How can the ICS community get the ear of decision makers – and provide them the RIGHT information

May 4, 2011
In April, there were two significant reports issued on critical Infrastructure cyber security: the Ponemon Institute’s– “State of IT Security – Study of Utilities and Energy Companies” and McAfee’s “In The Dark: Crucial Industries Confront Cyber Attacks". These documents are important as they used by decision makers and regulators. 
In April, there were two significant reports issued on critical Infrastructure cyber security: the Ponemon Institute’s– “State of IT Security – Study of Utilities and Energy Companies” and McAfee’s “In The Dark: Crucial Industries Confront Cyber Attacks". These documents are important as they used by decision makers and regulators. 
In the Poneman report, a total of 291 IT and IT security practitioners in utilities and energy companies with an average of 11 years of experience participated. According to the report, 76 percent of respondents’ organizations suffered one or more data breaches during the past 12 months while 5% of the respondents said their SCADA networks were compromised. McAfee surveyed 200 industry executives from critical electricity infrastructure enterprises in 14 countries, who anonymously answered an extensive series of detailed questions about their practices, attitudes, and policies on security. The respondents were drawn from a pool of IT executives in the energy, oil/gas, and water sectors.
There are some disquieting concerns about both reports. Both reports interviewed hundreds of IT personnel yet no one from the control system community who is responsible for “keeping lights on” or “gas flowing”. In both cases the authors’ indicated they didn’t know who to contact in the ICS community. In the case of the Ponemon report, 5% SCADA breaches over the past 12 months would be approximately 15 SCADA network breaches. I find it hard to believe there could be that many SCADA network breaches within that short of time without more notice or increased activity by the NERC community. 
Ponemon and McAfee need access to the control system community and the control system community needs access to people like those from Ponemon and McAfee who have the ear of decision makers (check out the list of Penomon Fellows at http://www.ponemon.org/ponemon-institute-fellows). To address some of these issues, representatives form the Ponemon Institute and McAfee will participate in a panel session at the September ACS Control System Cyber Security Conference to discuss their reports and interact with the control system community.  
Joe Weiss

Sponsored Recommendations

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...
Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...
Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...
Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...