Voices: Montague

Challenges of Covering Cybersecurity News Beat

Executive Editor Jim Montague Wonders About the Stillborn Security Stories That Got Away

By Jim Montague

I remember some stories that got away, but I'll never forget those that were researched and written, but couldn't run. For instance, the most difficult topic we cover is cybersecurity. It can take months of inquiries and phone calls to secure a few good examples of how end users protect their process controls and networks. Understandably, almost nobody wants to discuss security for fear it will make them a target for some hacker, intrusion or cyber attack. This makes the few engineers and organizations willing to talk about security especially brave and precious to others in their profession.

A few years ago, I was lucky enough to secure an interview with two guys who were the cybersecurity experts at one of the world's largest oil and gas companies. Their firm was acknowledged to be a shining example of security best practices. They described in basic terms how cybersecurity is very similar to process safety, so the same risk assessment methods used to evaluate frequency and severity of potential safety incidents can also be used to gauge cybersecurity risks and help form a response. I think they also described how process control networks need to be segmented and divided by managed Ethernet switches serving as firewalls. Nothing groundbreaking, but I knew this advice would mean a lot to our readers because it came from such a big end user.

I was pleased, too, until the oil and gas firm's public relations person refused to approve or correct the story's text and referred me to a third security expert, who has repeatedly refused to be quoted. I eventually found other, less cowardly, end users who did agree to stand up and be counted. I completed my story, and have come up with several good cybersecurity articles since then. However, it's always bugged me that I couldn't get that oil and gas company on the record.

So why am I reminding you of stillborn security stories? Well, I was at the Honeywell User Group 2014 on June 3-5 in San Antonio, Texas, and I covered another cybersecurity presentation. It was well attended, but the audience was grim and seemed to be pretty depressed. I've experienced more than a few cybersecurity lectures, and the audience usually has a higher-than-average ratio of attendees with serious expressions and folded arms—as if they were subconsciously trying to protect themselves.

 And I slowly realized that the original oil and gas firm's uncommunicative, third security expert was in the audience, too. He and a colleague were apparently willing to attend, but all they contributed were a few smug questions and I-told-you-so remarks from the sidelines. I asked for a comment once more, but he was again unwilling to be quoted in any way.

I politely responded that I thought they were as bad or worse than hackers and cyber terrorists because they offer no help to other professionals in their own field, who desperately need some advice and encouragement, and don't have the resources of a huge firm to research and implement the best cybersecurity methods. They said it was just business, but I think refusing to try to lessen suffering and despair is the same as causing it in the first place.

When Scrooge says Marley was a good man of business in A Chrstmas Carol, the ghost laments, “Mankind was my business. The common welfare was my business. Charity, mercy, forbearance and benevolence were all my business. The dealings of my trade were but a drop of water in the comprehensive ocean of my business!”

Some folks never learn this, and it's just another sad, missed opportunity for everyone involved. However, as with any bad or unwilling source, I just have to get on to the next one and hope they're more willing and helpful. Likewise, if you don't get help on cybersecurity, just keep asking. I always find someone useful eventually, and you will too. Oh, and if you find a good solution, please have some guts and let others benefit from it.

More from this voice

Title

Smart Manufacturing Will Rise to Global Challenges

Rockwell Automation Has a Plan to Elevate Manufacturing's Performance

11/06/2012

Smarter Searching

Even in These Web 2.0-, Facebook-Enabled Days, It Can Still Be Devilishly Difficult to Seek and Find Specific Answers on the Internet

09/01/2011

Social Media: SCADA for Your Career

Engineers Can Strengthen the Practices and Habits Needed to Advance Their Careers Using Social Media

11/01/2012

Sparking Future Engineers

All the Future Engineers Are Already Out There - Bubbling and Exploding with Ideas and Enthusiasm

04/13/2010

Spring Cleaning

The Current Economic Climate Has Many End Users and Engineers Realizing They Now Have Time for Non-Traditional Improvement Projects

04/03/2009

State of Wireless Networking

The Results from a 2013 Survey of 150 Industrial Networking Readers Provide Insight into Wireless Options

08/06/2013

Studio 5000 Software to Boost Collaborative Power

New Capabilities Integrate with Partner Packages

06/16/2014

Sumo Showdown on Security

True Security for Process Control Networks Will Require Users, Engineers and Suppliers to Cooperate Far More Closely Than Ever Before

02/16/2011

Sunny Side Security

It's Just a Matter of Adding New Security Tweaks as Needed, Much Like an Immune System That Evolves to Counter Biological Viruses and Threats

10/07/2011

Supplier Alliance Secures Big Data for Users

More Connections May Mean More Vulnerabilities, but Awareness, "Security as a Habit" and Helpful Partners Are the Best Defense

11/11/2013

Survey Snapshots Wireless Users

CONTROL recently conducted its first SP100 Wireless Survey of almost 500 readers about where and how they use wireless in their plant-floor applications.

08/01/2007

Sustainability: Gagging on Green

Sustainability Must Mean Questioning and Developing Better Applications, Not Just Making Non-Green Processes More Efficient

04/28/2011

Sweeter Simulation

Once-Separate Silos of Simulation Are Cross-Pollinating Into a Functional Whole From Which Users Can Pick the Elements They Need for Design, Configuration, Training and Process Optimization. Here's What the Buzz Is About

09/06/2012

TDL Analyzers Promise Better Combustion Control

Yokogawa and EPRI Studying Tunable-Diode Lasers for Flue-Gas Monitoring

11/01/2012

The Best Gift

For Kids, Connecting with the Larger World, Including Its Technology and Engineering, Means First Connecting with the People Closest to Them

12/12/2008

The Challenge of a Multigenerational Workforce

Commitment, Leadership, Respect Help Generations Find Common Ground, Communicate, Collaborate

04/25/2012

The Control Room of the Future - Smarter Reality

The Control Room of the Future Will Put a World of Science-Fiction Tools at Operators' Fingertips - but They'll Only Be Effective if Designers, Engineers and Operators Jointly Plan Ahead and Use Them to Serve Practical, Functional Needs

03/05/2012

The Long View and Valley Power

Technology Is Only as Good as the People That Use It and Interpret Its Data, so It Takes a Commitment to Training, Setup and Implementation

11/12/2010

The only evil

There are two kinds of network security. Real and imagined, and it can be hard to tell them apart, especially if you don't know how they work and the problems they're supposed to solve.

09/06/2006

The Process Automation Assisted by Audio

Our Articles Get Accompanying Audio and Video Recordings. Check Them Out

04/30/2013