How can the ICS community get the ear of decision makers – and provide them the RIGHT information

    May 4, 2011
    In April, there were two significant reports issued on critical Infrastructure cyber security: the Ponemon Institute’s– “State of IT Security – Study of Utilities and Energy Companies” and McAfee’s “In The Dark: Crucial Industries Confront Cyber Attacks". These documents are important as they used by decision makers and regulators. 
    In April, there were two significant reports issued on critical Infrastructure cyber security: the Ponemon Institute’s– “State of IT Security – Study of Utilities and Energy Companies” and McAfee’s “In The Dark: Crucial Industries Confront Cyber Attacks". These documents are important as they used by decision makers and regulators. 
    In the Poneman report, a total of 291 IT and IT security practitioners in utilities and energy companies with an average of 11 years of experience participated. According to the report, 76 percent of respondents’ organizations suffered one or more data breaches during the past 12 months while 5% of the respondents said their SCADA networks were compromised. McAfee surveyed 200 industry executives from critical electricity infrastructure enterprises in 14 countries, who anonymously answered an extensive series of detailed questions about their practices, attitudes, and policies on security. The respondents were drawn from a pool of IT executives in the energy, oil/gas, and water sectors.
    There are some disquieting concerns about both reports. Both reports interviewed hundreds of IT personnel yet no one from the control system community who is responsible for “keeping lights on” or “gas flowing”. In both cases the authors’ indicated they didn’t know who to contact in the ICS community. In the case of the Ponemon report, 5% SCADA breaches over the past 12 months would be approximately 15 SCADA network breaches. I find it hard to believe there could be that many SCADA network breaches within that short of time without more notice or increased activity by the NERC community. 
    Ponemon and McAfee need access to the control system community and the control system community needs access to people like those from Ponemon and McAfee who have the ear of decision makers (check out the list of Penomon Fellows at http://www.ponemon.org/ponemon-institute-fellows). To address some of these issues, representatives form the Ponemon Institute and McAfee will participate in a panel session at the September ACS Control System Cyber Security Conference to discuss their reports and interact with the control system community.  
    Joe Weiss

    Continue Reading

    Latest from Home

    Photo by Keith Larson
    “There’s a misnomer in the industry about the ongoing convergence of IT and OT; we’re essentially converged already.” Honeywell’s Paul Smith together with colleague Brandon Cho discussed the latest recommendations for ensuring network cybersecurity.
    Photo by Keith Larson
    “When things break, you don’t want to be the only one that can fix it.” Duke Energy’s Mark Whitman argues that plant networks are a community asset.
    Photo by Keith Larson
    “I think it was a very successful project.” Phillips 66’s Carlos Sepulveda on modernizing the refinery’s cogeneration units using modern project execution principles

    Most Read