ISA MLM-38A “Identifying Control System Cyber Incidents” has been issued

[UPDATED 21-Oct-2023]

ISA99 has approved the peer-reviewed Micro Learning Module (MLM) 38A – “Identifying Control System Cyber Incidents”. Those wishing to see the MLM should send their request to It is not possible to have an effective OT/ICS cyber security program if you can’t identify control system incidents as being cyber-related. Yet, OT cyber security is under the purview of the CISOs whose focus is the malicious compromise of IP networks and whose staff are not trained to identify control system incidents as being cyber-related. A significant concern from not identifying control system incidents as being cyber-related is it creates a false sense of security. That is, many people feel since they haven’t experienced control system cyber incidents (that they were aware of), they haven’t spent the time and effort to address control system cyber security. As an example, two recent major data center shutdowns from different data center operators caused by control system issues were viewed as mechanical failures with no cyber investigations. Those people that can identify control system cyber incidents are not under the purview of the CISO. Cyber security requirements, technologies, monitoring, testing, and incident response planning are based on lessons learned from IP network cyber vulnerabilities and incidents. This ISA work product can help organizations meet their cyber incident reporting requirements. By identifying control system cyber incidents, OT, IT, and engineers could become more aware of risk and be better enabled to take appropriate prevention measures leading to a more holistic approach to cyber security.

Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.