tag:blogger.com,1999:blog-9122514974659083342.post454782912707845888..comments2024-02-02T22:30:20.736-05:00Comments on Chemical Facility Security News: Cybersecurity Act of 2012 and ICS SecurityPJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-9122514974659083342.post-89206970913362808292012-02-16T02:54:35.663-05:002012-02-16T02:54:35.663-05:00Hi PJ,
I'm not sure I can follow your logic a...Hi PJ,<br /><br />I'm not sure I can follow your logic about the exclusion of control system due to the "information technology" language.<br /><br />To me, a modern control system contains a significant amount of information technology. It sure contains a lot more, but there certainly are parts of a control system which are information technology. In the IEC 62351-1 standard (Power systems management and associated information exchange - Data and communication security - Part 1: Introduction and overview), there is a nice approach to looking at this: they look at the power system infrastructure (something that I would see clearly falling under the "critical infrastructure" notion) and the identify an information infrastructure overlay over the (physical) power system infrastructure. That information infrastructure is critical to the operation of the physical infrastructure and thus the two really can't be considered in isolation. This to me is analogous to the wording from the bill you quoted: "information infrastructure essential to the reliable operation of covered critical infrastructure".<br /><br />Of course, I'm reading this not with the intent to find a loop-hole allowing an ICS operator to escape the scope of this legislation, but I'm trying to read this with common sense. That may be the wrong approach to reading legislation, but it's the only one I have.<br /><br />As a disclaimer: I have not read the full bill. I am not a lawyer or in other ways overly familiar with legal or legislative language. I am not an English native speaker. So, if any of that or yet other factors lead to a misunderstanding on my part, I'd be happy to receive further enlightenment.Ragnar Schierholznoreply@blogger.com