Voices: Montague

Challenges of Covering Cybersecurity News Beat

Executive Editor Jim Montague Wonders About the Stillborn Security Stories That Got Away

By Jim Montague

I remember some stories that got away, but I'll never forget those that were researched and written, but couldn't run. For instance, the most difficult topic we cover is cybersecurity. It can take months of inquiries and phone calls to secure a few good examples of how end users protect their process controls and networks. Understandably, almost nobody wants to discuss security for fear it will make them a target for some hacker, intrusion or cyber attack. This makes the few engineers and organizations willing to talk about security especially brave and precious to others in their profession.

A few years ago, I was lucky enough to secure an interview with two guys who were the cybersecurity experts at one of the world's largest oil and gas companies. Their firm was acknowledged to be a shining example of security best practices. They described in basic terms how cybersecurity is very similar to process safety, so the same risk assessment methods used to evaluate frequency and severity of potential safety incidents can also be used to gauge cybersecurity risks and help form a response. I think they also described how process control networks need to be segmented and divided by managed Ethernet switches serving as firewalls. Nothing groundbreaking, but I knew this advice would mean a lot to our readers because it came from such a big end user.

I was pleased, too, until the oil and gas firm's public relations person refused to approve or correct the story's text and referred me to a third security expert, who has repeatedly refused to be quoted. I eventually found other, less cowardly, end users who did agree to stand up and be counted. I completed my story, and have come up with several good cybersecurity articles since then. However, it's always bugged me that I couldn't get that oil and gas company on the record.

So why am I reminding you of stillborn security stories? Well, I was at the Honeywell User Group 2014 on June 3-5 in San Antonio, Texas, and I covered another cybersecurity presentation. It was well attended, but the audience was grim and seemed to be pretty depressed. I've experienced more than a few cybersecurity lectures, and the audience usually has a higher-than-average ratio of attendees with serious expressions and folded arms—as if they were subconsciously trying to protect themselves.

 And I slowly realized that the original oil and gas firm's uncommunicative, third security expert was in the audience, too. He and a colleague were apparently willing to attend, but all they contributed were a few smug questions and I-told-you-so remarks from the sidelines. I asked for a comment once more, but he was again unwilling to be quoted in any way.

I politely responded that I thought they were as bad or worse than hackers and cyber terrorists because they offer no help to other professionals in their own field, who desperately need some advice and encouragement, and don't have the resources of a huge firm to research and implement the best cybersecurity methods. They said it was just business, but I think refusing to try to lessen suffering and despair is the same as causing it in the first place.

When Scrooge says Marley was a good man of business in A Chrstmas Carol, the ghost laments, “Mankind was my business. The common welfare was my business. Charity, mercy, forbearance and benevolence were all my business. The dealings of my trade were but a drop of water in the comprehensive ocean of my business!”

Some folks never learn this, and it's just another sad, missed opportunity for everyone involved. However, as with any bad or unwilling source, I just have to get on to the next one and hope they're more willing and helpful. Likewise, if you don't get help on cybersecurity, just keep asking. I always find someone useful eventually, and you will too. Oh, and if you find a good solution, please have some guts and let others benefit from it.

More from this voice

Title

Bean Control Engineers Needed

There Are Too Many Parasites Waiting to Steal Working People’s Money, and Executive Editor Jim Montague Thinks Engineers Could Protect Them from Financial Worst Practices

03/02/2009

Short on Specifics

Control Strives to Give Readers Specific Content They Can Use to Make Their Processes and Applications More Efficient and Make Their Stressful Jobs a Little Less So

02/06/2009

Voices of Experience

Some Users Ask Us for Transmitters with 0.10% Accuracy, and Then Buy a Sensor That’s Off by Up to 10 °F at Different Temperature Levels

01/12/2009

The Best Gift

For Kids, Connecting with the Larger World, Including Its Technology and Engineering, Means First Connecting with the People Closest to Them

12/12/2008

Security Standards Stewpot Simmering

Process Controls Engineers, IT Technicians, Manufacturers and End Users Have Been Left Hungry as Government Departments, Trade Organizations and Corporations Struggle to Develop and Coordinate Basic Standards for Securing Industrial Networks and Software

10/28/2008

Get Out the Process Control Vote

Society Could Use Some of that Technical Know-How that Process Control Engineers too often Leave Back at Work

10/07/2008

Two Days in Austin

I’ve Never Attended a Tradeshow Where at Least a Dozen Parents Brought Their Kindergarteners to Try Out the Equipment

09/09/2008

Good Talk

Invite Folks from Other Departments or Organizations In for an Informal Lunch-and-Learn Tour or Some Speed-Dating-Style Tabletop Displays

08/07/2008

Skills Shift to Software

Engineers Must Now Keep Up with a Lot of Microsoft Hot Fixes and Software Patches to Solve Vulnerabilities

07/01/2008

Look, Real End Users!

Wireless case studies are scarce, so it’s ironic that Emerson, Honeywell, Invensys and others are coming up with them.

06/24/2008

Paralyzed by Profits

Unrestrained Prosperity Is a Disease, so It’s Tragic That Drug Manufacturers Don’t Want to Take Their Medicine. Just Like The Rest of Us

06/12/2008

Everything Old is New Again

A Specific Tool May Be obsolete, but the Mental Process That Went into Addressing the Problem It Solves Remains as Instructive as Ever

05/04/2008

Worry Wart

A Flood Around Your Ankles Is a Lot Different Than One Around Your Neck. So Pick Up Your Canoe and Get Moving

04/01/2008

A Willingness to Learn

You Can Teach an Old Dog New Tricks—and Old Editors and Engineers Too

03/20/2008

A Willingness to Learn

You Can Teach an Old Dog New Tricks—and Old Editors and Engineers Too.

03/07/2008

Watch Your Mouth

Did We Truly Need to Replace Programmable Logic Controllers with Programmable Automation Controllers? Why Not Just Call Them Computers and Leave It at That?

02/04/2008

Pace Yourself

Regenerative Thermal Oxidizers Become Popular. Oxydizer Projects Ranged between 5 to 7 per Year, Now 1 per Week

01/03/2008

Pulling Teeth

Maybe the U.K. could re-colonize us, so we could get OSHA’s process control-related divisions to be more responsive.

12/03/2007

Automation Comes Alive

The full motion and unfolding sequence of events in videos make the examples clearer and easier to understand.

11/06/2007

Wireless Applications Coming to Light

Wireless case studies are scarce, so it’s ironic that Emerson, Honeywell, Invensys and others are coming up with them.

09/27/2007