There is a continuing culture chasm between cybersecurity managed by the CISO and engineering and operations personnel responsible for OT. Part of the gap stems from many CISOs’ and their teams lack of experience and understanding of control /protection systems and devices and engineering and operations requirements and work processes. Engineering and Operations have a corresponding understanding gap regarding cybersecurity that can be seen by many engineering standards and requirements not addressing cybersecurity. The culture chasm results in both sides either not talking or talking past each other including each side not requiring appropriate competence in their standards and requirements. Cyber attackers recognize these gaps and are exploiting them. Industry and government organizations need to recognize and address this critical culture chasm which is still missing even in current industry and government reports. Utilizing the approach in ISA TR84.00.09 can help protect the control and safety systems used in critical infrastructures, including the electric and water sectors, and hopefully close these culture chasms.
