The OT paradigm is broken technically and culturally – it must be fixed

On January 26, 2022. it became evident that the OT paradigm is broken. December 29th, the article was published that more than 3,000 smart instruments in a petrochemical facility had no passwords, even by default. January 21st, SAE/MITRE held a meeting on hardware vulnerability disclosures where IOT and ICS were not addressed including for sensors with no password, authentication, or encryption. January 24th, a utility report was issued identifying the need to include Level 0,1 devices. January 25th, a presentation was given on the results of doctoral research on the misalignment of the personnel involved in OT. January 26th, an online presentation given to the Meeting of Council of European Energy Regulators on the lack of addressing control systems. What is evident from multiple sources, both anecdotally and scientifically, is that the OT paradigm is broken. It doesn’t have to be this way. A Level 0, 1 process sensor monitoring project is being performed for a large industrial facility for productivity and predictive maintenance. The project spans multiple parts of the organization from corporate, plant engineering, operations, maintenance, safety, and cyber security. Cybersecurity is an important consideration, but not the primary motivation, which is efficiency and productivity improvement. This type of project can address the misalignment identified by Aleksandra. The acknowledgment that none of the consensus standards organizations or industry bodies were addressing the unique cyber security issues associated with process sensors led to the January 5th meeting. Hopefully, this effort can lead to developing standards that are germane to existing sensor and field device technology.

Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.