I am doing a small research college project. I work as an Automation Engineer for my day job. My thesis is concerned with the role of Automation/Control System Engineers in relation to Security for Industrial Control System networks. As many people will know this area has gained quite a bit of attention in recent years.
As part of the thesis I have created the following survey aimed specifically at Automation/Control engineers to help with my objectives. It contains both technical and non-technical questions. It will only take about 10 mins to complete and I would really appreciate people taking the time considering the importance of this issue. Also the wide spread of knowledge in this forum would contribute greatly to balanced final data.
> Can you post the results of the survey when it is complete?
Firstly thanks for doing the survey. I would be happy to share the results - I intend to to leave it open for another while hopefully I can get a bit more responses to ensure my data is a representative sample.
My concern with your survey is that it is far too IT focused to be valuable as a survey of Industrial Control Systems cyber security. For example, you list pen testing, when it has been known for years that pen testing on an operation ICS is dangerous and possibly deadly.
Walt, with his ISA99 hat on
Walt Boyes, FInstMC, Chartered Measurement and Control Technologist
Life Fellow, International Society of Automation
Editor in Chief, Control and ControlGlobal.com
I'd like permission to share outside of control.com. My twitter followers would likely be interested in filling it out.
Also, it appears you're looking mainly for owners of infrastructure, and not contractors/consultants/service providers. Is this accurate?
> My concern with your survey is that it is far too IT focused to be valuable as a survey of Industrial Control Systems
> cyber security. For example, you list pen testing, when it has been known for years that pen testing on an operation
> ICS is dangerous and possibly deadly.
I should probably change the title of the survey. The main aim of the project is to measure the awareness and competency that automation/control system engineers have in tracing the source of suspected malware on an industrial control system network. The survey is one of two main sources for my conclusions - the other will be testing. The non-technical questions are just an attempt to see what kind of culture exists in the industry as regards to security from the point of view of the ICS engineer - when looking for this data I couldn't find it. As regards to the technical questions - on research I have found theses are the types of skills necessary to have , to be able to have any chance of finding malware. My thought is that control system engineers are first on the scene for any attack on a critical ICS system. As for pen testings I fully agree that this should never be done under operating conditions but I would advocate that it should done during down periods.
> I'd like permission to share outside of control.com. My twitter followers would likely be interested in filling it out.
> Also, it appears you're looking mainly for owners of infrastructure, and not contractors/consultants/service providers. Is this accurate?
Id be delighted for you to put it out on twitter - the more responses the better. My target audience is any automation/control system engineer. Owners could send it to their staff/contractors working on their systems.