IP network hacks and ransomware may not be able to be stopped. That includes cyberattacks against control system vendors who offer “cyber secure systems” and cyber security services. Control system vendors provide systems globally including to China, and some also have design and manufacturing facilities in China. The Johnson Controls and Bently-Nevada cases are not the first time control system vendors have been attacked or control system device vulnerabilities have been identified. Compromising control system vendors can result in impacts on facilities’ reliable and safe operation as vendor backdoors and remote access support can be a route into the control systems and affect their reliable and safe operation. These cases, as well other vendors’ cases, raise the question as to whether the trade-offs between the need for remote access and cyber risk from remote access has been adequately addressed. There is a need to do the following: evaluate the cyber/physical risk trade-off between use of remote access or when local access is sufficient; provide control system cyber security training for engineers and network security staff to identify whether control system incidents are cyber-related; monitor the physics of the process sensors to ensure process sensor signals are correct and authenticated which also is an independent check of the OT networks; and include OSI Layer 2 security (IP Cloaking) to provide point-to-point security over OT networks and protect access to those networks with access authentication and packet/frame authenticity checks.
