Keep the lights on!

June 5, 2011
I had discussions with a utility IT cyber security representative at the June 1 San Francisco Electronic Crimes Task Force Quarterly Conference. The nub of the discord was the dissonance between myself worrying about “keeping lights on” at all costs and his focus of maintaining security at all costs. As an example, I told him there will be systems that will not be able to be secured because they are either too old, not designed for security, or both - but CANNOT be replaced. He was surprised and appalled. This is not just a problem with electric utilities.
I had discussions with a utility IT cyber security representative at the June 1 San Francisco Electronic Crimes Task Force Quarterly Conference. The nub of the discord was the dissonance between myself worrying about “keeping lights on” at all costs and his focus of maintaining security at all costs. As an example, I told him there will be systems that will not be able to be secured because they are either too old, not designed for security, or both - but CANNOT be replaced. He was surprised and appalled. This is not just a problem with electric utilities. When I gave a presentation at the November 2006 “Beyond SCADA” Conference and discussed the issues between IT and Operations, representatives from Ford and Toyota said they had the same issues. The same concerns have been expressed by representatives from the chemical and petrochemical industries. It is Security’s job to design security to allow Operations to do their job (eg, keep lights on) not to tell Operations what they need to change to meet Security (and NERC’s) needs.
People need to recognize the goal – keep the lights on!
Joe Weiss

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.