Keeping up with everything that comes your way from the Internet is an impossible task. It would be even if you didn't have a real job to do and a real life to live. So it's easy to miss important ideas, such as some of those found in our blogs. Our security blogger, Joe Weiss, posted the following on July 1. You can read it online or you can read it below. Then tell us what you think. Is Joe on to something here? What would you do to address the cybersecurity problems Joe has outlined?
What Does It Take To Get Engineering Back into Security?
As an engineer, I have been brought up to work with numbers, physics and logic. As a control systems engineer, I have been brought up to focus on reliability and safety; we want the process to work and not to hurt people. I had a large group of like-minded colleagues that I could call on to discuss these issues in a reasonable technical manner. In general, governments were passive bystanders, except for the Nuclear Regulatory Commission (NRC) when it came to licensing of plant safety. What's more, information sharing was a given and occurred at multiple venues. Alas, cybersecurity showed up. Now look what has changed:
- IT has effectively taken over control systems under the guise of security;
- Programs like the NERC CIPs require people to use "the Emperor wears no clothes" philosophy and look the other way;
- IT organizations feel if an issue doesn't affect their systems, it is of no interest;
- IT security technologies are developed for IT, and rebranded as SCADA without having an understanding of what they can do to control systems;
- Government organizations are developing "consensus" standards without any requirement that these standards be actually meaningful; and
- Most distressing of all, the rise of the chasing of the buck is causing previously collegial discussions and honest disagreements to be now branded as heresy, with all of the accompanying back-biting.
The utility test bed is meant to try to change the paradigm of security for security sake, and make it security for reliability and safety's sake. We have only one utility in the country willing to evaluate these cybersecurity technologies and talk about them. We are still on the outside looking in.
Before it is too late, what do we do to go back to being engineers?
And for the Control Freaks Among You
One of our favorite columnists, Greg McMillan, has expanded his Control Talk column into a blog also called Control Talk. It is a running tutorial on control-related issues.
Recently he covered "Key Misunderstood Terms for Control System Dynamics" and "Effect of Valve and VSD Dynamics on Loop Performance."
Feel free to comment on or send questions about any of the posts.
How to Respond
You have multiple options here for expressing your opinion. All our blogs have comment capability at ControlGlobal.com. But, if that's not your style, you can send an email to either our editor in chief, Walt Boyes, at email@example.com or to our managing editor, Nancy Bartels, at firstname.lastname@example.org. If you really want to play it Old School, send us your letter to the address shown on the upper left side of this page.
We'll print responses here. Note that we may edit them for length. You can ask that your name be withheld, but we will not publish any anonymous letters.