity of Systems

  • Legacy Systems: Many industrial environments use legacy systems that were not designed with cybersecurity in mind. Controls engineers must balance the need to protect these systems with the challenge of integrating modern security solutions.
  • Proprietary Technologies: Control systems often use proprietary technologies and protocols, making it difficult to implement standardized cybersecurity measures. Engineers need to work closely with cybersecurity teams to develop tailored solutions.

3. Resource Constraints

  • Limited Budget and Time: Controls engineers often operate within tight budget and time constraints. Allocating resources for cybersecurity initiatives can be challenging, especially if these initiatives are seen as secondary to core operational tasks.
  • Manpower: The additional workload of collaborating on cybersecurity can strain already limited engineering teams, leading to resistance or burnout.

4. Skill Gaps

  • Cybersecurity Knowledge: Controls engineers typically have extensive knowledge of industrial systems but may lack deep expertise in cybersecurity. This can create a steep learning curve and necessitate additional training and support from cybersecurity teams.
  • Continuous Learning: The fast-evolving nature of cybersecurity threats requires ongoing education and adaptation, adding to the workload of controls engineers.

5. Cultural Differences

  • Different Priorities: Controls engineers and cybersecurity professionals often have different priorities and perspectives. Engineers focus on maintaining and optimizing industrial processes, while cybersecurity teams prioritize protecting systems from threats. This can lead to misunderstandings and conflicts.
  • Communication Barriers: Effective collaboration requires clear and frequent communication. However, the technical jargon and focus areas of each team can create barriers to understanding and cooperation.

6. Regulatory and Compliance Pressure

  • Compliance Requirements: New regulations and industry standards increasingly mandate robust cybersecurity measures for industrial systems. Controls engineers must ensure that their systems comply with these requirements, adding another layer of complexity to their work.
  • Audit and Documentation: Meeting compliance often requires extensive documentation and readiness for audits, which can be time-consuming and add to the pressure on controls engineers.

Strategies to Alleviate Pressure

  • Collaborative Planning: Involve controls engineers in the early stages of cybersecurity planning to ensure that security measures align with operational needs and constraints.
  • Training and Support: Provide continuous training and support to help controls engineers build cybersecurity expertise. This can include workshops, certification programs, and access to cybersecurity resources.
  • Integrated Teams: Create cross-functional teams that include both controls engineers and cybersecurity professionals. This fosters better communication, mutual understanding, and shared responsibility.
  • Risk-Based Approach: Prioritize cybersecurity measures based on risk assessments. Focus on high-impact areas first to balance security improvements with operational demands.
  • Executive Sponsorship: Ensure that senior management supports and understands the importance of collaboration between controls engineers and cybersecurity teams. This can help secure necessary resources and foster a culture of cooperation.

By addressing these pressures and implementing supportive strategies, organizations can facilitate more effective collaboration between controls engineers and OT cybersecurity teams, ultimately enhancing both security and operational efficiency.

Ashraf Sainudeen
Ashraf Sainudeen
Ashraf Sainudeen is a system specialist at DP World. An ISA/IEC 62443 certified professional with experience in industrial automation and control systems (IACS), he is dedicated to delivering exceptional service to clients with a strong passion for learning and exploring state-of-the-art technology in Industry 4.0, ICS/IT networks and OT cybersecurity trends.

Related Posts

What Does the Future of Zero Trust in OT Look Like?

Zero trust principles have established themselves in the mindshare of cybersecurity practitioners worldwi...
Jacob Chapman Dec 20, 2024 7:00:00 AM

North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and ISA/IEC 62443 Comparative Analysis

The Utilities Technology Council and Cumulys recently prepared a report in partnership with the ISA Globa...
Kara Phelps Dec 13, 2024 7:00:00 AM

Securing PLCs Through the Backplane: Balancing Performance and Simplicity

With the increasing convergence of operational technology (OT) and information technology (IT), the need ...
Ashraf Sainudeen Dec 6, 2024 7:00:00 AM