Voices: Montague

Challenges of Covering Cybersecurity News Beat

Executive Editor Jim Montague Wonders About the Stillborn Security Stories That Got Away

By Jim Montague

I remember some stories that got away, but I'll never forget those that were researched and written, but couldn't run. For instance, the most difficult topic we cover is cybersecurity. It can take months of inquiries and phone calls to secure a few good examples of how end users protect their process controls and networks. Understandably, almost nobody wants to discuss security for fear it will make them a target for some hacker, intrusion or cyber attack. This makes the few engineers and organizations willing to talk about security especially brave and precious to others in their profession.

A few years ago, I was lucky enough to secure an interview with two guys who were the cybersecurity experts at one of the world's largest oil and gas companies. Their firm was acknowledged to be a shining example of security best practices. They described in basic terms how cybersecurity is very similar to process safety, so the same risk assessment methods used to evaluate frequency and severity of potential safety incidents can also be used to gauge cybersecurity risks and help form a response. I think they also described how process control networks need to be segmented and divided by managed Ethernet switches serving as firewalls. Nothing groundbreaking, but I knew this advice would mean a lot to our readers because it came from such a big end user.

I was pleased, too, until the oil and gas firm's public relations person refused to approve or correct the story's text and referred me to a third security expert, who has repeatedly refused to be quoted. I eventually found other, less cowardly, end users who did agree to stand up and be counted. I completed my story, and have come up with several good cybersecurity articles since then. However, it's always bugged me that I couldn't get that oil and gas company on the record.

So why am I reminding you of stillborn security stories? Well, I was at the Honeywell User Group 2014 on June 3-5 in San Antonio, Texas, and I covered another cybersecurity presentation. It was well attended, but the audience was grim and seemed to be pretty depressed. I've experienced more than a few cybersecurity lectures, and the audience usually has a higher-than-average ratio of attendees with serious expressions and folded arms—as if they were subconsciously trying to protect themselves.

 And I slowly realized that the original oil and gas firm's uncommunicative, third security expert was in the audience, too. He and a colleague were apparently willing to attend, but all they contributed were a few smug questions and I-told-you-so remarks from the sidelines. I asked for a comment once more, but he was again unwilling to be quoted in any way.

I politely responded that I thought they were as bad or worse than hackers and cyber terrorists because they offer no help to other professionals in their own field, who desperately need some advice and encouragement, and don't have the resources of a huge firm to research and implement the best cybersecurity methods. They said it was just business, but I think refusing to try to lessen suffering and despair is the same as causing it in the first place.

When Scrooge says Marley was a good man of business in A Chrstmas Carol, the ghost laments, “Mankind was my business. The common welfare was my business. Charity, mercy, forbearance and benevolence were all my business. The dealings of my trade were but a drop of water in the comprehensive ocean of my business!”

Some folks never learn this, and it's just another sad, missed opportunity for everyone involved. However, as with any bad or unwilling source, I just have to get on to the next one and hope they're more willing and helpful. Likewise, if you don't get help on cybersecurity, just keep asking. I always find someone useful eventually, and you will too. Oh, and if you find a good solution, please have some guts and let others benefit from it.

More from this voice

Title

Virtualization Streamlines System Lifecycle

Consolidation, Decoupling of Software Applications from Physical Hardware Saves Time and Effort

09/11/2013

Foxboro Evo System Sports Powerful New Controller

FCP280 Lays Groundwork for Invensys "Platform of the Future"

09/11/2013

10 Things to Consider When Selecting a VFD

Follow These Guidelines and Build a Reliable VFD System

09/12/2013

Coordinated Motion, Concentrated Power

Drives Choreograph Motors for the Greatest Effect and Energy Savings. Here's How Experienced Users Gain Their Advantages

09/12/2013

Field Device Manager Streamlines Instrument Tasks

Asset Management Software Manages, Unifies Instrumentation Maintenance

09/12/2013

Process Control Harvest Time

On the Job and Off, It's Possible to Revisit Familiar Places, Issues and People, Explore Them More Fully and Gain a Deeper Understanding

09/12/2013

RasGas Gets Jump on Process Safety with Leading Indicators

Demand on Safety System (DOSS) Reports Help Head Off Safety Incidents

09/12/2013

Ergon's Mobile Workers Embrace Wireless Freedom

Wireless Network Eliminates the Disconnect Between Field Workers and Control Room Operators.

09/30/2013

Changing of the Guard in Nuclear Pressure Transmitting

New 3150 Series of Nuclear Qualified Transmitters Provides Drop-in Replacement for Venerable 1150 Series

09/30/2013

Santos Integrates Intelligent Field with Transformative Operations Center

Automation Professionals Needed a More Efficient Way to Run Their Plants, Monitor and Control the Fields, and Integrate Operations. Santos Ltd. Delivered!

10/02/2013

Incus Hears Tiny Gas Leaks in Big Areas

Incus Ultrasonic Gas Leak Detector Can Provide Immediate Warnings of Toxic, Asphyxiating or Combustible Gas Leaks and Other Conditions

10/02/2013

"Pervasive Sensing" to Reach Far Beyond the Process

Three of Emerson Process Management's Customers Showed How They're Using Pervasive Sensing Solutions

10/03/2013

Punch List for Cybersecurity

How to Improve Cybersecurity in Existing Process Applications?

10/15/2013

Seeking ISASecure Certification

ISA Has Developed ISASecure Certification Program

10/15/2013

NIST Identifies Common Security Steps

Common Themes on Cybersecurity Best Practices Have Emerged

10/15/2013

Cybersecurity: What's Inside Your Armor?

Cybersecurity Begins with Firewalls and Network Segmentation, but These Barriers Must Be Accompanied by Constant Monitoring and Verification of Internal Communications and Data to Protect Applications

10/15/2013

RasGas Gets a Jump on Safety

DOSS Determines the Frequency and Number of Demands Against the Process Parameters Operating on the Verge of Safe Operating Limits

10/17/2013

Simulation Speeds Up

As They Get Closer to Real Time, Simulations Are Taking on Many More Varied Applications and Helping to Optimize Them

10/18/2013

PotashCorp Champions Succeed Through Specialization

It Isn't about New Technology, but About Siemen's Instrumentation Technicians and Their Relationships with That Technology

10/28/2013

An Internet for Industry

Expert Panel Sees Growing Benefits of Machine Connectivity and Collaboration.

10/31/2013