Voices: Feedback

Your Skills; Security Requirements for Vendors

Getting the Message Across. WIB's Security Requirements for Vendors is a Good Start

Message Bears Repeating
Good opening on your Editor's Page, Walt (Nov. '10, p. 9, www.controlglobal.com/articles/2010/INdustrialGrowthCurve1011.html). I agree with the message.

You've been pushing the same cart consistently over the years. It's one of those messages that needs to be banged out. And, although I fear it will fall on many a deaf ear, the message doesn't have to win over everyone. A few will do. There's always next month.
Dennis Nash
President & CEO,Control Station, Inc.

Standard or Not?
Regarding the recent release of the International Instrument Users Association's  (WIB) document, "Process Control Domain—Security Requirements for Vendors," (www.controlglobal.com/industrynews/2010/222.html):
I read over the WIB document, and found it to be a good start toward definition as a procurement guideline, but it should not be thought of as a cybersecurity standard.

The document clearly states its purpose as a procurement guideline, not a cyber security standard. The steps to defining a structure of points of consideration for procurement were captured, but the explicit statements in many case are incorrect or contain misinformation. Some of the issues have yet to be resolved.

It is true that harmonization is needed. I do believe establishing a standard for procurement of systems to offer necessary cyber security is good, and there is no such guideline that I am aware of. However, there are further refinements needed in the WIB document. WIB can call something "standard," but without clarification of its purpose in the title, it sounds like something different.

When an informed readers read the text of the article and then read the document, they see two different things, and there are many informed readers who understand the difference. I simply believe the title should indicate what it is, and I think ISA-99 should also review the document.

If WIB provides a neutral guideline, it could be recognized as useful. They even stated that they reviewed the various NIST documents, and I certainly see where they copied certain aspects from those documents. That does not mean that the government endorses their position, and this statement of non-endorsement should appear in the document. This document, used for procurement, becomes legally binding between the supplier and end user, and there are additional points that should appear in such a document.
How does controlglobal.com view the WIB document?

Walt Boyes responds: WIB is a very longstanding organization that does indeed write standards, and also technical reports. If they say it is a standard, then it is. Personally, I think it is a great step forward. I'd like to see some harmonization of cybersecurity standards because we are in some very great danger of being in the position of the Dutch professor Andrew Tanenbaum, who famously said, "The nice thing about standards is that there are so many of them to choose from."

Being that I operate an unbiased news source, I am obligated to print (or post) press releases that I believe are significant. We clearly identify them as such, and we may or may not feel that commentary is necessary. In this case, I didn't think so.

Some people appear to believe that I should have posted this release with a great deal of negative commentary. I don't agree, and in the publishing business, "It's good to be king." That's why we provide comment capability that is moderated only to keep spammers and scatological posts from being published.

More from this voice


Reader Feedback: Wired vs. Wireless

A Reader Tell Us About Powerline Communication


Reader Feedback: Why Is Alarm Management Such a Problem?

What's the Cost of Best Practice Alarm Management?


Reader Feedback: Who's the Boss?

Google Doesn't Respect Authority. Google Search Results Are Only a Reflection of the Respect Granted by Others


Reader Feedback: When Will There Be an App for That?

A Reader Asks Us When Will We Have an App for iPad


Reader Feedback: When Should You Calibrate Your Industrial Devices?

A Reader Says "You Should Calibrate Your Instruments With the Frequency You Established in [Your] Plan, and Never Go Longer Than a Year"


Reader Feedback: What Color Is Your Hat?

Black Hat Caters to the Hackers and Security Researchers Primarily from the IT Community, as Well as the Press


Reader Feedback: Simulation Speed-Up a Good Thing

More and More, Dynamic Simulations Are Used Before Start-Up of a New Plant for Operator Training


Reader Feedback: Replacing a Field Device

Is the 3 a.m., Sunday Morning Replacement the Killer App?


Reader Feedback: Process Safety

Sometimes Even the Best Maintenance Practices Fail to Manage to Keep Some of These Plants Safe


Reader Feedback: Process Automation, Control Valves vs. VFDs and More

Readers Agree, Disagree and Respond to Some of Our Latest Articles. See What They Have to Say


Reader Feedback: Pervasive Sensing

Our Vision of Pervasive Sensors Encouraged Us to Find Innovative Ways to Not Just Power Sensors


Reader Feedback: Old Dogs Learning New Tricks

Why Are We Still Using the Same Sample Preparation Techniques That We Used 40 Years Ago?


Reader Feedback: Not Exactly PC-Based

PLCs and PACs Are More Robust and Include More Control Capabilities Than Those Offered Through PC-Based Control


Reader Feedback: No Unified Fieldbus Standard, Ever?

Unified Standard Solely Exist Because Automation Vendors Will Always Want That Part of Their Solutions Strategy to Be Uniquely Theirs


Reader Feedback: No Complete Disconnect for Nuclear Plants?

You Can't Isolate a Nuclear Power Plant from Any External Data Communications


Reader Feedback: Long-Distance Calibration

A Reader Writes In to Tell Us That the Users We Quoated in an Article Are Not Considering the Latest Technology Presented at an ISA International Instrumentation Seminar


Reader Feedback: Lambda Tuning: Use It or Lose It?

Helpful If Readers Could Get Better Information Than What's Listed in The Last "Control Update" Under: "Cascade Control Recommendation Tips" in Greg McMillan's "Control Talk" Blog


Reader Feedback: From the ControlGlobal Community

More Readers Chime in to McMillan's Emergency Shutdown of LPG Tank Farms Article


Reader Feedback: Cybersecurity Risk

When Will the Government Take Cybersecurity Risks Seriously?


Reader Feedback: Consider These for The Top 50 Automation Companies

Readers Asks Us to Consider Balluff, Sick (Optical Sensing Products) for Our Top 50 Automation Companies