Voices: Montague

Challenges of Covering Cybersecurity News Beat

Executive Editor Jim Montague Wonders About the Stillborn Security Stories That Got Away

By Jim Montague

I remember some stories that got away, but I'll never forget those that were researched and written, but couldn't run. For instance, the most difficult topic we cover is cybersecurity. It can take months of inquiries and phone calls to secure a few good examples of how end users protect their process controls and networks. Understandably, almost nobody wants to discuss security for fear it will make them a target for some hacker, intrusion or cyber attack. This makes the few engineers and organizations willing to talk about security especially brave and precious to others in their profession.

A few years ago, I was lucky enough to secure an interview with two guys who were the cybersecurity experts at one of the world's largest oil and gas companies. Their firm was acknowledged to be a shining example of security best practices. They described in basic terms how cybersecurity is very similar to process safety, so the same risk assessment methods used to evaluate frequency and severity of potential safety incidents can also be used to gauge cybersecurity risks and help form a response. I think they also described how process control networks need to be segmented and divided by managed Ethernet switches serving as firewalls. Nothing groundbreaking, but I knew this advice would mean a lot to our readers because it came from such a big end user.

I was pleased, too, until the oil and gas firm's public relations person refused to approve or correct the story's text and referred me to a third security expert, who has repeatedly refused to be quoted. I eventually found other, less cowardly, end users who did agree to stand up and be counted. I completed my story, and have come up with several good cybersecurity articles since then. However, it's always bugged me that I couldn't get that oil and gas company on the record.

So why am I reminding you of stillborn security stories? Well, I was at the Honeywell User Group 2014 on June 3-5 in San Antonio, Texas, and I covered another cybersecurity presentation. It was well attended, but the audience was grim and seemed to be pretty depressed. I've experienced more than a few cybersecurity lectures, and the audience usually has a higher-than-average ratio of attendees with serious expressions and folded arms—as if they were subconsciously trying to protect themselves.

 And I slowly realized that the original oil and gas firm's uncommunicative, third security expert was in the audience, too. He and a colleague were apparently willing to attend, but all they contributed were a few smug questions and I-told-you-so remarks from the sidelines. I asked for a comment once more, but he was again unwilling to be quoted in any way.

I politely responded that I thought they were as bad or worse than hackers and cyber terrorists because they offer no help to other professionals in their own field, who desperately need some advice and encouragement, and don't have the resources of a huge firm to research and implement the best cybersecurity methods. They said it was just business, but I think refusing to try to lessen suffering and despair is the same as causing it in the first place.

When Scrooge says Marley was a good man of business in A Chrstmas Carol, the ghost laments, “Mankind was my business. The common welfare was my business. Charity, mercy, forbearance and benevolence were all my business. The dealings of my trade were but a drop of water in the comprehensive ocean of my business!”

Some folks never learn this, and it's just another sad, missed opportunity for everyone involved. However, as with any bad or unwilling source, I just have to get on to the next one and hope they're more willing and helpful. Likewise, if you don't get help on cybersecurity, just keep asking. I always find someone useful eventually, and you will too. Oh, and if you find a good solution, please have some guts and let others benefit from it.

More from this voice

Title

Sample Conditioning Systems Need Love Too

Process Users and Integrators Must Carefully Design and Match SCSs With Application Requirements and Specifications, Complete Application Data Sheets and Deploy Climate-Controlled Shelters

12/07/2011

Simplicity = Freedom

Reducing Wiring Doesn't Just Save Labor, Time and Expenses

12/07/2011

Blending Controls Sweetens Soda Pop

Schweppes Australia Consolidates Process and Logic Controls in Its Syrup Room With a New Automation and Controls System

12/06/2011

Migrating to I/A Series Connects Users to the Enterprise

Careful Planning Needed to Bring Aging Control System Infrastructure into the Future

11/20/2011

Chips Are Up

The Chasm Between the Plant Floor and the Data Processing Center Remains Huge, Wide and Deep

11/15/2011

First Aid for Process Security

Viruses and Cyber Attacks ARE Looming. Help From Governments and Standards Is Lacking. Some Engineers and Managers Are Fighting Back to Protect Their Applications and Companies. Here's How They Do It

10/07/2011

Sunny Side Security

It's Just a Matter of Adding New Security Tweaks as Needed, Much Like an Immune System That Evolves to Counter Biological Viruses and Threats

10/07/2011

Epic Expectations

Do We Really Need to Believe We're Each on Some Heroic Journey? Don't Kid Yourself. We All Need It

09/12/2011

Smarter Searching

Even in These Web 2.0-, Facebook-Enabled Days, It Can Still Be Devilishly Difficult to Seek and Find Specific Answers on the Internet

09/01/2011

Shared Pains in the Neck

Most Professions and Industries Are Facing the Same Brain Drains, Struggles With IT, Going Green Questions and How to Use Social Media

08/15/2011

Bags, Batch Software and Biotech

Find Out How Shire Biopharmaceuticals Accelarated Their Construction Plans for Their Newest Facility to Accomdate the Making of Six Needed Drugs

07/14/2011

Automation Process Knowledge Management

Tribal Knowledge - New Tools Are Putting Process Know-How into Online Pools, Letting Newbies Access More Useful Knowledge, and Even Awakening Some On-the-Job Training Efforts

07/11/2011

Don't Forget Object Lessons

Can You Become a Prisoner of Your Lego-like Software Modules?

06/13/2011

Serious Sustainability

There's a Lot More to Truly Going Green Than Efficiency. Here's How Some Experienced End Users and Their Applications Are Mastering Process Sustainability

06/06/2011

Online Articles: Diving Deep Below the Fold

Many Web Surfers Often Flash Across Stes and Don't Delve Deeply into Any One of Them. This Can Be a Mistake. Come Tour ControlGlobal.com With Me

04/28/2011

Sustainability: Gagging on Green

Sustainability Must Mean Questioning and Developing Better Applications, Not Just Making Non-Green Processes More Efficient

04/28/2011

DAQ in the Delta

Learn How Luckett Pump Services the Electrical Controls for Various Pumps, Motor Controls and Liquid Level

04/11/2011

Hearing Helpful Voices

The Authors and Experts in One Story Comment On How to Solve Problems in Other Stories

03/17/2011

Sumo Showdown on Security

True Security for Process Control Networks Will Require Users, Engineers and Suppliers to Cooperate Far More Closely Than Ever Before

02/16/2011

Automation Standards Are More Like Guidelines

Heads Up, Oysters! The Evolution of IEC 61131-3 and Other Undermined Standards Efforts Are Just Ongoing Misleading and Unhelpful Arguments by Industry Leaders

01/14/2011