Not surprisingly, a book about industrial cybersecurity becomes a deep dive into the endless conflict between information technology (IT) and operational technology (OT). Each of the two professions has an unequivocal mandate, and the mandates are in direct conflict. IT is devoted to security; OT is committed to uptime. Put simply, IT says, “If you don’t load this patch, you’ll get hacked,” while OT says, “If we shut the plant down for your patch, we’ll blow our quarter.”
Tripwire, a Belden company, has partnered with John Wiley & Sons to produce Industrial Cyber Security for Dummies, a short book authored by David Meltzer, Tripwire’s CTO, and Jeff Lund, a product manager at Belden. The book takes a look at the details of how to secure an industrial network. Digital copies are available free at this Belden link.
The Battlefield of IT and OT
The idea for the book and the content was derived from the authors’ years on the ground working to solve the differences between IT and OT. “I’ve been talking to people in the industry about cybersecurity and industrial control systems. There are two different worlds. The IT world and the people who do cybersecurity have little insight into how industrial networks work, whether it’s a factory or a water plant,” Meltzer told Design News. “When I talk with OT people who are running the industrial plants, cybersecurity is a different world to them. They’re working on keeping the plant running.”
Meltzer’s battle scars from the IT/OT wars stretch back two decades. “Twenty years ago I was working on IT security, and someone took that IT security into the plant. The security application took down the plant,” said Meltzer. “When that happens, the IT team gets put in the penalty box for two years. They told us, ‘We’re not letting you near this again.’”
Welcome to the New Days of Risky Connectivity
Meltzer noted that the security solutions that worked 20 years ago will not work in the next 10 years. “Twenty years ago, plants were not connected, and the industrial side was running proprietary IP. Now that they’re connected it creates a security issue,” said Meltzer. “You have to talk to the OT side about how important security is and how security will actually increase your availability.”
While the Meltzer/Lund book is a short primer, the book points to places to access further information. “There are a variety of standard bodies if you want to get into depth on cybersecurity in industrial networks,” said Meltzer. “We reference them in the book. The standards bodies have hundreds of pages that detail what to do. We’re not trying to replicate that information. We’re trying to point readers in the right direction for getting more detail.”
Rob Spiegel has covered automation and control for 17 years, 15 of them for Design News. Other topics he has covered include supply chain technology, alternative energy, and cyber security. For 10 years, he was owner and publisher of the food magazine Chile Pepper.