ICS 2022

Security engineering eliminates entire classes of cyber risk to operations, while cyber security only reduces those risks. This makes security engineering and the network engineering sub-discipline essential for industrial operations that must carry the Internet's threat load predictably, affordably, and for decades. In this presentation we take a deep dive into four powerful techniques for network engineering: hard segregation for safe cloud connections, unidirectional networks, hard wiring for safe access to safety systems and the Internet, and the (few) places it still makes sense to use real air gaps. These and other engineering-grade solutions are a blind spot in many cybersecurity programs - for example: where do buckling relief valves fit in the NIST Framework? We must expand our cyber risk programs beyond cybersecurity if we want those programs to be effective in addressing today's steadily-increasing threat loads.