1:47 Mantra: “If you are in critical infrastructure, you will be targeted. If you are targeted, you will be compromised.”
Andy Bochman and others at INL. This is pure FUD, and I explain a more reasonable and helpful adaptation of this.
14:06 Mantra: “If it isn’t secure, it isn’t safe.”
Not necessarily FUD, but just wrong and could have asset owners chasing down security issues that don’t impact safety. Also, are you ever going to make the claim that something is secure?
Links
This episode was sponsored by CyberX. Founded by military cyber experts with nation-state expertise defending critical infrastructure, CyberX has developed an end-to-end platform for continuous ICS threat monitoring and risk mitigation.
Check out the CyberX Executive Guide to the NIS Directive.
Dale, aeSolutions is one of the companies using the slogan, “if it isn’t Secure, it isn’t Safe” so I’d like to comment. The intent of the slogan is to raise awareness of the linkage between process safety and ICS cybersecurity. You have spoken on this topic many times and participated in a Cyber PHA with us so I know that you “get” the relationship between safety & security.
Process safety relies on layers of protection as shown in the image below. 3 of those layers are typically “instrumented” systems (BPCS, Alarm, SIS). These are the layers responsible for preventing an incident. There are often multiple layers above of these that mitigate the consequences of an event (e.g. a pressure relief valve that vents to a flare). Organizations perform layer of protection analysis (LOPA) to determine if the layers adequately mitigate the risk to tolerable levels but LOPA doesn’t consider cyber.
The point we are trying to make with the slogan is that one or more instrumented layers could be compromised by a cyber attack. We encouraging companies to evaluate the security of their ICS/SIS systems per 62443 and 61511, especially when they are being credited as an independent layer of safety protection. You should be too!
John – You know I’m a fan of the Cyber PHA process. It’s the slogan I have issue with it. To make the point of the flawed slogan even stronger, we know that most SIS are insecure by design and dense with vulnerabilities. They are not secure. If you believe the Secure/Safe slogan, then all those SIS need to be ripped out and replaced (HT: Eric Byres).
Dale,
Thanks for the reply. Of course, we are not advocating that all SIS need to be ripped out and replaced. In your podcast you talked about compensating controls and that is absolutely a viable was to reduce the attack surface and compensate for the vulnerabilities inherent in the product. As I said before, the point of the slogan is to remind people that they need to evaluate the security of their instrumented safety protection layers. For example, just because a SIS is SIL 3 rated does not mean it is secure. We all understand that there is no such thing as perfect safety or perfect security. The purpose of the slogan is to be thought provoking and initiate a discussion. We looked at less ambiguous variations of the slogan but “If you haven’t performed a cybersecurity assessment of your instrumented safety protection layers then your PFD calculations may have been overly optimistic” doesn’t have quite the same ring to it 🙂