Apparently I might not have been as clear as I wanted to be in my July editorial. I talked about the President's Executive Order compelling NIST to develop a comprehensive framework for ICS security.
I also talked about the sweetheart relationship between DOD, DOE and DHS and the Beltway Bandits, the group of consultants who get multimillion dollar contracts from these agencies and others.
I want to make clear that I am a complete supporter of President Obama's Executive Order. What I object to is the strong chorus from the Beltway Bandits (what I referred to as "throwing monkey poo") that ICS security is no different than IT security (the first they don't understand-- the second they own as far as the Federal Government is concerned). Even more egregious is their insistence that protecting the banks is more important than protecting critical infrastructure, and that I and others are purveyors of FUD for thinking and saying otherwise.
If asset owner companies want to see any of the money reserved to ICS security by the Executive Order, they better band together and let the Obama Administration, the DOE, DOD, DHS and NIST know that they want the money to go to consultants who actually understand and have history with ICS security.
And if you doubt that I'm right about the fact that the Beltway Bandits do not understand ICS security, you should field the phone calls and emails I get from their "researchers" wanting to pick my brain, and anyone else I can recommend, for free, so they can bill the Administration millions.
/rant off.
