Voices: Montague

Challenges of Covering Cybersecurity News Beat

Executive Editor Jim Montague Wonders About the Stillborn Security Stories That Got Away

By Jim Montague

I remember some stories that got away, but I'll never forget those that were researched and written, but couldn't run. For instance, the most difficult topic we cover is cybersecurity. It can take months of inquiries and phone calls to secure a few good examples of how end users protect their process controls and networks. Understandably, almost nobody wants to discuss security for fear it will make them a target for some hacker, intrusion or cyber attack. This makes the few engineers and organizations willing to talk about security especially brave and precious to others in their profession.

A few years ago, I was lucky enough to secure an interview with two guys who were the cybersecurity experts at one of the world's largest oil and gas companies. Their firm was acknowledged to be a shining example of security best practices. They described in basic terms how cybersecurity is very similar to process safety, so the same risk assessment methods used to evaluate frequency and severity of potential safety incidents can also be used to gauge cybersecurity risks and help form a response. I think they also described how process control networks need to be segmented and divided by managed Ethernet switches serving as firewalls. Nothing groundbreaking, but I knew this advice would mean a lot to our readers because it came from such a big end user.

I was pleased, too, until the oil and gas firm's public relations person refused to approve or correct the story's text and referred me to a third security expert, who has repeatedly refused to be quoted. I eventually found other, less cowardly, end users who did agree to stand up and be counted. I completed my story, and have come up with several good cybersecurity articles since then. However, it's always bugged me that I couldn't get that oil and gas company on the record.

So why am I reminding you of stillborn security stories? Well, I was at the Honeywell User Group 2014 on June 3-5 in San Antonio, Texas, and I covered another cybersecurity presentation. It was well attended, but the audience was grim and seemed to be pretty depressed. I've experienced more than a few cybersecurity lectures, and the audience usually has a higher-than-average ratio of attendees with serious expressions and folded arms—as if they were subconsciously trying to protect themselves.

 And I slowly realized that the original oil and gas firm's uncommunicative, third security expert was in the audience, too. He and a colleague were apparently willing to attend, but all they contributed were a few smug questions and I-told-you-so remarks from the sidelines. I asked for a comment once more, but he was again unwilling to be quoted in any way.

I politely responded that I thought they were as bad or worse than hackers and cyber terrorists because they offer no help to other professionals in their own field, who desperately need some advice and encouragement, and don't have the resources of a huge firm to research and implement the best cybersecurity methods. They said it was just business, but I think refusing to try to lessen suffering and despair is the same as causing it in the first place.

When Scrooge says Marley was a good man of business in A Chrstmas Carol, the ghost laments, “Mankind was my business. The common welfare was my business. Charity, mercy, forbearance and benevolence were all my business. The dealings of my trade were but a drop of water in the comprehensive ocean of my business!”

Some folks never learn this, and it's just another sad, missed opportunity for everyone involved. However, as with any bad or unwilling source, I just have to get on to the next one and hope they're more willing and helpful. Likewise, if you don't get help on cybersecurity, just keep asking. I always find someone useful eventually, and you will too. Oh, and if you find a good solution, please have some guts and let others benefit from it.

More from this voice

Title

Pictures Beat Words

The Industry Needs Rebranding. Young People Today Think That Working in Power or Petrochemical Plants Involve Shoveling Coal, But A Graphical Presentation Can Easily Change This Point of View

05/14/2012

Intrinsic Safety Innovations

Executive Editor Jim Montague Takes a Look at White Papers from Moore Industries International and Pepperl+Fuchs on Recent Innovations in Intrinsic Safety

05/12/2012

Crazy, Simple Search Terms Get Results

We All Search the Web Differntly, and There Are many Shortcuts to Get Better Results. Here Are Just a Few

05/04/2012

Arena Immerses Attendees in 800xA Experience

Dramatization Drives Home Benefits of ABB Automation Platform and Control Room Technology

04/26/2012

Process Safety and Sustainability are a Two-Way Street

Effective Personal Safety, Process Safety and Asset Integrity Programs Can All Contribute to Sustainability Improvements

04/26/2012

Virtualized Computing Aids Process Visualization

There's More than One Way to Display Graphics on a Remote Screen, and Not All Are Created Equal

04/25/2012

The Challenge of a Multigenerational Workforce

Commitment, Leadership, Respect Help Generations Find Common Ground, Communicate, Collaborate

04/25/2012

North America Anchors ABB Global Strategy

Services for the Company's Extensive Installed Base Also a Key Focus

04/24/2012

Precious Water

Don't Take Water for Granted. See How New Controls Maintain the Reliability of Water Production System and Read Case Studies on Water Collection and Treatment Applications

04/11/2012

Microbrewery Grows Big With Micro PLC

Coastal Electric Uses Idec's Micro PLC to Automate Greenflash Brewing's New Plant in San Diego and Preserve Its Small-Batch Processes, While Brewing Five Times More Beer

04/10/2012

Beyond the Eyes

Process Control Applications Are Designed, Built and Operated by People With the Usual Eyeballs, Therefore They're Subject to Blinders Imposed on Sight

03/08/2012

Search for the Asset Management, Part II

GlaxoSmithKline, Beamex and Emerson Process Management team up to streamline calibration and asset software - and use far less paper-at GSK's plant in Cork, Ireland.

03/06/2012

The Control Room of the Future - Smarter Reality

The Control Room of the Future Will Put a World of Science-Fiction Tools at Operators' Fingertips - but They'll Only Be Effective if Designers, Engineers and Operators Jointly Plan Ahead and Use Them to Serve Practical, Functional Needs

03/05/2012

How to Build the Control Room of the Future

Designing and Constructing a Truly Useful Control Room Requires a Lot More Forethought and Planning

03/04/2012

Cool Tools Coming Soon

Interface-Related Gadgets May Soon Find Their Way onto Many Plant Floors

03/04/2012

Chips Are Up, Part 2

Find Out How More Powerful CPUs Have Improved Process Controllers

02/07/2012

Industrial Computers, Part 2. Data Processing Escapes the Enclosure

Whether It Happens on a Cloud-Based Service, Virtualized Server or Plain Old Wireless, Internet or Ethernet, It's Clear That Industrial Computing for Process Control Has Moved Beyond Its Old Laptops and Desktops. So How Can You Protect Such Far-Flung Data Processing?

01/10/2012

Protecting the Network, Enclosing the Cloud

How Can You Protect an Industrial Network or the Cloud from Any Harm?

01/10/2012

Shared Documents Aid Valve Repairs

Using New File-Sharing and Procedural Tools in Complex Projects Can Save You Time and Headaches

01/10/2012

Fresh Starts on Greener Grass

We Can Help You Stick to Your New Year's Resolutions. Find Out How

12/30/2011