As Industrial control system (ICS) products are computer-based systems that make use of specialized software and embedded devices that control and automate processes and machines, the National Electrical Manufacturers Association is speaking out on the subject of cybersecurity.
“The competitive nature of the ICS market drives continual improvement in product security,” said Raj Batra, president of Siemens Industry Automation in the U.S. “Vendors are hardening hardware with additional security features, which ultimately benefits the end user. The vendors that provide these enhanced security attributes will enjoy a competitive advantage.”
The statement lists a number of actions that the vendors believe they have a responsibility to take.
For instance, ICS vendors believe they should “provide clear documentation regarding the international security standards to which their products conform, as well as the methods used to assess conformity.”
“A core message of our statement is ‘managing the risk of malicious access to ICS products is a shared responsibility that requires ongoing coordination among end-users, systems integrators, and ICS product vendors,’” said Jim Motes, vice president and Chief Information Security Officer at Rockwell Automation.
The group also identifies real-world factors that set reasonable security-related expectations to be directed at vendors of ICS products. For example, ICS products that were designed, sold, and installed many years ago remain in use in countless infrastructure and manufacturing processes, and many old ICS products that are still in use today cannot easily support security-related software/firmware updates.
Further, the ways that users configure, manage, and maintain their facilities can impact cybersecurity at least as much as the attributes of individual embedded ICS products, both old and new.
The group’s NEMA's ICS product manufacturers agree that protecting industrial control systems is a collaborative effort and they are dedicated to playing their part.
The association of electrical equipment and medical imaging manufacturers, founded in 1926 and headquartered in Rosslyn, Va., includes companies that manufacture power transmission and distribution equipment, lighting systems, factory automation and control systems, and medical diagnostic imaging systems. Total U.S. shipments for electroindustry products exceed $100 billion annually.