Monday, January 9, 2017

A Use Case Approach to Cybersecurity Whitepapers

By Eric Cosman, Co-Chair of MESA's Cybersecurity Working Group

The Cybersecurity Working Group (CS-WG) was established to provide guidance to MESA members on how to address the information and electronic security of manufacturing operations and control systems. The intent is to provide this information in various forms (e.g., documents, webcasts, presentations) in order to…

  • provide superior value content to the industrial community,
  • promote active participation and growth in membership, and 
  • form a credible basis for MESA technical references.

Guidance documents can take any of several forms. Other MESA working groups have been quite successful in applying the whitepaper format in achieving these goals. The CS-WG has identified two potential subjects for further investigation:

  1. “Secure Design Practices for Manufacturing”
  2. "The Business Case for Manufacturing Operations Cybersecurity”

Rather than approaching each of these subjects as separate activities, the working group members have agreed to focus first on the creation of a series of case studies, each highlighting a specific aspect of the subject matter. A library of such case studies would then become a common source for the development of a series of whitepapers, each addressing a specific challenge or objective.

The working group is asking for assistance and contributions from all MESA members to create this library. Specifically, we are asking anyone with experience with the justification, design, implementation, or operation of cybersecurity related programs to consider offering this information in the form of an anonymous case study. There is a standard template that can be used to capture the necessary information.

If you are interested, or would like to discuss the opportunity in more detail, please contact the author.

About the Author
Eric Cosman provides consulting and advisory services in the management of information technology solutions in Operations and Engineering. He has contributed to various standards committees, industry focus groups, and advisory panels. He is a past vice president of standards and practices at ISA and is currently a member of the ISA Executive Board and co-chair of the ISA99 committee on industrial control systems security. You can reach him at 

No comments: