Mike Spear, director of global operations at Honeywell Cybersecurity comments that security dynamics in the process industry changed with the entry of Ethernet and Microsoft on the factory floor. “You now have vulnerabilities. Security has become a big aspect of the operation, not just running production,” he opines.
A risk management methodology, Cyber-Informed Engineering (CIE) is an emerging method to integrate cybersecurity considerations into the conception, design, development, and operation of any physical system, energy or otherwise, to mitigate or even eliminate avenues for cyber-enabled attacks.
Spear reckons that the CIE is still relatively new for those just starting to implement the fundaments. He concedes for those in the middle of the maturity cycle, visibility and predictability are the next issues to tackle. “They want to prevent bad events from occurring and are thus looking to be more proactive,” he continues.
CIE concepts use design decisions and engineering controls to prioritize defence against the worst possible consequences of cyberattacks facing critical infrastructure systems and asset owners.
