OT Cyber Security
The objective of this website is to share experience on securing industrial control systems (ICS) and trigger discussions where appropriate. The content of this site will contain information on typical ICS security topics based upon my experience working 40+ years with control systems, as field service engineer, system programmer, process engineer, and 15+ years in cyber security.
I don’t want this web site and its blogs to be another story on the many vulnerabilities of ICS equipment. I like to discuss the cyber security topics from the angle of what are the cyber security hazards these vulnerabilities cause, what are the potential consequences, and what can we do to reduce the risk. This requires a more detailed look at how ICS are built, which sub-systems are part of it, and what is their function within the production process, and sometimes how does this production process work.
My objective is to do this from a cyber security risk based perspective. What are the cyber security hazards, what is the associated risk, and what are the options to mitigate this risk. I am not a process engineer but spend the first half of my career writing and configuring software for implementing control strategies, so learning on the job. The second half of my 40+ year spanning career I worked on securing the industrial control systems. Sometimes at a very detailed level and sometimes more at a distance analyzing risk, and assessing system security.
This is a non-commercial web site with a vendor neutral focus on the security of automation systems. I mention specifically vendor neutral because I am employed by a large company that also has business units providing ICS solutions. Though I am not employed by that business unit and work for an OT cyber security team that provides vendor neutral services, sometimes people refer to what my employer might think of my opinion. Therefore I want explicitly state that this web site and its blog content are representing my own personal view on OT security and the world in general. There is no relationship between my opinions and publications and the views of my employer in whatever capacity.