The system is REALLY broken – even the banks don’t get ICS cyber security

Sept. 11, 2014

Several months ago I was approached by an executive at a  large bank.  The concern was cyber security of their building controls and the lack of a bridge between the IT security people and the building controls people. This morning, 9/11, I received the following note: "... last week I was told to table the ICS talks here..."

Several months ago I was approached by an executive at a large bank.  The concern was cyber security of their building controls and the lack of a bridge between the IT security people and the building controls people. The IT executive and I had several conversations. Yesterday, 9/10, I sent a note to the person about the upcoming October ICS Cyber Security Conference. I received the following e-mail from the executive this morning – 9/11/14. I find it incredible this is still happening and in an industry that is really interested in security – the financial industry. It is also incredible considering the Target hack came from a small HVAC distributor. Moreover, it demonstrates principal number 1 about the ICS cyber security process – senior management needs to buy in for the project to be successful.

“Thank you so much for you note.  I know that I certainly would find the conference interesting. Unfortunately (and much to my dismay), last week I was told to table the ICS talks here for the time being.

I have been meaning to reach out to you to thank you for your kindness and willingness to discuss the current struggles faced with ICS and cyber security.  Thanks to you, I was at least able to impress upon management that this is not something we can do without help from the experts, and the imperativeness of establishing that bridge before we even try again.

I am a HUGE proponent (fan) of what you are doing in this space, and I hope for one day, in the not too distant future, that I will be able to engage you to lead us through. I was extremely disappointed that I was asked to put this on hold, both from maybe the chance to make a difference in the infancy of this space (greater global good, not just this company), and being able to learn from one of the best in the field.

You have made a profound impression on me, thank you!”

Vice President, Information Security, Enterprise Threat Management

This is 9/11/14 and months after the Target Hack. If the banks still don’t get it, why are people surprised when the ICS community still doesn’t get it?

 Joe Weiss

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.