With the never-ending, and too often successful, attacks on critical infrastructure networks, there needs to be a better way to protect control systems and the processes they monitor and control. The fallacy about critical infrastructure cybersecurity is that the Internet Protocol (IP) networks are needed to keep lights on, water flowing, etc. July 28, 2021, an announcement was made about the President’s Industrial Control System Cybersecurity (ICS) Initiative to facilitate the deployment of technology and systems that provide threat visibility, indicators, detections, and warnings. To date, this is a network-based approach specific to cyber threats. However, the existing approach of securing critical infrastructures by securing the networks is not working. The Israel Water Authority recognized that need and is monitoring the electrical characteristics of the process sensors as the raw process sensor signals are ground truth and not susceptible to network attacks. Hopefully, the US government, insurance companies, credit rating agencies, and others recognize what is really needed to be secured – the field control system equipment that keeps lights on and water flowing. US critical infrastructure cyber security is backwards – it’s the process that counts not the data
