I had a meeting with a vendor who is not a control system vendor but is working on control system security.
Last year they participated in a webinar when the question was asked what control system cyber events have occurred. The answer was they didn't know nor care because they were coming up with their own solution.
How can you solve a problem when you don't even know what the problem is you are trying to solve??? This is representative of many of the recent "solutions" I am seeing at conferences and webinars especially now that the NERC CIPS have been ratified. It would be interesting to see how many of these solutions actually cause more problems than they solve.
The new SCADA Security listserver asked the question today which IT vendors are offering "SCADA security" solutions. The same issue is there - you have big and small IT suppliers with "SCADA security" hardware, software, and best practices solutions. As Mark Fabro stated, "Nobody ever got fired for using these big companies, but these large companies may be very incapable to really deliver accurate services."
Joe Weiss
Leaders relevant to this article: