What does it take to get engineering back into security?

July 1, 2013
As an engineer, I have been brought up to work with number, physics, and logic. As a control systems engineer, I have brought up to focus on reliability and safety - we want the process to work and not to hurt people. I had a large group of like-minded colleagues that I could call on to discuss these issues in a reasonable technical manner. In general, governments were passive bystanders except for the Nuclear Regulatory Commission (NRC) when it came to licensing of plant safety. What's more information sharing was a given and occurred at multiple venues. Alas, cyber security shows up.

As an engineer, I have been brought up to work with number, physics, and logic. As a control systems engineer, I have brought up to focus on reliability and safety - we want the process to work and not to hurt people. I had a large group of like-minded colleagues that I could call on to discuss these issues in a reasonable technical manner. In general, governments were passive bystanders except for the Nuclear Regulatory Commission (NRC) when it came to licensing of plant safety. What's more information sharing was a given and occurred at multiple venues. Alas, cyber security shows up. Now look what has changed:
- IT has effectively taken over control systems under the guise of security
- Programs like the NERC CIPs require people to use "the Emperor wears no clothes" philosophy and look the other way
- IT organizations feel if it doesn't affect their systems, it is of no interest
- IT security technologies are developed for IT and rebranded as SCADA without having an understanding of what it can do to control systems
- Government organizations are developing "consensus" standards without having any requirement that these standards are actually meaningful.
- Most distressing of all is the chasing of the buck where previous collegial discussions and honest disagreements are now branded as heresy with all of the accompanying back-biting

The utility test bed is meant to try to change the paradigm of security for security sake and make it security for reliability and safety sake. We have the only utility in the country willing to evaluate these cyber security technologies and talk about them. Yet, we are still on the outside looking in.

Before it is too late, how can we go back to being engineers?

Joe Weiss

About the Author

Joe Weiss | Cybersecurity Contributor

Joe Weiss P.E., CISM, is managing partner of Applied Control Solutions, LLC, in Cupertino, CA. Formerly of KEMA and EPRI, Joe is an international authority on cybersecurity. You can contact him at [email protected]

Sponsored Recommendations

Municipalities are utilizing inline total solids measurements to enhance sludge thickening, lower polymer usage and cut operational expenses.
Carbon dioxide is increasingly recognized as a vital resource with significant economic potential. While the conversion of carbon dioxide into products is still in its infancy...
Discover our wide range of temperature transmitters that convert sensor signals from RTDs and thermocouples into stable and standardized output signals!
An innovative amine absorption-based carbon capture process enables retrofitting of existing industrial facilities to reduce emissions in hard-to-abate sectors, with advanced ...