Compliance Doesn't Mean Security

Cybersecurity is a technology problem that can only be addressed by technology

By Larry Karisny

Regarding Joe Weiss' "Unfettered" blog post of Jan. 19, I agree that compliance does not mean security. Cybersecurity is a technology problem that can only be addressed by technology. When machine actions are in milliseconds, your cybersecurity technology must be able to react in real time during data in motion in that microseconds window to be effective.

People can't think or work in microseconds, but technology can. So throwing people and compliance at cybersecurity with the acceptation of a complete review and knowledge of your control system processes will have little effect in securing the power grid. Cybersecurity is a technology problem, and can only be addressed by knowing your processes and using technology to authenticate, view, audit, analyze and block anomalies in real time in microseconds.

Good subject and don't let up on this. We need to be secure, not just compliant.

Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.

Comments

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments