Voices: Montague

Challenges of Covering Cybersecurity News Beat

Executive Editor Jim Montague Wonders About the Stillborn Security Stories That Got Away

By Jim Montague

I remember some stories that got away, but I'll never forget those that were researched and written, but couldn't run. For instance, the most difficult topic we cover is cybersecurity. It can take months of inquiries and phone calls to secure a few good examples of how end users protect their process controls and networks. Understandably, almost nobody wants to discuss security for fear it will make them a target for some hacker, intrusion or cyber attack. This makes the few engineers and organizations willing to talk about security especially brave and precious to others in their profession.

A few years ago, I was lucky enough to secure an interview with two guys who were the cybersecurity experts at one of the world's largest oil and gas companies. Their firm was acknowledged to be a shining example of security best practices. They described in basic terms how cybersecurity is very similar to process safety, so the same risk assessment methods used to evaluate frequency and severity of potential safety incidents can also be used to gauge cybersecurity risks and help form a response. I think they also described how process control networks need to be segmented and divided by managed Ethernet switches serving as firewalls. Nothing groundbreaking, but I knew this advice would mean a lot to our readers because it came from such a big end user.

I was pleased, too, until the oil and gas firm's public relations person refused to approve or correct the story's text and referred me to a third security expert, who has repeatedly refused to be quoted. I eventually found other, less cowardly, end users who did agree to stand up and be counted. I completed my story, and have come up with several good cybersecurity articles since then. However, it's always bugged me that I couldn't get that oil and gas company on the record.

So why am I reminding you of stillborn security stories? Well, I was at the Honeywell User Group 2014 on June 3-5 in San Antonio, Texas, and I covered another cybersecurity presentation. It was well attended, but the audience was grim and seemed to be pretty depressed. I've experienced more than a few cybersecurity lectures, and the audience usually has a higher-than-average ratio of attendees with serious expressions and folded arms—as if they were subconsciously trying to protect themselves.

 And I slowly realized that the original oil and gas firm's uncommunicative, third security expert was in the audience, too. He and a colleague were apparently willing to attend, but all they contributed were a few smug questions and I-told-you-so remarks from the sidelines. I asked for a comment once more, but he was again unwilling to be quoted in any way.

I politely responded that I thought they were as bad or worse than hackers and cyber terrorists because they offer no help to other professionals in their own field, who desperately need some advice and encouragement, and don't have the resources of a huge firm to research and implement the best cybersecurity methods. They said it was just business, but I think refusing to try to lessen suffering and despair is the same as causing it in the first place.

When Scrooge says Marley was a good man of business in A Chrstmas Carol, the ghost laments, “Mankind was my business. The common welfare was my business. Charity, mercy, forbearance and benevolence were all my business. The dealings of my trade were but a drop of water in the comprehensive ocean of my business!”

Some folks never learn this, and it's just another sad, missed opportunity for everyone involved. However, as with any bad or unwilling source, I just have to get on to the next one and hope they're more willing and helpful. Likewise, if you don't get help on cybersecurity, just keep asking. I always find someone useful eventually, and you will too. Oh, and if you find a good solution, please have some guts and let others benefit from it.

More from this voice

Title

Chips Are Up, Part 2

Find Out How More Powerful CPUs Have Improved Process Controllers

02/07/2012

Combining Pipeline Control and Safety

Integrated Control and Safety System for Crude Oil Transfer Pipeline

12/20/2013

Connect the Dots

The Sad Fact Is Technical Education, Know-How, Experience and Responsibility Go Out the Window When Fast Money Shows Up

12/08/2010

Controls and Process Applications Can Be Restored

Restoration Possible: Many Distributed Control Systems (DCSs) Are Rapidly Aging and Risk Breaking Down. Luckily, There Are Many New Tools and Innovative Methods for Supporting and Breathing New Life Into Controls and Process Applications

06/11/2013

Cool Tools Coming Soon

Interface-Related Gadgets May Soon Find Their Way onto Many Plant Floors

03/04/2012

Coordinated Motion, Concentrated Power

Drives Choreograph Motors for the Greatest Effect and Energy Savings. Here's How Experienced Users Gain Their Advantages

09/12/2013

Crazy, Simple Search Terms Get Results

We All Search the Web Differntly, and There Are many Shortcuts to Get Better Results. Here Are Just a Few

05/04/2012

Creative Computing for Control

PC-Based Control Is Taking Over in a Variety of New and Upcoming Process Industry Applications. Here Are Some of the Most Innovative Solutions

05/16/2013

Cyber Protection for Safety Systems

NIST Framework Puts Need for Continuous Process in Perspective

09/11/2013

Cybersecurity Demands Continued Vigilance

Roundtable Discussion Probes Cyber-Secure Defenses and Work Practices

06/05/2014

Cybersecurity: What's Inside Your Armor?

Cybersecurity Begins with Firewalls and Network Segmentation, but These Barriers Must Be Accompanied by Constant Monitoring and Verification of Internal Communications and Data to Protect Applications

10/15/2013

DAQ in the Delta

Learn How Luckett Pump Services the Electrical Controls for Various Pumps, Motor Controls and Liquid Level

04/11/2011

Don't Forget Object Lessons

Can You Become a Prisoner of Your Lego-like Software Modules?

06/13/2011

Don't Look Back, Developing Economies May Already Be Ahead On Process Automation

It Would Be Best to Discard Many Old Assumptions -- or at Least Take Them With a Big Grain of Salt -- and Go Check Out the World as It Really Is

04/11/2014

DTE Energy Tackles Unruly Alarms

Rationalization Process Restores Meaning--One Alarm at a Time

03/28/2013

Epic Expectations

Do We Really Need to Believe We're Each on Some Heroic Journey? Don't Kid Yourself. We All Need It

09/12/2011

Ergon's Mobile Workers Embrace Wireless Freedom

Wireless Network Eliminates the Disconnect Between Field Workers and Control Room Operators.

09/30/2013

Everybody on Board

End Users, Process Control Engineers, Integrators and Suppliers Are All Getting On the Sustainability Bandwagon With All Kinds of Green Applications. Here's How They Do It

06/07/2012

Everything Old is New Again

A Specific Tool May Be obsolete, but the Mental Process That Went into Addressing the Problem It Solves Remains as Instructive as Ever

05/04/2008

Expanding Your Process Automation Plant Requires Bigger Data Too

Foremost Farms Doubles Production and Adds Data Acquisition and Historian Functions to Its SCADA/HMI System to Find Exceptions and Improve Operations

04/11/2014