Voices: Montague

Challenges of Covering Cybersecurity News Beat

Executive Editor Jim Montague Wonders About the Stillborn Security Stories That Got Away

By Jim Montague

I remember some stories that got away, but I'll never forget those that were researched and written, but couldn't run. For instance, the most difficult topic we cover is cybersecurity. It can take months of inquiries and phone calls to secure a few good examples of how end users protect their process controls and networks. Understandably, almost nobody wants to discuss security for fear it will make them a target for some hacker, intrusion or cyber attack. This makes the few engineers and organizations willing to talk about security especially brave and precious to others in their profession.

A few years ago, I was lucky enough to secure an interview with two guys who were the cybersecurity experts at one of the world's largest oil and gas companies. Their firm was acknowledged to be a shining example of security best practices. They described in basic terms how cybersecurity is very similar to process safety, so the same risk assessment methods used to evaluate frequency and severity of potential safety incidents can also be used to gauge cybersecurity risks and help form a response. I think they also described how process control networks need to be segmented and divided by managed Ethernet switches serving as firewalls. Nothing groundbreaking, but I knew this advice would mean a lot to our readers because it came from such a big end user.

I was pleased, too, until the oil and gas firm's public relations person refused to approve or correct the story's text and referred me to a third security expert, who has repeatedly refused to be quoted. I eventually found other, less cowardly, end users who did agree to stand up and be counted. I completed my story, and have come up with several good cybersecurity articles since then. However, it's always bugged me that I couldn't get that oil and gas company on the record.

So why am I reminding you of stillborn security stories? Well, I was at the Honeywell User Group 2014 on June 3-5 in San Antonio, Texas, and I covered another cybersecurity presentation. It was well attended, but the audience was grim and seemed to be pretty depressed. I've experienced more than a few cybersecurity lectures, and the audience usually has a higher-than-average ratio of attendees with serious expressions and folded arms—as if they were subconsciously trying to protect themselves.

 And I slowly realized that the original oil and gas firm's uncommunicative, third security expert was in the audience, too. He and a colleague were apparently willing to attend, but all they contributed were a few smug questions and I-told-you-so remarks from the sidelines. I asked for a comment once more, but he was again unwilling to be quoted in any way.

I politely responded that I thought they were as bad or worse than hackers and cyber terrorists because they offer no help to other professionals in their own field, who desperately need some advice and encouragement, and don't have the resources of a huge firm to research and implement the best cybersecurity methods. They said it was just business, but I think refusing to try to lessen suffering and despair is the same as causing it in the first place.

When Scrooge says Marley was a good man of business in A Chrstmas Carol, the ghost laments, “Mankind was my business. The common welfare was my business. Charity, mercy, forbearance and benevolence were all my business. The dealings of my trade were but a drop of water in the comprehensive ocean of my business!”

Some folks never learn this, and it's just another sad, missed opportunity for everyone involved. However, as with any bad or unwilling source, I just have to get on to the next one and hope they're more willing and helpful. Likewise, if you don't get help on cybersecurity, just keep asking. I always find someone useful eventually, and you will too. Oh, and if you find a good solution, please have some guts and let others benefit from it.

More from this voice

Title

Long-Term Health Problems for Industrial Operators

Sitting Dangers for Process Application and Operators. Sitting Is the New Smoking

03/14/2014

How to Run Your Process Control Applications Far Out in the Field

Establishing Process Automation Projects in Developing Economies and Other Remote Locations Requires Better Preparation, Stronger Supply Chains, More Accessible Expertise, Simpler Controls and Added Training. Here's How Veteran Players Make It Happen

04/09/2014

Expanding Your Process Automation Plant Requires Bigger Data Too

Foremost Farms Doubles Production and Adds Data Acquisition and Historian Functions to Its SCADA/HMI System to Find Exceptions and Improve Operations

04/11/2014

Don't Look Back, Developing Economies May Already Be Ahead On Process Automation

It Would Be Best to Discard Many Old Assumptions -- or at Least Take Them With a Big Grain of Salt -- and Go Check Out the World as It Really Is

04/11/2014

Wireless Has Opened Up a World of New Process Control Capabilities

Wireless Delivers Signals That Can’t Be Secured Any Other Way

05/06/2014

Podcast: Evolutions and Innovations in Wireless

05/27/2014

Sleek New Console Boosts Operator Effectiveness

Experion Orion Console Makes the Complex Seem Simple

06/03/2014

BP Renews Safety at North Slope Gathering Center

From HAZOP to Handover. How BP Reduced Risk and Achieved IEC 61511 Compliance

06/04/2014

KMCO Gains Big System Benefits on a Budget

Specialty Chemicals Producer Leverages Power of Experion HS Solution

06/04/2014

Cybersecurity Demands Continued Vigilance

Roundtable Discussion Probes Cyber-Secure Defenses and Work Practices

06/05/2014

Marathon Petroleum's Instrument Management Journey

Field Device and Asset Manager Software Helps Realize Predictive, Proactive Maintenance Strategies

06/05/2014

Studio 5000 Software to Boost Collaborative Power

New Capabilities Integrate with Partner Packages

06/16/2014

Process Control Engineers Needed To Distribute Their Knowledge

Advocacy is Essential to the System to Safeguard System, Develop Solutions Says Executive Editor Jim Montague in This Month's Installment of Control Report.

06/17/2014

Latest FactoryTalk Batch Manages, Tracks and Protects Recipes

Version 12 Adds New Capabilities for Intellectual Property Protection

06/17/2014

Good Wireless Design Smoothes Path to Benefits

Despite Limitations, Wireless Fits the Bill in Many Industrial Applications

06/18/2014

Change Immigration Laws to Boost Economy

Process Control Engineers Debate How Many H-1B Visas Issued to High-Tech Workers

06/24/2014

Podcast: 25 Years of Fieldbus

In this podcast, Larry O'Brien at ARC Advisory Group talks with Jim Montague, Control’s executive editor, about the 25-year evolution of fieldbus networking technologies in the process control industries, the struggle and failure to find a single fieldbus standard, and the more recent emergence of Ethernet and wireless technologies.

07/01/2014

Process Automation, Controls Boost Production at Yogurt Plant

PC-based Controls Provide DCS Capabilities, But They Can Also be Implemented and Reconfigured More Easily than Dedicated, Hardwired, Less Software-Based Systems

07/01/2014

Challenges of Covering Cybersecurity News Beat

Executive Editor Jim Montague Wonders About the Stillborn Security Stories That Got Away

07/17/2014