What's important about MUSIC?

So what's the big deal? Here's the problem in a nutshell: - No methodical, repeatable or readily-available benchmarking process currently exists for measuring product resiliency, safety, robustness or security for software or hardware in the industrial and process control markets What MU is offering:   MUSIC would offer vendors and their users independently-performed testing of product safety and security profiles; provide automated manner -both verifiable and repeatable;  Certification by Mu or Authorized Partner analyzes test data;  Built-in path to evolve testing and analysis to one or more draft standards - several now underway (e.g. ISA Security Compliance Institute and ISA-SP99)   First, MU has been around IT security for quite some time, and has an excellent reputation. Second, they've had excellent advice from people like Eric Byres, Dale Peterson, Joe Weiss, and yours truly, among others, about the differences between IT security and the types of cybersecurity needed on the plant floor. Third, I'd like to re-quote Kevin Staggs, of Honeywell, from MU's press release for the kicker: "Security is a not a specific product, it's an ongoing process," said Kevin Staggs, Engineering Fellow and Global Security Architect at Honeywell Process Solutions. "Mu Security is helping the industry by creating a repeatable and metrics-based process that maps to current standard tracks including the ISA SP99 draft standard." (emphasis mine) And, of course, the ISCI compliance institute. I asked Adam Stein, MU's VP of Marketing, if that meant that MU was willing to deed its intellectual property to the SP99 standards group, and he said that he wasn't sure that there was much IP that was affected, since most of their work is based on open standards, but that MU would conform to the canons of the standards-making process. So, while we wait for SP99 to complete their work, and for ISCI to be set up to test compliance to the forthcoming ISA-99 standard, we can use the MUSIC suite to benchmark products, both as they leave the plant where they are made AND IN SITU FOR EXISTING PRODUCTS. Mu expects partnering announcements over the next few months from some of the largest names in automation. At this writing, I am informed that Honeywell plans some sort of announcement regarding MU Security for later this week, but the subject of the announcement is embargoed. More on this later. I will be recording a podcast interview with Kevin Staggs on Wednesday regarding this and other cybersecurity issues.