Greenfield
Factory Automation
Bassett
Batch Processing
Hand
Process Automation
Reynolds
Packaging Automation
Campbell
On the Edge
Factory & Machine Automation Playbook cover
This one-of-a-kind Factory Automation Playbook is packed with best practices, practical tips and pitfalls to avoid on a wide range of topics, from defining project objectives to selecting components to implementing technologies that can make your automated systems smarter and more productive.

 

News
|

Executive Order on Cyber Security, Smart but Too Vague

Print Reprint
FILED IN:  Cyber Security
     
President Obama’s executive order aims to facilitate information sharing on cyber security issues for critical infrastructure dependent on industrial control systems. Many believe its vague implications will limit its impact but agree it is a step in the right direction.

The cyber security executive order signed this week by President Barack Obama is a road paved with good intentions, but some fear that its vagueness will limit its impact. However, experts agree that its voluntary nature is the right approach.

The order aims to increase information sharing between government and private entities in regard to the cyber security of critical infrastructure including power plants and financial, transportation and communications systems. It calls for the development of a framework of best practices via the National Institute of Standards and Technology (NIST).

For industrial control systems (ICS), this may be a small step in the right direction, according to Joel Langill of SCADAhacker. However, the order is very broad in its coverage, as it blankets all “systems and assets, whether physical or virtual. Exactly how this would translate into what actually is implemented regarding security controls within ICS is not obvious and therefore will probably not make much impact on owners and operators of critical infrastructure in its initial phase,” Langill says.

Because the order does not appear to address the role of control system vendors or manufacturers, “this could be a significant oversight” representing a hurdle to improving resilience to cyber threats, Langill says.

The executive order does not set forth any minimum standards for how infrastructure should be protected, as any such act would require Congressional approval. The Obama administration made an attempt to pass such legislation last year and failed when Republicans intervened. If the legislation had passed, it would have given the Department of Homeland Security (DoHS) the authority to enforce security standards of equipment running critical infrastructure, The New York Times reports.

Langill adds that DoHS does not possess the knowledge base to provide any value to owners or operators because it tends to focus on matters of national security.

Eric Byres, CTO and co-founder of the Tofino Security division at Belden Inc., says that any attempt by the government to play “traffic cop” would be futile because the laws would be obsolete before they could be implemented. Byres adds that facilitating the sharing of information and increasing access to resources is the best the government can do beyond holding all companies accountable for negligence.

The final draft of the executive orders is anticipated within a year. During the interim, NIST will seek public input from organizations interested in participating in cyber security workshops over the next several months.

All this hard work, however, might not pay off in the long run, according to  Langill, who explains that orders such as these could easily be nullified by the next administration. In spite of that, he says the order could still serve to clarify existing regulations and lead to better ICS security overall.

Read the Full Executive Order.

FILED IN: Cyber Security
0

Add new comment

 

  NEWSLETTERS
Don’t miss intelligence crucial to your job and business!
Click on any newsletter to view a sample. Enter your email address below to sign up!

News Insights

News & Analysis

Product Insights

Latest Automation Products

Best of Blogs

Industrial Automation Columnists

Automation Focus

Sponsored white papers, videos and products

Continuous Processing

Oil & Gas, Chemical and More

Automation Skills

Improve Industry Skills

Industrial
Ethernet Review

Network Application of IE

On The Edge
Blog

Workforce Development

Factory Automation

Technology for Discrete Manufacturing

Food Bev & Pharma

Automation Applications & Trends

Global Edition

Global automation news

Each newsletter ranges in frequency from once per month to a few times per month at most.

 

The best of the essentials!
Secrets to Automation Project Success

Sign up to receive timely updates from our editors and download this FREE Automation Project Survival Guide. It’s packed with field-tested best practices from industry experts that can help make your next automation project a success.

x