advertisement
from the Forum department...
Security Survey for Automation/Control Engineers
Engineering and workplace issues. topic
Posted by Anthony Murray on 19 March, 2013 - 10:09 am
Hello

I am doing a small research college project. I work as an Automation Engineer for my day job. My thesis is concerned with the role of Automation/Control System Engineers in relation to Security for Industrial Control System networks. As many people will know this area has gained quite a bit of attention in recent years.

As part of the thesis I have created the following survey aimed specifically at Automation/Control engineers to help with my objectives. It contains both technical and non-technical questions. It will only take about 10 mins to complete and I would really appreciate people taking the time considering the importance of this issue. Also the wide spread of knowledge in this forum would contribute greatly to balanced final data.

Survey Link:
https://www.surveymonkey.com/s/YCNQZQ9


Posted by mhwest on 20 March, 2013 - 7:27 am
Can you post the results of the survey when it is complete?


Posted by Anthony Murray on 20 March, 2013 - 8:51 am
> Can you post the results of the survey when it is complete?

Firstly thanks for doing the survey. I would be happy to share the results - I intend to to leave it open for another while hopefully I can get a bit more responses to ensure my data is a representative sample.


Posted by Walt Boyes on 20 March, 2013 - 1:15 pm
My concern with your survey is that it is far too IT focused to be valuable as a survey of Industrial Control Systems cyber security. For example, you list pen testing, when it has been known for years that pen testing on an operation ICS is dangerous and possibly deadly.

Walt, with his ISA99 hat on

Walt Boyes, FInstMC, Chartered Measurement and Control Technologist
Life Fellow, International Society of Automation
Editor in Chief, Control and ControlGlobal.com
wboyes@putman.net


Posted by Michael Toecker on 20 March, 2013 - 3:06 pm
Anthony,

I'd like permission to share outside of control.com. My twitter followers would likely be interested in filling it out.

Also, it appears you're looking mainly for owners of infrastructure, and not contractors/consultants/service providers. Is this accurate?

Mike


Posted by Anthony Murray on 21 March, 2013 - 7:28 am
> My concern with your survey is that it is far too IT focused to be valuable as a survey of Industrial Control Systems
> cyber security. For example, you list pen testing, when it has been known for years that pen testing on an operation
> ICS is dangerous and possibly deadly.

Hi Walt,

I should probably change the title of the survey. The main aim of the project is to measure the awareness and competency that automation/control system engineers have in tracing the source of suspected malware on an industrial control system network. The survey is one of two main sources for my conclusions - the other will be testing. The non-technical questions are just an attempt to see what kind of culture exists in the industry as regards to security from the point of view of the ICS engineer - when looking for this data I couldn't find it. As regards to the technical questions - on research I have found theses are the types of skills necessary to have , to be able to have any chance of finding malware. My thought is that control system engineers are first on the scene for any attack on a critical ICS system. As for pen testings I fully agree that this should never be done under operating conditions but I would advocate that it should done during down periods.

> I'd like permission to share outside of control.com. My twitter followers would likely be interested in filling it out.

> Also, it appears you're looking mainly for owners of infrastructure, and not contractors/consultants/service providers. Is this accurate?

Hi Mike,
Id be delighted for you to put it out on twitter - the more responses the better. My target audience is any automation/control system engineer. Owners could send it to their staff/contractors working on their systems.


Posted by Anthony Murray on 25 March, 2013 - 6:35 am
Hi Mike,

Did you get a chance to post the survey to twitter

Thanks
Ant


Posted by Michael Toecker on 25 March, 2013 - 12:29 pm
Anthony,

Yep, just went live.

Mike


Posted by Joe Weiss on 23 March, 2013 - 11:31 pm
I would like to get a copy of the results. I wanted to reiterate Walt's point that your questions focus on the IT aspects and not the unique control system issues such as loss of control and loss of view.

Joe Weiss
joe.weiss@realtimeacs.com

Your use of this site is subject to the terms and conditions set forth under Legal Notices and the Privacy Policy. Please read those terms and conditions carefully. Subject to the rights expressly reserved to others under Legal Notices, the content of this site and the compilation thereof is © 1999-2014 Nerds in Control, LLC. All rights reserved.

Users of this site are benefiting from open source technologies, including PHP, MySQL and Apache. Be happy.


Fortune
Mencken and Nathan's Fifteenth Law of The Average American:
The worst actress in the company is always the manager's wife.
Advertise here
Advertisement
our advertisers
Help keep our servers running...
Patronize our advertisers!
Visit our Post Archive