In May 1998, Presidential Decision Directive (PDD) 63 mandated the cyber security of critical infrastructures be implemented by May 2003. Twenty years and multiple PDDs and Presidential Executive Orders later, the government agencies responsible for securing the critical infrastructures are still failing to adequately address the issues that can cripple our country and its critical infrastructures – the process control systems. The more than 17 million actual control system cyber incidents attest to the failure. The March 2023 National Cybersecurity Strategy is based on issues associated with Internet Protocol (IP) networks and consumer Internet of Things (IoT) devices, not control system devices such as process sensors that affect process safety. The National Cybersecurity Strategy does not even mention the cultural issues between the engineering and network security communities.
