How can the ICS community get the ear of decision makers – and provide them the RIGHT information

May 4, 2011
In April, there were two significant reports issued on critical Infrastructure cyber security: the Ponemon Institute’s– “State of IT Security – Study of Utilities and Energy Companies” and McAfee’s “In The Dark: Crucial Industries Confront Cyber Attacks". These documents are important as they used by decision makers and regulators. 
In April, there were two significant reports issued on critical Infrastructure cyber security: the Ponemon Institute’s– “State of IT Security – Study of Utilities and Energy Companies” and McAfee’s “In The Dark: Crucial Industries Confront Cyber Attacks". These documents are important as they used by decision makers and regulators. 
In the Poneman report, a total of 291 IT and IT security practitioners in utilities and energy companies with an average of 11 years of experience participated. According to the report, 76 percent of respondents’ organizations suffered one or more data breaches during the past 12 months while 5% of the respondents said their SCADA networks were compromised. McAfee surveyed 200 industry executives from critical electricity infrastructure enterprises in 14 countries, who anonymously answered an extensive series of detailed questions about their practices, attitudes, and policies on security. The respondents were drawn from a pool of IT executives in the energy, oil/gas, and water sectors.
There are some disquieting concerns about both reports. Both reports interviewed hundreds of IT personnel yet no one from the control system community who is responsible for “keeping lights on” or “gas flowing”. In both cases the authors’ indicated they didn’t know who to contact in the ICS community. In the case of the Ponemon report, 5% SCADA breaches over the past 12 months would be approximately 15 SCADA network breaches. I find it hard to believe there could be that many SCADA network breaches within that short of time without more notice or increased activity by the NERC community. 
Ponemon and McAfee need access to the control system community and the control system community needs access to people like those from Ponemon and McAfee who have the ear of decision makers (check out the list of Penomon Fellows at http://www.ponemon.org/ponemon-institute-fellows). To address some of these issues, representatives form the Ponemon Institute and McAfee will participate in a panel session at the September ACS Control System Cyber Security Conference to discuss their reports and interact with the control system community.  
Joe Weiss

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...