Voices: Montague

Challenges of Covering Cybersecurity News Beat

Executive Editor Jim Montague Wonders About the Stillborn Security Stories That Got Away

By Jim Montague

I remember some stories that got away, but I'll never forget those that were researched and written, but couldn't run. For instance, the most difficult topic we cover is cybersecurity. It can take months of inquiries and phone calls to secure a few good examples of how end users protect their process controls and networks. Understandably, almost nobody wants to discuss security for fear it will make them a target for some hacker, intrusion or cyber attack. This makes the few engineers and organizations willing to talk about security especially brave and precious to others in their profession.

A few years ago, I was lucky enough to secure an interview with two guys who were the cybersecurity experts at one of the world's largest oil and gas companies. Their firm was acknowledged to be a shining example of security best practices. They described in basic terms how cybersecurity is very similar to process safety, so the same risk assessment methods used to evaluate frequency and severity of potential safety incidents can also be used to gauge cybersecurity risks and help form a response. I think they also described how process control networks need to be segmented and divided by managed Ethernet switches serving as firewalls. Nothing groundbreaking, but I knew this advice would mean a lot to our readers because it came from such a big end user.

I was pleased, too, until the oil and gas firm's public relations person refused to approve or correct the story's text and referred me to a third security expert, who has repeatedly refused to be quoted. I eventually found other, less cowardly, end users who did agree to stand up and be counted. I completed my story, and have come up with several good cybersecurity articles since then. However, it's always bugged me that I couldn't get that oil and gas company on the record.

So why am I reminding you of stillborn security stories? Well, I was at the Honeywell User Group 2014 on June 3-5 in San Antonio, Texas, and I covered another cybersecurity presentation. It was well attended, but the audience was grim and seemed to be pretty depressed. I've experienced more than a few cybersecurity lectures, and the audience usually has a higher-than-average ratio of attendees with serious expressions and folded arms—as if they were subconsciously trying to protect themselves.

 And I slowly realized that the original oil and gas firm's uncommunicative, third security expert was in the audience, too. He and a colleague were apparently willing to attend, but all they contributed were a few smug questions and I-told-you-so remarks from the sidelines. I asked for a comment once more, but he was again unwilling to be quoted in any way.

I politely responded that I thought they were as bad or worse than hackers and cyber terrorists because they offer no help to other professionals in their own field, who desperately need some advice and encouragement, and don't have the resources of a huge firm to research and implement the best cybersecurity methods. They said it was just business, but I think refusing to try to lessen suffering and despair is the same as causing it in the first place.

When Scrooge says Marley was a good man of business in A Chrstmas Carol, the ghost laments, “Mankind was my business. The common welfare was my business. Charity, mercy, forbearance and benevolence were all my business. The dealings of my trade were but a drop of water in the comprehensive ocean of my business!”

Some folks never learn this, and it's just another sad, missed opportunity for everyone involved. However, as with any bad or unwilling source, I just have to get on to the next one and hope they're more willing and helpful. Likewise, if you don't get help on cybersecurity, just keep asking. I always find someone useful eventually, and you will too. Oh, and if you find a good solution, please have some guts and let others benefit from it.

More from this voice

Title

Foxboro Evo System Aims to 'Future-Proof' Automation

New System Is Latest Iteration of Invensys' Continuously Current Offering

09/10/2013

Our Website Gets Better

Our Site Has Moved to a New Content Management System (CMS) and Now We Have a Shiny, New Website That's Even More Informative, Useful and Helpful Than It Was Before

09/05/2013

Chevron Manages BMA Upgrade Lifecycle

So What's the Motivation for All These Upgrades? Well, Chevron's First Priority Is Safety and the Environment

08/08/2013

Workingman's Wireless

More Routine Process Control Applications Are Adopting Wireless to Save Cable, Secure Added Signals, and Transfer Data from Spots Where Wire Can't Go. Here's How Veteran Users Do It Every Day

08/07/2013

State of Wireless Networking

The Results from a 2013 Survey of 150 Industrial Networking Readers Provide Insight into Wireless Options

08/06/2013

How to Get Wireless Up and Running

While Each Application Has Its Own Quirks and Requirements, There Are Still Some Primary Procedures for Implementing Wireless in Any Process or Plant

08/06/2013

Rationalizing and Refocusing on Alarms

Projects to Logically Renovate Alerts and Alarms in Large Applications Can Benefit from Seeing More Clearly into Their Processes with Improved HMI Tools

08/05/2013

Advanced Process Control (APC) Oasis for Drought-Stricken Ethanol Plant

Assistance from Something Like Advanced Process Control (APC) Helped Hankinson Renewable Energy LLC Pull Through During Drought

07/15/2013

Shell Deepwater Taming Big Data Whale

Exception-based Surveillance Helps Manage Hundreds of Millions of Daily Data Points

06/19/2013

Valero Streamlines Wireless Gains with Experience

Practice Makes Perfect--and Wireless Process Monitoring Is No Exception

06/19/2013

Advanced Control an Oasis for Drought-Stricken Ethanol Plant

Advanced Process Controls Help Hankinson Renewable Energy Shift Production to a More Profitable Mix

06/18/2013

For Chevron, Blend Optimization Is a Lifecycle Journey

Incremental Performance Improvements Can Deliver Outsized Returns

06/18/2013

True Commitment Meets Changing World's Challenges

How Do You Cope with Increasing Process Accidents, Accelerating Cyber Attacks, Ever More Remote Resources, Aging Workforces and Recovering but Delicate Economies?

06/17/2013

Experion PKS Orion Keeps Pouring on the Innovations

A Look Under the Hood of Honeywell's Flagship Control Platform

06/17/2013

Process Control Renovations: DCS Edition

You Can Do More Than You Think

06/14/2013

Intrinsic Safety Aids Cost-Effective Coal Mining

Daw Mill Colliery Implements Intrinsically Safe (IS) PLCs and IS Ethernet and Supporting Components to Fuel U.K. Power Utilities

06/14/2013

Controls and Process Applications Can Be Restored

Restoration Possible: Many Distributed Control Systems (DCSs) Are Rapidly Aging and Risk Breaking Down. Luckily, There Are Many New Tools and Innovative Methods for Supporting and Breathing New Life Into Controls and Process Applications

06/11/2013

Creative Computing for Control

PC-Based Control Is Taking Over in a Variety of New and Upcoming Process Industry Applications. Here Are Some of the Most Innovative Solutions

05/16/2013

Process Automation Industry: When an Apology Is Just Not Good Enough

We Can't See Most Tragedies Coming, but There Must Be Dozens of People Who Could Have Seen the West Fertilizer Disaster Coming

05/10/2013

Motors and Drives Grow Up and Graduate

Motors and Drives Have Been Moving Up to Variable-Speed Control for Better Accuracy, but Now They're Also Increasing Power Density and Efficiency and Even Coordinating More Closely With PLCs and Intelligent Systems

05/08/2013