Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

Read More

Uniting Controls and OT Security Engineers for Stronger ICS Security

Read More

Categories Arrow

All Posts

Uniting Controls and OT Security Engineers for Stronger ICS Security

Controls engineers often face significant pressure when collaborating with OT cybersecurity teams due to several factors:

1. Operational Continuity

  • Downtime Avoidance: Controls engineers are responsible for ensuring that industrial processes run smoothly with minimal downtime. Implementing cybersecurity measures can sometimes require system changes or interruptions, leading to potential conflicts between maintaining operational continuity and enhancing security.
  • Safety Concerns: Changes to control systems can impact the safety of operations. Engineers must ensure that security measures do not introduce risks that could endanger personnel or equipment.

2. Complexity of Systems

  • Legacy Systems: Many industrial environments use legacy systems that were not designed with cybersecurity in mind. Controls engineers must balance the need to protect these systems with the challenge of integrating modern security solutions.
  • Proprietary Technologies: Control systems often use proprietary technologies and protocols, making it difficult to implement standardized cybersecurity measures. Engineers need to work closely with cybersecurity teams to develop tailored solutions.

3. Resource Constraints

  • Limited Budget and Time: Controls engineers often operate within tight budget and time constraints. Allocating resources for cybersecurity initiatives can be challenging, especially if these initiatives are seen as secondary to core operational tasks.
  • Manpower: The additional workload of collaborating on cybersecurity can strain already limited engineering teams, leading to resistance or burnout.

4. Skill Gaps

  • Cybersecurity Knowledge: Controls engineers typically have extensive knowledge of industrial systems but may lack deep expertise in cybersecurity. This can create a steep learning curve and necessitate additional training and support from cybersecurity teams.
  • Continuous Learning: The fast-evolving nature of cybersecurity threats requires ongoing education and adaptation, adding to the workload of controls engineers.

5. Cultural Differences

  • Different Priorities: Controls engineers and cybersecurity professionals often have different priorities and perspectives. Engineers focus on maintaining and optimizing industrial processes, while cybersecurity teams prioritize protecting systems from threats. This can lead to misunderstandings and conflicts.
  • Communication Barriers: Effective collaboration requires clear and frequent communication. However, the technical jargon and focus areas of each team can create barriers to understanding and cooperation.

6. Regulatory and Compliance Pressure

  • Compliance Requirements: New regulations and industry standards increasingly mandate robust cybersecurity measures for industrial systems. Controls engineers must ensure that their systems comply with these requirements, adding another layer of complexity to their work.
  • Audit and Documentation: Meeting compliance often requires extensive documentation and readiness for audits, which can be time-consuming and add to the pressure on controls engineers.

Strategies to Alleviate Pressure

  • Collaborative Planning: Involve controls engineers in the early stages of cybersecurity planning to ensure that security measures align with operational needs and constraints.
  • Training and Support: Provide continuous training and support to help controls engineers build cybersecurity expertise. This can include workshops, certification programs, and access to cybersecurity resources.
  • Integrated Teams: Create cross-functional teams that include both controls engineers and cybersecurity professionals. This fosters better communication, mutual understanding, and shared responsibility.
  • Risk-Based Approach: Prioritize cybersecurity measures based on risk assessments. Focus on high-impact areas first to balance security improvements with operational demands.
  • Executive Sponsorship: Ensure that senior management supports and understands the importance of collaboration between controls engineers and cybersecurity teams. This can help secure necessary resources and foster a culture of cooperation.

By addressing these pressures and implementing supportive strategies, organizations can facilitate more effective collaboration between controls engineers and OT cybersecurity teams, ultimately enhancing both security and operational efficiency.
Ashraf Sainudeen
Ashraf Sainudeen
Ashraf Sainudeen is a system specialist at DP World. An ISA/IEC 62443 certified professional with experience in industrial automation and control systems (IACS), he is dedicated to delivering exceptional service to clients with a strong passion for learning and exploring state-of-the-art technology in Industry 4.0, ICS/IT networks and OT cybersecurity trends.

    Recent Posts

    Related Posts

    Enhancing Cybersecurity Visibility in Industrial Control Systems (ICS)

    Many security engineers and cybersecurity professionals struggle to defend industrial control systems (IC...
    Devin Partida Sep 6, 2024 7:00:00 AM

    How Digital Twins Improve Industrial Supply Chain Cybersecurity

    As the industrial supply chain faces larger and more frequent cyber threats, it’s up to you to defend aga...
    Zac Amos Aug 30, 2024 7:00:00 AM

    New ISAGCA Report Explores Zero Trust Outcomes in OT Cybersecurity

    The ISA Global Cybersecurity Alliance (ISAGCA) has announced the release of a white paper discussing outc...
    Kara Phelps Aug 23, 2024 7:00:00 AM

    The International Society of Automation (ISA) is a non-profit professional association founded in 1945 to create a better world through automation. ISA advances technical competence by connecting the automation community to achieve operational excellence and is the trusted provider of standards-based foundational technical resources, driving the advancement of individual careers and the overall profession. ISA develops widely used global standards; certifies professionals; provides education and training; publishes books and technical articles; hosts conferences and exhibits; and provides networking and career development programs for its members and customers around the world.


    The material and information contained on this website is for general information purposes only. ISA blog posts may be authored by ISA staff and guest authors from the automation community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

    We're on social media. Keep in touch!

    © 2024 International Society of Automation. All rights reserved.