Voices: Montague

Challenges of Covering Cybersecurity News Beat

Executive Editor Jim Montague Wonders About the Stillborn Security Stories That Got Away

By Jim Montague

I remember some stories that got away, but I'll never forget those that were researched and written, but couldn't run. For instance, the most difficult topic we cover is cybersecurity. It can take months of inquiries and phone calls to secure a few good examples of how end users protect their process controls and networks. Understandably, almost nobody wants to discuss security for fear it will make them a target for some hacker, intrusion or cyber attack. This makes the few engineers and organizations willing to talk about security especially brave and precious to others in their profession.

A few years ago, I was lucky enough to secure an interview with two guys who were the cybersecurity experts at one of the world's largest oil and gas companies. Their firm was acknowledged to be a shining example of security best practices. They described in basic terms how cybersecurity is very similar to process safety, so the same risk assessment methods used to evaluate frequency and severity of potential safety incidents can also be used to gauge cybersecurity risks and help form a response. I think they also described how process control networks need to be segmented and divided by managed Ethernet switches serving as firewalls. Nothing groundbreaking, but I knew this advice would mean a lot to our readers because it came from such a big end user.

I was pleased, too, until the oil and gas firm's public relations person refused to approve or correct the story's text and referred me to a third security expert, who has repeatedly refused to be quoted. I eventually found other, less cowardly, end users who did agree to stand up and be counted. I completed my story, and have come up with several good cybersecurity articles since then. However, it's always bugged me that I couldn't get that oil and gas company on the record.

So why am I reminding you of stillborn security stories? Well, I was at the Honeywell User Group 2014 on June 3-5 in San Antonio, Texas, and I covered another cybersecurity presentation. It was well attended, but the audience was grim and seemed to be pretty depressed. I've experienced more than a few cybersecurity lectures, and the audience usually has a higher-than-average ratio of attendees with serious expressions and folded arms—as if they were subconsciously trying to protect themselves.

 And I slowly realized that the original oil and gas firm's uncommunicative, third security expert was in the audience, too. He and a colleague were apparently willing to attend, but all they contributed were a few smug questions and I-told-you-so remarks from the sidelines. I asked for a comment once more, but he was again unwilling to be quoted in any way.

I politely responded that I thought they were as bad or worse than hackers and cyber terrorists because they offer no help to other professionals in their own field, who desperately need some advice and encouragement, and don't have the resources of a huge firm to research and implement the best cybersecurity methods. They said it was just business, but I think refusing to try to lessen suffering and despair is the same as causing it in the first place.

When Scrooge says Marley was a good man of business in A Chrstmas Carol, the ghost laments, “Mankind was my business. The common welfare was my business. Charity, mercy, forbearance and benevolence were all my business. The dealings of my trade were but a drop of water in the comprehensive ocean of my business!”

Some folks never learn this, and it's just another sad, missed opportunity for everyone involved. However, as with any bad or unwilling source, I just have to get on to the next one and hope they're more willing and helpful. Likewise, if you don't get help on cybersecurity, just keep asking. I always find someone useful eventually, and you will too. Oh, and if you find a good solution, please have some guts and let others benefit from it.

More from this voice

Title

Marine Forum Takes Control to Sea

Shipboard Power Systems Benefit from Rockwell Automation Technology

11/08/2012

Manufacturers Share Sustainability Wins

Energy Savings and Environmental Compliance Delivered for Goodyear, Colorcon and Energenic.

11/07/2012

Smart Manufacturing Will Rise to Global Challenges

Rockwell Automation Has a Plan to Elevate Manufacturing's Performance

11/06/2012

Social Media: SCADA for Your Career

Engineers Can Strengthen the Practices and Habits Needed to Advance Their Careers Using Social Media

11/01/2012

TDL Analyzers Promise Better Combustion Control

Yokogawa and EPRI Studying Tunable-Diode Lasers for Flue-Gas Monitoring

11/01/2012

Risk Assessment Skills Needed for SIS Success

Instrument Engineers Must Lead the Way in Safety System Best Practices

10/30/2012

Process Security is a Never-Ending Journey

Users and Suppliers Must Collaborate to Patch Control System Vulnerabilities

10/30/2012

Winds of Change Complicate Automation Lifecycle

Forecast Tumultuous, but "the Cloud" May Actually Help

10/29/2012

Process Automation Innovation in Orlando

We Try to Pursue Innovation in Our World, but We've Learned That Each of Us Can Make a Difference in Everyone's World

10/11/2012

Process Simulation Pans Out for Goldmine

Barrick Gold Is Using Mynah's MiMiC Software to Simulate Multiple Processes for Training Operators and Improving Performance at Its New, $3.7-Billion Gold Mine in the Dominican Republic

10/10/2012

Safety Stories - So What?

Maybe Everyone is Doing a Great Job, and This Seemingly Unending Series of Accidents Is Just Statistics Catching Up With Us

09/10/2012

SCADA Update Protects Potable Production

Windsor Utilities Commission Bolsters Its Water Production System With Data Tracking-and-Tracing Capabilities and Some Wireless Controls

09/07/2012

Sweeter Simulation

Once-Separate Silos of Simulation Are Cross-Pollinating Into a Functional Whole From Which Users Can Pick the Elements They Need for Design, Configuration, Training and Process Optimization. Here's What the Buzz Is About

09/06/2012

All-You-Can-Eat Platters of Automation Products

Browsing Our Product Database Is Like Standing in Front of an Unlimited Buffet, and Someone Hands You a Big Fork, Plate and Napkin. Yummy

09/04/2012

Industrial Networks: Priorities and Pigeon Holes

Nebulous Networks and Virtualized Computing Can Be Better Understood by Organizing Them into Approachable, Function-Based Segments

08/07/2012

An Automation Process Application Measurement Reminder

Trends May Be Your Friend, but They Can Also Get You in Trouble If That's All You Look at Without Understanding the Fundamentals

07/16/2012

Everybody on Board

End Users, Process Control Engineers, Integrators and Suppliers Are All Getting On the Sustainability Bandwagon With All Kinds of Green Applications. Here's How They Do It

06/07/2012

Three End Users = Three Shades of Green

Here's How ABB Helped Three Diverse End Users to Get Greener

06/06/2012

Securing Your Sustainability

Here Are Some Basic Ways to Go Green That Can Be Used Across Different Processes

06/06/2012

Airbags for Intrinsic Safety

It Is Crucial to Learn About IS, It Is Also Vital to Learn How It Can Be Aided by HPT, DART and Other Coming Tools

06/01/2012