Voices: Montague

Challenges of Covering Cybersecurity News Beat

Executive Editor Jim Montague Wonders About the Stillborn Security Stories That Got Away

By Jim Montague

I remember some stories that got away, but I'll never forget those that were researched and written, but couldn't run. For instance, the most difficult topic we cover is cybersecurity. It can take months of inquiries and phone calls to secure a few good examples of how end users protect their process controls and networks. Understandably, almost nobody wants to discuss security for fear it will make them a target for some hacker, intrusion or cyber attack. This makes the few engineers and organizations willing to talk about security especially brave and precious to others in their profession.

A few years ago, I was lucky enough to secure an interview with two guys who were the cybersecurity experts at one of the world's largest oil and gas companies. Their firm was acknowledged to be a shining example of security best practices. They described in basic terms how cybersecurity is very similar to process safety, so the same risk assessment methods used to evaluate frequency and severity of potential safety incidents can also be used to gauge cybersecurity risks and help form a response. I think they also described how process control networks need to be segmented and divided by managed Ethernet switches serving as firewalls. Nothing groundbreaking, but I knew this advice would mean a lot to our readers because it came from such a big end user.

I was pleased, too, until the oil and gas firm's public relations person refused to approve or correct the story's text and referred me to a third security expert, who has repeatedly refused to be quoted. I eventually found other, less cowardly, end users who did agree to stand up and be counted. I completed my story, and have come up with several good cybersecurity articles since then. However, it's always bugged me that I couldn't get that oil and gas company on the record.

So why am I reminding you of stillborn security stories? Well, I was at the Honeywell User Group 2014 on June 3-5 in San Antonio, Texas, and I covered another cybersecurity presentation. It was well attended, but the audience was grim and seemed to be pretty depressed. I've experienced more than a few cybersecurity lectures, and the audience usually has a higher-than-average ratio of attendees with serious expressions and folded arms—as if they were subconsciously trying to protect themselves.

 And I slowly realized that the original oil and gas firm's uncommunicative, third security expert was in the audience, too. He and a colleague were apparently willing to attend, but all they contributed were a few smug questions and I-told-you-so remarks from the sidelines. I asked for a comment once more, but he was again unwilling to be quoted in any way.

I politely responded that I thought they were as bad or worse than hackers and cyber terrorists because they offer no help to other professionals in their own field, who desperately need some advice and encouragement, and don't have the resources of a huge firm to research and implement the best cybersecurity methods. They said it was just business, but I think refusing to try to lessen suffering and despair is the same as causing it in the first place.

When Scrooge says Marley was a good man of business in A Chrstmas Carol, the ghost laments, “Mankind was my business. The common welfare was my business. Charity, mercy, forbearance and benevolence were all my business. The dealings of my trade were but a drop of water in the comprehensive ocean of my business!”

Some folks never learn this, and it's just another sad, missed opportunity for everyone involved. However, as with any bad or unwilling source, I just have to get on to the next one and hope they're more willing and helpful. Likewise, if you don't get help on cybersecurity, just keep asking. I always find someone useful eventually, and you will too. Oh, and if you find a good solution, please have some guts and let others benefit from it.

More from this voice

Title

Connect the Dots

The Sad Fact Is Technical Education, Know-How, Experience and Responsibility Go Out the Window When Fast Money Shows Up

12/08/2010

The Long View and Valley Power

Technology Is Only as Good as the People That Use It and Interpret Its Data, so It Takes a Commitment to Training, Setup and Implementation

11/12/2010

Whalers and Wayfinders

There Are Many Parallels Between Whalers and Wayfinders and Profound Lessons One Can Teach the Other

10/14/2010

Jury Duties

The Old "Don't Say Anything Defense" Doesn't Work Anymore. Neither Does the "Corporate Parent Didn't Tell Us" Defense..

09/02/2010

Bad Business

If Anything like BP's Oil Spill or the Financial Crisis Had Happened on a Smaller Scale and In a Smaller Community, the Cops Would Have Been Called, and the Perps Would Have Been Horsewhipped and Thrown in Jail

08/10/2010

Big Savings

A Little Curiosity and an Encouraging Government Program or Two Can Help

07/15/2010

Pictures for Polymers

Be Brave. Be Persistent. Build Displays That Focus on the Values You Truly Need

06/07/2010

Industrial Safety Disasters: Not Again-Again and Again

More Effective Process Safety Rules Are Good and a Good Investment. Maybe the Weight of Both will Be Enough to Make it Happen

05/05/2010

Sparking Future Engineers

All the Future Engineers Are Already Out There - Bubbling and Exploding with Ideas and Enthusiasm

04/13/2010

Professional Patience

Innovators Must Not Be Held Back by Obstacles, Endless Resistance, and the Likely Lack and Withholding of Recognition and Reward

02/18/2010

Bad Names

The Price of Lying Isn't Just in the Deception Itself, but in How It Damages Relationships and Destroys Potential Opportunities

01/12/2010

Involving the Uninvolved

Persistence and Slow Chipping Away Are the Only Ways to Open Paths to Community Members That Are Otherwise Cut Off and Uninvolved

12/17/2009

Shell's Long-Time Push for Fieldbus

What's Next? Making Foundation Fieldbus Systems More Mature. Meaning, Making Them More Broadly Applicable in Projects

11/18/2009

Automation: Time to Unspecialize

Hyper-Specialists Will Research More and More About Less and Less Until They Know Everything About Nothing

10/14/2009

Wireless Mind

It's Easy to Say That a Lightbulb Must Go On Over Someone's Head, but It Can Be Very Hard to Make It Happen

09/03/2009

Finding Data Diamonds

Detecting Problems Early Mean Having the Time and Ability to Make Informed Decisions

08/13/2009

Listen to the Kids

The Latest Social Media and Networking Tools. Are They Being Used by Process Control and Automation Engineers?

07/29/2009

Shifting to a Safety Mindset

Profit Isn't Helped by Meeting Production Targets by Sacrificing People and Equipment Integrity. Accidents Really Are More Costly Than Safety

06/29/2009

Process Safety Standards and Rules

All on You - Process safety Standards and Rules Still Lack Specifics, but Some Tools Are Gaining Ground to Help Users Assess Risk and Implement Safety Solutions

05/13/2009

Spring Cleaning

The Current Economic Climate Has Many End Users and Engineers Realizing They Now Have Time for Non-Traditional Improvement Projects

04/03/2009