Voices: Montague

Challenges of Covering Cybersecurity News Beat

Executive Editor Jim Montague Wonders About the Stillborn Security Stories That Got Away

By Jim Montague

I remember some stories that got away, but I'll never forget those that were researched and written, but couldn't run. For instance, the most difficult topic we cover is cybersecurity. It can take months of inquiries and phone calls to secure a few good examples of how end users protect their process controls and networks. Understandably, almost nobody wants to discuss security for fear it will make them a target for some hacker, intrusion or cyber attack. This makes the few engineers and organizations willing to talk about security especially brave and precious to others in their profession.

A few years ago, I was lucky enough to secure an interview with two guys who were the cybersecurity experts at one of the world's largest oil and gas companies. Their firm was acknowledged to be a shining example of security best practices. They described in basic terms how cybersecurity is very similar to process safety, so the same risk assessment methods used to evaluate frequency and severity of potential safety incidents can also be used to gauge cybersecurity risks and help form a response. I think they also described how process control networks need to be segmented and divided by managed Ethernet switches serving as firewalls. Nothing groundbreaking, but I knew this advice would mean a lot to our readers because it came from such a big end user.

I was pleased, too, until the oil and gas firm's public relations person refused to approve or correct the story's text and referred me to a third security expert, who has repeatedly refused to be quoted. I eventually found other, less cowardly, end users who did agree to stand up and be counted. I completed my story, and have come up with several good cybersecurity articles since then. However, it's always bugged me that I couldn't get that oil and gas company on the record.

So why am I reminding you of stillborn security stories? Well, I was at the Honeywell User Group 2014 on June 3-5 in San Antonio, Texas, and I covered another cybersecurity presentation. It was well attended, but the audience was grim and seemed to be pretty depressed. I've experienced more than a few cybersecurity lectures, and the audience usually has a higher-than-average ratio of attendees with serious expressions and folded arms—as if they were subconsciously trying to protect themselves.

 And I slowly realized that the original oil and gas firm's uncommunicative, third security expert was in the audience, too. He and a colleague were apparently willing to attend, but all they contributed were a few smug questions and I-told-you-so remarks from the sidelines. I asked for a comment once more, but he was again unwilling to be quoted in any way.

I politely responded that I thought they were as bad or worse than hackers and cyber terrorists because they offer no help to other professionals in their own field, who desperately need some advice and encouragement, and don't have the resources of a huge firm to research and implement the best cybersecurity methods. They said it was just business, but I think refusing to try to lessen suffering and despair is the same as causing it in the first place.

When Scrooge says Marley was a good man of business in A Chrstmas Carol, the ghost laments, “Mankind was my business. The common welfare was my business. Charity, mercy, forbearance and benevolence were all my business. The dealings of my trade were but a drop of water in the comprehensive ocean of my business!”

Some folks never learn this, and it's just another sad, missed opportunity for everyone involved. However, as with any bad or unwilling source, I just have to get on to the next one and hope they're more willing and helpful. Likewise, if you don't get help on cybersecurity, just keep asking. I always find someone useful eventually, and you will too. Oh, and if you find a good solution, please have some guts and let others benefit from it.

More from this voice

Title

Follow in Batch’s Footsteps

Can batch standards, methods and concepts break through their technological limits to the world of ideas?

08/31/2007

Survey Snapshots Wireless Users

CONTROL recently conducted its first SP100 Wireless Survey of almost 500 readers about where and how they use wireless in their plant-floor applications.

08/01/2007

Action Figures of Summer

Jim Montague talks about the few process control-related heroes found in the mainstream media and in less-hyped branches of literature and the fine arts.

08/01/2007

Maybe You Didn’t Hear Me

Why do engineers and their companies tolerate safety standards that aren’t enforced until after accidents occur, and why do they accept safety device certifications that only cover compliance in lab-based settings?

07/13/2007

Get up, out and about

Though some engineers say their industries and job prospects have recovered recently, many say that their administrators’ main mission is to wring as much short-term cash as possible from their operations.

06/04/2007

Can we Talk?

There is some major-league wriggling going on as participants try to avoid simply discussing whether many U.S. oil and gas producers and their supporting industries are doing their best on process safety.

05/10/2007

Can Foundation fieldbus (FF) stay hungry?

FF may be facing unexpected challenges in its task to remain useful as it integrates ever more closely with EDDL, COTS Ethernet, and Internet-bsed and/or wireless networking. Executive Editor Jim Montague reports.

04/10/2007

On the same page

Many plant-floor engineers and IT technicians report they’re coming to a new appreciation of the efficiencies and savings that can be generated by simply integrating their industrial and corporate networks.

03/09/2007

Luddites unite!

Tradition for its own sake is useless, of course, but tradition based on common sense is crucial for the success and safety of process control engineers and their applications.

03/01/2007

Real-world education

Many newly minted control and automation engineers find they need months of training to learn how their employers apply their technologies because of lack of coordination between schools and employers.

02/01/2007

Seeds with teeth!

Senior Tech Editor Jim Montague muses that maybe it's time to think up some new incentive programs for individuals and teams to make more and better innovations in process control applications.

01/05/2007

Blood and guts

Executive Editor Jim Montague notes that taking a closer look at biological processes can help adapt or improve existing process controls and systems. Read why in this month's installment of Control Report.

12/11/2006

Industrial PCs take on new functions

A roundup of products new to the market shows the advanced computing functions and diversification of industrial PCs is allowing new forms and new functions for process control applications.

11/10/2006

A big grain of salt

Executive Editor Jim Montague warns us not to let frequently repeated misconceptions and outright lies about new technology get in the way of statistics, because they can serve almost any purpose.

11/01/2006

Oh the humanity!

In this installment of Control Report, Executive Editor Jim Montague finds the process control and automation field is awash in irony, unexpected twists and tragic comedies that would make O. Henry proud.

10/10/2006

Is automation in your future?

Is automation really a profession? As HMIs and historians fade into the fabric of manufacturing, what has automation done for us lately? Executive Editor Jim Montague muses in this month’s Control Report.

09/11/2006

The only evil

There are two kinds of network security. Real and imagined, and it can be hard to tell them apart, especially if you don't know how they work and the problems they're supposed to solve.

09/06/2006

Seeing deeply into process control technologies

Executive Editor Jim Montague finds that even if there’s nothing new under the sun, what’s truly new may be a deeper understanding and appreciation of what we thought was so familiar.

08/07/2006

Use your own head

Executive Editor Jim Montague implores us to think and act like a reporter, don’t trust opinions (including mine and yours), remember to take all stories with a grain of salt, and of course, don't despair.

03/21/2006