The week of 9/11, I was in Houston along with 40,000 others for the ISA Expo. On 9/9 I was made an ISA Fellow. On 9/10, we held two sessions on CONTROL SYSTEM (there was no such term as OT at the time) cybersecurity that were well attended by the engineers with minimal IT attendance because on 9/10, control system cybersecurity was a business imperative as you can’t make things if the control systems don’t work. On 9/11, I was scheduled to take a tour of NASA’s Johnson Space Flight Center that was cancelled after the planes crashed into the Twin Towers. It took 3 days before I could get a rental car to drive back to San Jose – there were no planes flying. There should have been many lessons learned from 9/11. Three of the most important were connecting the dots, lack of imagination, and having multidisciplinary teams involved. When it comes to control system cybersecurity, those lessons have not been learned.
