Today is...
Wednesday, November 26, 2014
Welcome to Control.com, the global online
community of automation professionals.
Advertisement
Featured Video...
Featured Video
Wiring and programming your servos and I/O just got a lot easier...
Advertisement
Our Advertisers
Help keep our servers running...
Patronize our advertisers!
Visit our Post Archive
Security Survey for Automation/Control Engineers
This is a survey aimed specifically at automation/control engineers in relation to security for industrial control networks

Hello

I am doing a small research college project. I work as an Automation Engineer for my day job. My thesis is concerned with the role of Automation/Control System Engineers in relation to Security for Industrial Control System networks. As many people will know this area has gained quite a bit of attention in recent years.

As part of the thesis I have created the following survey aimed specifically at Automation/Control engineers to help with my objectives. It contains both technical and non-technical questions. It will only take about 10 mins to complete and I would really appreciate people taking the time considering the importance of this issue. Also the wide spread of knowledge in this forum would contribute greatly to balanced final data.

Survey Link:
https://www.surveymonkey.com/s/YCNQZQ9

Can you post the results of the survey when it is complete?

> Can you post the results of the survey when it is complete?

Firstly thanks for doing the survey. I would be happy to share the results - I intend to to leave it open for another while hopefully I can get a bit more responses to ensure my data is a representative sample.

By Walt Boyes on 20 March, 2013 - 1:15 pm

My concern with your survey is that it is far too IT focused to be valuable as a survey of Industrial Control Systems cyber security. For example, you list pen testing, when it has been known for years that pen testing on an operation ICS is dangerous and possibly deadly.

Walt, with his ISA99 hat on

Walt Boyes, FInstMC, Chartered Measurement and Control Technologist
Life Fellow, International Society of Automation
Editor in Chief, Control and ControlGlobal.com
wboyes@putman.net

Anthony,

I'd like permission to share outside of control.com. My twitter followers would likely be interested in filling it out.

Also, it appears you're looking mainly for owners of infrastructure, and not contractors/consultants/service providers. Is this accurate?

Mike

> My concern with your survey is that it is far too IT focused to be valuable as a survey of Industrial Control Systems
> cyber security. For example, you list pen testing, when it has been known for years that pen testing on an operation
> ICS is dangerous and possibly deadly.

Hi Walt,

I should probably change the title of the survey. The main aim of the project is to measure the awareness and competency that automation/control system engineers have in tracing the source of suspected malware on an industrial control system network. The survey is one of two main sources for my conclusions - the other will be testing. The non-technical questions are just an attempt to see what kind of culture exists in the industry as regards to security from the point of view of the ICS engineer - when looking for this data I couldn't find it. As regards to the technical questions - on research I have found theses are the types of skills necessary to have , to be able to have any chance of finding malware. My thought is that control system engineers are first on the scene for any attack on a critical ICS system. As for pen testings I fully agree that this should never be done under operating conditions but I would advocate that it should done during down periods.

> I'd like permission to share outside of control.com. My twitter followers would likely be interested in filling it out.

> Also, it appears you're looking mainly for owners of infrastructure, and not contractors/consultants/service providers. Is this accurate?

Hi Mike,
Id be delighted for you to put it out on twitter - the more responses the better. My target audience is any automation/control system engineer. Owners could send it to their staff/contractors working on their systems.

Hi Mike,

Did you get a chance to post the survey to twitter

Thanks
Ant

Anthony,

Yep, just went live.

Mike

I would like to get a copy of the results. I wanted to reiterate Walt's point that your questions focus on the IT aspects and not the unique control system issues such as loss of control and loss of view.

Joe Weiss
joe.weiss@realtimeacs.com