Misconceptions about ICS/OT cybersecurity are stubborn. This “mythbusting” blog series dispels five common myths related to ICS cybersecurity. Catch up on previous entries if you’re interested:

Now, let’s look back at this series with a few parting thoughts on the state of ICS cybersecurity today.

Lessons Learned from Recent Attacks and Industry Surveys

Major Trends in ICS Cybersecurity

• ICS cyberattacks involving cyber criminals, hacktivists, and nation states are on the rise
• Most organizations recognize risks to their ICS and are taking numerous initiatives to address these risks
• The ICS cyber workforce/skills gap is widening
• Governments are declaring cyber as a national security threat, and enacting more laws and regulations (NERC CIP, NIS Directive…

Operational teams running industrial systems rely on remote access devices to do their jobs and rarely think about the non-technical and non-commercial considerations when buying. But recent history is telling us that where the device-and even components within the device-come from matters much more than we recognize.

Supply Chain Attacks Are Serious

A supply chain attack is a category of cybersecurity attack where access is gained by targeting upstream elements in the supply chain. A layperson purchasing a device-perhaps to commission a piece of equipment over the weekend-may think that risk isn’t significant enough to influence the buying decision, but it is.

Supply chain attacks…

We’ve finally come to the last installment of this series on marketing for the industrial automation industry, and here’s a big “thank you” to everyone who stuck with us for this long. It’s been quite the ride, hasn’t it? From learning how to know you actually have a problem with your marketing to learning why LinkedIn isn’t all you think it is, hopefully this series has been an eye opener for you and your team-and maybe you’re even walking away with some new ideas to try.

This installment, to put a nice bow on everything, will cover what is probably…

The following technical discussion is part of an occasional series showcasing the ISA Mentor Program, authored by Greg McMillan, industry consultant, author of numerous process control books, 2010 ISA Life Achievement Award recipient, and retired Senior Fellow from Solutia, Inc. (now Eastman Chemical). Greg will be posting questions and responses from the ISA Mentor Program, with contributions from program participants.

Matthew Howard is the only process system engineer in a large pulp mill with a recovery boiler, two hog boilers, and a Kamyr digester with five-stage bleach plant and pulp machines. …

The manufacturing industry has been hit especially hard by the pandemic. There’s the obvious impact of potentially sick workers, along with the need for social distancing and strict health requirements. Then there are supply chain issues, many of which mean component or material shortages. Finally, consumer demands have not fallen. Instead, they’ve done the opposite, exploding to unprecedented levels.

Manufacturers have had to pick up the pace, with fewer resources, while hemorrhaging staff due to the current pandemic.

Cobots help alleviate the problem by taking over the gaps in manual labor and boosting productivity to levels never seen before.

The Art of Collaborative Automation: Cobots

Collaborative…

Enhancing ICS Cybersecurity in the Software Development Lifecycle

Key Takeaways

Open source software (OSS) is frequently integrated into industrial control systems (ICS) and critical infrastructure as business owners pursue greater interoperability, portability, and interchangeability. While tapping into the benefits of open source software, cybersecurity considerations are imperative, since availability and reliability is paramount for industrial control systems. Ensuring high-quality code in open source software to avoid an increased cyber risk to the ICS becomes a pivotal challenge. …

On 5 February 2021, attackers gained access to the industrial control system (ICS) at a water treatment plant in a small town in Pinellas County, Florida. A plant operator caught the breach almost immediately, although the apparent hackers tried to increase the amount of sodium hydroxide in the water supply to dangerous levels-from about 100 parts-per-million (ppm) to 11,100 ppm.

The attackers remotely took control of the mouse and the system using a legitimate application called TeamViewer, commonly used in industrial settings for remote access. …

Misconceptions about ICS/OT cybersecurity are stubborn. This “mythbusting” blog series dispels five common myths related to ICS cybersecurity. Catch up on previous entries if you’re interested:

• Common ICS Cybersecurity Myth #1: The Air Gap
• Common ICS Cybersecurity Myth #2: Proprietary Systems and Protocols
• Common ICS Cybersecurity Myth #3: The Unbreachable Firewall
• Common ICS Cybersecurity Myth #4: Serial Communication

Now, let’s dive in.

ICS Cybersecurity Myth #5

Why would someone even bother to attack smart grids or industrial networks? Many people believe that attackers are usually financially motivated, and therefore, that there is not much to gain by attacking industrial networks

Contrary to the common…