There continues to be a gap between the engineering organizations in end-users and control system suppliers responsible for reliability, functionality, and safety on the one hand, and the network security organizations responsible for network security on the other. Control systems are neither just engineering nor network security but a combination of both: modern networking technologies provide enhanced productivity and efficiency but often at the expense of cybersecurity vulnerabilities. Yet, both organizations continue to act as if the other doesn’t exist. Additionally, control system cyber security training is needed to minimize the inappropriate advice being dispensed by “OT cyber security experts” who don’t understand control system field devices. Senior executives need to ensure that the engineering and security organizations support, not ignore each other – that is not happening.
