Webinar: Top 10 Cyberattacks on Industrial and Critical Infrastructure of 2024
Days
Hours
Minutes
Seconds
Register Now

Why I Wrote Power Generation OT Security: Applying and Interpreting ISA/IEC 62443 Standards

Power generation is a critical sector facing unique cybersecurity challenges. However, as I researched, it became clear that no document existed to bridge the gap between the general, industry-agnostic ISA/IEC 62443 standards and the specific needs of power generation facilities. In response, I decided to write this ebook.
Picture of Dr. Jesus Molina

Dr. Jesus Molina

Why I Wrote Power Generation OT Security: Applying and Interpreting ISA/IEC 62443 Standards

As a teacher in the Master’s program on Rail Cybersecurity, I’ve had the opportunity to guide rail professionals through the complexities of securing critical infrastructure. In my course, I frequently rely on the European Technical Specification TS-50701, which provides tailored cybersecurity guidance specifically for the rail industry. TS-50701 serves as an essential resource, helping rail professionals interpret and apply broader standards like ISA/IEC 62443 to the unique challenges of rail systems. Of course, the goal of TS-50701 (currently in the process of becoming a standard under PT 63452) goes beyond teaching; it aims to improve cybersecurity in rail networks by building directly from the foundation of the 62443 standards.

But this reliance on TS-50701 led me to ask a simple question: Where is the equivalent guide for power generation?

“…I decided to write this ebook as a resource for power generation professionals. It aims to simplify and clarify the application of ISA/IEC 62443 for this sector.”

The Gap

Power generation, like rail, is a critical sector facing unique cybersecurity challenges. However, as I researched, it became clear that no similar document existed to bridge the gap between the general, industry-agnostic ISA/IEC 62443 standards and the specific needs of power generation facilities.

In response, I decided to write this ebook as a resource for power generation professionals. It aims to simplify and clarify the application of ISA/IEC 62443 for this sector. While the standards are essential for Operational Technology (OT) security across industries, applying them effectively in power generation presents unique challenges that require tailored guidance.

Here’s what you’ll find inside the ebook:

  • A Consequence-Driven Approach: Learn how focusing on unacceptable outcomes and using a consequence-driven approach can enhance your risk assessments.
  • Zoning and Conduits for Power Generation: Practical guidance on structuring zones and conduits to address power generation’s specific needs.
  • Engineering-Grade Controls: Explore engineering-based controls that reduce reliance on vulnerable software solutions, helping to simplify security while maintaining robustness.
  • Introducing New Technologies: A practical approach to managing cloud computing and remote access within the standard.

Powergen OT Security eBook - Graphic

Looking Ahead: The Need for Power Generation-Specific Guidance

This ebook is a starting point. My hope is that it will spark further work towards creating a comprehensive guide, similar to TS-50701, but specifically for power generation. Such a document would bridge the gap between the broad 62443 standards and the specialized needs of this critical sector, providing engineers with a clear path for implementing cybersecurity measures.

I’ll be presenting my position on the importance of tailored training materials at the upcoming Sx25 conference. My focus will be on my experience teaching rail professionals, and the urgent need for OT cybersecurity training that prepares engineers to understand and apply cybersecurity principles in their unique operational environments. Right now, power generation lacks both a specialized approach to training and the specific guidance to make ISA/IEC 62443 actionable for its unique needs.

Download the eBook and Join the Effort

If you’re involved in power generation or OT cybersecurity, I invite you to Click here to  download the ebook and join me in pushing for the development of industry-specific resources for power generation.

About the author
Picture of Dr. Jesus Molina

Dr. Jesus Molina

Jesus Molina is Waterfall’s Director of Industrial Security. He is a security expert in both OT and IT security. A former hacker, his research on offensive security in industrial systems has been echoed by many publications and media, including Wired and NPR. Mr. Molina has acted as chair of several security organizations, including the Trusted Computing Group and the IoT Internet Consortium. He is the co-writer of the Industrial Internet Security Framework and the author of several security-related patents and academic research papers. Mr. Molina holds a M.S. and a Ph.D from the University of Maryland.
Share

Stay up to date

Subscribe to our blog and receive insights straight to your inbox