Does SANS bite?

Dec. 12, 2007
Sorry, I couldn't resist the pun. Joe Weiss posted on Unfettered this morning a clip from the blog, SANS Bites. In it he takes issue with the editor of SANS Bites' self-serving, and industry-serving statements about how nobly the industry is trying to achieve cybersecurity nirvana. What rot. The industry has finally heard the magic words, Sarbanes-Oxley, and is trying desperately...
Sorry, I couldn't resist the pun. Joe Weiss posted on Unfettered this morning a clip from the blog, SANS Bites. In it he takes issue with the editor of SANS Bites' self-serving, and industry-serving statements about how nobly the industry is trying to achieve cybersecurity nirvana. What rot. The industry has finally heard the magic words, Sarbanes-Oxley, and is trying desperately to dodge the bullet it is facing. Every one of the CEOs, CTOs, CIOs in the utility (and for that matter-- all the process verticals) industry is facing the unpleasant vista of looking straight down the twin barrels of the cyber shotgun...either they clean up cybersecurity or Sarbanes-Oxley will end their careers after the fact. And they will likely go to jail. No wonder the industry is squirming so much. From Joe's blogpost: (First we had the NERC CIP Workshops telling utilities how to circumvent the intent of the industry cyber security standards. This has been followed by multiple conferences on how to be compliant with the NERC CIPs with no thought to actually improving the security of the facilities. Now SANS who knows little about control systems is going to provide help. Where are the utilities going to turn to get useful, factual advice that will actually secure control systems???)