Read the 12 days of cybersecurity mini-series!
Long ago, I put an old, black-and-white photo of a country doctor on the cover of Hospitals & Health Networks magazine. I did it to illustrate my story about physicians learning they could use many of their traditional, "hang up a shingle," entrepreneurial skills to cope with the mid-1990s emergence of managed healthcare by setting up physician-hospital organizations (PHO), which could provide necessary care, and navigate between the over-utilization and spiraling costs of traditional fee-for-service, and the under-utilization and restrictions on care by HMOs and insurers.
Since then, I've remained on the lookout for individuals and professional communities, who face technical upheavals or other rapid changes, and discover they can use their familiar, old-fashioned abilities to solve initially unfamiliar problems. In the process industries, it's been interesting to watch industrial networks migrate from point-to-point hardwiring to fieldbuses, Ethernet, Internet and wireless—not to mention witness the overarching shift from hardware to software, also known as today's Internet of Things and digitalization.
Along the way, most of the organizations and industry sectors I encountered were focused on maintaining the status quo, protecting existing market share, and coasting on past successes—even if it held back and held hostage the capabilities of the users they were supposed to be serving. This lethargy may be due to fear of change and a lack of imagination or both, but as always, it's going the way of Kodak, coal and every other obsolescence that's outlived its time.
Luckily, I've also had the privilege of covering some remarkable stories of adaptation by users, system integrators and suppliers alike. These innovators shook off the constraints of the past, and embraced the risks of developing and delivering solutions that didn't just optimize existing process operations, but also made many new ones possible in the first place, such as wireless components that could gather signals and data that couldn't be acquired before. One of the hallmarks of this group was their innovations typically relied on the very same observational, deductive and analytical troubleshooting skills they and their predecessors had been using all along. I've always found it comforting that common-sense capabilities could come full circle, and find new life and usefulness in new venues.
Even in trade publishing, I was originally petrified at the prospect of doing audio and videos, but I was much encouraged by the fact that I could ask pretty much the same questions in these new formats as I could when taking pen-and-paper notes for text articles in print or online. As I've told many interview subjects, they're basically talking to Fred Flintstone with a stone tablet and chisel, but that doesn't mean the results can't go out via whatever cool, new format is available.
Anyway, one sector that had yet to come full circle was cybersecurity. This is probably unsurprising because understanding and protecting against cyber probes and intrusions requires a lot of education and training to begin with, but then the field evolves so fast that traditional abilities might never catch up enough to contribute. Well, I shouldn't have worried because enough players are participating in cybersecurity efforts and finally sharing best practices that, once again, several sources for Control's recent "Cybersecurity from the ground up" cover story piped up, and confirmed that old-school inquisitiveness and critical thinking used in process automation and control applications are just what's needed for effective cybersecurity. Root-cause analysis rides again. For example, no less than Control's Unfettered cybersecurity blogger Joe Weiss has acknowledged that long-time skills for identifying, tracking and resolving problems on the plant-floor can also be used to identify device-level vulnerabilities, monitor network activity and communications, and develop and install protections against cyber threats and attacks.
So, despite the worry and stress that it can generate in many control engineers, operators and technicians, cybersecurity turns out to be just another process that needs to be stabilized and optimized. So what are you waiting for? Get cracking.
