Does SANS bite?

Sorry, I couldn't resist the pun. Joe Weiss posted on Unfettered this morning a clip from the blog, SANS Bites. In it he takes issue with the editor of SANS Bites' self-serving, and industry-serving statements about how nobly the industry is trying to achieve cybersecurity nirvana. What rot. The industry has finally heard the magic words, Sarbanes-Oxley, and is trying desperately to dodge the bullet it is facing. Every one of the CEOs, CTOs, CIOs in the utility (and for that matter-- all the process verticals) industry is facing the unpleasant vista of looking straight down the twin barrels of the cyber shotgun...either they clean up cybersecurity or Sarbanes-Oxley will end their careers after the fact. And they will likely go to jail. No wonder the industry is squirming so much. From Joe's blogpost: (First we had the NERC CIP Workshops telling utilities how to circumvent the intent of the industry cyber security standards. This has been followed by multiple conferences on how to be compliant with the NERC CIPs with no thought to actually improving the security of the facilities. Now SANS who knows little about control systems is going to provide help. Where are the utilities going to turn to get useful, factual advice that will actually secure control systems???)
Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.


  • <p>The simple reality is that whenever a topic is "hot", be it Y2K, Sarbanes-Oxley or (now) cyber security, all sorts of people will be trying to position themselves and their organizations to make a buck. That's capitalism at work.</p> <p>I may sound cynical, but the truth is that people will turn to whomever does the best job of convincing them that they have something to offer. Quoting from one of my favourite movies "People don't drink the sand because they're thirsty. They drink the sand because they don't know the difference."</p> <p>Our challenge as a discipline and an industry to is help people to "know the difference", without making it sound like we are just taking shots at each other. I'd like to think that most of those speaking on this issue have some part of the solution; we just have to be able to put the pieces together.</p>


  • <p>Amen, brother Eric. Amen.</p>


RSS feed for comments on this page | RSS feed for all comments