• Derek Harp, Chairman & Founder

(CS)2AI-KPMG Control System Cyber Security Report (2020) - Part 1: Introduction

On behalf of a tireless (CS)2AI annual report steering committee, I am proud to announce the availability of the very first (CS)2AI-KPMG Control System Cyber Security Annual Report.

The report was based on survey results from industry members at large and a representative sample of (CS)2AI’s worldwide membership (approaching 19,000 members today), with questions regarding control system security events, trends in attack activities and protective technologies, and how organizations are adapting to changes in the threat landscape.


The primary intent of this report is to provide a free and valuable decision support tool that helps guide control system cyber security practitioners and management to make well-informed and prioritized decisions regarding the protection of critical assets. From the start, we believed that by casting a very wide survey net globally and applying come careful evaluation of the data we could find some valuable insights. We did find those. Amongst other factors, the data revealed potentially overlooked aspects of the interactions between business, operations, personnel and technology, and how all of those affect the security of organizations (and society.)

As we worked on this project with partners and members around the world it became clear that the very nature of our neutral not for profit organization coupled with our large and diverse membership base is ideal for such research and decision support tools. It is now a firm part of our organizational mandate to help identify which efforts to improve security are working, where they aren’t as effective as they should be, and even where they might be counterproductive. Moving forward, the (CS)2AI research program is squarely aimed at answering these questions and more.


This comprehensive report is the result of significant participation from our Strategic Alliance Partner, KPMG, who we owe a heartfelt ‘thank you’ to for helping bring this to life. We must also thank Airbus CyberSecurity, Fortinet, Palo Alto Networks, and Waterfall Security Solutions for their important contributions to both the research phase and the final report. Through their direct support of (CS)2AI and this joint project, these companies continue to demonstrate their commitment to help solve the challenges the control systems cyber security workforce face today.


We also want to express our gratitude to the annual report steering committee members who spent many hours pondering the exact questions before we launched the survey and each iteration of the report draft. Finally, I want to thank all of you who participated in this research for the benefit of others; without that there is no crowd wisdom to gather, study and share back with the community. This is yet another (CS)2AI "Members helping Members" initiative.

I sincerely hope you find this report valuable and I invite you to provide feedback of all types. Though we'd all love to hear positive things, constructive criticism is a necessary ingredient to making this resource the best it can be. For feedback or if you want to get involved in the 2021 report project, please email us at research@cs2ai.org