How can the ICS community get the ear of decision makers – and provide them the RIGHT information

May 4, 2011
In April, there were two significant reports issued on critical Infrastructure cyber security: the Ponemon Institute’s– “State of IT Security – Study of Utilities and Energy Companies” and McAfee’s “In The Dark: Crucial Industries Confront Cyber Attacks". These documents are important as they used by decision makers and regulators. 
In April, there were two significant reports issued on critical Infrastructure cyber security: the Ponemon Institute’s– “State of IT Security – Study of Utilities and Energy Companies” and McAfee’s “In The Dark: Crucial Industries Confront Cyber Attacks". These documents are important as they used by decision makers and regulators. 
In the Poneman report, a total of 291 IT and IT security practitioners in utilities and energy companies with an average of 11 years of experience participated. According to the report, 76 percent of respondents’ organizations suffered one or more data breaches during the past 12 months while 5% of the respondents said their SCADA networks were compromised. McAfee surveyed 200 industry executives from critical electricity infrastructure enterprises in 14 countries, who anonymously answered an extensive series of detailed questions about their practices, attitudes, and policies on security. The respondents were drawn from a pool of IT executives in the energy, oil/gas, and water sectors.
There are some disquieting concerns about both reports. Both reports interviewed hundreds of IT personnel yet no one from the control system community who is responsible for “keeping lights on” or “gas flowing”. In both cases the authors’ indicated they didn’t know who to contact in the ICS community. In the case of the Ponemon report, 5% SCADA breaches over the past 12 months would be approximately 15 SCADA network breaches. I find it hard to believe there could be that many SCADA network breaches within that short of time without more notice or increased activity by the NERC community. 
Ponemon and McAfee need access to the control system community and the control system community needs access to people like those from Ponemon and McAfee who have the ear of decision makers (check out the list of Penomon Fellows at http://www.ponemon.org/ponemon-institute-fellows). To address some of these issues, representatives form the Ponemon Institute and McAfee will participate in a panel session at the September ACS Control System Cyber Security Conference to discuss their reports and interact with the control system community.  
Joe Weiss

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.