Control system cyber incidents affecting pipelines, rail, and aviation have caused catastrophic damage resulting in multi-billion-dollar impacts and hundreds of deaths. Detecting cyberattacks against IT and OT networks can be done today. However, the same cannot be said for detecting control system cyber incidents (attacks and unintentional incidents) that occur with the cyber insecure control system field devices. This means the TSA security directives of reporting incidents within 24 hours to CISA, conducting meaningful vulnerability assessments, and developing contingency and recovery plans for identified malicious cyber activity cannot be met for control system-related incidents.
Control system cyber security training, contingency, and recovery plans need to be developed based on real control system cases. Process sensor integrity and authentication is needed to recognize system/equipment malfunctions that could be cyber-related. There is a need for government and industry to coordinate the myriad standards and governmental activities on critical infrastructure cyber security to assure there are no inconsistencies. Government funding to accredited standards organizations like ISA and IEEE can accelerate the standards development.
