Thursday, January 30, 2020

Common Myths Hamper Progress on Industrial Cybersecurity

Eric C. Cosman, MESA Cybersecurity Working Group Chairman 

Just as with other initiatives directed at preventing negative consequences, efforts to reduce or mitigate cybersecurity risks often have to counter beliefs or perceptions that may be inaccurate or incorrect. Analysts and industry observers have identified several common “myths” and provided arguments to counter these beliefs. While many of these myths were originally highlighted in the context of general purpose of business systems cybersecurity, they often apply equally to industrial systems.

Members of the MESA cybersecurity working group have discussed many of these myths and shared experiences and observations that can be used to counter them. The group has decided to share this information with MESA members in hopes that it can be used in describing the imperative for an effective response in the form of a comprehensive cybersecurity management system. Group members will address several common myths in separate blog posts over the following weeks and months. These include:
  • We are safe because we are not connected to the Internet.
  • Our firewalls protect us.
  • Hackers do not understand industrial systems.
  • We are an unlikely target for attack.
  • Safety backup system will protect us.
We welcome questions, observations, counter arguments or other comments as we conduct this dialog.


The following sources were used to identify topics to be addressed in this series:
  1. DarkReading: 8 Cybersecurity Myths Debunked (
  2. Cybersecurity Magazine: The Top 5 Cybersecurity Myths That Need to Die (
  3. Cybint Solutions: 10 Cybersecurity Myths You Need to Stop Believing (
  4. Forbes: These Are 10 Cybersecurity Myths That Must Be Busted (
  5. Gartner: Cybersecurity Myths of the Industrial IoT (
  6. Abisham: Industrial Cybersecurity Top Myths Busted (

About the Author
Eric C. Cosman
Principal Consultant
OIT Concepts LLC

No comments: