Chapter 8 DIVISION OF CYBER SAFETY AND SECURITY RESPONSIBILITIES BETWEEN CONTROL SYSTEM OWNERS AND SUPPLIERS

摘要

The chapter discusses the important issue of responsibility for information and communications technology (ICT) – or cyber – safety and security for industrial control systems and the challenges involved in dividing the responsibility between industrial control system owners and suppliers in the Norwegian electric power supply industry. Industrial control system owners are increasingly adopting information and communications technologies to enhance business system connectivity and remote access. This integration offers new capabilities, but it reduces the isolation of industrial control systems from the outside world, creating greater security needs. The results of observation studies indicate that Norwegian power network companies and industrial control system suppliers have contributed to the creation of a culture that does not focus on information and communications systems safety and security. The increased use of standards and guidelines can help improve cooperation between industrial control system owners and suppliers. Norwegian industrial control system owners should also implement a culture change in their organizations and should attempt to influence the safety and security culture of their suppliers. Power network companies need to place information and communications systems safety and security on par with operational priorities and they need to become more vocal in demanding secure products from their suppliers.