Cyber security success stories – are they really successes and do they matter

Nov. 2, 2009

When I was managing the EPRI Fossil Plant Instrumentation and Control (I&C) Systems Program, success stories were very valuable because they demonstrated improved reliability.  Not only that, you could measure the improvement. However, cyber security success stories may not be meaningful or even successful. I continually read about cyber security conferences or Smart Grid conferences having end-users talk about their success stories. What exactly is a success story? With the lack of control system cyber security forensics, how do you know you really haven’t had a cyber incident? How do you know you are even doing the appropriate monitoring?  How do you know your program hasn’t actually increased the vulnerability of the legacy control systems? There have a number of significant control system cyber incidents that didn’t violate IT security policies. I believe the value in discussing end-user cyber security programs is when intentional or unintentional exploits are discussed. That indicates your monitoring is in the right direction.  One of the reasons there was so much interest at the Applied Control Solutions Control System Cyber Security Conference two weeks ago was the discussions of actual control system incidents. It is also why if I have an end-user talk about their control system cyber security program, it isn’t called a success story– because too often they are not.
Joe Weiss

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Why should American-Made Products be a top priority?

Within this white paper, Shalabh “Shalli” Kumar, founder of AVG Advanced Technologies, stresses the importance of prioritizing American-made products to safeguard the country'...