Industrial automation cybersecurity conformity assessments

摘要

Having attended numerous conferences hosted by different industry groups over the past few years, I have found that the conversations are frequently muddled, lacking structure, and without a generally accepted paradigm for establishing context--with the exception of interchanges with a few subject-matter experts (SMEs) at the top of their game. The most frustrating dynamic is the lack of context. For example, I reviewed a recent industry group study about industrial automation and control system (IACS) cybersecurity that surveyed its constituency about spending plans for "cybersecurity solutions" in the context of purchasing cybersecurity "products" to solve the problem. That was it. The study did not separate the issues into people, process, and technology categories and did not separate the cybersecurity topics into IACS life-cycle phases.