Voices: Montague

Challenges of Covering Cybersecurity News Beat

Executive Editor Jim Montague Wonders About the Stillborn Security Stories That Got Away

By Jim Montague

I remember some stories that got away, but I'll never forget those that were researched and written, but couldn't run. For instance, the most difficult topic we cover is cybersecurity. It can take months of inquiries and phone calls to secure a few good examples of how end users protect their process controls and networks. Understandably, almost nobody wants to discuss security for fear it will make them a target for some hacker, intrusion or cyber attack. This makes the few engineers and organizations willing to talk about security especially brave and precious to others in their profession.

A few years ago, I was lucky enough to secure an interview with two guys who were the cybersecurity experts at one of the world's largest oil and gas companies. Their firm was acknowledged to be a shining example of security best practices. They described in basic terms how cybersecurity is very similar to process safety, so the same risk assessment methods used to evaluate frequency and severity of potential safety incidents can also be used to gauge cybersecurity risks and help form a response. I think they also described how process control networks need to be segmented and divided by managed Ethernet switches serving as firewalls. Nothing groundbreaking, but I knew this advice would mean a lot to our readers because it came from such a big end user.

I was pleased, too, until the oil and gas firm's public relations person refused to approve or correct the story's text and referred me to a third security expert, who has repeatedly refused to be quoted. I eventually found other, less cowardly, end users who did agree to stand up and be counted. I completed my story, and have come up with several good cybersecurity articles since then. However, it's always bugged me that I couldn't get that oil and gas company on the record.

So why am I reminding you of stillborn security stories? Well, I was at the Honeywell User Group 2014 on June 3-5 in San Antonio, Texas, and I covered another cybersecurity presentation. It was well attended, but the audience was grim and seemed to be pretty depressed. I've experienced more than a few cybersecurity lectures, and the audience usually has a higher-than-average ratio of attendees with serious expressions and folded arms—as if they were subconsciously trying to protect themselves.

 And I slowly realized that the original oil and gas firm's uncommunicative, third security expert was in the audience, too. He and a colleague were apparently willing to attend, but all they contributed were a few smug questions and I-told-you-so remarks from the sidelines. I asked for a comment once more, but he was again unwilling to be quoted in any way.

I politely responded that I thought they were as bad or worse than hackers and cyber terrorists because they offer no help to other professionals in their own field, who desperately need some advice and encouragement, and don't have the resources of a huge firm to research and implement the best cybersecurity methods. They said it was just business, but I think refusing to try to lessen suffering and despair is the same as causing it in the first place.

When Scrooge says Marley was a good man of business in A Chrstmas Carol, the ghost laments, “Mankind was my business. The common welfare was my business. Charity, mercy, forbearance and benevolence were all my business. The dealings of my trade were but a drop of water in the comprehensive ocean of my business!”

Some folks never learn this, and it's just another sad, missed opportunity for everyone involved. However, as with any bad or unwilling source, I just have to get on to the next one and hope they're more willing and helpful. Likewise, if you don't get help on cybersecurity, just keep asking. I always find someone useful eventually, and you will too. Oh, and if you find a good solution, please have some guts and let others benefit from it.

More from this voice

Title

Perfect Fit: Operator Performance

Enhancing Operator Performance Means Tailoring the Right Combination of Situation-Aware Displays, Rationalized Alarms, Ergonomic Consoles and Field-Capable Interfaces. Here's How Users Maintain Operator Effectiveness

03/14/2014

Fieldbus Protocols Support All Processes

Flock of Fieldbuses - The Remaining Fieldbus Protocols May Not Be Getting Glamorous, Hollywood-Style Buzz Anymore, but They're Still Going Strong

02/20/2014

Field Level Instruments Reaches New Heights

Ever-Improving Instruments and Relaxed Regulations Are Allowing Workhorse Technologies to Excel in Dynamic, Sticky, Multiphase and Politically Sensitive Applications

02/19/2014

FCC Allows Unlicensed "Level Probing Radar" in Open Air

The Rules Now Require Measuring Emissions in the Main Beam of the LPR Antenna

02/19/2014

Fieldbuses Uplift All Processes

Low-Power, Twisted-Pair Fieldbuses Are Still Replacing Old Point-to-Point Wiring, Delivering Better Data and Using Their Ethernet and Wireless Versions to Support New and Revamped Process Applications Worldwide

02/18/2014

Fieldbuses Resource Update

Learn More About Primary Fieldbuses Used in Process Control Applications

02/18/2014

Operator Performance: Check Your Hose

We Often Pay More Attention to and Take Better Care of Our Workplace Facilities, Processes and Products Than We Do Our Own Health

01/16/2014

VPN System Harnesses Cow Power

Remote Access Lets OEM Monitor, Control and Troubleshoot Solid-Waste Digester Systems on Small Farms

01/12/2014

Combining Pipeline Control and Safety

Integrated Control and Safety System for Crude Oil Transfer Pipeline

12/20/2013

Power Distribution: Bring Steady, Smart Power

Intelligent Computing and Software are Revolutionizing All Aspects of Power Generation, Distribution and Local Consumption. Here's How Process Control Users Are Gaining, Too

12/19/2013

Power Supplies Get In On The Reliability Act

The Demand for Increased Reliability and Global Application for Process Control Is Driving Evolution of Power Supply Design

12/19/2013

Let the DCS Fit the Process

Distributed Control Systems (DCSs) Are Gaining New Capabilities, Such as Integrating with Safety Systems, to Match the Unique Needs of Their Process Applications

12/12/2013

Chemical Makers Taking Steps to Corral Big Data

Specialty Chemicals Experts Use Best Practices to Secure Opportunities

11/15/2013

Rockwell Automation Showcases Oil & Gas Capabilities

Oil and Gas Booth Sets Visitors on Process Control Pathways

11/14/2013

Bringing the Cloud Down to Earth

Rockwell Automation Uses the Cloud and Virtualization to Turn Big Data into Profitable Decisions

11/13/2013

PlantPAx Tools Simplify Oil Production

Perenco Overhauls its Gabon Oilfields with PlantPAx Systems

11/12/2013

Pipeline Integrator Unifies Control, Safety, Fire & Gas

Sirio Sistemi Elettronici Tackles Control and Safety Systems with Rockwell Automation Technology

11/11/2013

Supplier Alliance Secures Big Data for Users

More Connections May Mean More Vulnerabilities, but Awareness, "Security as a Habit" and Helpful Partners Are the Best Defense

11/11/2013

Old-Time Motors Provide Reminders of Reality

The Evolution of Process Controls from Pneumatics to Relays to PLCs to Microprocessors Is Crucial to the Modern World, but the Tools Also Have Made Life Easy to the Point That We Forget and Don't Appreciate Their Gifts

11/06/2013

An Internet for Industry

Expert Panel Sees Growing Benefits of Machine Connectivity and Collaboration.

10/31/2013