The DOE is proffering safety by pronouncing “from the ground up” inclusion of proactive cyber security. This claim of “…aftermarket bolt on efforts”, is disingenuous and smacks of ignorance. Technology is still changing at a fast pace, designing in security today will be abrogated by technology tomorrow. Look at electronics firm Huawei, the NIC chips in the bulk of its devices have been called out as a (possible) security risk. It seems there is a third data stream in the NIC chips that could be used to do an end run around encryption. Huawei has balked at explaining what this data stream is for.

In the industrial controls sector, there is a “concept” that is decades old. The concept is where does one want to put the overhead? At the controller site or at the SCADA headquarters? Basically when one uses Occam’s razor having the local process controller holding the [sensors and control programming] in what one would call “local emergency mode” has allowed a system to continue functioning without communications from the “control center” or communications network.